Edit tour

Windows Analysis Report
https://mmrtb.com/bonus/com-fr-1537/carrier/bundle_fr-5.js

Overview

General Information

Sample URL:	https://mmrtb.com/bonus/com-fr-1537/carrier/bundle_fr-5.js
Analysis ID:	1569906
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6536 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 5828 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1932,i,18077588483585041941,5033901808871115820,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 6464 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://mmrtb.com/bonus/com-fr-1537/carrier/bundle_fr-5.js" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

• AV Detection
• Phishing
• Networking
• System Summary
• Boot Survival

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://mmrtb.com/bonus/com-fr-1537/carrier/bundle_fr-5.js

Avira URL Cloud: detection malicious, Label: malware

Antivirus detection for URL or domain

Source: https://mmrtb.com/favicon.ico

Avira URL Cloud: Label: malware

Source: https://mmrtb.com/bonus/com-fr-1537/carrier/bundle_fr-5.js

HTTP Parser: No favicon

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /bonus/com-fr-1537/carrier/bundle_fr-5.js HTTP/1.1Host: mmrtb.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: mmrtb.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mmrtb.com/bonus/com-fr-1537/carrier/bundle_fr-5.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: mmrtb.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: mmrtb.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735

Source: classification engine

Classification label: mal56.win@16/11@6/5

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1932,i,18077588483585041941,5033901808871115820,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://mmrtb.com/bonus/com-fr-1537/carrier/bundle_fr-5.js"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1932,i,18077588483585041941,5033901808871115820,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://mmrtb.com/bonus/com-fr-1537/carrier/bundle_fr-5.js	100%	Avira URL Cloud	malware

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://mmrtb.com/favicon.ico	100%	Avira URL Cloud	malware

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
mmrtb.com	104.21.78.187	true	false		high
www.google.com	142.250.181.100	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://mmrtb.com/bonus/com-fr-1537/carrier/bundle_fr-5.js	true		unknown
https://mmrtb.com/favicon.ico	false	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.21.78.187	mmrtb.com	United States	13335	CLOUDFLARENETUS	false
172.67.168.88	unknown	United States	13335	CLOUDFLARENETUS	false
142.250.181.100	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.13

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1569906
Start date and time:	2024-12-06 11:23:41 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 58s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://mmrtb.com/bonus/com-fr-1537/carrier/bundle_fr-5.js
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.win@16/11@6/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, Sgrmuserer.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.17.46, 64.233.162.84, 172.217.19.227, 172.217.17.78, 172.217.17.67
Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, accounts.google.com, redirector.gvt1.com, otelrules.azureedge.net, slscr.update.microsoft.com, update.googleapis.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://mmrtb.com/bonus/com-fr-1537/carrier/bundle_fr-5.js

Simulations

Behavior and APIs

⊘No simulations

Input	Output
URL: https://mmrtb.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://mmrtb.com
URL: https://mmrtb.com/bonus/com-fr-1537/carrier/bundle_fr-5.js Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: https://mmrtb.com/bonus/com-fr-1537/carrier/bundle_fr-5.js Model: Joe Sandbox AI	{ "brands": "unknown" }

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 6 09:24:39 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9805282819057917
Encrypted:	false
SSDEEP:	48:8f1QbdKNTXMCHRidAKZdA1uehwiZUklqehZy+3:8NPNjMr6y
MD5:	3D93F1CE888A37F40792B68642DE07E1
SHA1:	C646654994ECF4564E0684ED00DF5A779B42F648
SHA-256:	F316864275E056FD06DCC724BAB5B1766A90E2017EE4BE5D09A6A4C0D4AF44E3
SHA-512:	4A4D56A1BBEF313563B6C1705CA1D2BB897036CDD51734432F9FA11784077B15C0E798E59D06FB8D641458FD2244A27ECB441635C030D5248C7CB634B31DDDE0
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....<...G......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW$O..PROGRA~1..t......O.I.Y.S....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.S....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.L..Chrome..>......CW.V.Y.S....M......................k..C.h.r.o.m.e.....`.1.....EW.L..APPLIC~1..H......CW.V.Y.S...........................k..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.Y.S....N.......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........w.ol.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 6 09:24:39 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	3.997088831825
Encrypted:	false
SSDEEP:	48:8AQbdKNTXMCHRidAKZdA1Heh/iZUkAQkqehqy+2:8APNjMl9Qry
MD5:	9B55CC79B5ABD2141F416013E1824CF1
SHA1:	10716619552CE8E066B11786EFE748A571C76E73
SHA-256:	F225B9810AA1EF7BAA799A5D004D84DE9758B62CBB5B397AE82455C9583CC521
SHA-512:	BA565DE561B57AB9CBEE98F93AAD46B7A606E068D19FED5A93F5082DE55D2FCD101B1C8E912273B0A6198C2E6A4F55B4B98E4442E93004860648C2791EE12515
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....yQ...G......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW$O..PROGRA~1..t......O.I.Y.S....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.S....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.L..Chrome..>......CW.V.Y.S....M......................k..C.h.r.o.m.e.....`.1.....EW.L..APPLIC~1..H......CW.V.Y.S...........................k..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.Y.S....N.......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........w.ol.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 08:59:33 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.003773795148808
Encrypted:	false
SSDEEP:	48:8FQbdKNTXMbHRidAKZdA149eh7sFiZUkmgqeh7s8y+BX:8FPNjM+ney
MD5:	3DFBAE9247256B03B8B032D89CEDB637
SHA1:	EA5800D40A5A51B1DC574ADCA80E37FC4534F521
SHA-256:	94A4403C72568D357BD46B9839E203373E55ADBF557B3F241A21B2BE5F5A35A1
SHA-512:	62E09C67C6A6B45304DE405855FF125F64B398052DDCF7C5F4EB33C189CEB5B4B1E3E57DCA7A14B3813CF7808A71632C37AB1B615AF4B1A8B870C45F2ABA4CAD
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....K..r.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW$O..PROGRA~1..t......O.I.Y.S....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.S....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.L..Chrome..>......CW.V.Y.S....M......................k..C.h.r.o.m.e.....`.1.....EW.L..APPLIC~1..H......CW.V.Y.S...........................k..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VEW.L....N.......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........w.ol.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 6 09:24:39 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.992185650524725
Encrypted:	false
SSDEEP:	48:8/QbdKNTXMCHRidAKZdA14ehDiZUkwqehmy+R:8/PNjM2Ey
MD5:	DEE53D5C02EE35A9C0E95C421E579517
SHA1:	92E4C83DDC90DF7724E18E966355B7C2AB466856
SHA-256:	52BC01019905E87F52F9F0258637FAD5D5BB2B8EF2EC3C8B78DA7657847D45BA
SHA-512:	65C6691FDAFABFBB1BB117159A85D5D20078C3761CC7B3D7CF70E90C04844A7446BE664A97A3833146E7134A7D5F7EA57DFCCA9366C08E9FA039F6776FC14EFF
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....)~..G......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW$O..PROGRA~1..t......O.I.Y.S....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.S....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.L..Chrome..>......CW.V.Y.S....M......................k..C.h.r.o.m.e.....`.1.....EW.L..APPLIC~1..H......CW.V.Y.S...........................k..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.Y.S....N.......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........w.ol.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 6 09:24:39 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9822334915257396
Encrypted:	false
SSDEEP:	48:84QbdKNTXMCHRidAKZdA1mehBiZUk1W1qehwy+C:84PNjMG9Qy
MD5:	9D0593810678C9E952BB3A06A4C5AB5F
SHA1:	A131AAB455654D78E8FE4C8F56CDA25FC8D373BB
SHA-256:	CEC0B94687D256A56E2D12173CBE2394341878625671ED1FA49227E1BAF97BCB
SHA-512:	540159159A06C0DB14F0B7078B25183BAED31DFA0ABF5FDC10055D7B7C4D48E850582CC5A8BD5D77901F573BB48CE9A9CCE1376F4C5B8F7DB0BE622F1945ED72
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.........G......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW$O..PROGRA~1..t......O.I.Y.S....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.S....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.L..Chrome..>......CW.V.Y.S....M......................k..C.h.r.o.m.e.....`.1.....EW.L..APPLIC~1..H......CW.V.Y.S...........................k..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.Y.S....N.......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........w.ol.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 6 09:24:39 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.991460894024492
Encrypted:	false
SSDEEP:	48:8RQbdKNTXMCHRidAKZdA1duT1ehOuTbbiZUk5OjqehOuTbey+yT+:8RPNjMNTyTbxWOvTbey7T
MD5:	D86B31BFC193BC7AC75058F17FC76538
SHA1:	2C781042C537B85F9385FBBB1EF8848C4CA3475E
SHA-256:	D44F5B47A5DBA98C6029C5C2F40D705F08E02CB5DDA9E047CFD99629048B1289
SHA-512:	62FB6A3A86AC858967E6C1CB69DF1CA481BD039D544D865EC5372961C90767FF325E76097774A2307CD156F64F538E98AB853176DCC07EDFB204AC221D87E5F6
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....J.w..G......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW$O..PROGRA~1..t......O.I.Y.S....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.S....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.L..Chrome..>......CW.V.Y.S....M......................k..C.h.r.o.m.e.....`.1.....EW.L..APPLIC~1..H......CW.V.Y.S...........................k..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.Y.S....N.......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........w.ol.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 56

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (419), with CRLF line terminators
Category:	downloaded
Size (bytes):	27948
Entropy (8bit):	4.878082835198773
Encrypted:	false
SSDEEP:	384:QXwAD339MsTPf23TodqhwQUQq4iIYCisuiziLihvyAaFhDpypujzZWhBa:QX3iDhC7VhCis/WuwbFhwhBa
MD5:	A17D6F4C2F987517BFDA5D6A8505E2CB
SHA1:	4ED5FC4CD5EEA5F6CFE2A0087F6203D6DDE8DB75
SHA-256:	19B2151AB74C3F9F6DBEE52871F1894AE956DA3882F88DBDC17719D3F3F18225
SHA-512:	253897346470C50A47C299915389EB994518B91B1614F07C72968FA94CDE4337404952E9C3EFFDC31D80B925B6B17E07682284C3444F73A040D04D77F6776E6C
Malicious:	false
Reputation:	low
URL:	https://mmrtb.com/bonus/com-fr-1537/carrier/bundle_fr-5.js
Preview:	'use strict';....var _typeof = typeof Symbol === "function" && typeof Symbol.iterator === "symbol" ? function (obj) { return typeof obj; } : function (obj) { return obj && typeof Symbol === "function" && obj.constructor === Symbol && obj !== Symbol.prototype ? "symbol" : typeof obj; };..../!.. tingle.js.. * @author robin_parisi.. * @version 0.9.0.. * @url.. /..(function (root, factory) {.. if (typeof define === 'function' && define.amd) {.. define(factory);.. } else if ((typeof exports === 'undefined' ? 'undefined' : _typeof(exports)) === 'object') {.. module.exports = factory();.. } else {.. root.tingle = factory();.. }..})(window, function () {.... / ----------------------------------------------------------- /.. / == modal /.. / ----------------------------------------------------------- */.... var transitionEvent = whichTransitionEvent();.... function Modal(options) {.... var defaults = {.. onClose: null,..

Chrome Cache Entry: 57

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 41 x 41, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	814
Entropy (8bit):	7.5686131323043115
Encrypted:	false
SSDEEP:	12:6v/70/CmaEt/WK5vnNiq7qpY7YU1fGTYyhLZSPeTP1/NxcihQDkHlRmFj/1:omJYqNiP67YU1fGEyhLZjbJNyihp+R9
MD5:	973E8DC3B11662098FC4EA0027FEB1D7
SHA1:	A458BC5E7FB5A9B4A61F8447026FC9B0D37AF740
SHA-256:	4319DF6394C456785FA2541669C7B83DB2F658D43AB6610871D4487ADF7B6C1C
SHA-512:	F20D7BBE2B38AF33227913C809F2F058CA04C5764C011436183EBECA6270152CEC36DDD2CDBF2881B501D3EB9D036537BC85683ADA035BF54028368B5E5DACC1
Malicious:	false
Reputation:	low
URL:	https://mmrtb.com/favicon.ico
Preview:	.PNG........IHDR...)...)......`......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.Ak.A.............f.F!....`..A...<..W.vG.x...I..P.X...<i.........Mf...~../.~lJ7m.O.Y.y...?...I....\|.........H...OYp8..f....s...6!)....N...L-Y..d.n2./.T...dw.dn.....T......kI29.>4?.p-.`....$M!x.(h=....$.y>.]..'....09..$i..T..L....&...t./.3L$F~W.f.....c&..2.9...L.<...b...u;9.o;...Z9...t.._l...}..}f..N..e6L.h.G..6.....,.o..;vm.l.&.x...E...JmA..q.^...l..\|...&...B..K....{4..R..iT...@..z).\|!.1.g..t..^../...K..N..r...V.l....{.Q..[...........)"....W..Yc......b...E.&.J.+.:V.A=.u..^,$...'.....Z.a...cA...}.=&...m......'(_...K.m.......L........IA...Z.a....m.....hRP.6.VBX.4)(a.@+!....a.@.B.=?..)a.."N....]..e..$..8..q.D..))o..D.(;8%...X.....HY..........S...V..2.D..&N.....IEND.B`.

Chrome Cache Entry: 58

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 41 x 41, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	814
Entropy (8bit):	7.5686131323043115
Encrypted:	false
SSDEEP:	12:6v/70/CmaEt/WK5vnNiq7qpY7YU1fGTYyhLZSPeTP1/NxcihQDkHlRmFj/1:omJYqNiP67YU1fGEyhLZjbJNyihp+R9
MD5:	973E8DC3B11662098FC4EA0027FEB1D7
SHA1:	A458BC5E7FB5A9B4A61F8447026FC9B0D37AF740
SHA-256:	4319DF6394C456785FA2541669C7B83DB2F658D43AB6610871D4487ADF7B6C1C
SHA-512:	F20D7BBE2B38AF33227913C809F2F058CA04C5764C011436183EBECA6270152CEC36DDD2CDBF2881B501D3EB9D036537BC85683ADA035BF54028368B5E5DACC1
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...)...)......`......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.Ak.A.............f.F!....`..A...<..W.vG.x...I..P.X...<i.........Mf...~../.~lJ7m.O.Y.y...?...I....\|.........H...OYp8..f....s...6!)....N...L-Y..d.n2./.T...dw.dn.....T......kI29.>4?.p-.`....$M!x.(h=....$.y>.]..'....09..$i..T..L....&...t./.3L$F~W.f.....c&..2.9...L.<...b...u;9.o;...Z9...t.._l...}..}f..N..e6L.h.G..6.....,.o..;vm.l.&.x...E...JmA..q.^...l..\|...&...B..K....{4..R..iT...@..z).\|!.1.g..t..^../...K..N..r...V.l....{.Q..[...........)"....W..Yc......b...E.&.J.+.:V.A=.u..^,$...'.....Z.a...cA...}.=&...m......'(_...K.m.......L........IA...Z.a....m.....hRP.6.VBX.4)(a.@+!....a.@.B.=?..)a.."N....]..e..$..8..q.D..))o..D.(;8%...X.....HY..........S...V..2.D..&N.....IEND.B`.

Static File Info

⊘No static file info

Network Behavior

Download Network PCAP: filtered – full

Network Port Distribution

Total Packets: 95
• 443 (HTTPS)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 6, 2024 11:24:42.367651939 CET	49718	443	192.168.2.10	142.250.181.100
Dec 6, 2024 11:24:42.367712021 CET	443	49718	142.250.181.100	192.168.2.10
Dec 6, 2024 11:24:42.367772102 CET	49718	443	192.168.2.10	142.250.181.100
Dec 6, 2024 11:24:42.368026018 CET	49718	443	192.168.2.10	142.250.181.100
Dec 6, 2024 11:24:42.368046045 CET	443	49718	142.250.181.100	192.168.2.10
Dec 6, 2024 11:24:43.903939962 CET	49725	443	192.168.2.10	104.21.78.187
Dec 6, 2024 11:24:43.903968096 CET	443	49725	104.21.78.187	192.168.2.10
Dec 6, 2024 11:24:43.904047012 CET	49725	443	192.168.2.10	104.21.78.187
Dec 6, 2024 11:24:43.904520035 CET	49725	443	192.168.2.10	104.21.78.187
Dec 6, 2024 11:24:43.904532909 CET	443	49725	104.21.78.187	192.168.2.10
Dec 6, 2024 11:24:43.904866934 CET	49726	443	192.168.2.10	104.21.78.187
Dec 6, 2024 11:24:43.904915094 CET	443	49726	104.21.78.187	192.168.2.10
Dec 6, 2024 11:24:43.905050993 CET	49726	443	192.168.2.10	104.21.78.187
Dec 6, 2024 11:24:43.905284882 CET	49726	443	192.168.2.10	104.21.78.187
Dec 6, 2024 11:24:43.905298948 CET	443	49726	104.21.78.187	192.168.2.10
Dec 6, 2024 11:24:44.064318895 CET	443	49718	142.250.181.100	192.168.2.10
Dec 6, 2024 11:24:44.065656900 CET	49718	443	192.168.2.10	142.250.181.100
Dec 6, 2024 11:24:44.065696955 CET	443	49718	142.250.181.100	192.168.2.10
Dec 6, 2024 11:24:44.066735029 CET	443	49718	142.250.181.100	192.168.2.10
Dec 6, 2024 11:24:44.066833019 CET	49718	443	192.168.2.10	142.250.181.100
Dec 6, 2024 11:24:44.077227116 CET	49718	443	192.168.2.10	142.250.181.100
Dec 6, 2024 11:24:44.077332020 CET	443	49718	142.250.181.100	192.168.2.10
Dec 6, 2024 11:24:44.123754025 CET	49718	443	192.168.2.10	142.250.181.100
Dec 6, 2024 11:24:44.123773098 CET	443	49718	142.250.181.100	192.168.2.10
Dec 6, 2024 11:24:44.170137882 CET	49718	443	192.168.2.10	142.250.181.100
Dec 6, 2024 11:24:45.122498035 CET	443	49725	104.21.78.187	192.168.2.10
Dec 6, 2024 11:24:45.123145103 CET	49725	443	192.168.2.10	104.21.78.187
Dec 6, 2024 11:24:45.123167992 CET	443	49725	104.21.78.187	192.168.2.10
Dec 6, 2024 11:24:45.123465061 CET	443	49726	104.21.78.187	192.168.2.10
Dec 6, 2024 11:24:45.123706102 CET	49726	443	192.168.2.10	104.21.78.187
Dec 6, 2024 11:24:45.123725891 CET	443	49726	104.21.78.187	192.168.2.10
Dec 6, 2024 11:24:45.124408007 CET	443	49725	104.21.78.187	192.168.2.10
Dec 6, 2024 11:24:45.124500990 CET	49725	443	192.168.2.10	104.21.78.187
Dec 6, 2024 11:24:45.124818087 CET	443	49726	104.21.78.187	192.168.2.10
Dec 6, 2024 11:24:45.124885082 CET	49726	443	192.168.2.10	104.21.78.187
Dec 6, 2024 11:24:45.125869989 CET	49725	443	192.168.2.10	104.21.78.187
Dec 6, 2024 11:24:45.125941038 CET	443	49725	104.21.78.187	192.168.2.10
Dec 6, 2024 11:24:45.126045942 CET	49725	443	192.168.2.10	104.21.78.187
Dec 6, 2024 11:24:45.126055002 CET	443	49725	104.21.78.187	192.168.2.10
Dec 6, 2024 11:24:45.126147032 CET	49725	443	192.168.2.10	104.21.78.187
Dec 6, 2024 11:24:45.126147032 CET	49725	443	192.168.2.10	104.21.78.187
Dec 6, 2024 11:24:45.126530886 CET	49728	443	192.168.2.10	104.21.78.187
Dec 6, 2024 11:24:45.126566887 CET	443	49728	104.21.78.187	192.168.2.10
Dec 6, 2024 11:24:45.126637936 CET	49728	443	192.168.2.10	104.21.78.187
Dec 6, 2024 11:24:45.126678944 CET	49726	443	192.168.2.10	104.21.78.187
Dec 6, 2024 11:24:45.126701117 CET	49726	443	192.168.2.10	104.21.78.187
Dec 6, 2024 11:24:45.126720905 CET	49726	443	192.168.2.10	104.21.78.187
Dec 6, 2024 11:24:45.126800060 CET	443	49726	104.21.78.187	192.168.2.10
Dec 6, 2024 11:24:45.126859903 CET	49726	443	192.168.2.10	104.21.78.187
Dec 6, 2024 11:24:45.126910925 CET	49729	443	192.168.2.10	104.21.78.187
Dec 6, 2024 11:24:45.126941919 CET	443	49729	104.21.78.187	192.168.2.10
Dec 6, 2024 11:24:45.127003908 CET	49729	443	192.168.2.10	104.21.78.187
Dec 6, 2024 11:24:45.127109051 CET	49728	443	192.168.2.10	104.21.78.187
Dec 6, 2024 11:24:45.127120972 CET	443	49728	104.21.78.187	192.168.2.10
Dec 6, 2024 11:24:45.127275944 CET	49729	443	192.168.2.10	104.21.78.187
Dec 6, 2024 11:24:45.127290964 CET	443	49729	104.21.78.187	192.168.2.10
Dec 6, 2024 11:24:46.342886925 CET	443	49729	104.21.78.187	192.168.2.10
Dec 6, 2024 11:24:46.343142986 CET	49729	443	192.168.2.10	104.21.78.187
Dec 6, 2024 11:24:46.343166113 CET	443	49729	104.21.78.187	192.168.2.10
Dec 6, 2024 11:24:46.344238997 CET	443	49729	104.21.78.187	192.168.2.10
Dec 6, 2024 11:24:46.344259024 CET	443	49728	104.21.78.187	192.168.2.10
Dec 6, 2024 11:24:46.344297886 CET	49729	443	192.168.2.10	104.21.78.187
Dec 6, 2024 11:24:46.344839096 CET	49728	443	192.168.2.10	104.21.78.187
Dec 6, 2024 11:24:46.344855070 CET	443	49728	104.21.78.187	192.168.2.10
Dec 6, 2024 11:24:46.345375061 CET	49729	443	192.168.2.10	104.21.78.187
Dec 6, 2024 11:24:46.345446110 CET	443	49729	104.21.78.187	192.168.2.10
Dec 6, 2024 11:24:46.345627069 CET	49729	443	192.168.2.10	104.21.78.187
Dec 6, 2024 11:24:46.345638037 CET	443	49729	104.21.78.187	192.168.2.10
Dec 6, 2024 11:24:46.345952034 CET	443	49728	104.21.78.187	192.168.2.10
Dec 6, 2024 11:24:46.346003056 CET	49728	443	192.168.2.10	104.21.78.187
Dec 6, 2024 11:24:46.346884966 CET	49728	443	192.168.2.10	104.21.78.187
Dec 6, 2024 11:24:46.346954107 CET	443	49728	104.21.78.187	192.168.2.10
Dec 6, 2024 11:24:46.389108896 CET	49729	443	192.168.2.10	104.21.78.187
Dec 6, 2024 11:24:46.389234066 CET	49728	443	192.168.2.10	104.21.78.187
Dec 6, 2024 11:24:46.389256954 CET	443	49728	104.21.78.187	192.168.2.10
Dec 6, 2024 11:24:46.435491085 CET	49728	443	192.168.2.10	104.21.78.187
Dec 6, 2024 11:24:46.787528992 CET	443	49729	104.21.78.187	192.168.2.10
Dec 6, 2024 11:24:46.787585020 CET	443	49729	104.21.78.187	192.168.2.10
Dec 6, 2024 11:24:46.787622929 CET	443	49729	104.21.78.187	192.168.2.10
Dec 6, 2024 11:24:46.787627935 CET	49729	443	192.168.2.10	104.21.78.187
Dec 6, 2024 11:24:46.787647009 CET	443	49729	104.21.78.187	192.168.2.10
Dec 6, 2024 11:24:46.787682056 CET	49729	443	192.168.2.10	104.21.78.187
Dec 6, 2024 11:24:46.787683010 CET	443	49729	104.21.78.187	192.168.2.10
Dec 6, 2024 11:24:46.787693977 CET	443	49729	104.21.78.187	192.168.2.10
Dec 6, 2024 11:24:46.787739038 CET	49729	443	192.168.2.10	104.21.78.187
Dec 6, 2024 11:24:46.795793056 CET	443	49729	104.21.78.187	192.168.2.10
Dec 6, 2024 11:24:46.802241087 CET	443	49729	104.21.78.187	192.168.2.10
Dec 6, 2024 11:24:46.802320004 CET	49729	443	192.168.2.10	104.21.78.187
Dec 6, 2024 11:24:46.802339077 CET	443	49729	104.21.78.187	192.168.2.10
Dec 6, 2024 11:24:46.810612917 CET	443	49729	104.21.78.187	192.168.2.10
Dec 6, 2024 11:24:46.810673952 CET	49729	443	192.168.2.10	104.21.78.187
Dec 6, 2024 11:24:46.810692072 CET	443	49729	104.21.78.187	192.168.2.10
Dec 6, 2024 11:24:46.855482101 CET	49729	443	192.168.2.10	104.21.78.187
Dec 6, 2024 11:24:46.907388926 CET	443	49729	104.21.78.187	192.168.2.10
Dec 6, 2024 11:24:46.949569941 CET	49729	443	192.168.2.10	104.21.78.187
Dec 6, 2024 11:24:46.949601889 CET	443	49729	104.21.78.187	192.168.2.10
Dec 6, 2024 11:24:46.981823921 CET	443	49729	104.21.78.187	192.168.2.10
Dec 6, 2024 11:24:46.981879950 CET	49729	443	192.168.2.10	104.21.78.187
Dec 6, 2024 11:24:46.981903076 CET	443	49729	104.21.78.187	192.168.2.10
Dec 6, 2024 11:24:46.989614010 CET	443	49729	104.21.78.187	192.168.2.10
Dec 6, 2024 11:24:46.989806890 CET	49729	443	192.168.2.10	104.21.78.187
Dec 6, 2024 11:24:46.989821911 CET	443	49729	104.21.78.187	192.168.2.10
Dec 6, 2024 11:24:46.997292995 CET	443	49729	104.21.78.187	192.168.2.10
Dec 6, 2024 11:24:46.997381926 CET	49729	443	192.168.2.10	104.21.78.187
Dec 6, 2024 11:24:46.997394085 CET	443	49729	104.21.78.187	192.168.2.10
Dec 6, 2024 11:24:47.005104065 CET	443	49729	104.21.78.187	192.168.2.10
Dec 6, 2024 11:24:47.005160093 CET	49729	443	192.168.2.10	104.21.78.187
Dec 6, 2024 11:24:47.005177975 CET	443	49729	104.21.78.187	192.168.2.10
Dec 6, 2024 11:24:47.012686968 CET	443	49729	104.21.78.187	192.168.2.10
Dec 6, 2024 11:24:47.012742996 CET	49729	443	192.168.2.10	104.21.78.187
Dec 6, 2024 11:24:47.014372110 CET	49729	443	192.168.2.10	104.21.78.187
Dec 6, 2024 11:24:47.014391899 CET	443	49729	104.21.78.187	192.168.2.10
Dec 6, 2024 11:24:47.049267054 CET	49728	443	192.168.2.10	104.21.78.187
Dec 6, 2024 11:24:47.095338106 CET	443	49728	104.21.78.187	192.168.2.10
Dec 6, 2024 11:24:47.373105049 CET	443	49728	104.21.78.187	192.168.2.10
Dec 6, 2024 11:24:47.373198986 CET	443	49728	104.21.78.187	192.168.2.10
Dec 6, 2024 11:24:47.374054909 CET	49728	443	192.168.2.10	104.21.78.187
Dec 6, 2024 11:24:47.374054909 CET	49728	443	192.168.2.10	104.21.78.187
Dec 6, 2024 11:24:47.516699076 CET	49735	443	192.168.2.10	172.67.168.88
Dec 6, 2024 11:24:47.516748905 CET	443	49735	172.67.168.88	192.168.2.10
Dec 6, 2024 11:24:47.516838074 CET	49735	443	192.168.2.10	172.67.168.88
Dec 6, 2024 11:24:47.517118931 CET	49735	443	192.168.2.10	172.67.168.88
Dec 6, 2024 11:24:47.517131090 CET	443	49735	172.67.168.88	192.168.2.10
Dec 6, 2024 11:24:47.681092978 CET	49728	443	192.168.2.10	104.21.78.187
Dec 6, 2024 11:24:47.681128025 CET	443	49728	104.21.78.187	192.168.2.10
Dec 6, 2024 11:24:48.727858067 CET	443	49735	172.67.168.88	192.168.2.10
Dec 6, 2024 11:24:48.728202105 CET	49735	443	192.168.2.10	172.67.168.88
Dec 6, 2024 11:24:48.728219032 CET	443	49735	172.67.168.88	192.168.2.10
Dec 6, 2024 11:24:48.729281902 CET	443	49735	172.67.168.88	192.168.2.10
Dec 6, 2024 11:24:48.729337931 CET	49735	443	192.168.2.10	172.67.168.88
Dec 6, 2024 11:24:48.729825020 CET	49735	443	192.168.2.10	172.67.168.88
Dec 6, 2024 11:24:48.729846954 CET	49735	443	192.168.2.10	172.67.168.88
Dec 6, 2024 11:24:48.729887962 CET	443	49735	172.67.168.88	192.168.2.10
Dec 6, 2024 11:24:48.729908943 CET	49735	443	192.168.2.10	172.67.168.88
Dec 6, 2024 11:24:48.729969978 CET	49735	443	192.168.2.10	172.67.168.88
Dec 6, 2024 11:24:48.730403900 CET	49742	443	192.168.2.10	172.67.168.88
Dec 6, 2024 11:24:48.730432987 CET	443	49742	172.67.168.88	192.168.2.10
Dec 6, 2024 11:24:48.730504036 CET	49742	443	192.168.2.10	172.67.168.88
Dec 6, 2024 11:24:48.730737925 CET	49742	443	192.168.2.10	172.67.168.88
Dec 6, 2024 11:24:48.730751991 CET	443	49742	172.67.168.88	192.168.2.10
Dec 6, 2024 11:24:49.940143108 CET	443	49742	172.67.168.88	192.168.2.10
Dec 6, 2024 11:24:49.940618992 CET	49742	443	192.168.2.10	172.67.168.88
Dec 6, 2024 11:24:49.940630913 CET	443	49742	172.67.168.88	192.168.2.10
Dec 6, 2024 11:24:49.941715002 CET	443	49742	172.67.168.88	192.168.2.10
Dec 6, 2024 11:24:49.941807985 CET	49742	443	192.168.2.10	172.67.168.88
Dec 6, 2024 11:24:49.942157984 CET	49742	443	192.168.2.10	172.67.168.88
Dec 6, 2024 11:24:49.942218065 CET	443	49742	172.67.168.88	192.168.2.10
Dec 6, 2024 11:24:49.942300081 CET	49742	443	192.168.2.10	172.67.168.88
Dec 6, 2024 11:24:49.983330011 CET	443	49742	172.67.168.88	192.168.2.10
Dec 6, 2024 11:24:49.994071960 CET	49742	443	192.168.2.10	172.67.168.88
Dec 6, 2024 11:24:49.994081974 CET	443	49742	172.67.168.88	192.168.2.10
Dec 6, 2024 11:24:50.040931940 CET	49742	443	192.168.2.10	172.67.168.88
Dec 6, 2024 11:24:50.393979073 CET	443	49742	172.67.168.88	192.168.2.10
Dec 6, 2024 11:24:50.394085884 CET	443	49742	172.67.168.88	192.168.2.10
Dec 6, 2024 11:24:50.394148111 CET	49742	443	192.168.2.10	172.67.168.88
Dec 6, 2024 11:24:50.394963980 CET	49742	443	192.168.2.10	172.67.168.88
Dec 6, 2024 11:24:50.394973040 CET	443	49742	172.67.168.88	192.168.2.10
Dec 6, 2024 11:24:53.757071972 CET	443	49718	142.250.181.100	192.168.2.10
Dec 6, 2024 11:24:53.757147074 CET	443	49718	142.250.181.100	192.168.2.10
Dec 6, 2024 11:24:53.757298946 CET	49718	443	192.168.2.10	142.250.181.100
Dec 6, 2024 11:24:54.230626106 CET	49718	443	192.168.2.10	142.250.181.100
Dec 6, 2024 11:24:54.230654955 CET	443	49718	142.250.181.100	192.168.2.10
Dec 6, 2024 11:25:42.291618109 CET	49868	443	192.168.2.10	142.250.181.100
Dec 6, 2024 11:25:42.291656017 CET	443	49868	142.250.181.100	192.168.2.10
Dec 6, 2024 11:25:42.291709900 CET	49868	443	192.168.2.10	142.250.181.100
Dec 6, 2024 11:25:42.291946888 CET	49868	443	192.168.2.10	142.250.181.100
Dec 6, 2024 11:25:42.291968107 CET	443	49868	142.250.181.100	192.168.2.10
Dec 6, 2024 11:25:43.983789921 CET	443	49868	142.250.181.100	192.168.2.10
Dec 6, 2024 11:25:43.984213114 CET	49868	443	192.168.2.10	142.250.181.100
Dec 6, 2024 11:25:43.984244108 CET	443	49868	142.250.181.100	192.168.2.10
Dec 6, 2024 11:25:43.984750032 CET	443	49868	142.250.181.100	192.168.2.10
Dec 6, 2024 11:25:43.985079050 CET	49868	443	192.168.2.10	142.250.181.100
Dec 6, 2024 11:25:43.985169888 CET	443	49868	142.250.181.100	192.168.2.10
Dec 6, 2024 11:25:44.040585041 CET	49868	443	192.168.2.10	142.250.181.100
Dec 6, 2024 11:25:53.679341078 CET	443	49868	142.250.181.100	192.168.2.10
Dec 6, 2024 11:25:53.679428101 CET	443	49868	142.250.181.100	192.168.2.10
Dec 6, 2024 11:25:53.679502010 CET	49868	443	192.168.2.10	142.250.181.100
Dec 6, 2024 11:25:54.230330944 CET	49868	443	192.168.2.10	142.250.181.100
Dec 6, 2024 11:25:54.230369091 CET	443	49868	142.250.181.100	192.168.2.10

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 6, 2024 11:24:37.831613064 CET	53	56491	1.1.1.1	192.168.2.10
Dec 6, 2024 11:24:37.834678888 CET	53	62515	1.1.1.1	192.168.2.10
Dec 6, 2024 11:24:40.631459951 CET	53	51239	1.1.1.1	192.168.2.10
Dec 6, 2024 11:24:42.229481936 CET	49581	53	192.168.2.10	1.1.1.1
Dec 6, 2024 11:24:42.229630947 CET	54300	53	192.168.2.10	1.1.1.1
Dec 6, 2024 11:24:42.366386890 CET	53	49581	1.1.1.1	192.168.2.10
Dec 6, 2024 11:24:42.366471052 CET	53	54300	1.1.1.1	192.168.2.10
Dec 6, 2024 11:24:43.765182018 CET	49913	53	192.168.2.10	1.1.1.1
Dec 6, 2024 11:24:43.765374899 CET	51363	53	192.168.2.10	1.1.1.1
Dec 6, 2024 11:24:43.903177023 CET	53	49913	1.1.1.1	192.168.2.10
Dec 6, 2024 11:24:43.903192997 CET	53	51363	1.1.1.1	192.168.2.10
Dec 6, 2024 11:24:47.378216028 CET	65367	53	192.168.2.10	1.1.1.1
Dec 6, 2024 11:24:47.378415108 CET	58999	53	192.168.2.10	1.1.1.1
Dec 6, 2024 11:24:47.515139103 CET	53	65367	1.1.1.1	192.168.2.10
Dec 6, 2024 11:24:47.516098976 CET	53	58999	1.1.1.1	192.168.2.10
Dec 6, 2024 11:24:57.667252064 CET	53	53092	1.1.1.1	192.168.2.10
Dec 6, 2024 11:25:16.477402925 CET	53	61757	1.1.1.1	192.168.2.10
Dec 6, 2024 11:25:37.729521990 CET	53	61294	1.1.1.1	192.168.2.10
Dec 6, 2024 11:25:39.496763945 CET	53	49677	1.1.1.1	192.168.2.10

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 6, 2024 11:24:42.229481936 CET	192.168.2.10	1.1.1.1	0x886c	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 6, 2024 11:24:42.229630947 CET	192.168.2.10	1.1.1.1	0x67ce	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 6, 2024 11:24:43.765182018 CET	192.168.2.10	1.1.1.1	0x576d	Standard query (0)	mmrtb.com	A (IP address)	IN (0x0001)	false
Dec 6, 2024 11:24:43.765374899 CET	192.168.2.10	1.1.1.1	0xed3	Standard query (0)	mmrtb.com	65	IN (0x0001)	false
Dec 6, 2024 11:24:47.378216028 CET	192.168.2.10	1.1.1.1	0xebb5	Standard query (0)	mmrtb.com	A (IP address)	IN (0x0001)	false
Dec 6, 2024 11:24:47.378415108 CET	192.168.2.10	1.1.1.1	0x7ee9	Standard query (0)	mmrtb.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Dec 6, 2024 11:24:42.366386890 CET	1.1.1.1	192.168.2.10	0x886c	No error (0)	www.google.com	142.250.181.100	A (IP address)	IN (0x0001)	false
Dec 6, 2024 11:24:42.366471052 CET	1.1.1.1	192.168.2.10	0x67ce	No error (0)	www.google.com		65	IN (0x0001)	false
Dec 6, 2024 11:24:43.903177023 CET	1.1.1.1	192.168.2.10	0x576d	No error (0)	mmrtb.com	104.21.78.187	A (IP address)	IN (0x0001)	false
Dec 6, 2024 11:24:43.903177023 CET	1.1.1.1	192.168.2.10	0x576d	No error (0)	mmrtb.com	172.67.168.88	A (IP address)	IN (0x0001)	false
Dec 6, 2024 11:24:43.903192997 CET	1.1.1.1	192.168.2.10	0xed3	No error (0)	mmrtb.com		65	IN (0x0001)	false
Dec 6, 2024 11:24:47.515139103 CET	1.1.1.1	192.168.2.10	0xebb5	No error (0)	mmrtb.com	172.67.168.88	A (IP address)	IN (0x0001)	false
Dec 6, 2024 11:24:47.515139103 CET	1.1.1.1	192.168.2.10	0xebb5	No error (0)	mmrtb.com	104.21.78.187	A (IP address)	IN (0x0001)	false
Dec 6, 2024 11:24:47.516098976 CET	1.1.1.1	192.168.2.10	0x7ee9	No error (0)	mmrtb.com		65	IN (0x0001)	false

HTTP Request Dependency Graph

mmrtb.com

https:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.10	49729	104.21.78.187	443	5828	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-06 10:24:46 UTC	692	OUT	GET /bonus/com-fr-1537/carrier/bundle_fr-5.js HTTP/1.1 Host: mmrtb.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-06 10:24:46 UTC	636	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 10:24:46 GMT Content-Type: application/javascript Transfer-Encoding: chunked Connection: close Last-Modified: Tue, 23 Apr 2024 05:28:37 GMT Vary: Accept-Encoding ETag: W/"66274705-6d2c" Expires: Sat, 28 Dec 2024 14:33:45 GMT Cache-Control: max-age=2592000 CF-Cache-Status: HIT Age: 676261 Server: cloudflare CF-RAY: 8edb91736f560fa9-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1581&min_rtt=1570&rtt_var=612&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2820&recv_bytes=1270&delivery_rate=1755862&cwnd=252&unsent_bytes=0&cid=e2993a06168fa46d&ts=454&x=0"
2024-12-06 10:24:46 UTC	733	IN	Data Raw: 36 64 32 63 0d 0a 27 75 73 65 20 73 74 72 69 63 74 27 3b 0d 0a 0d 0a 76 61 72 20 5f 74 79 70 65 6f 66 20 3d 20 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 20 3d 3d 3d 20 22 66 75 6e 63 74 69 6f 6e 22 20 26 26 20 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 20 3d 3d 3d 20 22 73 79 6d 62 6f 6c 22 20 3f 20 66 75 6e 63 74 69 6f 6e 20 28 6f 62 6a 29 20 7b 20 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 6f 62 6a 3b 20 7d 20 3a 20 66 75 6e 63 74 69 6f 6e 20 28 6f 62 6a 29 20 7b 20 72 65 74 75 72 6e 20 6f 62 6a 20 26 26 20 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 20 3d 3d 3d 20 22 66 75 6e 63 74 69 6f 6e 22 20 26 26 20 6f 62 6a 2e 63 6f 6e 73 74 72 75 63 74 6f 72 20 3d 3d 3d 20 53 79 6d 62 6f 6c 20 26 26 20 6f 62 6a 20 21 3d 3d 20 53 79 6d 62 6f 6c 2e Data Ascii: 6d2c'use strict';var _typeof = typeof Symbol === "function" && typeof Symbol.iterator === "symbol" ? function (obj) { return typeof obj; } : function (obj) { return obj && typeof Symbol === "function" && obj.constructor === Symbol && obj !== Symbol.
2024-12-06 10:24:46 UTC	1369	IN	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 20 2a 2f 0d 0a 20 20 20 20 2f 2a 20 3d 3d 20 6d 6f 64 61 6c 20 2a 2f 0d 0a 20 20 20 20 2f 2a 20 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 20 2a 2f 0d 0a 0d 0a 20 20 20 20 76 61 72 20 74 72 61 6e 73 69 74 69 6f 6e 45 76 65 6e 74 20 3d 20 77 68 69 63 68 54 72 61 6e 73 69 74 69 6f 6e 45 76 65 6e 74 28 29 3b 0d 0a 0d 0a 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 4d 6f 64 61 6c 28 6f 70 74 69 6f 6e 73 29 20 7b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 76 61 72 20 64 65 66 61 75 6c 74 73 20 3d 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 Data Ascii: ----------------------------------- / / == modal / / ----------------------------------------------------------- */ var transitionEvent = whichTransitionEvent(); function Modal(options) { var defaults = {
2024-12-06 10:24:46 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 74 68 69 73 2e 6d 6f 64 61 6c 2e 73 74 79 6c 65 2e 72 65 6d 6f 76 65 50 72 6f 70 65 72 74 79 28 27 64 69 73 70 6c 61 79 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 7d 20 65 6c 73 65 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 68 69 73 2e 6d 6f 64 61 6c 2e 73 74 79 6c 65 2e 72 65 6d 6f 76 65 41 74 74 72 69 62 75 74 65 28 27 64 69 73 70 6c 61 79 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2f 2f 20 70 72 65 76 65 6e 74 20 64 6f 75 62 6c 65 20 73 63 72 6f 6c 6c 0d 0a 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 27 74 69 6e 67 6c 65 2d 65 6e 61 62 6c 65 64 27 29 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2f 2f 20 73 74 69 63 6b 79 20 66 Data Ascii: this.modal.style.removeProperty('display'); } else { this.modal.style.removeAttribute('display'); } // prevent double scroll document.body.classList.add('tingle-enabled'); // sticky f
2024-12-06 10:24:46 UTC	1369	IN	Data Raw: 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 27 74 69 6e 67 6c 65 2d 65 6e 61 62 6c 65 64 27 29 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 74 68 69 73 2e 6d 6f 64 61 6c 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 27 74 69 6e 67 6c 65 2d 6d 6f 64 61 6c 2d 2d 76 69 73 69 62 6c 65 27 29 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2f 2f 55 73 69 6e 67 20 73 69 6d 69 6c 61 72 20 73 65 74 75 70 20 61 73 20 6f 6e 4f 70 65 6e 0d 0a 20 20 20 20 20 20 20 20 2f 2f 52 65 66 65 72 65 6e 63 65 20 74 6f 20 74 68 65 20 4d 6f 64 61 6c 20 74 68 61 74 27 73 20 63 72 65 61 74 65 64 0d 0a 20 20 20 20 20 20 20 20 76 61 72 20 73 65 6c 66 20 3d 20 74 68 69 73 3b 0d 0a 0d 0a 20 20 Data Ascii: } document.body.classList.remove('tingle-enabled'); this.modal.classList.remove('tingle-modal--visible'); //Using similar setup as onOpen //Reference to the Modal that's created var self = this;
2024-12-06 10:24:46 UTC	1369	IN	Data Raw: 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 2f 2f 20 61 64 64 20 66 6f 6f 74 65 72 20 74 6f 20 6d 6f 64 61 6c 0d 0a 20 20 20 20 20 20 20 20 5f 62 75 69 6c 64 46 6f 6f 74 65 72 2e 63 61 6c 6c 28 74 68 69 73 29 3b 0d 0a 20 20 20 20 7d 3b 0d 0a 0d 0a 20 20 20 20 4d 6f 64 61 6c 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 46 6f 6f 74 65 72 43 6f 6e 74 65 6e 74 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 63 6f 6e 74 65 6e 74 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 2f 2f 20 73 65 74 20 66 6f 6f 74 65 72 20 63 6f 6e 74 65 6e 74 0d 0a 20 20 20 20 20 20 20 20 74 68 69 73 2e 6d 6f 64 61 6c 42 6f 78 46 6f 6f 74 65 72 2e 69 6e 6e 65 72 48 54 4d 4c 20 3d 20 63 6f 6e 74 65 6e 74 3b 0d 0a 20 20 20 20 7d 3b 0d 0a 0d 0a 20 20 20 20 4d 6f 64 61 6c 2e 70 72 6f Data Ascii: unction () { // add footer to modal _buildFooter.call(this); }; Modal.prototype.setFooterContent = function (content) { // set footer content this.modalBoxFooter.innerHTML = content; }; Modal.pro
2024-12-06 10:24:46 UTC	1369	IN	Data Raw: 61 6c 42 6f 78 46 6f 6f 74 65 72 2e 73 74 79 6c 65 2e 6c 65 66 74 20 3d 20 27 27 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 68 69 73 2e 6d 6f 64 61 6c 42 6f 78 43 6f 6e 74 65 6e 74 2e 73 74 79 6c 65 5b 27 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 27 5d 20 3d 20 27 27 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 68 69 73 2e 6d 6f 64 61 6c 42 6f 78 46 6f 6f 74 65 72 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 27 74 69 6e 67 6c 65 2d 6d 6f 64 61 6c 2d 62 6f 78 5f 5f 66 6f 6f 74 65 72 2d 2d 73 74 69 63 6b 79 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 7d 3b 0d 0a 0d 0a 20 20 20 20 4d 6f 64 61 6c 2e 70 72 6f 74 6f 74 79 70 65 2e 61 64 64 46 6f 6f 74 65 72 42 Data Ascii: alBoxFooter.style.left = ''; this.modalBoxContent.style['padding-bottom'] = ''; this.modalBoxFooter.classList.remove('tingle-modal-box__footer--sticky'); } } }; Modal.prototype.addFooterB
2024-12-06 10:24:46 UTC	1369	IN	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 20 2a 2f 0d 0a 20 20 20 20 2f 2a 20 3d 3d 20 70 72 69 76 61 74 65 20 6d 65 74 68 6f 64 73 20 2a 2f 0d 0a 20 20 20 20 2f 2a 20 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 20 2a 2f 0d 0a 0d 0a 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 5f 63 68 65 63 6b 4f 76 65 72 66 6c 6f 77 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 2f 2f 20 6f 6e 6c 79 20 69 66 20 74 68 65 20 6d 6f 64 61 6c 20 69 73 20 63 75 72 72 65 6e 74 6c 79 20 73 68 6f 77 6e 0d 0a 20 20 20 20 20 20 20 20 69 66 20 28 74 68 69 73 2e 6d 6f 64 61 6c 2e 63 6c 61 73 73 4c 69 73 Data Ascii: ---------------------------------- / / == private methods / / ----------------------------------------------------------- */ function _checkOverflow() { // only if the modal is currently shown if (this.modal.classLis
2024-12-06 10:24:46 UTC	1369	IN	Data Raw: 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2f 2f 20 63 75 73 74 6f 6d 20 63 6c 61 73 73 0d 0a 20 20 20 20 20 20 20 20 2f 2f 74 68 69 73 2e 6f 70 74 73 2e 63 73 73 43 6c 61 73 73 2e 66 6f 72 45 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 69 74 65 6d 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 2f 2f 20 20 20 20 69 66 20 28 74 79 70 65 6f 66 20 69 74 65 6d 20 3d 3d 3d 20 27 73 74 72 69 6e 67 27 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 2f 2f 20 20 20 20 20 20 20 20 74 68 69 73 2e 6d 6f 64 61 6c 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 69 74 65 6d 29 3b 0d 0a 20 20 20 20 20 20 20 20 2f 2f 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 2f 2f 7d 2c 20 74 68 69 73 29 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 76 61 72 20 63 6c 61 73 73 65 73 20 3d 20 74 68 69 73 2e 6f 70 74 73 2e Data Ascii: ; // custom class //this.opts.cssClass.forEach(function(item) { // if (typeof item === 'string') { // this.modal.classList.add(item); // } //}, this); var classes = this.opts.
2024-12-06 10:24:46 UTC	1369	IN	Data Raw: 74 2e 61 64 64 28 27 74 69 6e 67 6c 65 2d 6d 6f 64 61 6c 2d 62 6f 78 5f 5f 63 6f 6e 74 65 6e 74 27 29 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 74 68 69 73 2e 6d 6f 64 61 6c 42 6f 78 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 68 69 73 2e 6d 6f 64 61 6c 42 6f 78 43 6f 6e 74 65 6e 74 29 3b 0d 0a 20 20 20 20 20 20 20 20 2f 2f 20 74 68 69 73 2e 6d 6f 64 61 6c 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 68 69 73 2e 6d 6f 64 61 6c 43 6c 6f 73 65 42 74 6e 29 3b 0d 0a 20 20 20 20 20 20 20 20 74 68 69 73 2e 6d 6f 64 61 6c 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 68 69 73 2e 6d 6f 64 61 6c 42 6f 78 29 3b 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 5f 62 75 69 6c 64 46 6f 6f 74 65 72 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 74 68 69 73 2e 6d Data Ascii: t.add('tingle-modal-box__content'); this.modalBox.appendChild(this.modalBoxContent); // this.modal.appendChild(this.modalCloseBtn); this.modal.appendChild(this.modalBox); } function _buildFooter() { this.m
2024-12-06 10:24:46 UTC	1369	IN	Data Raw: 74 2e 63 6c 69 65 6e 74 58 20 3c 20 74 68 69 73 2e 6d 6f 64 61 6c 2e 63 6c 69 65 6e 74 57 69 64 74 68 29 20 7b 0d 0a 20 20 20 20 2f 2f 20 20 20 20 20 20 20 20 20 74 68 69 73 2e 63 6c 6f 73 65 28 29 3b 0d 0a 20 20 20 20 2f 2f 20 20 20 20 20 7d 0d 0a 20 20 20 20 2f 2f 20 7d 0d 0a 0d 0a 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 5f 66 69 6e 64 41 6e 63 65 73 74 6f 72 28 65 6c 2c 20 63 6c 73 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 77 68 69 6c 65 20 28 28 65 6c 20 3d 20 65 6c 2e 70 61 72 65 6e 74 45 6c 65 6d 65 6e 74 29 20 26 26 20 21 65 6c 2e 63 6c 61 73 73 4c 69 73 74 2e 63 6f 6e 74 61 69 6e 73 28 63 6c 73 29 29 20 7b 7d 0d 0a 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 65 6c 3b 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 5f 75 6e 62 Data Ascii: t.clientX < this.modal.clientWidth) { // this.close(); // } // } function _findAncestor(el, cls) { while ((el = el.parentElement) && !el.classList.contains(cls)) {} return el; } function _unb

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.10	49728	104.21.78.187	443	5828	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-06 10:24:47 UTC	614	OUT	GET /favicon.ico HTTP/1.1 Host: mmrtb.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://mmrtb.com/bonus/com-fr-1537/carrier/bundle_fr-5.js Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-06 10:24:47 UTC	616	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 10:24:47 GMT Content-Type: image/x-icon Content-Length: 814 Connection: close Last-Modified: Tue, 23 Apr 2024 05:28:37 GMT ETag: "66274705-32e" Expires: Sun, 29 Dec 2024 10:54:47 GMT Cache-Control: max-age=2592000 CF-Cache-Status: HIT Age: 603000 Accept-Ranges: bytes Server: cloudflare CF-RAY: 8edb91771df97d20-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2021&min_rtt=2017&rtt_var=765&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2820&recv_bytes=1192&delivery_rate=1422308&cwnd=207&unsent_bytes=0&cid=206a37c69c9dda4f&ts=1039&x=0"
2024-12-06 10:24:47 UTC	753	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 29 00 00 00 29 08 06 00 00 00 a8 60 00 f6 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c3 00 00 0e c3 01 c7 6f a8 64 00 00 02 c3 49 44 41 54 58 47 ed 97 41 6b 13 41 1c c5 03 82 07 11 bc a9 07 8f 9e 0a a9 66 82 46 21 a7 82 1f a1 60 8a 1f 41 bc fa 15 3c db 9a 83 57 d1 76 47 bc 78 13 bc 2a b9 49 c1 b3 50 db 9d 58 04 15 11 3c 69 dc ff cc ff b5 9b c9 db d4 4d 66 c1 83 0f 7e 04 ba 2f f3 7e 6c 4a 37 6d fd 4f d3 59 bd 79 eb fc d6 a8 3f d8 18 9a 49 13 dc de ec 7c d7 a9 c5 02 c1 87 a3 fe 01 1b 48 c4 ae ce d5 4f 59 70 38 ea b3 c3 97 66 b0 b5 ba a7 73 f5 13 0b 36 21 29 82 1b 8f cc a6 4e d6 0b 13 4c 2d 59 16 ec 64 ee 95 b1 6e 32 0f 2f 86 Data Ascii: PNGIHDR))`sRGBgAMAapHYsodIDATXGAkAfF!`A<WvGx*IPX<iMf~/~lJ7mOYy?I\|HOYp8fs6!)NL-Ydn2/
2024-12-06 10:24:47 UTC	61	IN	Data Raw: 29 6f cd 15 44 98 28 3b 38 25 b5 04 91 58 94 1d 9c 92 da 82 48 59 94 1d 9c 92 85 04 11 88 b2 83 53 b2 b0 e0 bf 95 56 eb 0f 32 e1 44 83 99 26 4e d2 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: )oD(;8%XHYSV2D&NIENDB`

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.10	49742	172.67.168.88	443	5828	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-06 10:24:49 UTC	344	OUT	GET /favicon.ico HTTP/1.1 Host: mmrtb.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-06 10:24:50 UTC	614	IN	HTTP/1.1 200 OK Date: Fri, 06 Dec 2024 10:24:50 GMT Content-Type: image/x-icon Content-Length: 814 Connection: close Last-Modified: Tue, 23 Apr 2024 05:28:37 GMT ETag: "66274705-32e" Expires: Sun, 29 Dec 2024 10:54:47 GMT Cache-Control: max-age=2592000 CF-Cache-Status: HIT Age: 603003 Accept-Ranges: bytes Server: cloudflare CF-RAY: 8edb9189ee36f78f-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1600&min_rtt=1594&rtt_var=609&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2818&recv_bytes=922&delivery_rate=1778319&cwnd=137&unsent_bytes=0&cid=3d8858a9484a60cb&ts=457&x=0"
2024-12-06 10:24:50 UTC	755	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 29 00 00 00 29 08 06 00 00 00 a8 60 00 f6 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c3 00 00 0e c3 01 c7 6f a8 64 00 00 02 c3 49 44 41 54 58 47 ed 97 41 6b 13 41 1c c5 03 82 07 11 bc a9 07 8f 9e 0a a9 66 82 46 21 a7 82 1f a1 60 8a 1f 41 bc fa 15 3c db 9a 83 57 d1 76 47 bc 78 13 bc 2a b9 49 c1 b3 50 db 9d 58 04 15 11 3c 69 dc ff cc ff b5 9b c9 db d4 4d 66 c1 83 0f 7e 04 ba 2f f3 7e 6c 4a 37 6d fd 4f d3 59 bd 79 eb fc d6 a8 3f d8 18 9a 49 13 dc de ec 7c d7 a9 c5 02 c1 87 a3 fe 01 1b 48 c4 ae ce d5 4f 59 70 38 ea b3 c3 97 66 b0 b5 ba a7 73 f5 13 0b 36 21 29 82 1b 8f cc a6 4e d6 0b 13 4c 2d 59 16 ec 64 ee 95 b1 6e 32 0f 2f 86 Data Ascii: PNGIHDR))`sRGBgAMAapHYsodIDATXGAkAfF!`A<WvGx*IPX<iMf~/~lJ7mOYy?I\|HOYp8fs6!)NL-Ydn2/
2024-12-06 10:24:50 UTC	59	IN	Data Raw: cd 15 44 98 28 3b 38 25 b5 04 91 58 94 1d 9c 92 da 82 48 59 94 1d 9c 92 85 04 11 88 b2 83 53 b2 b0 e0 bf 95 56 eb 0f 32 e1 44 83 99 26 4e d2 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: D(;8%XHYSV2D&NIENDB`

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 6536, Parent PID: 6468

Function Logs

General

Target ID:	0
Start time:	05:24:33
Start date:	06/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff6c5c30000
File size:	3'242'272 bytes
MD5 hash:	83395EAB5B03DEA9720F8D7AC0D15CAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

File Activities

File Opened

Show Windows behavior

Registry Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Activities

Process Created

Process Terminated

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Windows UI Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Token Activities

Token Adjusted

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 5828, Parent PID: 6536

Function Logs

General

Target ID:	4
Start time:	05:24:36
Start date:	06/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1932,i,18077588483585041941,5033901808871115820,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff6c5c30000
File size:	3'242'272 bytes
MD5 hash:	83395EAB5B03DEA9720F8D7AC0D15CAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

File Activities

File Opened

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6464, Parent PID: 6468

Function Logs

General

Target ID:	8
Start time:	05:24:43
Start date:	06/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://mmrtb.com/bonus/com-fr-1537/carrier/bundle_fr-5.js"
Imagebase:	0x7ff6c5c30000
File size:	3'242'272 bytes
MD5 hash:	83395EAB5B03DEA9720F8D7AC0D15CAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

File Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://mmrtb.com/bonus/com-fr-1537/carrier/bundle_fr-5.js

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 56

Chrome Cache Entry: 57

Chrome Cache Entry: 58

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 6536, Parent PID: 6468

General

File Activities

File Opened

File Created

Windows Analysis Report
https://mmrtb.com/bonus/com-fr-1537/carrier/bundle_fr-5.js