Edit tour

Windows Analysis Report
http://tddolc.sunnysee.cc/34546de4235m342356?affsub2=hkuoxewm&st=nfairafh

Overview

General Information

Sample URL:	http://tddolc.sunnysee.cc/34546de4235m342356?affsub2=hkuoxewm&st=nfairafh
Analysis ID:	1300226

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Snort IDS alert for network traffic

Connects to several IPs in different countries

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6476 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://tddolc.sunnysee.cc/34546de4235m342356?affsub2=hkuoxewm&st=nfairafh MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)

chrome.exe (PID: 2368 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1752,i,4943630468636004865,12238436059147841630,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)

chrome.exe (PID: 4232 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3872 --field-trial-handle=1752,i,4943630468636004865,12238436059147841630,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)

chrome.exe (PID: 8172 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4032 --field-trial-handle=1752,i,4943630468636004865,12238436059147841630,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)

cleanup

Snort Signatures

ET DNS Query for .cc TLD - Source IP: 192.168.2.3 - Destination IP: 1.1.1.1

Timestamp:	192.168.2.31.1.1.159240532027758 08/30/23-09:10:53.175726
SID:	2027758
Source Port:	59240
Destination Port:	53
Protocol:	UDP
Classtype:	Potentially Bad Traffic

HTTP traffic detected: GET /34546de4235m342356?affsub2=hkuoxewm&st=nfairafh HTTP/1.1Host: tddolc.sunnysee.ccConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: classification engine

Classification label: mal48.win@42/566@268/455

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://tddolc.sunnysee.cc/34546de4235m342356?affsub2=hkuoxewm&st=nfairafh
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1752,i,4943630468636004865,12238436059147841630,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3872 --field-trial-handle=1752,i,4943630468636004865,12238436059147841630,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4032 --field-trial-handle=1752,i,4943630468636004865,12238436059147841630,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1752,i,4943630468636004865,12238436059147841630,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3872 --field-trial-handle=1752,i,4943630468636004865,12238436059147841630,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4032 --field-trial-handle=1752,i,4943630468636004865,12238436059147841630,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\GoogleUpdater

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\GoogleUpdater

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	2 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	2 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	2 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	3 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	1 Ingress Tool Transfer	SIM Card Swap		Carrier Billing Fraud

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://tddolc.sunnysee.cc/34546de4235m342356?affsub2=hkuoxewm&st=nfairafh	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
um.simpli.fi	35.204.158.49	true	false	high
tls13.taboola.map.fastly.net	151.101.1.44	true	false	unknown
prebid-fr.casalemedia.com	185.80.39.214	true	false	high
uplynk-beacon-newvpc-1603485991.us-east-1.elb.amazonaws.com	18.211.243.38	true	false	high
cm119.appier.org	172.105.220.23	true	false	high
global.px.quantserve.com	91.228.74.206	true	false	high
id5-sync.com	141.95.98.64	true	false	unknown
tag.ivitrack.com	34.117.157.22	true	false	high
bttrack.com	192.132.33.46	true	false	unknown
dualstack.tls13.taboola.map.fastly.net	151.101.193.44	true	false	unknown
r.casalemedia.com	104.18.39.155	true	false	high
mwzeom.zeotap.com	104.22.24.87	true	false	high
ats-eks.eu-central-1.dcs-online-targeting-prd.aws.oath.cloud	3.75.62.37	true	false	unknown
dsum.casalemedia.com	172.64.148.101	true	false	high
www.google.com	216.58.206.36	true	false	high
tags.adsafety.net	139.162.141.41	true	false	unknown
yahoo.com	98.137.11.163	true	false	high
match.adsrvr.org	15.197.193.217	true	false	high
match.prod.bidr.io	52.30.74.47	true	false	unknown
rtb-csync-itx5.smartadserver.com	185.86.138.153	true	false	high
creativecdn.com	185.184.8.90	true	false	high
chidc2.outbrain.org	50.31.142.255	true	false	unknown
ssp-ats-prod-eu-central-1.one-mobile-prod.aws.oath.cloud	18.156.195.47	true	false	unknown
uip.semasio.net	77.243.51.121	true	false	high
pixel.onaudience.com	146.59.148.16	true	false	unknown
euw-ice.360yield.com	52.51.221.201	true	false	high
sync-yieldmo-com-tf-1869548451.eu-west-1.elb.amazonaws.com	34.255.244.27	true	false	high
cs815200983.wac.omegacdn.net	152.195.51.15	true	false	unknown
ssum-sec.casalemedia.com	104.18.39.155	true	false	high
ActivationEdge-activation-212358690.eu-west-1.elb.amazonaws.com	54.154.110.236	true	false	high
googleads.g.doubleclick.net	142.250.186.162	true	false	high
load-euc1.exelator.com	18.198.69.109	true	false	high
cs1696.wpc.thetacdn.net	152.199.21.65	true	false	unknown
d1bqktvj79b0wh.cloudfront.net	108.138.17.95	true	false	high
clients.l.google.com	216.58.212.174	true	false	high
partners-alb-1113315349.us-east-1.elb.amazonaws.com	3.213.138.244	true	false	high
istrp.adform.net	37.157.2.247	true	false	high
prod-dub-beacon-1484770602.eu-west-1.elb.amazonaws.com	18.202.14.156	true	false	high
a4468.casalemedia.com	185.170.62.210	true	false	high
a2211.casalemedia.com	185.170.61.32	true	false	high
cr-pall.ladsp.com	108.138.7.78	true	false	high
www.googletagservices.com	142.250.186.66	true	false	high
i.ctnsnet.com	35.186.193.173	true	false	high
am1-direct-bgp.contextweb.com	208.93.169.131	true	false	high
iad-2-sync.go.sonobi.com	69.166.1.66	true	false	high
dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com	46.51.199.218	true	false	high
cm.smartstream.tv	80.85.85.173	true	false	unknown
beap.gemini-native-aws-core-usm-prod.aws.oath.cloud	54.229.89.156	true	false	unknown
ter-adserver-origin-us.aol-adtech-prod.aws.oath.cloud	107.21.58.224	true	false	unknown
cm.adsafety.net	217.79.178.221	true	false	unknown
contextual.media.net	104.79.88.129	true	false	high
tsdtocl.com	151.101.65.44	true	false	unknown
yhp.mxptint.net	207.207.55.246	true	false	unknown
idsync.rlcdn.com	35.244.174.68	true	false	high
sync-dsp.ad-m.asia	220.150.223.50	true	false	unknown
spug-lhrc.pubmnet.com	185.64.190.81	true	false	unknown
rtb.adentifi.com	3.211.159.119	true	false	unknown
sync.richaudience.com	168.119.146.39	true	false	high
rtb.nl3.vip.prod.criteo.com	178.250.1.10	true	false	high
sync.srv.stackadapt.com	54.167.22.22	true	false	high
imageproxy.fr3.vip.prod.criteo.net	178.250.7.19	true	false	high
am-vip001.taboola.com	141.226.228.48	true	false	high
pixel.tapad.com	34.111.113.62	true	false	high
s3-eu-west-1.amazonaws.com	52.92.0.152	true	false	high
a.nel.cloudflare.com	35.190.80.1	true	false	high
accounts.google.com	142.250.186.141	true	false	high
prod-rotation-v2.guce.aws.oath.cloud	34.247.96.119	true	false	unknown
s.amazon-adsystem.com	52.46.128.147	true	false	high
pixelglobal.sojern.com	107.178.244.119	true	false	high
adstax-match-proxy.adrtx.net	34.242.98.205	true	false	high
static.fr3.vip.prod.criteo.net	178.250.7.2	true	false	high
dxedge-prod-lb-404808087.eu-central-1.elb.amazonaws.com	52.28.44.182	true	false	high
trace.mediago.io	35.208.249.213	true	false	unknown
se.semasio.net	77.243.51.122	true	false	high
geo-atsv2.media.g03.yahoodns.net	188.125.72.139	true	false	unknown
global.ib-ibi.com	64.58.232.176	true	false	unknown
match.adsby.bidtheatre.com	188.166.17.21	true	false	unknown
imagesync-lhrc.pubmnet.com	185.64.190.79	true	false	unknown
ads.fr3.vip.prod.criteo.com	178.250.7.4	true	false	high
ib.anycast.adnxs.com	37.252.171.52	true	false	high
sync.e-volution.ai	109.206.161.21	true	false	unknown
edge.gycpi.b.yahoodns.net	87.248.119.251	true	false	unknown
d3i42lyttuj6qr.cloudfront.net	52.222.214.81	true	false	high
sync.aralego.com	162.210.196.208	true	false	high
csm.nl3.vip.prod.criteo.net	178.250.1.25	true	false	high
eu-u.openx.net	34.98.64.218	true	false	high
tddolc.sunnysee.cc	95.214.26.24	true	false	unknown
s.dsp-prod.demandbase.com	34.96.71.22	true	false	high
spl.zeotap.com	104.22.24.87	true	false	high
eu-eb2.3lift.com	13.248.245.213	true	false	high
e2c47.gcp.gvt2.com	35.206.80.10	true	false	unknown
sync-eu.connectad.io	104.22.55.206	true	false	unknown
ih.adscale.de	35.158.65.41	true	false	high
aid.send.microad.jp	202.233.84.1	true	false	high
sync.crwdcntrl.net	34.255.227.58	true	false	high
cdnjs.cloudflare.com	104.17.24.14	true	false	high
cm.g.doubleclick.net	142.250.186.66	true	false	high
cs747173190.wac.omegacdn.net	152.195.39.165	true	false	unknown
ds-pr-bh.ybp.gysm.yahoodns.net	63.33.112.209	true	false	unknown
sync.1rx.io	46.228.174.117	true	false	high

Contacted URLs

Name	Malicious	Reputation
https://www.yahoo.com/	false	high
about:blank	false	low
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA	false	high
https://opus.analytics.yahoo.com/tag/opus-frame.html?referrer=https%3A%2F%2Fwww.yahoo.com%2F&tbla_id=c46b7d22-977f-4590-a309-e8642f2f9be3-tuctbe87102&gdpr=false&gdpr_consent=&gpp=DBAA&gpp_sid=-1&us_privacy=1---&reset_idsync=1	false	high
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fups.analytics.yahoo.com%2Fups%2F55940%2Fsync%3Fgpp%3D%26gpp_sid%3D%26_origin%3D0%26redir2%3Dtrue%26gdpr%3D0%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26uid%3D&gdpr=0&gdpr_consent=&gpp=&gpp_sid=&s=175407&C=1	false	high
https://s.yimg.com/rq/darla/4-11-1/html/r-csc.html	false	high
https://ads.eu.criteo.com/delivery/r/afr.php?z=EwMNAUxM7ozTmFdo1WlU1oaA_RBhRQ3SabcsBQSVy9I&u=%7C1LDijja8kGGm36%2B20zSxmQeKYnbU39Vl0SrfzlQ8Pes%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU870gEAOzIR7LKk_mcvZ6vJsCmbh3GlMA9xW1E4e--yQkCdR6HROdXmDKlpVTtBHdAyX92kWSkiQmVxUjONgfR4S7OCFk0kro-cJU_7RoUIAqllByS5fzR6xRP46vRuF444v292dx3jgZmGWGl7XxmUkfQCPy30TWe7w9eMU_ebiHOgM2FtYPUk3XqUpUXR3W_uLauDnFtoHAIOOsOUIBv9ISZPFdQqK1lcPCMvdZ8kKFZIlG5nDICAsv1bZH7coXtc5ea1JtKXohgSlqMj6QZpt11X9Z6vuuf1bqMYDPtFIogPTqQvL2Ak2ZAdIECghGJbP2j8pbn6nDhfZ2oTu1BsAo6xWYgh7_A_k2gmmboSTx9qqCapc7PO5Uy94xOPCxxEclmpPuaOMBMDarSuyZOMfywEDSF9EakSjiKu2eNRXj-CdQ0VmQ--FfqrqSCrBwCPixDkfXY9h1qeOeplSC3EpxIfrYl_tdk-U14duz4jkNZ6Ea1MHnm8FuswLZbTZ_FXFJL_DQULebnBgFHzoQoXYn0n2v7_eGpnx3EFYW2H92rTBmD5tNXL8S9tdm6WnH_IP3fJz3O4Po-db4C9ZZxGz23Qb-POeuAuU3uFPLSKsZ3TgPSxFnyIiuHYHDDGVOx9	false	high
https://tsdtocl.com/	false	unknown
https://widget.fr3.eu.criteo.com/dis/dis.aspx?pu=28005&cb=64eeebb2d269f34aeb1d6da437ddaa14&r=https%3a%2f%2fs.yimg.com%2frq%2fdarla%2f4-11-1%2fhtml%2fr-sf.html&crossorigin=false	false	high
https://tag.sp.advertising.com/bid-apid/bid-apid-idsync.html	false	high
http://tddolc.sunnysee.cc/34546de4235m342356?affsub2=hkuoxewm&st=nfairafh	false	unknown
https://opus.analytics.yahoo.com/opus/tag/opus-frame.html?id=4	false	high
https://ssum-sec.casalemedia.com/usermatch?ix_um=1&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&s=184349&us_privacy=&gdpr_consent=&gdpr=0&gpp=DBAA&gpp_sid=-1	false	high
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211	false	high
https://ads.eu.criteo.com/delivery/r/afr.php?z=yV1n_gRIb78Z3G04JXMS9kQSzN77TLcSavzXa0hos_o&u=%7CC8ShjSGmCjroGbd0CjVO10HkaJjUmMDpMkeREHwQ%2FQc%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU870gEAOzIR7LKk_mcvZ6vJsCmbh3GlMA9xW1E4e--yQkCdR6HROdXmDKlpVTtBHdAyX92kWSkiQmVxUjONgfR4S-AFF1CjhXGFhECxyqrVEVWkPMVnjw7D5Y3oybpYhFBvi4DJ3CVQdbg4YI7y4yAUQqBcrDVYbX-kJ_hIYm4DYqo54rSoaHyQgMs0t985lGkZKGi0FnXSCje9HQ2eq6OBGOebutAFhAmnPU5_DNCim5ijPxk4gzBGhx7fmwHvZzpvaKRuPAECUh-nVohkTAJqb4p_5IxKj3szt7ad4H4IsH010UaT0yA3lEZuQFk2qX7_wuc1JgScq9wvDw36f2SUjKymKcUybDuSVIZui7LtgYX9bRWSw8SLDqIH8shvZvZqTh3tD9xLP_qK_dVPYr6BCvmuKdhrU0of9WVSpXI9PxnBu8lFZ1ja2UOYu2WfVYRjhSD-wOENzy5SlIIREplJ7Z0FzXSoFptmIf1gdiT8V-RkIaL0zravmSaQxkRkn8jOp5nNd-sFXgew7eYOInC3diaOdkQO4r38J7CplHAZz9_91J2oU4sjeqbNIBs_Lg1HitrzzugEzTppEhAOhBZooCyv9GteCTLEdSxrOjLtzvE09RRszX-NANvwTw3yTeys	false	high
https://widget.fr3.eu.criteo.com/dis/dis.aspx?pu=28005&cb=64eeeb9f183e7e9b8a09e4abc56930bd&r=https%3a%2f%2fs.yimg.com%2frq%2fdarla%2f4-11-1%2fhtml%2fr-sf.html&crossorigin=false	false	high
https://ssum-sec.casalemedia.com/usermatch?s=175407&gdpr=0&gdpr_consent=&gpp=DBAA&gpp_sid=-1&cb=https%3A%2F%2Fups.analytics.yahoo.com%2Fups%2F55940%2Fsync%3F_origin%3D0%26redir2%3Dtrue%26gdpr%3D0%26gdpr_consent%3D%26gpp%3DDBAA%26gpp_sid%3D-1%26uid%3D	false	high
https://c1.adform.net/imatch/pixels?uid=5384858699572706014&agencyId=8759&advertiserId=2169724&mediaId=2004562&inventoryId=409&src=impr&gdpr=0&gdpr_consent=&rnd=749711	false	high
https://s.yimg.com/rq/darla/4-11-1/html/r-sf.html	false	high
https://tag.idsync.analytics.yahoo.com/sp-frame.html?referrer=https%3A//opus.analytics.yahoo.com/tag/opus-frame.html%3Freferrer%3Dhttps%3A//www.yahoo.com/%26tbla_id%3Dc46b7d22-977f-4590-a309-e8642f2f9be3-tuctbe87102%26gdpr%3Dfalse%26gdpr_consent%3D%26gpp%3DDBAA%26gpp_sid%3D-1%26us_privacy%3D1---%26reset_idsync%3D1	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
185.80.36.149	prebid-am.casalemedia.com	Netherlands	27381	CASALE-MEDIACA	false
34.253.165.174	unknown	United States	16509	AMAZON-02US	false
107.178.244.119	pixelglobal.sojern.com	United States	15169	GOOGLEUS	false
104.18.24.173	a.tribalfusion.com	United States	13335	CLOUDFLARENETUS	false
216.52.2.30	emea.vap.lijit.com	United States	29791	VOXEL-DOT-NETUS	false
142.250.185.100	unknown	United States	15169	GOOGLEUS	false
37.157.2.234	unknown	Denmark	198622	ADFORMDK	false
34.160.236.64	tagr-pixel-nginx-odr-euw4.mookie1.com	United States	2686	ATGS-MMD-ASUS	false
64.58.232.176	global.ib-ibi.com	United States	13649	ASN-VINSUS	false
104.18.36.18	unknown	United States	13335	CLOUDFLARENETUS	false
185.170.62.210	a4468.casalemedia.com	Netherlands	27381	CASALE-MEDIACA	false
52.51.221.201	euw-ice.360yield.com	United States	16509	AMAZON-02US	false
212.82.100.137	ds-global3.l7.search.ystg1.b.yahoo.com	United Kingdom	34010	YAHOO-IRDGB	false
168.119.146.39	sync.richaudience.com	Germany	24940	HETZNER-ASDE	false
198.47.127.205	pug-ams-bc.pubmnet.com	United States	62713	AS-PUBMATICUS	false
91.228.74.206	global.px.quantserve.com	United Kingdom	27281	QUANTCASTUS	false
37.252.171.52	ib.anycast.adnxs.com	European Union	29990	ASN-APPNEXUS	false
151.101.193.44	dualstack.tls13.taboola.map.fastly.net	United States	54113	FASTLYUS	false
37.157.6.243	unknown	Denmark	198622	ADFORMDK	false
64.95.96.108	unknown	United States	29791	VOXEL-DOT-NETUS	false
142.250.186.141	accounts.google.com	United States	15169	GOOGLEUS	false
142.250.185.234	unknown	United States	15169	GOOGLEUS	false
95.214.26.24	tddolc.sunnysee.cc	Germany	33657	CMCSUS	false
104.22.55.206	sync-eu.connectad.io	United States	13335	CLOUDFLARENETUS	false
172.217.18.1	unknown	United States	15169	GOOGLEUS	false
35.158.65.41	ih.adscale.de	United States	16509	AMAZON-02US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
151.101.65.44	tsdtocl.com	United States	54113	FASTLYUS	false
52.30.74.47	match.prod.bidr.io	United States	16509	AMAZON-02US	false
34.255.227.58	sync.crwdcntrl.net	United States	16509	AMAZON-02US	false
54.154.110.236	ActivationEdge-activation-212358690.eu-west-1.elb.amazonaws.com	United States	16509	AMAZON-02US	false
130.162.160.243	nados-lb-lhr.moatads.com	United States	43898	ORCL-AM-OPC1NL	false
98.137.11.163	yahoo.com	United States	36647	YAHOO-GQ1US	false
37.157.6.233	unknown	Denmark	198622	ADFORMDK	false
193.122.130.38	adserver.technoratimedia.com	United States	31898	ORACLE-BMC-31898US	false
37.157.6.234	nstrp.adform.net	Denmark	198622	ADFORMDK	false
141.95.98.64	id5-sync.com	Germany	680	DFNVereinzurFoerderungeinesDeutschenForschungsnetzese	false
52.28.44.182	dxedge-prod-lb-404808087.eu-central-1.elb.amazonaws.com	United States	16509	AMAZON-02US	false
104.76.200.221	unknown	United States	3462	HINETDataCommunicationBusinessGroupTW	false
52.214.255.27	unknown	United States	16509	AMAZON-02US	false
185.255.84.153	visitor-fra02.omnitagjs.com	France	200271	IGUANE-FR	false
185.80.39.214	prebid-fr.casalemedia.com	Netherlands	27381	CASALE-MEDIACA	false
109.206.161.21	sync.e-volution.ai	Netherlands	50245	SERVEREL-ASNL	false
151.101.2.49	unknown	United States	54113	FASTLYUS	false
208.93.169.131	am1-direct-bgp.contextweb.com	United States	26228	SERVEPATHUS	false
37.157.6.237	unknown	Denmark	198622	ADFORMDK	false
216.58.206.36	www.google.com	United States	15169	GOOGLEUS	false
162.210.196.208	sync.aralego.com	United States	30633	LEASEWEB-USA-WDCUS	false
87.248.119.251	edge.gycpi.b.yahoodns.net	United Kingdom	203220	YAHOO-DEBDE	false
87.248.119.252	v4-edge.gycpi.b.yahoodns.net	United Kingdom	203220	YAHOO-DEBDE	false
35.206.80.10	e2c47.gcp.gvt2.com	United States	19527	GOOGLE-2US	false
141.226.228.48	am-vip001.taboola.com	Israel	200478	TABOOLA-ASIL	false
23.32.185.123	unknown	United States	16625	AKAMAI-ASUS	false
52.213.79.166	unknown	United States	16509	AMAZON-02US	false
52.58.249.168	e1.emxdgt.com	United States	16509	AMAZON-02US	false
3.213.138.244	partners-alb-1113315349.us-east-1.elb.amazonaws.com	United States	14618	AMAZON-AESUS	false
37.157.2.247	istrp.adform.net	Denmark	198622	ADFORMDK	false
152.195.39.165	cs747173190.wac.omegacdn.net	United States	15133	EDGECASTUS	false
63.33.112.209	ds-pr-bh.ybp.gysm.yahoodns.net	United States	16509	AMAZON-02US	false
95.101.54.106	unknown	European Union	34164	AKAMAI-LONGB	false
87.248.100.216	new-fp-shed.wg1.b.yahoo.com	United Kingdom	34010	YAHOO-IRDGB	false
46.228.174.117	sync.1rx.io	United Kingdom	56396	TURNGB	false
52.222.213.56	di49gqg2wml8t.cloudfront.net	United States	16509	AMAZON-02US	false
37.252.171.21	unknown	European Union	29990	ASN-APPNEXUS	false
108.138.7.78	cr-pall.ladsp.com	United States	16509	AMAZON-02US	false
204.79.197.200	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
3.76.148.198	unknown	United States	16509	AMAZON-02US	false
85.114.159.118	dsp.adfarm1.adition.com	Germany	24961	MYLOC-ASIPBackboneofmyLocmanagedITAGDE	false
35.214.188.206	envoy-hl.envoy-csync1.core-b8mf.ov1o.com	United States	19527	GOOGLE-2US	false
63.215.202.137	unknown	United States	41041	VCLK-EU-SE	false
3.126.166.0	elb-aws-fr-dorpat-283474803.eu-central-1.elb.amazonaws.com	United States	16509	AMAZON-02US	false
35.157.69.72	cs.emxdgt.com	United States	16509	AMAZON-02US	false
207.207.55.246	yhp.mxptint.net	United States	3900	TEXASNET-ASNUS	false
2.23.197.190	unknown	European Union	1273	CWVodafoneGroupPLCEU	false
192.0.77.40	www.tumblr.com	United States	2635	AUTOMATTICUS	false
34.95.81.168	euexchangesync.digitaleast.mobi	United States	15169	GOOGLEUS	false
142.250.184.227	unknown	United States	15169	GOOGLEUS	false
35.213.109.249	dac-yieldone-gce.pool.iponweb.net	United States	19527	GOOGLE-2US	false
3.75.62.37	ats-eks.eu-central-1.dcs-online-targeting-prd.aws.oath.cloud	United States	16509	AMAZON-02US	false
217.79.178.221	cm.adsafety.net	Germany	24961	MYLOC-ASIPBackboneofmyLocmanagedITAGDE	false
34.96.71.22	s.dsp-prod.demandbase.com	United States	15169	GOOGLEUS	false
50.31.142.255	chidc2.outbrain.org	United States	22075	AS-OUTBRAINUS	false
108.138.17.95	d1bqktvj79b0wh.cloudfront.net	United States	16509	AMAZON-02US	false
202.233.84.1	aid.send.microad.jp	Japan	131957	MICROADMicroAdIncJP	false
172.217.16.194	unknown	United States	15169	GOOGLEUS	false
104.22.54.206	sync.connectad.io	United States	13335	CLOUDFLARENETUS	false
3.71.149.231	unknown	United States	16509	AMAZON-02US	false
67.202.105.23	pixel.33across.com	United States	32748	STEADFASTUS	false
95.101.148.198	unknown	European Union	20940	AKAMAI-ASN1EU	false
54.194.117.149	unknown	United States	16509	AMAZON-02US	false
146.59.148.16	pixel.onaudience.com	Norway	16276	OVHFR	false
54.160.87.101	unknown	United States	14618	AMAZON-AESUS	false
35.208.249.213	trace.mediago.io	United States	19527	GOOGLE-2US	false
3.141.133.75	signal-lb-prod-1723845896.us-east-2.elb.amazonaws.com	United States	16509	AMAZON-02US	false
34.242.98.205	adstax-match-proxy.adrtx.net	United States	16509	AMAZON-02US	false
178.250.7.2	static.fr3.vip.prod.criteo.net	France	44788	ASN-CRITEO-EUROPEFR	false
185.170.61.32	a2211.casalemedia.com	Netherlands	27381	CASALE-MEDIACA	false
216.58.212.138	unknown	United States	15169	GOOGLEUS	false
216.58.212.131	unknown	United States	15169	GOOGLEUS	false
142.250.186.162	googleads.g.doubleclick.net	United States	15169	GOOGLEUS	false

General Information

Joe Sandbox Version:	38.0.0 Beryl
Analysis ID:	1300226
Start date and time:	2023-08-30 09:10:26 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	http://tddolc.sunnysee.cc/34546de4235m342356?affsub2=hkuoxewm&st=nfairafh
Analysis system description:	Windows 10 64 bit version 1909 (MS Office 2019, IE 11, Chrome 104, Firefox 88, Adobe Reader DC 21, Java 8 u291, 7-Zip)
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@42/566@268/455

Warnings

Exclude process from analysis (whitelisted): SIHClient.exe
Excluded IPs from analysis (whitelisted): 142.250.184.227, 34.104.35.123, 216.58.212.138, 172.217.23.106, 172.217.18.106, 142.250.185.74, 172.217.18.10, 142.250.186.138, 142.250.186.42, 142.250.186.74, 142.250.186.106, 216.58.212.170, 142.250.186.170, 142.250.74.202, 142.250.184.234, 142.250.184.202, 172.217.16.138, 216.58.206.42, 172.217.16.194, 37.157.6.233, 37.157.6.232, 37.157.6.254, 37.157.6.237, 37.157.6.243, 142.250.185.234, 172.217.18.1, 69.173.144.139, 69.173.144.165, 69.173.144.138, 142.250.184.195, 172.217.18.3, 142.250.185.195, 104.76.200.221, 23.32.185.123, 204.79.197.200, 13.107.21.200
Excluded domains from analysis (whitelisted): tags.bluekai.com.edgekey.net, fonts.googleapis.com, uipglob.trafficmanager.net, www.googleadservices.com, content-autofill.googleapis.com, pixel.rubiconproject.net.akadns.net, slscr.update.microsoft.com, fonts.gstatic.com, c-bing-com.a-0001.a-msedge.net, dual-a-0001.a-msedge.net, wildcard.moatads.com.edgekey.net, clientservices.googleapis.com, pagead2.googlesyndication.com, track-eu.adformnet.akadns.net, cs701.lb.wpc.apr-1b09e.edgecastdns.net, e9126.x.akamaiedge.net, edgedl.me.gvt1.com, login.live.com, c.bing.com, tpc.googlesyndication.com, s1-eu-cname.adformnet.akadns.net, e13136.g.akamaiedge.net, www.gstatic.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: http://tddolc.sunnysee.cc/34546de4235m342356?affsub2=hkuoxewm&st=nfairafh

Source: about:blank	HTTP Parser: No favicon
Source: about:blank	HTTP Parser: No favicon
Source: https://s.yimg.com/rq/darla/4-11-1/html/r-csc.html	HTTP Parser: No favicon
Source: https://s.yimg.com/rq/darla/4-11-1/html/r-csc.html	HTTP Parser: No favicon
Source: https://tag.idsync.analytics.yahoo.com/sp-frame.html?referrer=https%3A//opus.analytics.yahoo.com/tag/opus-frame.html%3Freferrer%3Dhttps%3A//www.yahoo.com/%26tbla_id%3Dc46b7d22-977f-4590-a309-e8642f2f9be3-tuctbe87102%26gdpr%3Dfalse%26gdpr_consent%3D%26gpp%3DDBAA%26gpp_sid%3D-1%26us_privacy%3D1---%26reset_idsync%3D1	HTTP Parser: No favicon
Source: https://tag.idsync.analytics.yahoo.com/sp-frame.html?referrer=https%3A//opus.analytics.yahoo.com/tag/opus-frame.html%3Freferrer%3Dhttps%3A//www.yahoo.com/%26tbla_id%3Dc46b7d22-977f-4590-a309-e8642f2f9be3-tuctbe87102%26gdpr%3Dfalse%26gdpr_consent%3D%26gpp%3DDBAA%26gpp_sid%3D-1%26us_privacy%3D1---%26reset_idsync%3D1	HTTP Parser: No favicon
Source: https://opus.analytics.yahoo.com/tag/opus-frame.html?referrer=https%3A%2F%2Fwww.yahoo.com%2F&tbla_id=c46b7d22-977f-4590-a309-e8642f2f9be3-tuctbe87102&gdpr=false&gdpr_consent=&gpp=DBAA&gpp_sid=-1&us_privacy=1---&reset_idsync=1	HTTP Parser: No favicon
Source: https://s.yimg.com/rq/darla/4-11-1/html/r-sf.html	HTTP Parser: No favicon
Source: https://s.yimg.com/rq/darla/4-11-1/html/r-sf.html	HTTP Parser: No favicon
Source: https://s.yimg.com/rq/darla/4-11-1/html/r-sf.html	HTTP Parser: No favicon
Source: https://s.yimg.com/rq/darla/4-11-1/html/r-sf.html	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/adfetch?adk=3913594431&adsafe=medium&client=ca-pub-2399441271239169&format=728x90_as&ip=102.129.143.0&output=html&unviewed_position_start=1&url=https://www.yahoo.com/&sub_client=bidder-222522&hl=en&aceid=MKoDHwCmG7QAzRy0AA4dtAC4jjQBCo80AeyPNAH8jzQB_480AQGQNAFikDQBy5A0Ad2QNAHukDQBCZE0ASKRNAElkTQBJ5E0ATqRNAE-kTQBQZE0AUyRNAFNkTQBY5E0AWaRNAF0kTQBdZE0AXyRNAGAkTQBg5E0AYWRNAGHkTQBipE0AZaRNAGXkTQBRXNBAWsgXAJb-YgCc_mIAlf7iAInQqoCKEKqAilCqgIPVqoCEmiqAk56qgKAm6oCgZuqAoKbqgI2nKoCQ6KqAqKoqgLb1qoCoOWqAsjxqgKS9aoC9PWqAlH4qgIm-6oCQvuqAsMMqwKIIqsCPCOrAoQnqwJUKKsC-yurAkAsqwLUNqsCJTqrAik6qwItOqsCtDyrAtQ8qwLBPasCQkSrAmxKqwJATasCYE6rAqJOqwK4TqsCIFCrAmlQqwL0UKsCAlGrAgpRqwKSUasCIFyrAlRcqwJlXqsCX2erAm9oqwK5aasC6mmrApxtqwIlcKsCG3GrAvBxqwJpc6sCgHOrAml0qwLLdKsCz3arAhh3qwIdd6sCInerAid3qwIsd6sCFXirAqh4qwK0eKsCwnirAsV4qwIIeasC1nurAtl7qwLce6sC4HurAuN7qwLme6sC6XurAut7qwLue6sCEX2rAmh_qwK6f6sC1n-rAtl_qwLbf6sC33-rAvV_qwJTgKsCh4CrApGBqwKcgasC-IGrAnqCqwL7hKsCJYWrAv2GqwKYiKsC1IirAtqIqwKEiasC14mrAu2JqwLzi...	HTTP Parser: No favicon
Source: https://opus.analytics.yahoo.com/opus/tag/opus-frame.html?id=4	HTTP Parser: No favicon
Source: https://tag.sp.advertising.com/bid-apid/bid-apid-idsync.html	HTTP Parser: No favicon
Source: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fups.analytics.yahoo.com%2Fups%2F55940%2Fsync%3Fgpp%3D%26gpp_sid%3D%26_origin%3D0%26redir2%3Dtrue%26gdpr%3D0%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26uid%3D&gdpr=0&gdpr_consent=&gpp=&gpp_sid=&s=175407&C=1	HTTP Parser: No favicon
Source: https://s.yimg.com/rq/darla/4-11-1/html/r-csc.html	HTTP Parser: No favicon
Source: https://s.yimg.com/rq/darla/4-11-1/html/r-csc.html	HTTP Parser: No favicon
Source: https://s.yimg.com/rq/darla/4-11-1/html/r-sf.html	HTTP Parser: No favicon
Source: https://s.yimg.com/rq/darla/4-11-1/html/r-sf.html	HTTP Parser: No favicon
Source: https://s.yimg.com/rq/darla/4-11-1/html/r-sf.html	HTTP Parser: No favicon
Source: https://s.yimg.com/rq/darla/4-11-1/html/r-sf.html	HTTP Parser: No favicon
Source: https://www.yahoo.com/pdarla/php/fc.php?tID=1&d=0&f=2023538075&l=LREC&rn=1693379484862&en=utf-8&npv=1&lang=en-US&filter=no_expandable%253Bexp_iframe_expandable%253B&ref=https%253A//www.yahoo.com/&tgt=_blank&sa=Y-BUCKET%253D%2522MimicProviderListv2-copy%252Cdrop_heimdall_homepage_control_bucket%252CFPEVRAMPTEST%252Cseamless%2522%2520fdn%253D1%2520bct%253D1%2520ctout%253D380%2520geminifed%253D1%2520rs%253D%2522lu%253A0%253Bpt%253Ahome%253Bsite%253Afp%253Bver%253Amegastrm%2522%2520refresh%253Dtrue&ult=pg%253Aproperty%25253Afp_en-US%25253Brid%25253A56ouprlietqru%25253Btest%25253AMimicProviderListv2-copy%252525252Cdrop_heimdall_homepage_control_bucket%252525252CFPEVRAMPTEST%252525252Cseamless&ar=1	HTTP Parser: No favicon
Source: https://ads.eu.criteo.com/delivery/r/afr.php?z=EwMNAUxM7ozTmFdo1WlU1oaA_RBhRQ3SabcsBQSVy9I&u=%7C1LDijja8kGGm36%2B20zSxmQeKYnbU39Vl0SrfzlQ8Pes%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU870gEAOzIR7LKk_mcvZ6vJsCmbh3GlMA9xW1E4e--yQkCdR6HROdXmDKlpVTtBHdAyX92kWSkiQmVxUjONgfR4S7OCFk0kro-cJU_7RoUIAqllByS5fzR6xRP46vRuF444v292dx3jgZmGWGl7XxmUkfQCPy30TWe7w9eMU_ebiHOgM2FtYPUk3XqUpUXR3W_uLauDnFtoHAIOOsOUIBv9ISZPFdQqK1lcPCMvdZ8kKFZIlG5nDICAsv1bZH7coXtc5ea1JtKXohgSlqMj6QZpt11X9Z6vuuf1bqMYDPtFIogPTqQvL2Ak2ZAdIECghGJbP2j8pbn6nDhfZ2oTu1BsAo6xWYgh7_A_k2gmmboSTx9qqCapc7PO5Uy94xOPCxxEclmpPuaOMBMDarSuyZOMfywEDSF9EakSjiKu2eNRXj-CdQ0VmQ--FfqrqSCrBwCPixDkfXY9h1qeOeplSC3EpxIfrYl_tdk-U14duz4jkNZ6Ea1MHnm8FuswLZbTZ_FXFJL_DQULebnBgFHzoQoXYn0n2v7_eGpnx3EFYW2H92rTBmD5tNXL8S9tdm6WnH_IP3fJz3O4Po-db4C9ZZxGz23Qb-POeuAuU3uFPLSKsZ3TgPSxFnyIiuHYHDDGVOx9	HTTP Parser: No favicon
Source: https://ads.eu.criteo.com/delivery/r/afr.php?z=EwMNAUxM7ozTmFdo1WlU1oaA_RBhRQ3SabcsBQSVy9I&u=%7C1LDijja8kGGm36%2B20zSxmQeKYnbU39Vl0SrfzlQ8Pes%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU870gEAOzIR7LKk_mcvZ6vJsCmbh3GlMA9xW1E4e--yQkCdR6HROdXmDKlpVTtBHdAyX92kWSkiQmVxUjONgfR4S7OCFk0kro-cJU_7RoUIAqllByS5fzR6xRP46vRuF444v292dx3jgZmGWGl7XxmUkfQCPy30TWe7w9eMU_ebiHOgM2FtYPUk3XqUpUXR3W_uLauDnFtoHAIOOsOUIBv9ISZPFdQqK1lcPCMvdZ8kKFZIlG5nDICAsv1bZH7coXtc5ea1JtKXohgSlqMj6QZpt11X9Z6vuuf1bqMYDPtFIogPTqQvL2Ak2ZAdIECghGJbP2j8pbn6nDhfZ2oTu1BsAo6xWYgh7_A_k2gmmboSTx9qqCapc7PO5Uy94xOPCxxEclmpPuaOMBMDarSuyZOMfywEDSF9EakSjiKu2eNRXj-CdQ0VmQ--FfqrqSCrBwCPixDkfXY9h1qeOeplSC3EpxIfrYl_tdk-U14duz4jkNZ6Ea1MHnm8FuswLZbTZ_FXFJL_DQULebnBgFHzoQoXYn0n2v7_eGpnx3EFYW2H92rTBmD5tNXL8S9tdm6WnH_IP3fJz3O4Po-db4C9ZZxGz23Qb-POeuAuU3uFPLSKsZ3TgPSxFnyIiuHYHDDGVOx9	HTTP Parser: No favicon
Source: https://ads.eu.criteo.com/delivery/r/afr.php?z=EwMNAUxM7ozTmFdo1WlU1oaA_RBhRQ3SabcsBQSVy9I&u=%7C1LDijja8kGGm36%2B20zSxmQeKYnbU39Vl0SrfzlQ8Pes%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU870gEAOzIR7LKk_mcvZ6vJsCmbh3GlMA9xW1E4e--yQkCdR6HROdXmDKlpVTtBHdAyX92kWSkiQmVxUjONgfR4S7OCFk0kro-cJU_7RoUIAqllByS5fzR6xRP46vRuF444v292dx3jgZmGWGl7XxmUkfQCPy30TWe7w9eMU_ebiHOgM2FtYPUk3XqUpUXR3W_uLauDnFtoHAIOOsOUIBv9ISZPFdQqK1lcPCMvdZ8kKFZIlG5nDICAsv1bZH7coXtc5ea1JtKXohgSlqMj6QZpt11X9Z6vuuf1bqMYDPtFIogPTqQvL2Ak2ZAdIECghGJbP2j8pbn6nDhfZ2oTu1BsAo6xWYgh7_A_k2gmmboSTx9qqCapc7PO5Uy94xOPCxxEclmpPuaOMBMDarSuyZOMfywEDSF9EakSjiKu2eNRXj-CdQ0VmQ--FfqrqSCrBwCPixDkfXY9h1qeOeplSC3EpxIfrYl_tdk-U14duz4jkNZ6Ea1MHnm8FuswLZbTZ_FXFJL_DQULebnBgFHzoQoXYn0n2v7_eGpnx3EFYW2H92rTBmD5tNXL8S9tdm6WnH_IP3fJz3O4Po-db4C9ZZxGz23Qb-POeuAuU3uFPLSKsZ3TgPSxFnyIiuHYHDDGVOx9	HTTP Parser: No favicon
Source: https://ssum-sec.casalemedia.com/usermatch?s=175407&gdpr=0&gdpr_consent=&gpp=DBAA&gpp_sid=-1&cb=https%3A%2F%2Fups.analytics.yahoo.com%2Fups%2F55940%2Fsync%3F_origin%3D0%26redir2%3Dtrue%26gdpr%3D0%26gdpr_consent%3D%26gpp%3DDBAA%26gpp_sid%3D-1%26uid%3D	HTTP Parser: No favicon
Source: https://www.yahoo.com/pdarla/php/fc.php?tID=2&d=0&f=2023538075&l=LREC&rn=1693379504878&en=utf-8&npv=1&lang=en-US&filter=no_expandable%253Bexp_iframe_expandable%253B&ref=https%253A//www.yahoo.com/&tgt=_blank&sa=Y-BUCKET%253D%2522MimicProviderListv2-copy%252Cdrop_heimdall_homepage_control_bucket%252CFPEVRAMPTEST%252Cseamless%2522%2520fdn%253D1%2520bct%253D1%2520ctout%253D380%2520geminifed%253D1%2520rs%253D%2522lu%253A0%253Bpt%253Ahome%253Bsite%253Afp%253Bver%253Amegastrm%2522%2520refresh%253Dtrue&ult=pg%253Aproperty%25253Afp_en-US%25253Brid%25253A56ouprlietqru%25253Btest%25253AMimicProviderListv2-copy%252525252Cdrop_heimdall_homepage_control_bucket%252525252CFPEVRAMPTEST%252525252Cseamless&ar=1	HTTP Parser: No favicon
Source: https://widget.fr3.eu.criteo.com/dis/dis.aspx?pu=28005&cb=64eeebb2d269f34aeb1d6da437ddaa14&r=https%3a%2f%2fs.yimg.com%2frq%2fdarla%2f4-11-1%2fhtml%2fr-sf.html&crossorigin=false	HTTP Parser: No favicon
Source: https://ads.eu.criteo.com/delivery/r/afr.php?z=yV1n_gRIb78Z3G04JXMS9kQSzN77TLcSavzXa0hos_o&u=%7CC8ShjSGmCjroGbd0CjVO10HkaJjUmMDpMkeREHwQ%2FQc%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU870gEAOzIR7LKk_mcvZ6vJsCmbh3GlMA9xW1E4e--yQkCdR6HROdXmDKlpVTtBHdAyX92kWSkiQmVxUjONgfR4S-AFF1CjhXGFhECxyqrVEVWkPMVnjw7D5Y3oybpYhFBvi4DJ3CVQdbg4YI7y4yAUQqBcrDVYbX-kJ_hIYm4DYqo54rSoaHyQgMs0t985lGkZKGi0FnXSCje9HQ2eq6OBGOebutAFhAmnPU5_DNCim5ijPxk4gzBGhx7fmwHvZzpvaKRuPAECUh-nVohkTAJqb4p_5IxKj3szt7ad4H4IsH010UaT0yA3lEZuQFk2qX7_wuc1JgScq9wvDw36f2SUjKymKcUybDuSVIZui7LtgYX9bRWSw8SLDqIH8shvZvZqTh3tD9xLP_qK_dVPYr6BCvmuKdhrU0of9WVSpXI9PxnBu8lFZ1ja2UOYu2WfVYRjhSD-wOENzy5SlIIREplJ7Z0FzXSoFptmIf1gdiT8V-RkIaL0zravmSaQxkRkn8jOp5nNd-sFXgew7eYOInC3diaOdkQO4r38J7CplHAZz9_91J2oU4sjeqbNIBs_Lg1HitrzzugEzTppEhAOhBZooCyv9GteCTLEdSxrOjLtzvE09RRszX-NANvwTw3yTeys	HTTP Parser: No favicon
Source: https://ads.eu.criteo.com/delivery/r/afr.php?z=yV1n_gRIb78Z3G04JXMS9kQSzN77TLcSavzXa0hos_o&u=%7CC8ShjSGmCjroGbd0CjVO10HkaJjUmMDpMkeREHwQ%2FQc%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU870gEAOzIR7LKk_mcvZ6vJsCmbh3GlMA9xW1E4e--yQkCdR6HROdXmDKlpVTtBHdAyX92kWSkiQmVxUjONgfR4S-AFF1CjhXGFhECxyqrVEVWkPMVnjw7D5Y3oybpYhFBvi4DJ3CVQdbg4YI7y4yAUQqBcrDVYbX-kJ_hIYm4DYqo54rSoaHyQgMs0t985lGkZKGi0FnXSCje9HQ2eq6OBGOebutAFhAmnPU5_DNCim5ijPxk4gzBGhx7fmwHvZzpvaKRuPAECUh-nVohkTAJqb4p_5IxKj3szt7ad4H4IsH010UaT0yA3lEZuQFk2qX7_wuc1JgScq9wvDw36f2SUjKymKcUybDuSVIZui7LtgYX9bRWSw8SLDqIH8shvZvZqTh3tD9xLP_qK_dVPYr6BCvmuKdhrU0of9WVSpXI9PxnBu8lFZ1ja2UOYu2WfVYRjhSD-wOENzy5SlIIREplJ7Z0FzXSoFptmIf1gdiT8V-RkIaL0zravmSaQxkRkn8jOp5nNd-sFXgew7eYOInC3diaOdkQO4r38J7CplHAZz9_91J2oU4sjeqbNIBs_Lg1HitrzzugEzTppEhAOhBZooCyv9GteCTLEdSxrOjLtzvE09RRszX-NANvwTw3yTeys	HTTP Parser: No favicon
Source: https://ads.eu.criteo.com/delivery/r/afr.php?z=yV1n_gRIb78Z3G04JXMS9kQSzN77TLcSavzXa0hos_o&u=%7CC8ShjSGmCjroGbd0CjVO10HkaJjUmMDpMkeREHwQ%2FQc%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU870gEAOzIR7LKk_mcvZ6vJsCmbh3GlMA9xW1E4e--yQkCdR6HROdXmDKlpVTtBHdAyX92kWSkiQmVxUjONgfR4S-AFF1CjhXGFhECxyqrVEVWkPMVnjw7D5Y3oybpYhFBvi4DJ3CVQdbg4YI7y4yAUQqBcrDVYbX-kJ_hIYm4DYqo54rSoaHyQgMs0t985lGkZKGi0FnXSCje9HQ2eq6OBGOebutAFhAmnPU5_DNCim5ijPxk4gzBGhx7fmwHvZzpvaKRuPAECUh-nVohkTAJqb4p_5IxKj3szt7ad4H4IsH010UaT0yA3lEZuQFk2qX7_wuc1JgScq9wvDw36f2SUjKymKcUybDuSVIZui7LtgYX9bRWSw8SLDqIH8shvZvZqTh3tD9xLP_qK_dVPYr6BCvmuKdhrU0of9WVSpXI9PxnBu8lFZ1ja2UOYu2WfVYRjhSD-wOENzy5SlIIREplJ7Z0FzXSoFptmIf1gdiT8V-RkIaL0zravmSaQxkRkn8jOp5nNd-sFXgew7eYOInC3diaOdkQO4r38J7CplHAZz9_91J2oU4sjeqbNIBs_Lg1HitrzzugEzTppEhAOhBZooCyv9GteCTLEdSxrOjLtzvE09RRszX-NANvwTw3yTeys	HTTP Parser: No favicon
Source: https://s.yimg.com/rq/darla/4-11-1/html/r-csc.html	HTTP Parser: No favicon
Source: https://s.yimg.com/rq/darla/4-11-1/html/r-csc.html	HTTP Parser: No favicon
Source: https://s.yimg.com/rq/darla/4-11-1/html/r-csc.html	HTTP Parser: No favicon
Source: https://s.yimg.com/rq/darla/4-11-1/html/r-csc.html	HTTP Parser: No favicon
Source: https://s.yimg.com/rq/darla/4-11-1/html/r-sf.html	HTTP Parser: No favicon
Source: https://s.yimg.com/rq/darla/4-11-1/html/r-sf.html	HTTP Parser: No favicon
Source: https://s.yimg.com/rq/darla/4-11-1/html/r-sf.html	HTTP Parser: No favicon
Source: https://s.yimg.com/rq/darla/4-11-1/html/r-sf.html	HTTP Parser: No favicon
Source: https://s.yimg.com/rq/darla/4-11-1/html/r-sf.html	HTTP Parser: No favicon
Source: https://www.yahoo.com/pdarla/php/fc.php?tID=3&d=0&f=2023538075&l=LREC&rn=1693379524887&en=utf-8&npv=1&lang=en-US&filter=no_expandable%253Bexp_iframe_expandable%253B&ref=https%253A//www.yahoo.com/&tgt=_blank&sa=Y-BUCKET%253D%2522MimicProviderListv2-copy%252Cdrop_heimdall_homepage_control_bucket%252CFPEVRAMPTEST%252Cseamless%2522%2520fdn%253D1%2520bct%253D1%2520ctout%253D380%2520geminifed%253D1%2520rs%253D%2522lu%253A0%253Bpt%253Ahome%253Bsite%253Afp%253Bver%253Amegastrm%2522%2520refresh%253Dtrue&ult=pg%253Aproperty%25253Afp_en-US%25253Brid%25253A56ouprlietqru%25253Btest%25253AMimicProviderListv2-copy%252525252Cdrop_heimdall_homepage_control_bucket%252525252CFPEVRAMPTEST%252525252Cseamless&ar=2	HTTP Parser: No favicon
Source: https://www.yahoo.com/pdarla/php/fc.php?tID=4&d=0&f=2023538075&l=LREC&rn=1693379534933&en=utf-8&npv=1&lang=en-US&filter=no_expandable%253Bexp_iframe_expandable%253B&ref=https%253A//www.yahoo.com/&tgt=_blank&sa=Y-BUCKET%253D%2522MimicProviderListv2-copy%252Cdrop_heimdall_homepage_control_bucket%252CFPEVRAMPTEST%252Cseamless%2522%2520fdn%253D1%2520bct%253D1%2520ctout%253D380%2520geminifed%253D1%2520rs%253D%2522lu%253A0%253Bpt%253Ahome%253Bsite%253Afp%253Bver%253Amegastrm%2522%2520refresh%253Dtrue&ult=pg%253Aproperty%25253Afp_en-US%25253Brid%25253A56ouprlietqru%25253Btest%25253AMimicProviderListv2-copy%252525252Cdrop_heimdall_homepage_control_bucket%252525252CFPEVRAMPTEST%252525252Cseamless&ar=2	HTTP Parser: No favicon
Source: https://www.yahoo.com/pdarla/php/fc.php?tID=5&d=0&f=2023538075&l=LREC&rn=1693379554951&en=utf-8&npv=1&lang=en-US&filter=no_expandable%253Bexp_iframe_expandable%253B&ref=https%253A//www.yahoo.com/&tgt=_blank&sa=Y-BUCKET%253D%2522MimicProviderListv2-copy%252Cdrop_heimdall_homepage_control_bucket%252CFPEVRAMPTEST%252Cseamless%2522%2520fdn%253D1%2520bct%253D1%2520ctout%253D380%2520geminifed%253D1%2520rs%253D%2522lu%253A0%253Bpt%253Ahome%253Bsite%253Afp%253Bver%253Amegastrm%2522%2520refresh%253Dtrue&ult=pg%253Aproperty%25253Afp_en-US%25253Brid%25253A56ouprlietqru%25253Btest%25253AMimicProviderListv2-copy%252525252Cdrop_heimdall_homepage_control_bucket%252525252CFPEVRAMPTEST%252525252Cseamless&ar=3	HTTP Parser: No favicon
Source: https://c1.adform.net/imatch/pixels?uid=5384858699572706014&agencyId=8759&advertiserId=2169724&mediaId=2004562&inventoryId=409&src=impr&gdpr=0&gdpr_consent=&rnd=749711	HTTP Parser: No favicon
Source: https://s.yimg.com/rq/darla/4-11-1/html/r-csc.html	HTTP Parser: No favicon
Source: https://s.yimg.com/rq/darla/4-11-1/html/r-sf.html	HTTP Parser: No favicon
Source: https://s.yimg.com/rq/darla/4-11-1/html/r-sf.html	HTTP Parser: No favicon
Source: https://www.yahoo.com/pdarla/php/fc.php?tID=6&d=0&f=2023538075&l=LREC&rn=1693379564967&en=utf-8&npv=1&lang=en-US&filter=no_expandable%253Bexp_iframe_expandable%253B&ref=https%253A//www.yahoo.com/&tgt=_blank&sa=Y-BUCKET%253D%2522MimicProviderListv2-copy%252Cdrop_heimdall_homepage_control_bucket%252CFPEVRAMPTEST%252Cseamless%2522%2520fdn%253D1%2520bct%253D1%2520ctout%253D380%2520geminifed%253D1%2520rs%253D%2522lu%253A0%253Bpt%253Ahome%253Bsite%253Afp%253Bver%253Amegastrm%2522%2520refresh%253Dtrue&ult=pg%253Aproperty%25253Afp_en-US%25253Brid%25253A56ouprlietqru%25253Btest%25253AMimicProviderListv2-copy%252525252Cdrop_heimdall_homepage_control_bucket%252525252CFPEVRAMPTEST%252525252Cseamless&ar=3	HTTP Parser: No favicon
Source: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZO7r7wAAAAC2642B60c9GpgqsOn56zvrJt22Rw&u=%7CtqJdNJNWUqnUdPIoUX5iyMqUBgdYHqT7RpYcd6qYPXQ%3D%7C&c1=glLBMxGOcDnqwL7aIYswbxeZlGsWEFb2VIyOXQWVL-lkmMBDINpxP8ZLy1RaILehUAnhik1Nx0QGS_OwRMtXopyvsenfHI34nYtSWt5rnDG_ISu92hhpuEHIuPaMKa9OErr5Gwy6sCSN6oezzeao90X-K6hscU8ZGQvjyDkKuzT225j8rxWulAI_YlY1uDitNaIL0xeL29NVptancQScSOmMb-1FCGoyst-R974wRaA_go2Xn_1evvkgXWGGD315SIzwqgdhiq3agVsgA99vNgU5u4rpVCRHUiyftOh-rSWnOG-jOAPQSDLEuLNls9FH_i0b5QQ0KqXP1L9wxwRcYoTq6kBf54ialBTCU65TMwgiIjgKZQO9xePoOxAzvFgQd9gQIQW-ZJ81SrtauEVz31KwAaAJXByPKxdJypRO3jLqCLzGsjv4Pim1hY1I8CKgQ9EaeyU1RKTrEBbgyExcFsmd0Y5iMNsuJRE2w-whF5W__-D-TeIPH03MVdHfRGEHa5rR7Wu_5xCP3z_ZPoIY2FwS-H7DT2EpdWun6JDSuZ3WTggS_S7w_QxY9_8MfCwS_zNlFS478hTzZXs2cFbWfPFC_a31QwjobzpSxdifmVWO39fPfcPqn530CvZrZ-SaYftLszBhNZLWhXwABHbpV2EPKDHM17uppdqT-pxPEKHI5l8hhmnF_Q	HTTP Parser: No favicon
Source: https://ssum-sec.casalemedia.com/usermatch?ix_um=1&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&s=184349&us_privacy=&gdpr_consent=&gdpr=0&gpp=DBAA&gpp_sid=-1	HTTP Parser: No favicon

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (8127)
Category:	downloaded
Size (bytes):	8128
Entropy (8bit):	5.210425618876301
Encrypted:	false
SSDEEP:
MD5:	26831B6BD9EA430823F593B6A70C7375
SHA1:	01AA2FCC9820194D914DAEB4F5BF84F8447CBE4A
SHA-256:	BAA52E8AC769D702E14FD1FA5A4363A1FC7E6462115AB6BCDBB317CE0E99DA8B
SHA-512:	1F5F82EDA1CAB4518C172ABB7DA75556D1D49D0ADBEBF4F5EBC389317E428723D1E718E2510552A9061ADD5410819273364766EE57207FACFEDF08C976689BF9
Malicious:	false
Reputation:	low
URL:	https://s.yimg.com/cx/pv/perf-vitals_3.1.0.js
Preview:	!function(){"use strict";var e,t,n,i,r,a=-1,o=function(e){addEventListener("pageshow",(function(t){t.persisted&&(a=t.timeStamp,e(t))}),!0)},c=function(){return window.performance&&performance.getEntriesByType&&performance.getEntriesByType("navigation")[0]},u=function(){var e=c();return e&&e.activationStart\|\|0},s=function(e,t){var n=c(),i="navigate";return a>=0?i="back-forward-cache":n&&(i=document.prerendering\|\|u()>0?"prerender":document.wasDiscarded?"restore":n.type.replace(/_/g,"-")),{name:e,value:void 0===t?-1:t,rating:"good",delta:0,entries:[],id:"v3-".concat(Date.now(),"-").concat(Math.floor(8999999999999*Math.random())+1e12),navigationType:i}},f=function(e,t,n){try{if(PerformanceObserver.supportedEntryTypes.includes(e)){var i=new PerformanceObserver((function(e){Promise.resolve().then((function(){t(e.getEntries())}))}));return i.observe(Object.assign({type:e,buffered:!0},n\|\|{})),i}}catch(e){}},d=function(e,t,n,i){var r,a;return function(o){t.value>=0&&(o\|\|i)&&((a=t.value-(r\|\|0))\|

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (33772), with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	124139
Entropy (8bit):	5.4285330141955095
Encrypted:	false
SSDEEP:
MD5:	D3D9E2A2F9D164BDF3E6DEA684956219
SHA1:	865CA248D728CC8ED1DAEB0A425AB81E7554347E
SHA-256:	73BEABA30CE346ECFBF2219EDB1B3CC483A8F6B0FDEEF7DB807AE117971D8917
SHA-512:	2F63CA752B91F72F75AD058F766B658B26E214FC909871C6150FC2D9FB0CD82BA7E4DA4B1105CAA2E294FC2B67FDD1A8FF66AAA4F94AC35845EF5641FDF1AB68
Malicious:	false
Reputation:	low
URL:	https://ads.eu.criteo.com/delivery/r/afr.php?z=EwMNAUxM7ozTmFdo1WlU1oaA_RBhRQ3SabcsBQSVy9I&u=%7C1LDijja8kGGm36%2B20zSxmQeKYnbU39Vl0SrfzlQ8Pes%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU870gEAOzIR7LKk_mcvZ6vJsCmbh3GlMA9xW1E4e--yQkCdR6HROdXmDKlpVTtBHdAyX92kWSkiQmVxUjONgfR4S7OCFk0kro-cJU_7RoUIAqllByS5fzR6xRP46vRuF444v292dx3jgZmGWGl7XxmUkfQCPy30TWe7w9eMU_ebiHOgM2FtYPUk3XqUpUXR3W_uLauDnFtoHAIOOsOUIBv9ISZPFdQqK1lcPCMvdZ8kKFZIlG5nDICAsv1bZH7coXtc5ea1JtKXohgSlqMj6QZpt11X9Z6vuuf1bqMYDPtFIogPTqQvL2Ak2ZAdIECghGJbP2j8pbn6nDhfZ2oTu1BsAo6xWYgh7_A_k2gmmboSTx9qqCapc7PO5Uy94xOPCxxEclmpPuaOMBMDarSuyZOMfywEDSF9EakSjiKu2eNRXj-CdQ0VmQ--FfqrqSCrBwCPixDkfXY9h1qeOeplSC3EpxIfrYl_tdk-U14duz4jkNZ6Ea1MHnm8FuswLZbTZ_FXFJL_DQULebnBgFHzoQoXYn0n2v7_eGpnx3EFYW2H92rTBmD5tNXL8S9tdm6WnH_IP3fJz3O4Po-db4C9ZZxGz23Qb-POeuAuU3uFPLSKsZ3TgPSxFnyIiuHYHDDGVOx9
Preview:	<!DOCTYPE html>.<html>.<head>.<title>Advertisement</title>.<meta charset="utf-8">.<meta name="format-detection" content="telephone=no">.<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">.</head>.<body leftmargin='0' topmargin='0' marginwidth='0' marginheight='0' style='background-color:transparent; width: 100%; text-align: center;'>. BannerId 11290441, ZoneId 65726, AdId 1512758 -->.<div id="main" style="position:relative; padding:0; width:300px ; height:250px ; background-color:#ddd; cursor:pointer; overflow:hidden; display:inline-block;"> <style> .privacy_element, .privacy_element a, .privacy_element img { text-decoration:none; margin:0; padding:0; border:none; } #privacy_icon, #privacy_icon a, #privacy_icon img { cursor:pointer; } #privacy_icon { position:absolute; z-index:100; top:0px;bottom:auto;vertical-align:top;margin-top:1px; right:16px;left:auto;text-align:right;margin-right:1px; } #privacy_icon .privacy_out { width:19px; height:15px; line-height:0; z-i

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	2427
Entropy (8bit):	7.898956068611793
Encrypted:	false
SSDEEP:
MD5:	25C292A6B5859297456A6AFD3BBF2438
SHA1:	4232DAE97DD3A1E1F6BE85E64A4644934CA1A793
SHA-256:	98B9C493736CB976F20912CB81B77D68D4135F524D7F017D8D52FC687D560A7B
SHA-512:	C44ADC098741B0A194DC4EFFBA69510EC5027A77EF6966A176EA693A428FBA98EFC279705BF86CE3CCE60EA96224945647E1BEC06FF5CD6638B865D14BC68773
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...2...2......?......pHYs..........&.?....tIME.....6..^f\|....IDATh..Z{TUU.v.fl5)HZ.f>.m..K#.....M..T..A..#j..)...QB.D0M.5 ..03..k.M.F....<..7.w.a...\R.=..s...s.>....{.S.^.\".... ..........t`,P.j....8......TUY... .....-........(U<..H...?@.gG.......Y.....4.?~...m.<..-..c..>..7h......R....XW$..2v..H....Y.7d.a.L1..?..y.0L.t..5......x.4v..'..j....`.'3.o.@1..+._.5Y...q....uA$..C....n.,.n=$../.a.f .........~...}.`zU..Y$41$R.U..{:.I..Js.i@...9v.#.zI{..F..W.8k...Hc..5}.TT.o.}-."2r..c..Q.\.<.....?0...t......f_S.. ..$f.4.......+....i..@.~.rI...j........r...H.M=.,...... ..%69SV'....!....%..D=@....aG.`..6v.......".9.....K>Z......"&\.^..x...6...$.e.LY..y.Gew.72...~..u..`...,..44x..KW..wG..~.V.TAp..bu.EyE.m.3d.....%C@..\.+p.706....../.PX...n.Z.2..M..Kc?#...&.;5z.....%...0.>.E5:~....1/.;.1.v..D.i.X...r4..@....-[.].CMj .1.>R.{....#.....M...s...... \|]..4)..knd..x.>...@...9s.G._.<.w..h"T...U..)^/......h.`/........zG...I).zS..u.t...s.i C....x9

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1881
Entropy (8bit):	4.762771713225458
Encrypted:	false
SSDEEP:
MD5:	3643D340777CD5FB9A2FA7E8701FDCDB
SHA1:	64126ACC1DC7A894A9984613BEA432DE19C2D186
SHA-256:	60BCAFBD631F6FA0805E158CA3B235E76225350DB6FBB423596D4C4954B27573
SHA-512:	CCF3B75300726BB2785B78C6CB16931F01E042A0AE139B6F4C25498C71FF132A73492BD66A3F0CD74488DE115DF22542D0377D92FC662117250003B9451CF61E
Malicious:	false
Reputation:	low
URL:	https://static.criteo.net/flash/icon/adchoices_en.svg
Preview:	<svg id="privacy_svg" xmlns="http://www.w3.org/2000/svg" version="1.1" viewBox="0 0 77 15" height="15" width="77">.<style>..bg{fill:#fff;opacity:0.6;}..icon{fill:#00aecd;}..text{font-family:Arial;font-size:11.5px;stroke:black;stroke-width:0.25;}.</style>.<path class="bg" d="M0 0L77 0L 77 15L 5 15A5 5 0 0 1 0 10"/>.<circle class="icon" transform="translate(58, 0)" r="0.75" cy="5.875" cx="8.75"/>.<path class="icon" transform="translate(58, 0)" d="M 5.3730468,1.0136718 C 4.6293185,1.0090776 4.1,1.3947866 4.1,2.5 4.100712,5.7520821 4.0996094,8.7129311 4.0996094,12 v 0.800781 h 0.013672 c -0.00328,0.03309 -0.00524,0.06633 -0.00586,0.09961 -4.7e-5,0.61699 0.447682,1.117187 1,1.117187 0.035907,-4.48e-4 0.071766,-0.0031 0.1074219,-0.0078 0.1364212,0.007 0.2721632,-0.02339 0.3925781,-0.08789 l 1.7871093,-0.917969 c 0.7171771,-0.35578 0.4527743,-1.437158 -0.3476562,-1.421875 -0.1186385,0.002 -0.2351089,0.03213 -0.3398438,0.08789 -0.103283,0.05499 -0.527302,0.28718 -0.7851561,-6e-6 C 5.8554801,11

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image, VP8 encoding, 536x284, Scaling: [none]x[none], YUV color, decoders should clamp
Category:	downloaded
Size (bytes):	24174
Entropy (8bit):	7.992802319834735
Encrypted:	true
SSDEEP:
MD5:	33D73CD1DEF0238ABD1AD74AA4D5B598
SHA1:	25530815474997FFB781857033B881BFC51EEF2C
SHA-256:	B1738F9EEFEF998F0CF6B69A4C22CBE7820E0B703E2AC539EDE6998B3F5C0612
SHA-512:	9F6F6ADF58974AADE6DF0C88EF6E8AFEBFCA397049B37AD0B58F505737F43AAAEC280F7F20CB3FBB60044D94F68593685752BD4673DEC97488D54D5492F0CB30
Malicious:	false
Reputation:	low
URL:	https://s.yimg.com/uu/api/res/1.2/mLRhgP0WwOqO.zxf7U9foQ--~B/Zmk9c3RyaW07aD0yODQ7cT04MDt3PTUzNjthcHBpZD15dGFjaHlvbg--/https://media.zenfs.com/en/people_218/a7322d81bd4b477a68d6c1026cc9487f.cf.webp
Preview:	RIFFf^..WEBPVP8 Z^..P........>y4.G...!)r.....cf:...a\V..z..y...k%..=>..t..Gc.R\|..].....7......o._e...W..J.`......?..Bu&.o....>..........m?d...3.U....{...{.i.N=.p.9.._..t...J..F.U......q.\..H.........H.g..Q./.....,Z..e:0.>...L>.......G]...).a....._s..f[eY..4W...g./.U.%$WZ..MRM_.........e.U>.G-...c..Z...X<$..?..]R.y.V....@.c$.n.f.......c.5....M.i4w<'..~...].F......Z.Z..~....[...../...f.@L.evPa}0ff;......,GI6......!.....p....T.9....D.rn..>.!......h.H~..!...Y.4U..Jm[~3..b..;..K......z....].~7.............f.....;.#U3a...........,...2.(.o...%l.G..ma..n..J..............d.2~P.?%m...~..V.+....,.l..2bATO...l.c.`.f....I..v\|..W.W...8Bb..#.%....\....w...y}...c.;fq6.....W}..&.}........ .....f....B`.J.L...Ur#...:.7..R..<...Ek;.T.z...k~.....H5I..I.%.z@uJ.8..:`d;M....p...g.(..a/.h.Y\.7...g...fpX\.."......z..[..W...p..*S3.6^..\...G2 ......I.u+"..8wd.zXQ...A.......Q.....J.....Jp\|`.V$.:t.6."...\|T9...I.<4..mMg....>xB...t.J.-.O..H2....o...Hj9...........'

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://tddolc.sunnysee.cc/34546de4235m342356?affsub2=hkuoxewm&st=nfairafh

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

General Information

Warnings

Created / dropped Files

Chrome Cache Entry: 289

Chrome Cache Entry: 290

Chrome Cache Entry: 293

Chrome Cache Entry: 294

Chrome Cache Entry: 296

Chrome Cache Entry: 297

Chrome Cache Entry: 300

Chrome Cache Entry: 302

Chrome Cache Entry: 306

Chrome Cache Entry: 307

Chrome Cache Entry: 309

Chrome Cache Entry: 311

Chrome Cache Entry: 313

Chrome Cache Entry: 314

Chrome Cache Entry: 315

Chrome Cache Entry: 316

Chrome Cache Entry: 317

Chrome Cache Entry: 321

Chrome Cache Entry: 322

Chrome Cache Entry: 323

Chrome Cache Entry: 324

Chrome Cache Entry: 325

Chrome Cache Entry: 326

Chrome Cache Entry: 328

Chrome Cache Entry: 330

Chrome Cache Entry: 331

Chrome Cache Entry: 333

Chrome Cache Entry: 334

Chrome Cache Entry: 337

Chrome Cache Entry: 339

Chrome Cache Entry: 341

Chrome Cache Entry: 342

Chrome Cache Entry: 343

Chrome Cache Entry: 345

Chrome Cache Entry: 347

Chrome Cache Entry: 348

Chrome Cache Entry: 351

Chrome Cache Entry: 352

Chrome Cache Entry: 356

Chrome Cache Entry: 358

Chrome Cache Entry: 360

Windows Analysis Report
http://tddolc.sunnysee.cc/34546de4235m342356?affsub2=hkuoxewm&st=nfairafh