Edit tour

Windows Analysis Report
https://www.google.com/url?q=https://pozm2035.page.link/PZXe&source=gmail&ust=1692781564559000&usg=AOvVaw084xa1EwhX85qijmfZW_0p

Overview

General Information

Sample URL:	https://www.google.com/url?q=https://pozm2035.page.link/PZXe&source=gmail&ust=1692781564559000&usg=AOvVaw084xa1EwhX85qijmfZW_0p
Analysis ID:	1295422

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Snort IDS alert for network traffic

Antivirus detection for URL or domain

Connects to several IPs in different countries

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 4540 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.google.com/url?q=https://pozm2035.page.link/PZXe&source=gmail&ust=1692781564559000&usg=AOvVaw084xa1EwhX85qijmfZW_0p MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)

chrome.exe (PID: 2580 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1812,i,4479915971662971261,7750150861032469893,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)

chrome.exe (PID: 7460 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4140 --field-trial-handle=1812,i,4479915971662971261,7750150861032469893,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)

chrome.exe (PID: 3156 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3644 --field-trial-handle=1812,i,4479915971662971261,7750150861032469893,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)

cleanup

Snort Signatures

ET DNS Query for .cc TLD - Source IP: 192.168.2.3 - Destination IP: 1.1.1.1

Timestamp:	192.168.2.31.1.1.157676532027758 08/22/23-20:23:04.067099
SID:	2027758
Source Port:	57676
Destination Port:	53
Protocol:	UDP
Classtype:	Potentially Bad Traffic

HTTP traffic detected: GET /34546de4235m342356 HTTP/1.1Host: 56lxr.pire.ccConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: classification engine

Classification label: mal56.win@45/625@211/564

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.google.com/url?q=https://pozm2035.page.link/PZXe&source=gmail&ust=1692781564559000&usg=AOvVaw084xa1EwhX85qijmfZW_0p
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1812,i,4479915971662971261,7750150861032469893,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4140 --field-trial-handle=1812,i,4479915971662971261,7750150861032469893,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3644 --field-trial-handle=1812,i,4479915971662971261,7750150861032469893,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1812,i,4479915971662971261,7750150861032469893,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4140 --field-trial-handle=1812,i,4479915971662971261,7750150861032469893,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3644 --field-trial-handle=1812,i,4479915971662971261,7750150861032469893,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\GoogleUpdater

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\GoogleUpdater

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	2 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	2 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	2 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	3 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	1 Ingress Tool Transfer	SIM Card Swap		Carrier Billing Fraud

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://www.google.com/url?q=https://pozm2035.page.link/PZXe&source=gmail&ust=1692781564559000&usg=AOvVaw084xa1EwhX85qijmfZW_0p	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://56lxr.pire.cc/34546de4235m342356	100%	Avira URL Cloud	phishing
https://tsdtocl.com/	2%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
um.simpli.fi	34.91.62.186	true	false	high
tls13.taboola.map.fastly.net	151.101.1.44	true	false	unknown
uplynk-beacon-newvpc-1603485991.us-east-1.elb.amazonaws.com	34.193.222.122	true	false	high
global.px.quantserve.com	91.228.74.206	true	false	high
dms-mcdn-report.wc.yahoodns.net	69.147.93.190	true	false	unknown
bttrack.com	192.132.33.46	true	false	unknown
crb.kargo.com	18.156.158.59	true	false	high
56lxr.pire.cc	91.103.253.27	true	false	unknown
dualstack.tls13.taboola.map.fastly.net	151.101.129.44	true	false	unknown
ats-eks.eu-central-1.dcs-online-targeting-prd.aws.oath.cloud	3.71.149.231	true	false	unknown
dsum.casalemedia.com	172.64.148.101	true	false	high
ams3-ib.adnxs.com	185.89.210.244	true	false	high
www.google.com	216.58.212.132	true	false	high
yahoo.com	74.6.231.21	true	false	high
idaas6.cph.liveintent.com	75.101.221.2	true	false	high
match.adsrvr.org	52.223.40.198	true	false	high
match.prod.bidr.io	34.253.165.174	true	false	unknown
pagead-googlehosted.l.google.com	142.250.186.161	true	false	high
creativecdn.com	185.184.8.90	true	false	high
dms-cp81xxfpfjreport.wc.yahoodns.net	212.82.116.200	true	false	unknown
ssp-ats-prod-eu-central-1.one-mobile-prod.aws.oath.cloud	18.156.195.47	true	false	unknown
uip.semasio.net	77.243.51.121	true	false	high
dms-avq3886edareport.wc.yahoodns.net	115.178.9.8	true	false	unknown
ActivationEdge-activation-1631408035.eu-central-1.elb.amazonaws.com	3.127.17.186	true	false	high
cs815200983.wac.omegacdn.net	152.195.51.15	true	false	unknown
ssum-sec.casalemedia.com	104.18.39.155	true	false	high
cs1696.wpc.thetacdn.net	152.199.21.65	true	false	unknown
d1bqktvj79b0wh.cloudfront.net	108.138.17.119	true	false	high
clients.l.google.com	142.250.184.238	true	false	high
partners-alb-1113315349.us-east-1.elb.amazonaws.com	44.196.218.137	true	false	high
cr-pall.ladsp.com	52.222.139.69	true	false	high
www.googletagservices.com	172.217.16.194	true	false	high
i.ctnsnet.com	35.186.193.173	true	false	high
am1-direct-bgp.contextweb.com	208.93.169.131	true	false	high
iad-2-sync.go.sonobi.com	69.166.1.35	true	false	high
dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com	34.255.171.99	true	false	high
beap.gemini-native-aws-core-usm-prod.aws.oath.cloud	54.194.156.169	true	false	unknown
dualstack.a-content-aeuf1-297655397.eu-central-1.elb.amazonaws.com	3.67.157.131	true	false	high
ssbsync-itx5.smartadserver.com	185.86.138.155	true	false	high
contextual.media.net	95.101.148.20	true	false	high
cs801177220.wpc.alphacdn.net	152.199.20.14	true	false	unknown
tsdtocl.com	151.101.1.44	true	false	unknown
yhp.mxptint.net	207.207.55.246	true	false	unknown
sync-dsp.ad-m.asia	220.150.223.50	true	false	unknown
widget.nl3.vip.prod.criteo.com	178.250.1.9	true	false	high
rtb.adentifi.com	184.72.156.158	true	false	unknown
sync.richaudience.com	157.90.211.246	true	false	high
sync.srv.stackadapt.com	54.167.179.9	true	false	high
cat.nl3.vip.prod.criteo.com	178.250.1.6	true	false	high
am-vip001.taboola.com	141.226.228.48	true	false	high
a.nel.cloudflare.com	35.190.80.1	true	false	high
e2c8.gcp.gvt2.com	34.87.124.238	true	false	unknown
accounts.google.com	172.217.18.13	true	false	high
prod-rotation-v2.guce.aws.oath.cloud	54.229.28.102	true	false	unknown
s.amazon-adsystem.com	52.46.155.104	true	false	high
imgsync-amsfpairbc.pubmnet.com	198.47.127.18	true	false	unknown
static.fr3.vip.prod.criteo.net	178.250.7.2	true	false	high
dxedge-prod-lb-404808087.eu-central-1.elb.amazonaws.com	52.29.174.244	true	false	high
trace.mediago.io	35.208.249.213	true	false	unknown
geo-atsv2.media.g03.yahoodns.net	188.125.72.139	true	false	unknown
match.adsby.bidtheatre.com	188.166.17.21	true	false	unknown
ib.anycast.adnxs.com	185.89.210.82	true	false	high
edge.gycpi.b.yahoodns.net	87.248.119.252	true	false	unknown
v-b3sme2t71z.wc.yahoodns.net	188.125.94.200	true	false	unknown
sync.aralego.com	192.96.203.13	true	false	high
site-112901315975.gslb6.sakura.ne.jp	150.95.47.242	true	false	unknown
csm.nl3.vip.prod.criteo.net	178.250.1.25	true	false	high
fra1-ib.adnxs.com	37.252.172.123	true	false	high
eu-eb2.3lift.com	76.223.111.18	true	false	high
v-avq3886eda.wc.yahoodns.net	77.238.180.76	true	false	unknown
sync-eu.connectad.io	172.67.8.174	true	false	unknown
aid.send.microad.jp	202.233.84.1	true	false	high
cm.g.doubleclick.net	142.250.186.130	true	false	high
ds-pr-bh.ybp.gysm.yahoodns.net	52.208.254.204	true	false	unknown
cs747173190.wac.omegacdn.net	152.195.39.165	true	false	unknown
idaas-ext.cph.liveintent.com	100.25.91.65	true	false	high
sync.1rx.io	46.228.174.117	true	false	high
spug-amsfpairbc.pubmnet.com	198.47.127.20	true	false	unknown
us-u.openx.net	34.98.64.218	true	false	high
securepubads46.g.doubleclick.net	142.250.185.66	true	false	high
v-cp81xxfpfj.wc.yahoodns.net	200.152.162.173	true	false	unknown
dualstack.a-content-aeui1-1772039847.eu-west-1.elb.amazonaws.com	63.33.22.216	true	false	high
am6-prebid.a-mx.net	145.40.97.66	true	false	unknown
pozm2035.page.link	172.217.18.1	true	false	unknown
elb-aws-fr-dorpat-283474803.eu-central-1.elb.amazonaws.com	3.123.160.194	true	false	high
di49gqg2wml8t.cloudfront.net	18.66.213.232	true	false	high
ads.nl3.vip.prod.criteo.com	178.250.1.17	true	false	high
dsp.adfarm1.adition.com	85.114.159.93	true	false	high
new-fp-shed.wg1.b.yahoo.com	87.248.100.215	true	false	high
envoy-hl.envoy-csync1.core-b8mf.ov1o.com	35.214.248.82	true	false	unknown
cs.emxdgt.com	18.157.200.115	true	false	unknown
ad4m.at	104.26.10.209	true	false	unknown
a.tribalfusion.com	104.18.24.173	true	false	high
sb.scorecardresearch.com	18.65.39.28	true	false	unknown
prod.appnexus.map.fastly.net	151.101.129.108	true	false	unknown
new-news.g06.yahoodns.net	87.248.100.208	true	false	unknown
ds-oob-fo-media-router1.prod.media.g01.yahoodns.net	87.248.100.208	true	false	unknown
s.tribalfusion.com	104.18.25.173	true	false	high
pixel-origin.mathtag.com	185.29.134.244	true	false	high
beacons-handoff.gcp.gvt2.com	142.251.143.67	true	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.yahoo.com/	false		high
about:blank	false		low
http://56lxr.pire.cc/34546de4235m342356	true	Avira URL Cloud: phishing	unknown
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fups.analytics.yahoo.com%2Fups%2F55940%2Fsync%3Fgpp%3D%26gpp_sid%3D%26_origin%3D0%26redir2%3Dtrue%26gdpr%3D0%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26uid%3D&gdpr=0&gdpr_consent=&gpp=&gpp_sid=&s=175407&C=1	false		high
https://servedby.ipromote.com/ad/?typ=1&nid=1870&adfmt=5&aid=7643157&site=8225&tid=8894687860300669089&bid=1.608&paid=1.608&cb=761310325&qs=1%3dyahoo.com%262%3d7643157%263%3d0%264%3d0%265%3d%5bUser-Agent%5d%267%3d%5bLOG_TYPE%5d%268%3d0%269%3d1%2611%3d26810648%2612%3d273%7c26810648%7c0%2613%3d273%7c26810648%7c0%2614%3d1%2615%3d2713%2616%3d8225%2617%3d5%2618%3d1870%2619%3d5%2620%3d102.129.143.0%2621%3dch%2622%3d24%2623%3d0%2626%3d8225%2628%3d0%2629%3d0%2631%3d1.608%2632%3d%5bWIN_BID%5d%2633%3d0%2634%3d0.671183%2637%3dch-24-hunenberg%2638%3d%5bCLICK_TYPE%5d&uid=953812214648927356&bwr=1&gdpr=0&uc=1&cs=&ccpa=&uf=0&p1=u&p2=fra2&audit=0&click=	false		unknown
https://s.yimg.com/rq/darla/4-11-1/html/r-csc.html	false		high
https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=11664&pub_id=1737121	false		high
https://tsdtocl.com/	false	2%, Virustotal, Browse	unknown
https://servedby.ipromote.com/ad/?typ=1&nid=1870&adfmt=5&aid=7507898&site=8225&tid=3109734541521556015&bid=1.608&paid=1.608&cb=1265846266&qs=1%3dyahoo.com%262%3d7507898%263%3d0%264%3d0%265%3d%5bUser-Agent%5d%267%3d%5bLOG_TYPE%5d%268%3d0%269%3d1%2611%3d18770470%2612%3d11664%7c18770470%7c0%2613%3d11664%7c18770470%7c0%2614%3d1%2615%3d14172%2616%3d8225%2617%3d5%2618%3d1870%2619%3d2%2620%3d102.129.143.0%2621%3dch%2622%3d24%2623%3d0%2626%3d8225%2628%3d0%2629%3d0%2631%3d1.608%2632%3d%5bWIN_BID%5d%2633%3d0%2634%3d0.666473%2637%3dch-24-hunenberg%2638%3d%5bCLICK_TYPE%5d&uid=953812214648927356&bwr=1&gdpr=0&uc=1&cs=&ccpa=&uf=0&p1=u&p2=fra2&audit=0&click=	false		unknown
https://s.yimg.com/cv/apiv2/default/houseAdsExchange/index.html?geo=uk&size=300x250	false		high
https://tag.sp.advertising.com/bid-apid/bid-apid-idsync.html	false		high
https://tag.idsync.analytics.yahoo.com/sp-frame.html?referrer=https%3A//opus.analytics.yahoo.com/tag/opus-frame.html%3Freferrer%3Dhttps%3A//www.yahoo.com/%26tbla_id%3D0073350f-714e-4a67-a8eb-c64f05fe348b-tuctbde828c%26gdpr%3Dfalse%26gdpr_consent%3D%26gpp%3DDBAA%26gpp_sid%3D-1%26us_privacy%3D1---%26reset_idsync%3D1	false		high
https://opus.analytics.yahoo.com/tag/opus-frame.html?referrer=https%3A%2F%2Fwww.yahoo.com%2F&tbla_id=0073350f-714e-4a67-a8eb-c64f05fe348b-tuctbde828c&gdpr=false&gdpr_consent=&gpp=DBAA&gpp_sid=-1&us_privacy=1---&reset_idsync=1	false		high
https://opus.analytics.yahoo.com/opus/tag/opus-frame.html?id=4	false		high
https://s.yimg.com/cv/apiv2/default/HouseAds/UK/20200522/HTML/UK_YFinance_LiDAU_300x250.html	false		high
https://s.yimg.com/rx/martini/builds/65841884/resolver.html	false		high
https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=273&pub_id=2183376	false		high
https://ssum-sec.casalemedia.com/usermatch?s=175407&gdpr=0&gdpr_consent=&gpp=DBAA&gpp_sid=-1&cb=https%3A%2F%2Fups.analytics.yahoo.com%2Fups%2F55940%2Fsync%3F_origin%3D0%26redir2%3Dtrue%26gdpr%3D0%26gdpr_consent%3D%26gpp%3DDBAA%26gpp_sid%3D-1%26uid%3D	false		high
https://s.yimg.com/cv/apiv2/default/HouseAds/UK/20210709/Yahoo_systemmechanic_DSP_UK_300x250/index.html	false		high
https://www.google.com/recaptcha/api2/aframe	false		high
https://widget.nl3.eu.criteo.com/dis/dis.aspx?pu=28005&cb=64e4fd0f7cc337781e7bfa893df2561c&r=https%3a%2f%2fs.yimg.com%2frq%2fdarla%2f4-11-1%2fhtml%2fr-sf.html&crossorigin=false	false		high
https://s.yimg.com/rq/darla/4-11-1/html/r-sf.html	false		high
https://servedby.ipromote.com/ad/?typ=1&nid=1870&adfmt=5&aid=7494733&site=8225&tid=7161370224155721114&bid=1.608&paid=1.608&cb=1426248529&qs=1%3dyahoo.com%262%3d7494733%263%3d0%264%3d0%265%3d%5bUser-Agent%5d%267%3d%5bLOG_TYPE%5d%268%3d0%269%3d1%2611%3d18770470%2612%3d11664%7c18770470%7c0%2613%3d11664%7c18770470%7c0%2614%3d1%2615%3d11680%2616%3d8225%2617%3d5%2618%3d1870%2619%3d5%2620%3d102.129.143.0%2621%3dch%2622%3d24%2623%3d0%2626%3d8225%2628%3d0%2629%3d0%2631%3d1.608%2632%3d%5bWIN_BID%5d%2633%3d0%2634%3d0.666473%2637%3dch-24-hunenberg%2638%3d%5bCLICK_TYPE%5d&uid=953812214648927356&bwr=1&gdpr=0&uc=1&cs=&ccpa=&uf=0&p1=u&p2=fra2&audit=0&click=	false		unknown
https://s.yimg.com/rx/martini/builds/65841884/executor.html	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.26.10.209	ad4m.at	United States	13335	CLOUDFLARENETUS	false
142.250.185.99	unknown	United States	15169	GOOGLEUS	false
142.250.186.68	unknown	United States	15169	GOOGLEUS	false
142.250.74.202	unknown	United States	15169	GOOGLEUS	false
34.253.165.174	match.prod.bidr.io	United States	16509	AMAZON-02US	false
18.157.60.246	match-eu-central-1-ecs.sharethrough.com	United States	16509	AMAZON-02US	false
52.58.57.165	exchange.mediavine.com	United States	16509	AMAZON-02US	false
75.101.221.2	idaas6.cph.liveintent.com	United States	14618	AMAZON-AESUS	false
104.18.24.173	a.tribalfusion.com	United States	13335	CLOUDFLARENETUS	false
216.52.2.30	emea.vap.lijit.com	United States	29791	VOXEL-DOT-NETUS	false
178.250.1.17	ads.nl3.vip.prod.criteo.com	France	44788	ASN-CRITEO-EUROPEFR	false
142.250.185.106	unknown	United States	15169	GOOGLEUS	false
178.250.1.25	csm.nl3.vip.prod.criteo.net	France	44788	ASN-CRITEO-EUROPEFR	false
77.243.51.121	uip.semasio.net	Denmark	42697	NETIC-ASDK	false
18.66.213.232	di49gqg2wml8t.cloudfront.net	United States	3	MIT-GATEWAYSUS	false
100.25.91.65	idaas-ext.cph.liveintent.com	United States	14618	AMAZON-AESUS	false
142.251.143.67	beacons-handoff.gcp.gvt2.com	United States	15169	GOOGLEUS	false
212.82.100.137	ds-global3.l7.search.ystg1.b.yahoo.com	United Kingdom	34010	YAHOO-IRDGB	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
3.127.17.186	ActivationEdge-activation-1631408035.eu-central-1.elb.amazonaws.com	United States	16509	AMAZON-02US	false
178.250.7.9	cat.fr3.vip.prod.criteo.com	France	44788	ASN-CRITEO-EUROPEFR	false
198.47.127.205	pug-ams-bc.pubmnet.com	United States	62713	AS-PUBMATICUS	false
91.228.74.206	global.px.quantserve.com	United Kingdom	27281	QUANTCASTUS	false
172.64.148.101	dsum.casalemedia.com	United States	13335	CLOUDFLARENETUS	false
178.250.7.7	ssp-sync.fr3.vip.prod.criteo.com	France	44788	ASN-CRITEO-EUROPEFR	false
95.101.148.20	contextual.media.net	European Union	20940	AKAMAI-ASN1EU	false
37.252.171.53	unknown	European Union	29990	ASN-APPNEXUS	false
192.132.33.46	bttrack.com	United States	18568	BIDTELLECTUS	false
3.67.157.131	dualstack.a-content-aeuf1-297655397.eu-central-1.elb.amazonaws.com	United States	16509	AMAZON-02US	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	true
34.104.35.123	unknown	United States	15169	GOOGLEUS	false
18.193.13.90	m-node-alb-ssl-3111-1376445793.eu-central-1.elb.amazonaws.com	United States	16509	AMAZON-02US	false
152.195.51.15	cs815200983.wac.omegacdn.net	United States	15133	EDGECASTUS	false
152.195.132.116	cs931.wpc.lambdacdn.net	United States	15133	EDGECASTUS	false
172.217.18.1	pozm2035.page.link	United States	15169	GOOGLEUS	false
151.101.1.44	tls13.taboola.map.fastly.net	United States	54113	FASTLYUS	false
35.157.246.167	unknown	United States	16509	AMAZON-02US	false
212.82.116.200	dms-cp81xxfpfjreport.wc.yahoodns.net	United Kingdom	10310	YAHOO-1US	false
108.156.69.4	unknown	United States	16509	AMAZON-02US	false
35.158.218.175	unknown	United States	16509	AMAZON-02US	false
142.250.185.193	unknown	United States	15169	GOOGLEUS	false
52.208.254.204	ds-pr-bh.ybp.gysm.yahoodns.net	United States	16509	AMAZON-02US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
193.0.160.130	unknown	Netherlands	54312	ROCKETFUELUS	false
142.250.185.195	unknown	United States	15169	GOOGLEUS	false
142.250.180.67	beacons.gvt2.com	United States	15169	GOOGLEUS	false
130.162.160.243	nados-lb-lhr.moatads.com	United States	43898	ORCL-AM-OPC1NL	false
67.202.105.22	pixel.33across.com	United States	32748	STEADFASTUS	false
185.86.138.155	ssbsync-itx5.smartadserver.com	France	201081	SMARTADSERVERFR	false
115.178.9.8	dms-avq3886edareport.wc.yahoodns.net	Hong Kong	17457	YAHOO-AU-APinternetcontentproviderCN	false
34.87.124.238	e2c8.gcp.gvt2.com	United States	15169	GOOGLEUS	false
172.217.18.13	accounts.google.com	United States	15169	GOOGLEUS	false
67.195.176.40	dms-b3sme2t71zreport.wc.yahoodns.net	United States	26101	YAHOO-3US	false
77.238.180.76	v-avq3886eda.wc.yahoodns.net	United Kingdom	203070	YAHOO-FRAFR	false
185.255.84.152	visitor-fra02.omnitagjs.com	France	200271	IGUANE-FR	false
142.250.186.130	cm.g.doubleclick.net	United States	15169	GOOGLEUS	false
151.101.2.49	unknown	United States	54113	FASTLYUS	false
18.185.199.180	sonata-notifications.taptapnetworks.com	United States	16509	AMAZON-02US	false
208.93.169.131	am1-direct-bgp.contextweb.com	United States	26228	SERVEPATHUS	false
87.248.119.251	unknown	United Kingdom	203220	YAHOO-DEBDE	false
87.248.119.252	edge.gycpi.b.yahoodns.net	United Kingdom	203220	YAHOO-DEBDE	false
37.252.172.123	fra1-ib.adnxs.com	European Union	29990	ASN-APPNEXUS	false
46.228.164.11	unknown	United Kingdom	56396	TURNGB	false
188.166.17.21	match.adsby.bidtheatre.com	Netherlands	14061	DIGITALOCEAN-ASNUS	false
34.193.222.122	uplynk-beacon-newvpc-1603485991.us-east-1.elb.amazonaws.com	United States	14618	AMAZON-AESUS	false
23.32.185.123	unknown	United States	16625	AKAMAI-ASUS	false
185.89.211.12	unknown	Germany	29990	ASN-APPNEXUS	false
142.250.180.99	unknown	United States	15169	GOOGLEUS	false
139.162.23.100	cm53.appier.org	Netherlands	63949	LINODE-APLinodeLLCUS	false
178.250.1.9	widget.nl3.vip.prod.criteo.com	France	44788	ASN-CRITEO-EUROPEFR	false
178.250.1.6	cat.nl3.vip.prod.criteo.com	France	44788	ASN-CRITEO-EUROPEFR	false
2.22.152.20	unknown	European Union	16625	AKAMAI-ASUS	false
34.255.171.99	dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com	United States	16509	AMAZON-02US	false
152.195.39.165	cs747173190.wac.omegacdn.net	United States	15133	EDGECASTUS	false
3.89.78.13	lynx-prod-beacon-alb-498367235.us-east-1.elb.amazonaws.com	United States	14618	AMAZON-AESUS	false
18.65.39.28	sb.scorecardresearch.com	United States	3	MIT-GATEWAYSUS	false
23.33.67.26	unknown	United States	16625	AKAMAI-ASUS	false
69.166.1.35	iad-2-sync.go.sonobi.com	United States	27630	AS-XFERNETUS	false
87.248.100.215	new-fp-shed.wg1.b.yahoo.com	United Kingdom	34010	YAHOO-IRDGB	false
95.101.54.106	unknown	European Union	34164	AKAMAI-LONGB	false
3.71.227.249	alb-aws-fr-bruges-1875226813.eu-central-1.elb.amazonaws.com	United States	16509	AMAZON-02US	false
46.228.174.117	sync.1rx.io	United Kingdom	56396	TURNGB	false
99.81.48.56	rtb.gumgum.com	United States	16509	AMAZON-02US	false
3.123.160.194	elb-aws-fr-dorpat-283474803.eu-central-1.elb.amazonaws.com	United States	16509	AMAZON-02US	false
104.18.25.173	s.tribalfusion.com	United States	13335	CLOUDFLARENETUS	false
54.229.28.102	prod-rotation-v2.guce.aws.oath.cloud	United States	16509	AMAZON-02US	false
52.29.174.244	dxedge-prod-lb-404808087.eu-central-1.elb.amazonaws.com	United States	16509	AMAZON-02US	false
207.207.55.246	yhp.mxptint.net	United States	3900	TEXASNET-ASNUS	false
2.23.197.190	unknown	European Union	1273	CWVodafoneGroupPLCEU	false
142.250.184.225	unknown	United States	15169	GOOGLEUS	false
198.47.127.20	spug-amsfpairbc.pubmnet.com	United States	62713	AS-PUBMATICUS	false
220.150.223.50	sync-dsp.ad-m.asia	Japan	10013	FBDCFreeBitCoLtdJP	false
142.250.186.33	unknown	United States	15169	GOOGLEUS	false
142.250.185.66	securepubads46.g.doubleclick.net	United States	15169	GOOGLEUS	false
52.46.155.104	s.amazon-adsystem.com	United States	16509	AMAZON-02US	false
192.96.203.13	sync.aralego.com	United States	30633	LEASEWEB-USA-WDCUS	false
69.173.144.165	unknown	United States	26667	RUBICONPROJECTUS	false
35.213.109.249	dac-yieldone-gce.pool.iponweb.net	United States	19527	GOOGLE-2US	false
157.90.211.246	sync.richaudience.com	United States	766	REDIRISRedIRISAutonomousSystemES	false

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	38.0.0 Beryl
Analysis ID:	1295422
Start date and time:	2023-08-22 20:22:35 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://www.google.com/url?q=https://pozm2035.page.link/PZXe&source=gmail&ust=1692781564559000&usg=AOvVaw084xa1EwhX85qijmfZW_0p
Analysis system description:	Windows 10 64 bit version 1909 (MS Office 2019, IE 11, Chrome 104, Firefox 88, Adobe Reader DC 21, Java 8 u291, 7-Zip)
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.win@45/625@211/564

Warnings

Exclude process from analysis (whitelisted): SIHClient.exe
Excluded IPs from analysis (whitelisted): 142.250.185.195, 34.104.35.123, 142.250.74.202, 172.217.18.10, 216.58.212.170, 142.250.186.138, 172.217.18.106, 142.250.181.234, 142.250.186.106, 216.58.206.42, 142.250.186.170, 142.250.185.74, 142.250.186.42, 172.217.16.138, 142.250.186.74, 142.250.185.106, 172.217.23.106, 172.217.16.202, 2.23.197.190, 193.0.160.130, 13.107.21.200, 204.79.197.200, 23.32.185.123, 69.173.144.165, 69.173.144.139, 69.173.144.138, 37.157.4.28, 37.157.5.132, 37.157.4.29, 37.157.5.133, 37.157.5.84, 151.101.2.49, 151.101.130.49, 151.101.66.49, 151.101.194.49, 63.215.202.140, 142.250.186.161, 142.250.186.98
Excluded domains from analysis (whitelisted): tags.bluekai.com.edgekey.net, 404331072a8eda23e2da75954088bc39.safeframe.googlesyndication.com, uipglob.trafficmanager.net, content-autofill.googleapis.com, pixel.rubiconproject.net.akadns.net, slscr.update.microsoft.com, c-bing-com.a-0001.a-msedge.net, dual-a-0001.a-msedge.net, wildcard.moatads.com.edgekey.net, clientservices.googleapis.com, a-emea.rfihub.com.akadns.net, pagead2.googlesyndication.com, track.adformnet.akadns.net, cs701.lb.wpc.apr-1b09e.edgecastdns.net, e9126.x.akamaiedge.net, edgedl.me.gvt1.com, login.live.com, c.bing.com, bfp.global.dual.dotomi.weighted.com.akadns.net, tpc.googlesyndication.com, a.rfihub.com.akadns.net, e13136.g.akamaiedge.net, h2.shared.global.fastly.net
Not all processes where analyzed, report is missing behavior information

Source: about:blank	HTTP Parser: No favicon
Source: about:blank	HTTP Parser: No favicon
Source: https://s.yimg.com/rq/darla/4-11-1/html/r-csc.html	HTTP Parser: No favicon
Source: https://tag.idsync.analytics.yahoo.com/sp-frame.html?referrer=https%3A//opus.analytics.yahoo.com/tag/opus-frame.html%3Freferrer%3Dhttps%3A//www.yahoo.com/%26tbla_id%3D0073350f-714e-4a67-a8eb-c64f05fe348b-tuctbde828c%26gdpr%3Dfalse%26gdpr_consent%3D%26gpp%3DDBAA%26gpp_sid%3D-1%26us_privacy%3D1---%26reset_idsync%3D1	HTTP Parser: No favicon
Source: https://tag.idsync.analytics.yahoo.com/sp-frame.html?referrer=https%3A//opus.analytics.yahoo.com/tag/opus-frame.html%3Freferrer%3Dhttps%3A//www.yahoo.com/%26tbla_id%3D0073350f-714e-4a67-a8eb-c64f05fe348b-tuctbde828c%26gdpr%3Dfalse%26gdpr_consent%3D%26gpp%3DDBAA%26gpp_sid%3D-1%26us_privacy%3D1---%26reset_idsync%3D1	HTTP Parser: No favicon
Source: https://opus.analytics.yahoo.com/tag/opus-frame.html?referrer=https%3A%2F%2Fwww.yahoo.com%2F&tbla_id=0073350f-714e-4a67-a8eb-c64f05fe348b-tuctbde828c&gdpr=false&gdpr_consent=&gpp=DBAA&gpp_sid=-1&us_privacy=1---&reset_idsync=1	HTTP Parser: No favicon
Source: https://s.yimg.com/rq/darla/4-11-1/html/r-sf.html	HTTP Parser: No favicon
Source: https://s.yimg.com/rq/darla/4-11-1/html/r-sf.html	HTTP Parser: No favicon
Source: https://s.yimg.com/rq/darla/4-11-1/html/r-sf.html	HTTP Parser: No favicon
Source: https://s.yimg.com/rq/darla/4-11-1/html/r-sf.html	HTTP Parser: No favicon
Source: https://s.yimg.com/rq/darla/4-11-1/html/r-csc.html	HTTP Parser: No favicon
Source: https://s.yimg.com/rq/darla/4-11-1/html/r-csc.html	HTTP Parser: No favicon
Source: https://s.yimg.com/rq/darla/4-11-1/html/r-sf.html	HTTP Parser: No favicon
Source: https://s.yimg.com/rq/darla/4-11-1/html/r-sf.html	HTTP Parser: No favicon
Source: https://s.yimg.com/rq/darla/4-11-1/html/r-sf.html	HTTP Parser: No favicon
Source: https://s.yimg.com/rq/darla/4-11-1/html/r-sf.html	HTTP Parser: No favicon
Source: https://s.yimg.com/rq/darla/4-11-1/html/r-sf.html	HTTP Parser: No favicon
Source: https://s.yimg.com/rq/darla/4-11-1/html/r-sf.html	HTTP Parser: No favicon
Source: https://404331072a8eda23e2da75954088bc39.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1	HTTP Parser: No favicon
Source: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fups.analytics.yahoo.com%2Fups%2F55940%2Fsync%3Fgpp%3D%26gpp_sid%3D%26_origin%3D0%26redir2%3Dtrue%26gdpr%3D0%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26uid%3D&gdpr=0&gdpr_consent=&gpp=&gpp_sid=&s=175407&C=1	HTTP Parser: No favicon
Source: https://s.yimg.com/cv/apiv2/default/HouseAds/UK/20210709/Yahoo_systemmechanic_DSP_UK_300x250/index.html	HTTP Parser: No favicon
Source: https://s.yimg.com/cv/apiv2/default/HouseAds/UK/20210709/Yahoo_systemmechanic_DSP_UK_300x250/index.html	HTTP Parser: No favicon
Source: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/aframe	HTTP Parser: No favicon
Source: https://www.yahoo.com/pdarla/php/fc.php?tID=1&d=0&f=2023538075&l=LREC&rn=1692728616726&en=utf-8&npv=1&lang=en-US&filter=no_expandable%253Bexp_iframe_expandable%253B&ref=https%253A//www.yahoo.com/&tgt=_blank&sa=Y-BUCKET%253D%2522MimicProviderListv2-copy%252CFPDYNAMICADSLOTON%252CTNBE007%252Cdrop_heimdall_homepage_control_bucket%252Cseamless%2522%2520fdn%253D1%2520bct%253D1%2520ctout%253D380%2520geminifed%253D1%2520rs%253D%2522lu%253A0%253Bpt%253Ahome%253Bsite%253Afp%253Bver%253Amegastrm%2522%2520refresh%253Dtrue&ult=pg%253Aproperty%25253Afp_en-US%25253Brid%25253A490klttie9v89%25253Btest%25253AMimicProviderListv2-copy%252525252CFPDYNAMICADSLOTON%252525252CTNBE007%252525252Cdrop_heimdall_homepage_control_bucket%252525252Cseamless&ar=1	HTTP Parser: No favicon
Source: https://tag.sp.advertising.com/bid-apid/bid-apid-idsync.html	HTTP Parser: No favicon
Source: https://c15cf678e04c68ecd4a74862553cb8eb.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1	HTTP Parser: No favicon
Source: https://opus.analytics.yahoo.com/opus/tag/opus-frame.html?id=4	HTTP Parser: No favicon
Source: https://ssum-sec.casalemedia.com/usermatch?s=175407&gdpr=0&gdpr_consent=&gpp=DBAA&gpp_sid=-1&cb=https%3A%2F%2Fups.analytics.yahoo.com%2Fups%2F55940%2Fsync%3F_origin%3D0%26redir2%3Dtrue%26gdpr%3D0%26gdpr_consent%3D%26gpp%3DDBAA%26gpp_sid%3D-1%26uid%3D	HTTP Parser: No favicon
Source: https://s.yimg.com/rq/darla/4-11-1/html/r-csc.html	HTTP Parser: No favicon
Source: https://s.yimg.com/rq/darla/4-11-1/html/r-csc.html	HTTP Parser: No favicon
Source: https://s.yimg.com/rq/darla/4-11-1/html/r-csc.html	HTTP Parser: No favicon
Source: https://s.yimg.com/rq/darla/4-11-1/html/r-sf.html	HTTP Parser: No favicon
Source: https://s.yimg.com/rq/darla/4-11-1/html/r-sf.html	HTTP Parser: No favicon
Source: https://s.yimg.com/rq/darla/4-11-1/html/r-sf.html	HTTP Parser: No favicon
Source: https://www.yahoo.com/pdarla/php/fc.php?tID=2&d=0&f=2023538075&l=LREC&rn=1692728636745&en=utf-8&npv=1&lang=en-US&filter=no_expandable%253Bexp_iframe_expandable%253B&ref=https%253A//www.yahoo.com/&tgt=_blank&sa=Y-BUCKET%253D%2522MimicProviderListv2-copy%252CFPDYNAMICADSLOTON%252CTNBE007%252Cdrop_heimdall_homepage_control_bucket%252Cseamless%2522%2520fdn%253D1%2520bct%253D1%2520ctout%253D380%2520geminifed%253D1%2520rs%253D%2522lu%253A0%253Bpt%253Ahome%253Bsite%253Afp%253Bver%253Amegastrm%2522%2520refresh%253Dtrue&ult=pg%253Aproperty%25253Afp_en-US%25253Brid%25253A490klttie9v89%25253Btest%25253AMimicProviderListv2-copy%252525252CFPDYNAMICADSLOTON%252525252CTNBE007%252525252Cdrop_heimdall_homepage_control_bucket%252525252Cseamless&ar=1	HTTP Parser: No favicon
Source: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=11664&pub_id=1737121	HTTP Parser: No favicon
Source: https://servedby.ipromote.com/ad/?typ=1&nid=1870&adfmt=5&aid=7494733&site=8225&tid=7161370224155721114&bid=1.608&paid=1.608&cb=1426248529&qs=1%3dyahoo.com%262%3d7494733%263%3d0%264%3d0%265%3d%5bUser-Agent%5d%267%3d%5bLOG_TYPE%5d%268%3d0%269%3d1%2611%3d18770470%2612%3d11664%7c18770470%7c0%2613%3d11664%7c18770470%7c0%2614%3d1%2615%3d11680%2616%3d8225%2617%3d5%2618%3d1870%2619%3d5%2620%3d102.129.143.0%2621%3dch%2622%3d24%2623%3d0%2626%3d8225%2628%3d0%2629%3d0%2631%3d1.608%2632%3d%5bWIN_BID%5d%2633%3d0%2634%3d0.666473%2637%3dch-24-hunenberg%2638%3d%5bCLICK_TYPE%5d&uid=953812214648927356&bwr=1&gdpr=0&uc=1&cs=&ccpa=&uf=0&p1=u&p2=fra2&audit=0&click=	HTTP Parser: No favicon
Source: https://servedby.ipromote.com/ad/?typ=1&nid=1870&adfmt=5&aid=7494733&site=8225&tid=7161370224155721114&bid=1.608&paid=1.608&cb=1426248529&qs=1%3dyahoo.com%262%3d7494733%263%3d0%264%3d0%265%3d%5bUser-Agent%5d%267%3d%5bLOG_TYPE%5d%268%3d0%269%3d1%2611%3d18770470%2612%3d11664%7c18770470%7c0%2613%3d11664%7c18770470%7c0%2614%3d1%2615%3d11680%2616%3d8225%2617%3d5%2618%3d1870%2619%3d5%2620%3d102.129.143.0%2621%3dch%2622%3d24%2623%3d0%2626%3d8225%2628%3d0%2629%3d0%2631%3d1.608%2632%3d%5bWIN_BID%5d%2633%3d0%2634%3d0.666473%2637%3dch-24-hunenberg%2638%3d%5bCLICK_TYPE%5d&uid=953812214648927356&bwr=1&gdpr=0&uc=1&cs=&ccpa=&uf=0&p1=u&p2=fra2&audit=0&click=	HTTP Parser: No favicon
Source: https://servedby.ipromote.com/ad/?typ=1&nid=1870&adfmt=5&aid=7494733&site=8225&tid=7161370224155721114&bid=1.608&paid=1.608&cb=1426248529&qs=1%3dyahoo.com%262%3d7494733%263%3d0%264%3d0%265%3d%5bUser-Agent%5d%267%3d%5bLOG_TYPE%5d%268%3d0%269%3d1%2611%3d18770470%2612%3d11664%7c18770470%7c0%2613%3d11664%7c18770470%7c0%2614%3d1%2615%3d11680%2616%3d8225%2617%3d5%2618%3d1870%2619%3d5%2620%3d102.129.143.0%2621%3dch%2622%3d24%2623%3d0%2626%3d8225%2628%3d0%2629%3d0%2631%3d1.608%2632%3d%5bWIN_BID%5d%2633%3d0%2634%3d0.666473%2637%3dch-24-hunenberg%2638%3d%5bCLICK_TYPE%5d&uid=953812214648927356&bwr=1&gdpr=0&uc=1&cs=&ccpa=&uf=0&p1=u&p2=fra2&audit=0&click=	HTTP Parser: No favicon
Source: https://www.yahoo.com/pdarla/php/fc.php?tID=3&d=0&f=2023538075&l=LREC&rn=1692728656757&en=utf-8&npv=1&lang=en-US&filter=no_expandable%253Bexp_iframe_expandable%253B&ref=https%253A//www.yahoo.com/&tgt=_blank&sa=Y-BUCKET%253D%2522MimicProviderListv2-copy%252CFPDYNAMICADSLOTON%252CTNBE007%252Cdrop_heimdall_homepage_control_bucket%252Cseamless%2522%2520fdn%253D1%2520bct%253D1%2520ctout%253D380%2520geminifed%253D1%2520rs%253D%2522lu%253A0%253Bpt%253Ahome%253Bsite%253Afp%253Bver%253Amegastrm%2522%2520refresh%253Dtrue&ult=pg%253Aproperty%25253Afp_en-US%25253Brid%25253A490klttie9v89%25253Btest%25253AMimicProviderListv2-copy%252525252CFPDYNAMICADSLOTON%252525252CTNBE007%252525252Cdrop_heimdall_homepage_control_bucket%252525252Cseamless&ar=2	HTTP Parser: No favicon
Source: https://064576484a9e16f0fdff64854191296e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1	HTTP Parser: No favicon
Source: https://s.yimg.com/cv/apiv2/default/HouseAds/UK/20200522/HTML/UK_YFinance_LiDAU_300x250.html	HTTP Parser: No favicon
Source: https://s.yimg.com/rq/darla/4-11-1/html/r-csc.html	HTTP Parser: No favicon
Source: https://s.yimg.com/rq/darla/4-11-1/html/r-csc.html	HTTP Parser: No favicon
Source: https://s.yimg.com/rq/darla/4-11-1/html/r-sf.html	HTTP Parser: No favicon
Source: https://s.yimg.com/rq/darla/4-11-1/html/r-sf.html	HTTP Parser: No favicon
Source: https://www.yahoo.com/pdarla/php/fc.php?tID=4&d=0&f=2023538075&l=LREC&rn=1692728666805&en=utf-8&npv=1&lang=en-US&filter=no_expandable%253Bexp_iframe_expandable%253B&ref=https%253A//www.yahoo.com/&tgt=_blank&sa=Y-BUCKET%253D%2522MimicProviderListv2-copy%252CFPDYNAMICADSLOTON%252CTNBE007%252Cdrop_heimdall_homepage_control_bucket%252Cseamless%2522%2520fdn%253D1%2520bct%253D1%2520ctout%253D380%2520geminifed%253D1%2520rs%253D%2522lu%253A0%253Bpt%253Ahome%253Bsite%253Afp%253Bver%253Amegastrm%2522%2520refresh%253Dtrue&ult=pg%253Aproperty%25253Afp_en-US%25253Brid%25253A490klttie9v89%25253Btest%25253AMimicProviderListv2-copy%252525252CFPDYNAMICADSLOTON%252525252CTNBE007%252525252Cdrop_heimdall_homepage_control_bucket%252525252Cseamless&ar=2	HTTP Parser: No favicon
Source: https://2d800b704a878a42e04fc7b4ddd399c4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1	HTTP Parser: No favicon
Source: https://www.yahoo.com/pdarla/php/fc.php?tID=5&d=0&f=2023538075&l=LREC&rn=1692728686822&en=utf-8&npv=1&lang=en-US&filter=no_expandable%253Bexp_iframe_expandable%253B&ref=https%253A//www.yahoo.com/&tgt=_blank&sa=Y-BUCKET%253D%2522MimicProviderListv2-copy%252CFPDYNAMICADSLOTON%252CTNBE007%252Cdrop_heimdall_homepage_control_bucket%252Cseamless%2522%2520fdn%253D1%2520bct%253D1%2520ctout%253D380%2520geminifed%253D1%2520rs%253D%2522lu%253A0%253Bpt%253Ahome%253Bsite%253Afp%253Bver%253Amegastrm%2522%2520refresh%253Dtrue&ult=pg%253Aproperty%25253Afp_en-US%25253Brid%25253A490klttie9v89%25253Btest%25253AMimicProviderListv2-copy%252525252CFPDYNAMICADSLOTON%252525252CTNBE007%252525252Cdrop_heimdall_homepage_control_bucket%252525252Cseamless&ar=3	HTTP Parser: No favicon
Source: https://s.yimg.com/rq/darla/4-11-1/html/r-csc.html	HTTP Parser: No favicon
Source: https://s.yimg.com/rq/darla/4-11-1/html/r-sf.html	HTTP Parser: No favicon
Source: https://s.yimg.com/rq/darla/4-11-1/html/r-sf.html	HTTP Parser: No favicon
Source: https://s.yimg.com/rq/darla/4-11-1/html/r-sf.html	HTTP Parser: No favicon
Source: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=273&pub_id=2183376	HTTP Parser: No favicon
Source: https://servedby.ipromote.com/ad/?typ=1&nid=1870&adfmt=5&aid=7643157&site=8225&tid=8894687860300669089&bid=1.608&paid=1.608&cb=761310325&qs=1%3dyahoo.com%262%3d7643157%263%3d0%264%3d0%265%3d%5bUser-Agent%5d%267%3d%5bLOG_TYPE%5d%268%3d0%269%3d1%2611%3d26810648%2612%3d273%7c26810648%7c0%2613%3d273%7c26810648%7c0%2614%3d1%2615%3d2713%2616%3d8225%2617%3d5%2618%3d1870%2619%3d5%2620%3d102.129.143.0%2621%3dch%2622%3d24%2623%3d0%2626%3d8225%2628%3d0%2629%3d0%2631%3d1.608%2632%3d%5bWIN_BID%5d%2633%3d0%2634%3d0.671183%2637%3dch-24-hunenberg%2638%3d%5bCLICK_TYPE%5d&uid=953812214648927356&bwr=1&gdpr=0&uc=1&cs=&ccpa=&uf=0&p1=u&p2=fra2&audit=0&click=	HTTP Parser: No favicon
Source: https://servedby.ipromote.com/ad/?typ=1&nid=1870&adfmt=5&aid=7643157&site=8225&tid=8894687860300669089&bid=1.608&paid=1.608&cb=761310325&qs=1%3dyahoo.com%262%3d7643157%263%3d0%264%3d0%265%3d%5bUser-Agent%5d%267%3d%5bLOG_TYPE%5d%268%3d0%269%3d1%2611%3d26810648%2612%3d273%7c26810648%7c0%2613%3d273%7c26810648%7c0%2614%3d1%2615%3d2713%2616%3d8225%2617%3d5%2618%3d1870%2619%3d5%2620%3d102.129.143.0%2621%3dch%2622%3d24%2623%3d0%2626%3d8225%2628%3d0%2629%3d0%2631%3d1.608%2632%3d%5bWIN_BID%5d%2633%3d0%2634%3d0.671183%2637%3dch-24-hunenberg%2638%3d%5bCLICK_TYPE%5d&uid=953812214648927356&bwr=1&gdpr=0&uc=1&cs=&ccpa=&uf=0&p1=u&p2=fra2&audit=0&click=	HTTP Parser: No favicon
Source: https://servedby.ipromote.com/ad/?typ=1&nid=1870&adfmt=5&aid=7643157&site=8225&tid=8894687860300669089&bid=1.608&paid=1.608&cb=761310325&qs=1%3dyahoo.com%262%3d7643157%263%3d0%264%3d0%265%3d%5bUser-Agent%5d%267%3d%5bLOG_TYPE%5d%268%3d0%269%3d1%2611%3d26810648%2612%3d273%7c26810648%7c0%2613%3d273%7c26810648%7c0%2614%3d1%2615%3d2713%2616%3d8225%2617%3d5%2618%3d1870%2619%3d5%2620%3d102.129.143.0%2621%3dch%2622%3d24%2623%3d0%2626%3d8225%2628%3d0%2629%3d0%2631%3d1.608%2632%3d%5bWIN_BID%5d%2633%3d0%2634%3d0.671183%2637%3dch-24-hunenberg%2638%3d%5bCLICK_TYPE%5d&uid=953812214648927356&bwr=1&gdpr=0&uc=1&cs=&ccpa=&uf=0&p1=u&p2=fra2&audit=0&click=	HTTP Parser: No favicon
Source: https://www.yahoo.com/pdarla/php/fc.php?tID=6&d=0&f=2023538075&l=LREC&rn=1692728706853&en=utf-8&npv=1&lang=en-US&filter=no_expandable%253Bexp_iframe_expandable%253B&ref=https%253A//www.yahoo.com/&tgt=_blank&sa=Y-BUCKET%253D%2522MimicProviderListv2-copy%252CFPDYNAMICADSLOTON%252CTNBE007%252Cdrop_heimdall_homepage_control_bucket%252Cseamless%2522%2520fdn%253D1%2520bct%253D1%2520ctout%253D380%2520geminifed%253D1%2520rs%253D%2522lu%253A0%253Bpt%253Ahome%253Bsite%253Afp%253Bver%253Amegastrm%2522%2520refresh%253Dtrue&ult=pg%253Aproperty%25253Afp_en-US%25253Brid%25253A490klttie9v89%25253Btest%25253AMimicProviderListv2-copy%252525252CFPDYNAMICADSLOTON%252525252CTNBE007%252525252Cdrop_heimdall_homepage_control_bucket%252525252Cseamless&ar=4	HTTP Parser: No favicon
Source: https://servedby.ipromote.com/ad/?typ=1&nid=1870&adfmt=5&aid=7507898&site=8225&tid=3109734541521556015&bid=1.608&paid=1.608&cb=1265846266&qs=1%3dyahoo.com%262%3d7507898%263%3d0%264%3d0%265%3d%5bUser-Agent%5d%267%3d%5bLOG_TYPE%5d%268%3d0%269%3d1%2611%3d18770470%2612%3d11664%7c18770470%7c0%2613%3d11664%7c18770470%7c0%2614%3d1%2615%3d14172%2616%3d8225%2617%3d5%2618%3d1870%2619%3d2%2620%3d102.129.143.0%2621%3dch%2622%3d24%2623%3d0%2626%3d8225%2628%3d0%2629%3d0%2631%3d1.608%2632%3d%5bWIN_BID%5d%2633%3d0%2634%3d0.666473%2637%3dch-24-hunenberg%2638%3d%5bCLICK_TYPE%5d&uid=953812214648927356&bwr=1&gdpr=0&uc=1&cs=&ccpa=&uf=0&p1=u&p2=fra2&audit=0&click=	HTTP Parser: No favicon

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (8127)
Category:	downloaded
Size (bytes):	8128
Entropy (8bit):	5.210425618876301
Encrypted:	false
SSDEEP:
MD5:	26831B6BD9EA430823F593B6A70C7375
SHA1:	01AA2FCC9820194D914DAEB4F5BF84F8447CBE4A
SHA-256:	BAA52E8AC769D702E14FD1FA5A4363A1FC7E6462115AB6BCDBB317CE0E99DA8B
SHA-512:	1F5F82EDA1CAB4518C172ABB7DA75556D1D49D0ADBEBF4F5EBC389317E428723D1E718E2510552A9061ADD5410819273364766EE57207FACFEDF08C976689BF9
Malicious:	false
Reputation:	low
URL:	https://s.yimg.com/cx/pv/perf-vitals_3.1.0.js
Preview:	!function(){"use strict";var e,t,n,i,r,a=-1,o=function(e){addEventListener("pageshow",(function(t){t.persisted&&(a=t.timeStamp,e(t))}),!0)},c=function(){return window.performance&&performance.getEntriesByType&&performance.getEntriesByType("navigation")[0]},u=function(){var e=c();return e&&e.activationStart\|\|0},s=function(e,t){var n=c(),i="navigate";return a>=0?i="back-forward-cache":n&&(i=document.prerendering\|\|u()>0?"prerender":document.wasDiscarded?"restore":n.type.replace(/_/g,"-")),{name:e,value:void 0===t?-1:t,rating:"good",delta:0,entries:[],id:"v3-".concat(Date.now(),"-").concat(Math.floor(8999999999999*Math.random())+1e12),navigationType:i}},f=function(e,t,n){try{if(PerformanceObserver.supportedEntryTypes.includes(e)){var i=new PerformanceObserver((function(e){Promise.resolve().then((function(){t(e.getEntries())}))}));return i.observe(Object.assign({type:e,buffered:!0},n\|\|{})),i}}catch(e){}},d=function(e,t,n,i){var r,a;return function(o){t.value>=0&&(o\|\|i)&&((a=t.value-(r\|\|0))\|

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	850
Entropy (8bit):	5.4327133956302305
Encrypted:	false
SSDEEP:
MD5:	A7A573982AF1DC947A9537CAB5C43A8F
SHA1:	F6C15C20C3152B92A247E6EC2EFB2BBA66EC2544
SHA-256:	1C3A4A7FB41B4E87F9A108735A67C5847E3E4ADC7FAF805AE785B38F3B946493
SHA-512:	B4D55BBE21E0EA6E35D9205E88613A3A891C444CE99730F5D37FFC38C5485B49F05D97097AC8080C3731EE62099A8695E66AD3B339F6910C38C5787321900E1B
Malicious:	false
Reputation:	low
URL:	https://fonts.googleapis.com/css2?family=Pathway+Gothic+One&display=swap
Preview:	/* latin-ext /.@font-face {. font-family: 'Pathway Gothic One';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/pathwaygothicone/v15/MwQrbgD32-KAvjkYGNUUxAtW7pEBwx-tRVZfX80.woff2) format('woff2');. unicode-range: U+0100-02AF, U+0304, U+0308, U+0329, U+1E00-1E9F, U+1EF2-1EFF, U+2020, U+20A0-20AB, U+20AD-20CF, U+2113, U+2C60-2C7F, U+A720-A7FF;.}./ latin */.@font-face {. font-family: 'Pathway Gothic One';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/pathwaygothicone/v15/MwQrbgD32-KAvjkYGNUUxAtW7pEBwx-tS1Zf.woff2) format('woff2');. unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+0304, U+0308, U+0329, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;.}.

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 536x284, components 3
Category:	dropped
Size (bytes):	41890
Entropy (8bit):	7.965717198626163
Encrypted:	false
SSDEEP:
MD5:	D547A703040F76A06DAF405934255567
SHA1:	AF42739B6F10661C5626578435DA5285CB7C8E9E
SHA-256:	D2977E29B4CB9CDBD656AA484520E13E5D606043B1AFF12539261C8DE5F20D7E
SHA-512:	54D9B3DE1A9DF508B34940FEF5C05C1114D40372F3AF5087FBC767005165542113AF821249938908428CFDC819671EE5BC031BE144D2C840261F98F6444BDCBD
Malicious:	false
Reputation:	low
Preview:	......JFIF..............ICC_PROFILE............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......$rXYZ........gXYZ...(....bXYZ...<....wtpt...P....rTRC...d...(gTRC...d...(bTRC...d...(cprt.......<mluc............enUS.........s.R.G.BXYZ ......o...8.....XYZ ......b.........XYZ ......$.........XYZ ...............-para..........ff......Y.......[........mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6...C....................................................................C.....................................................................................................................P..........................!..1AQa."2q....#B..R.....$3CSb...4..%DEUcr.&Tes5d....................................5.........................!...1A"#Q..$23a4Bq..%CR5..............?..;f.S.S....;+3,.B.p`.F..K\|..x..Y`i:.>1j.%6..Y.g%....:...@x...z.j--'~.d.....k..s..!...........!.s#"$L.2{...d.'. .(.S.[..k..F.4.....-.de

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 70", baseline, precision 8, 300x200, components 3
Category:	downloaded
Size (bytes):	10708
Entropy (8bit):	7.9342306498668265
Encrypted:	false
SSDEEP:
MD5:	9EFC4045F18E2CCD0FF240F9B7095655
SHA1:	250965E59B9A9472FFFF70882EE9FE464BBD07EB
SHA-256:	89BF586E90BD1B480F7E7335EFCA3A52FEC5F6E39D45C7471C4FFA8C9478793C
SHA-512:	9F5DAB96F4E3FD9C87FD434375B297C6966C730A43ECC4108A541F704B83CEA807E0EB2779E66CB8C90458F437273F62BBC25462B96B94D0828602554740DEAD
Malicious:	false
Reputation:	low
URL:	https://cdn.ipromote.com/n/4255/advertiser/1279920/media/15975306_sized.JPG
Preview:	......JFIF.....`.`.....;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 70....C...........................#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C...........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;........,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.......r.f.\..G..5...H..&<v..Zu...+..6m..m=.........<...]V0}y.P.ef.6..q.K+a..1.^.1N.,e.eQ....<.yi(.......4....Nx..x..N<....x..S.2...)M...`k._....3w92.#..q..\Z...d>.-b..csL..5..dS.j..V.r.$.<.@......D..^.c.Z...U.T..t:l?.@.t...............^vD.....S.V.JU.g.K.....E.=Ms.3.....I]..........>y......>v

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3444)
Category:	downloaded
Size (bytes):	185101
Entropy (8bit):	5.383590851416161
Encrypted:	false
SSDEEP:
MD5:	0453F9ED78F17AAB09FBE88123A1DB12
SHA1:	C9F4AF3921B2F7C6F74EBC89411B227336AF356A
SHA-256:	5C2408269F0FD9CD51B9957E98166B451349F23158CC075361929C19DFF66078
SHA-512:	8C6111A6D99B8CDCBFBF35DDF3B0EF169C272B176047089E0E2403646E4DE7D4B9A6FF04297A212CAADC2483EA34DCC282A0ADDEDC2337E8450766FDBEE38725
Malicious:	false
Reputation:	low
URL:	https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Preview:	(function(){/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var m,aa=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}},ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a},ca=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");},da=.ca(this),n=function(a,b){if(b)a:{var c=da;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ba(c,a,{configurable:!0,writable:!0,value:b})}};.n("Symbol",function(a){if(a)return a;var b=function(f,g){this.Uf=f;ba(this,"description",{configurable:!0,writable:!0,value:g})};b.prototype.toString=function(){return this.Uf};var c

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://www.google.com/url?q=https://pozm2035.page.link/PZXe&source=gmail&ust=1692781564559000&usg=AOvVaw084xa1EwhX85qijmfZW_0p

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

Chrome Cache Entry: 300

Chrome Cache Entry: 306

Chrome Cache Entry: 307

Chrome Cache Entry: 308

Chrome Cache Entry: 309

Chrome Cache Entry: 311

Chrome Cache Entry: 316

Chrome Cache Entry: 317

Chrome Cache Entry: 319

Chrome Cache Entry: 321

Chrome Cache Entry: 322

Chrome Cache Entry: 323

Chrome Cache Entry: 324

Chrome Cache Entry: 325

Chrome Cache Entry: 327

Chrome Cache Entry: 328

Chrome Cache Entry: 329

Chrome Cache Entry: 330

Chrome Cache Entry: 331

Chrome Cache Entry: 332

Chrome Cache Entry: 333

Chrome Cache Entry: 334

Chrome Cache Entry: 335

Chrome Cache Entry: 338

Chrome Cache Entry: 341

Chrome Cache Entry: 343

Chrome Cache Entry: 344

Chrome Cache Entry: 345

Chrome Cache Entry: 347

Chrome Cache Entry: 349

Chrome Cache Entry: 353

Chrome Cache Entry: 356

Chrome Cache Entry: 358

Chrome Cache Entry: 360

Chrome Cache Entry: 361

Chrome Cache Entry: 362

Chrome Cache Entry: 363

Chrome Cache Entry: 365

Chrome Cache Entry: 366

Windows Analysis Report
https://www.google.com/url?q=https://pozm2035.page.link/PZXe&source=gmail&ust=1692781564559000&usg=AOvVaw084xa1EwhX85qijmfZW_0p