Edit tour

Windows Analysis Report
http://www.tinyurl.com/stationnement-infraction

Overview

General Information

Sample URL:	http://www.tinyurl.com/stationnement-infraction
Analysis ID:	1369345

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Creates files inside the system directory

Detected non-DNS traffic on DNS port

HTML page contains hidden URLs or javascript code

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 4636 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.tinyurl.com/stationnement-infraction MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5488 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1620,i,8043334423922879722,12289632449776647744,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1908 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=auction_worklet.mojom.AuctionWorkletService --lang=en-US --service-sandbox-type=service_with_jit --mojo-platform-channel-handle=5872 --field-trial-handle=1620,i,8043334423922879722,12289632449776647744,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1912 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=auction_worklet.mojom.AuctionWorkletService --lang=en-US --service-sandbox-type=service_with_jit --mojo-platform-channel-handle=5776 --field-trial-handle=1620,i,8043334423922879722,12289632449776647744,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6048 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=auction_worklet.mojom.AuctionWorkletService --lang=en-US --service-sandbox-type=service_with_jit --mojo-platform-channel-handle=3228 --field-trial-handle=1620,i,8043334423922879722,12289632449776647744,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3624 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=auction_worklet.mojom.AuctionWorkletService --lang=en-US --service-sandbox-type=service_with_jit --mojo-platform-channel-handle=6524 --field-trial-handle=1620,i,8043334423922879722,12289632449776647744,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7028 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=auction_worklet.mojom.AuctionWorkletService --lang=en-US --service-sandbox-type=service_with_jit --mojo-platform-channel-handle=6532 --field-trial-handle=1620,i,8043334423922879722,12289632449776647744,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://www.tinyurl.com/stationnement-infraction

Avira URL Cloud: detection malicious, Label: phishing

Multi AV Scanner detection for submitted file

Source: http://www.tinyurl.com/stationnement-infraction

Virustotal: Detection: 5%

Perma Link

Source: https://tinyurl.com/app/nospam/tinyurl.com/stationnement-infraction

HTTP Parser: Base64 decoded: ai=BV1fQIXWVZYOUL8a9rr4P0vC5yAeJ48bKRgAAABABINqJvCo4AViDm-LkgwRgyabujOSkwBOyAQt0aW55dXJsLmNvbboBCWdmcF9pbWFnZcgBAtoBNWh0dHBzOi8vdGlueXVybC5jb20vYXBwL25vc3BhbS9EMHdubG9hZFBERi90ZXJtaW5hdGVkmAL6AcACAuACAOoCGi8xNTE4NDE4Ni90aW55dXJsX2hvbWVwYWdl-AKE0h6QA4wGmAO...

Source: https://tinyurl.com/app/nospam/tinyurl.com/stationnement-infraction	HTTP Parser: No favicon
Source: https://tinyurl.com/app/nospam/tinyurl.com/stationnement-infraction	HTTP Parser: No favicon
Source: https://tinyurl.com/app/nospam/tinyurl.com/stationnement-infraction	HTTP Parser: No favicon
Source: https://tinyurl.com/app/nospam/tinyurl.com/stationnement-infraction	HTTP Parser: No favicon
Source: https://securepubads.g.doubleclick.net/static/topics/topics_frame.html	HTTP Parser: No favicon
Source: https://dbf543eca752736ca32d925dec769d4d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html	HTTP Parser: No favicon
Source: https://google-bidout-d.openx.net/w/1.0/pd?plm=5	HTTP Parser: No favicon
Source: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID	HTTP Parser: No favicon
Source: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID	HTTP Parser: No favicon
Source: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-mediagrid_n-LoopMe_n-MediaNet_n-Beeswax_ox-db5_cnv_n-smaato_n-sharethrough_n-onetag_pm-db5_ym_rbd_ppt_n-vmg_n-baidu_an-db5_n-Rise_3lift_n-Outbrain&dcc=t	HTTP Parser: No favicon
Source: https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=90553821405950341038	HTTP Parser: No favicon
Source: https://s.amazon-adsystem.com/ecm3?ex=vmg.com&id=eS0wOExrUURkRTJ1S2JFX1lxSDNyc0RGQUhKZ09IeUkwU35B	HTTP Parser: No favicon
Source: https://s.amazon-adsystem.com/ecm3?id=4070193924377947321&ex=appnexus.com	HTTP Parser: No favicon
Source: https://s.amazon-adsystem.com/v3/pr?exlist=n-mediagrid_n-LoopMe_n-MediaNet_n-Beeswax_ox-db5_cnv_n-smaato_n-sharethrough_n-onetag_pm-db5_ym_rbd_ppt_n-vmg_n-baidu_an-db5_n-Rise_3lift_n-Outbrain&fv=1.0&a=cm&cm3ppd=1&dmt=3	HTTP Parser: No favicon
Source: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east	HTTP Parser: No favicon
Source: https://u.openx.net/w/1.0/cm?id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D	HTTP Parser: No favicon
Source: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156696	HTTP Parser: No favicon
Source: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D$UID	HTTP Parser: No favicon
Source: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&gpp=&gpp_sid=&redir=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID&ld=1	HTTP Parser: No favicon
Source: https://sync-amz.ads.yieldmo.com/tamptsync?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dym.com%26id%3D%24UID	HTTP Parser: No favicon
Source: https://onetag-sys.com/usync/?pubId=69f48c2160c8113&gdpr=0&gdpr_consent=	HTTP Parser: No favicon
Source: https://s.amazon-adsystem.com/dcm?pid=3b882453-6770-4785-baf8-a598533c054a&id=F1599980-01CB-4F5A-BAC2-A66E1F797B77&redir=true&gdpr=0&gdpr_consent=	HTTP Parser: No favicon
Source: https://s.amazon-adsystem.com/ecm3?ex=cnv.com&id=AAAJXhui8fXsFANbeV5kAAAAAAA&expiration=1704380070&is_secure=true	HTTP Parser: No favicon
Source: https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_consent=	HTTP Parser: No favicon
Source: https://eus.rubiconproject.com/usync.html?p=rise_engage&endpoint=us-east	HTTP Parser: No favicon
Source: https://onetag-sys.com/usync/?redir=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Donetag%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24%7BUSER_TOKEN%7D&gdpr=&gdpr_consent=&us_privacy=	HTTP Parser: No favicon
Source: https://ads.yieldmo.com/pbcas?us_privacy=&gdpr=0&gdpr_consent=&type=iframe	HTTP Parser: No favicon
Source: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@	HTTP Parser: No favicon
Source: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=1908244422708291736&gdpr=0&gdpr_consent=	HTTP Parser: No favicon
Source: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=-XWVofh1nqPidc_19neBrf90zaziecj29yNzzXdU	HTTP Parser: No favicon
Source: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=1797288129577652243	HTTP Parser: No favicon
Source: https://cs-server-s2s.yellowblue.io/sync-iframe?redirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Drise.com%26id%3D%7BpartnerId%7D	HTTP Parser: No favicon
Source: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI5NDcmdGw9MTI5NjAw&piggybackCookie=872289234802	HTTP Parser: No favicon
Source: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}	HTTP Parser: No favicon
Source: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:d1196595-7528-4500-b6fc-d7eb32db5b6b&gdpr=0&gdpr_consent=	HTTP Parser: No favicon
Source: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=0047709c-aa48-11ee-8541-2b83a51adcc2	HTTP Parser: No favicon
Source: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0ODkmdGw9NDMyMDA=&piggybackCookie=OPU833b0970810e40148befb3031e882ec1	HTTP Parser: No favicon
Source: https://visitor.omnitagjs.com/visitor/isync?uid=19340f4f097d16f41f34fc0274981ca4&name=PrebidServer&gdpr=&gdpr_consent=&us_privacy=&url=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dadyoulike%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%5BBUYER_USERID%5D	HTTP Parser: No favicon
Source: https://bh.contextweb.com/visitormatch?p=547259,530912,534301,548607,543793,561117&rurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3D%25%25VGUID%25%25%26ex%3DPulsepoint&reat=1	HTTP Parser: No favicon
Source: https://ssp.api.tappx.com/cs/usersync.php?gdpr_optin=&gdpr_consent=&us_privacy=&type=iframe&ruid=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dtappx%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%7B%7BTPPXUID%7D%7D	HTTP Parser: No favicon
Source: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:k2P7AGgV1Rl2DB5&gdpr=0&gdpr_consent=	HTTP Parser: No favicon
Source: https://s.amazon-adsystem.com/ecm3?ex=pubmatic.com&id=PM_UIDF1599980-01CB-4F5A-BAC2-A66E1F797B77	HTTP Parser: No favicon
Source: https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fssp.api.tappx.com%2Fcs%2Fusync%3Fidmn%3D50%26type%3Diframe%26id%3D%24UID%26auxuid%3D	HTTP Parser: No favicon
Source: https://vid.vidoomy.com/sync?gdpr=&gdpr_consent=&us_privacy={{US_PRIVACY}}&redirect=https%3A%2F%2Fssp.api.tappx.com%2Fcs%2Fusync%3Fidmn%3D380%26type%3Diframe%26id%3D%7B%7BVID%7D%7D%26auxuid%3D	HTTP Parser: No favicon
Source: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158111&userIdMacro=(PM_UID)&gdpr=&gdpr_consent=&predirect=https%3A%2F%2Fssp.api.tappx.com%2Fcs%2Fusync%3Fidmn%3D76%26type%3Diframe%26id%3D%28PM_UID%29%26auxuid%3D	HTTP Parser: No favicon
Source: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.spotim.market%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID%26traffic_source%3Dsnippet%26session%3D48A324C1FF4E783D%26sp%3D750078%26pb%3D612004%26c%3D570607%26a%3D281178%26domain%3Dvisitor.omnitagjs.com	HTTP Parser: No favicon
Source: https://visitor.omnitagjs.com/visitor/sync?uid=9f93135e824096b627ff609f5cdee636&visitor=904dc11b6a7bb5d0&name=OPENWEB	HTTP Parser: No favicon
Source: https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=F1599980-01CB-4F5A-BAC2-A66E1F797B77	HTTP Parser: No favicon
Source: https://s.spotim.market/sync.html?aid=750078&gdpr=0&gdpr_consent=	HTTP Parser: No favicon
Source: https://ssbsync.smartadserver.com/api/sync?callerId=22&gdpr=0&gdpr_consent=	HTTP Parser: No favicon
Source: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=WErPEB1sWKl0G34wzjuMmtRmKQI&gdpr=0&gdpr_consent=	HTTP Parser: No favicon
Source: https://sync.adkernel.com/user-sync?zone=200784&r=https%3A%2F%2Fssp.api.tappx.com%2Fcs%2Fusync%3Fidmn%3D1111%26type%3Diframe%26id%3D%7BUID%7D%26auxuid%3D	HTTP Parser: No favicon
Source: https://ssc-cms.33across.com/ps/?m=xch&rt=html&gdpr=&gdpr_consent=&us_privacy={{US_PRIVACY}}&ru=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3D33across%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%7B%7BUS_PRIVACY%7D%7D%26uid%3D33XUSERID33X&id=zzz000000000002zzz	HTTP Parser: No favicon
Source: https://tinyurl.com/app/nospam/tinyurl.com/stationnement-infraction	HTTP Parser: No favicon
Source: https://tinyurl.com/app/nospam/tinyurl.com/stationnement-infraction	HTTP Parser: No favicon
Source: https://tinyurl.com/app/nospam/tinyurl.com/stationnement-infraction	HTTP Parser: No favicon
Source: https://tinyurl.com/app/nospam/tinyurl.com/stationnement-infraction	HTTP Parser: No favicon
Source: https://tinyurl.com/app/nospam/tinyurl.com/stationnement-infraction	HTTP Parser: No favicon
Source: https://tinyurl.com/app/nospam/tinyurl.com/stationnement-infraction	HTTP Parser: No favicon
Source: https://tinyurl.com/app/nospam/tinyurl.com/stationnement-infraction	HTTP Parser: No favicon
Source: https://tinyurl.com/app/nospam/tinyurl.com/stationnement-infraction	HTTP Parser: No favicon
Source: about:blank	HTTP Parser: No favicon
Source: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID	HTTP Parser: No favicon
Source: https://vid.vidoomy.com/sync?gdpr=&gdpr_consent=&us_privacy={{US_PRIVACY}}&redirect=https%3A%2F%2Fssp.api.tappx.com%2Fcs%2Fusync%3Fidmn%3D380%26type%3Diframe%26id%3D%7B%7BVID%7D%7D%26auxuid%3D	HTTP Parser: No favicon
Source: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158111&userIdMacro=(PM_UID)&gdpr=&gdpr_consent=&predirect=https%3A%2F%2Fssp.api.tappx.com%2Fcs%2Fusync%3Fidmn%3D76%26type%3Diframe%26id%3D%28PM_UID%29%26auxuid%3D	HTTP Parser: No favicon
Source: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.spotim.market%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID%26traffic_source%3Dsnippet%26session%3D48A324C1FF4E783D%26sp%3D750078%26pb%3D612004%26c%3D570607%26a%3D281178%26domain%3Dvisitor.omnitagjs.com	HTTP Parser: No favicon
Source: https://cookies.nextmillmedia.com/sync?gdpr=&gdpr_consent=&us_privacy={{US_PRIVACY}}&redirect=https%3A%2F%2Fssp.api.tappx.com%2Fcs%2Fusync%3Fidmn%3D1060%26type%3Diframe%26id%3D%5BNMUID%5D%26auxuid%3D	HTTP Parser: No favicon
Source: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=SFf5fDGgAjajV3xNLHWVZQ	HTTP Parser: No favicon
Source: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-6118a49d-770b-4bd1-8a33-56c5cc6be31c-005	HTTP Parser: No favicon
Source: https://hde.tynt.com/deb/?m=xch&rt=html&id=0015a00003HljHyAAJ&ru=https%3A%2F%2Fvisitor-us-west-2.omnitagjs.com%2Fvisitor%2Fsync%3Fname%3D33ACROSS%26ttl%3D720%26uid%3D2f9442d7df2189f76c8b593d5f54ce95%26visitor%3D33XUSERID33X%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent=&b=1	HTTP Parser: No favicon
Source: https://hde.tynt.com/deb/?m=xch&rt=html&id=0010b00001siQHqAAM&ru=https%3A%2F%2Fssp.api.tappx.com%2Fcs%2Fusync%3Fidmn%3D58%26type%3Diframe%26id%3D33XUSERID33X%26auxuid%3D&b=1	HTTP Parser: No favicon
Source: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=Q7575800761170928406	HTTP Parser: No favicon
Source: https://prebid.a-mo.net/cchain/0?gdpr=&gdpr_consent=&us_privacy={{US_PRIVACY}}&gpp={{.GPP}}&gpp_sid={{.GPPSID}}&s=pbs&cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Damx%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%7B%7BUS_PRIVACY%7D%7D%26uid%3D%24UID	HTTP Parser: No favicon
Source: https://pbs.nextmillmedia.com/setuid?bidder=appnexus&uid=3318430922085059266	HTTP Parser: No favicon
Source: https://sync.targeting.unrulymedia.com/csync/RX-6118a49d-770b-4bd1-8a33-56c5cc6be31c-005	HTTP Parser: No favicon
Source: https://pbs.nextmillmedia.com/setuid?bidder=yieldmo&uid=VEqevvvUUev3J9iYjevX	HTTP Parser: No favicon
Source: https://pbs.nextmillmedia.com/setuid?bidder=grid&uid=e272b9ed-67cd-4361-8df9-11727d710aed	HTTP Parser: No favicon
Source: https://sync.spotim.market/csync?t=a&ep=281178&extuid=F1599980-01CB-4F5A-BAC2-A66E1F797B77&traffic_source=snippet&session=48A324C1FF4E783D&sp=750078&pb=612004&c=570607&a=281178&domain=visitor.omnitagjs.com	HTTP Parser: No favicon
Source: https://events-ssc.33across.com/match?liv=h&us_privacy=&bidder_id=25&external_user_id=F1599980-01CB-4F5A-BAC2-A66E1F797B77	HTTP Parser: No favicon
Source: https://ads.pubmatic.com/AdServer/js/user_sync.html?&p=156423&us_privacy=&predirect=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dh%26us_privacy%3D%26bidder_id%3D25%26external_user_id%3D	HTTP Parser: No favicon
Source: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156498&gdpr=&gdpr_consent=&userIdMacro=(PM_UID)&predirect=https%3A%2F%2Fa.vidoomy.com%2Fapi%2Frtbserver%2Fpbscookie%3Fuid%3D%28PM_UID%29%26vid%3D1ba9e6b1908d898d908cd657b22bd85a%26dspid%3Dpubmatic	HTTP Parser: No favicon
Source: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAEBLE7LKuoAABNQmDTZTg&gdpr=0	HTTP Parser: No favicon
Source: https://widgets.outbrain.com/nanoWidget/externals/obUserFrame/test.html?lsd=8840a7c0-c0fd-4c42-b95f-bef99eff492a	HTTP Parser: No favicon
Source: https://widgets.outbrain.com/widgetOBUserSync/obUserSync.html#pid=203177&dmpenabled=true&filterDMP=&d=Bvo62RHKUODdnKa_Z8rYFE4MXVc4vfJzjQuBfttglvczKYxasS-UC4PRQtYh8V0z&gdpr=0&cmpNeeded=false&gdprVer=null&ccpa=1---&country=US&obRecsAbtestAndVars=386-2483,1090-3454,1410-4955,1155-3748,1412-4941,1419-4964,1164-3780,1103-3503,1359-4728,784-2396,1360-4730,1169-3791,979-4239,980-4243,981-4590,792-2427,927-3101,1125-3606,1323-4539,1203-3960,1333-4572,822-2522,1399-4862,1401-4879,1082-3419,699-2183,1403-4896,1149-3716,1405-4906&initiator=ob	HTTP Parser: No favicon
Source: https://widgets.outbrain.com/widgetOBUserSync/obUserSync.html#pid=203177&dmpenabled=true&filterDMP=&d=yOeRQX4uQ46h-lBaBGdxPDC5zqOSWMwNjjoHRKz-rznloajrwd7Woho7-YiV05B4&gdpr=0&cmpNeeded=false&gdprVer=null&ccpa=1---&country=US&obRecsAbtestAndVars=386-1123,1090-3454,1410-4954,1412-4941,1419-4965,1164-3777,1358-4889,1103-3503,1359-4725,784-2396,1360-4730,1169-3790,979-4239,980-4243,981-4590,792-2426,927-3026,1125-3605,1323-4540,1203-3987,1333-4572,822-2522,1399-4862,1401-4878,1082-3419,699-2357,1403-4896,1149-3716&initiator=ob	HTTP Parser: No favicon
Source: https://imasdk.googleapis.com/js/core/bridge3.609.1_en.html#goog_1906603439	HTTP Parser: No favicon
Source: https://tinyurl.com/app/nospam/tinyurl.com/stationnement-infraction	HTTP Parser: No favicon
Source: https://tinyurl.com/app/nospam/tinyurl.com/stationnement-infraction	HTTP Parser: No favicon
Source: https://tinyurl.com/app/nospam/tinyurl.com/stationnement-infraction	HTTP Parser: No favicon
Source: https://tinyurl.com/app/nospam/tinyurl.com/stationnement-infraction	HTTP Parser: No favicon
Source: https://tinyurl.com/app/nospam/tinyurl.com/stationnement-infraction	HTTP Parser: No favicon
Source: https://tinyurl.com/app/nospam/tinyurl.com/stationnement-infraction	HTTP Parser: No favicon
Source: https://tinyurl.com/app/nospam/tinyurl.com/stationnement-infraction	HTTP Parser: No favicon
Source: https://tinyurl.com/app/nospam/tinyurl.com/stationnement-infraction	HTTP Parser: No favicon
Source: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID	HTTP Parser: No favicon
Source: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156696	HTTP Parser: No favicon
Source: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158111&userIdMacro=(PM_UID)&gdpr=&gdpr_consent=&predirect=https%3A%2F%2Fssp.api.tappx.com%2Fcs%2Fusync%3Fidmn%3D76%26type%3Diframe%26id%3D%28PM_UID%29%26auxuid%3D	HTTP Parser: No favicon
Source: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html	HTTP Parser: No favicon
Source: https://imasdk.googleapis.com/js/core/bridge3.609.1_en.html#goog_844976331	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/aframe	HTTP Parser: No favicon
Source: https://tinyurl.com/app/nospam/tinyurl.com/stationnement-infraction	HTTP Parser: No favicon
Source: https://tinyurl.com/app/nospam/tinyurl.com/stationnement-infraction	HTTP Parser: No favicon
Source: https://tinyurl.com/app/nospam/tinyurl.com/stationnement-infraction	HTTP Parser: No favicon
Source: https://ads.pubmatic.com/AdServer/js/showad.js#PIX&kdntuid=1&p=undefinedgdpr=0&gdpr_consent=&us_privacy=1---	HTTP Parser: No favicon
Source: https://vid-io-pdx.springserve.com/usersync?aid=1000010&gdpr=&gdpr_consent=&us_privacy=&uuid=F1599980-01CB-4F5A-BAC2-A66E1F797B77	HTTP Parser: No favicon
Source: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fvid-io-pdx.springserve.com%2Fusersync%3Faid%3D1000010%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uuid%3D	HTTP Parser: No favicon
Source: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=40&external_user_id=247345d8-a700-4a78-bba9-fd010e0f365a&expiration=1712156142	HTTP Parser: No favicon
Source: https://ssum.casalemedia.com/usermatch?s=191709&gdpr=&gdpr_consent=&us_privacy=&cb=https%3A%2F%2Fvid-io-pdx.springserve.com%2Fusersync%3Faid%3D1000005%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uuid%3D	HTTP Parser: No favicon
Source: https://tinyurl.com/app/nospam/tinyurl.com/stationnement-infraction	HTTP Parser: No favicon
Source: https://tinyurl.com/app/nospam/tinyurl.com/stationnement-infraction	HTTP Parser: No favicon
Source: https://tinyurl.com/app/nospam/tinyurl.com/stationnement-infraction	HTTP Parser: No favicon
Source: https://tinyurl.com/app/nospam/tinyurl.com/stationnement-infraction	HTTP Parser: No favicon
Source: https://tinyurl.com/app/nospam/tinyurl.com/stationnement-infraction	HTTP Parser: No favicon
Source: https://tinyurl.com/app/nospam/tinyurl.com/stationnement-infraction	HTTP Parser: No favicon
Source: https://tinyurl.com/app/nospam/tinyurl.com/stationnement-infraction	HTTP Parser: No favicon
Source: https://tinyurl.com/app/nospam/tinyurl.com/stationnement-infraction	HTTP Parser: No favicon
Source: https://tinyurl.com/app/nospam/tinyurl.com/stationnement-infraction	HTTP Parser: No favicon
Source: https://tinyurl.com/app/nospam/tinyurl.com/stationnement-infraction	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 23.1.237.25:443 -> 192.168.2.16:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49799 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:51042 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 1MB later: 25MB

Source: global traffic	TCP traffic: 192.168.2.16:49932 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:50119 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49932 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:50119 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49932 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:50119 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49932 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:50119 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49932 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:50119 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49932 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:50119 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49932 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:50119 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:49932 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:50119 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: unknown

DNS traffic detected: queries for: www.tinyurl.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50730
Source: unknown	Network traffic detected: HTTP traffic on port 50693 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51422 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50211 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 50452 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50743
Source: unknown	Network traffic detected: HTTP traffic on port 51548 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50745
Source: unknown	Network traffic detected: HTTP traffic on port 50578 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50747
Source: unknown	Network traffic detected: HTTP traffic on port 50440 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50740
Source: unknown	Network traffic detected: HTTP traffic on port 50325 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50754
Source: unknown	Network traffic detected: HTTP traffic on port 51524 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50464 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50752
Source: unknown	Network traffic detected: HTTP traffic on port 50108 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51319 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50760
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50761
Source: unknown	Network traffic detected: HTTP traffic on port 50337 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50763
Source: unknown	Network traffic detected: HTTP traffic on port 51320 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50566 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50235 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51090 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 51077 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 51512 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50591 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50301 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50700
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50701
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50704
Source: unknown	Network traffic detected: HTTP traffic on port 50656 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50705
Source: unknown	Network traffic detected: HTTP traffic on port 51065 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50247 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50095 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51561 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51089 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50708
Source: unknown	Network traffic detected: HTTP traffic on port 51446 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 50313 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50716
Source: unknown	Network traffic detected: HTTP traffic on port 51434 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51103 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50259 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 51500 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 51115 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50386 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50632 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50505 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50197 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51208
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51206
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51209
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51200
Source: unknown	Network traffic detected: HTTP traffic on port 51396 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51204
Source: unknown	Network traffic detected: HTTP traffic on port 50374 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51201
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51254 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51218
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51219
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51216
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51217
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 51384 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51214
Source: unknown	Network traffic detected: HTTP traffic on port 50897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51215
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51212
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51213
Source: unknown	Network traffic detected: HTTP traffic on port 50923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51127 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50776
Source: unknown	Network traffic detected: HTTP traffic on port 50911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51140 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51266 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50772
Source: unknown	Network traffic detected: HTTP traffic on port 51025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50350 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50362 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50787
Source: unknown	Network traffic detected: HTTP traffic on port 50173 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50784
Source: unknown	Network traffic detected: HTTP traffic on port 51139 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50785
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51498 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50476 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50799
Source: unknown	Network traffic detected: HTTP traffic on port 51360 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50790
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50792
Source: unknown	Network traffic detected: HTTP traffic on port 51245 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50619 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50797
Source: unknown	Network traffic detected: HTTP traffic on port 50223 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50796
Source: unknown	Network traffic detected: HTTP traffic on port 51409 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50349 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50488 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50514 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51278 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51536 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51144
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51145
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51142
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51143
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51148
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51149
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51147
Source: unknown	Network traffic detected: HTTP traffic on port 51176 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51151
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51150
Source: unknown	Network traffic detected: HTTP traffic on port 50389 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50400 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50148 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51155
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51156
Source: unknown	Network traffic detected: HTTP traffic on port 50377 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51153
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51154
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51159
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51158
Source: unknown	Network traffic detected: HTTP traffic on port 51347 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51163
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51160
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50502 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51166
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51167
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51165
Source: unknown	Network traffic detected: HTTP traffic on port 50390 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51169
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51170
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51173
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51174
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51171
Source: unknown	Network traffic detected: HTTP traffic on port 50767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51359 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51176
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51179
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51180
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51181
Source: unknown	Network traffic detected: HTTP traffic on port 50996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50136 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51184
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51185
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51588 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51182
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51183
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50665 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50365 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51108
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51109
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51106
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51107
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51100
Source: unknown	Network traffic detected: HTTP traffic on port 50055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51104
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51105
Source: unknown	Network traffic detected: HTTP traffic on port 50353 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51102
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51103
Source: unknown	Network traffic detected: HTTP traffic on port 50731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50161 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51323 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51119
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51118
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51111
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51112
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51110
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51115
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51116
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51113
Source: unknown	Network traffic detected: HTTP traffic on port 51269 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51114
Source: unknown	Network traffic detected: HTTP traffic on port 50677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50067 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51188 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51128
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51129
Source: unknown	Network traffic detected: HTTP traffic on port 51335 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51122
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51123
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51120
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51121
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51126
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51127
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51124
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51125
Source: unknown	Network traffic detected: HTTP traffic on port 50836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51130
Source: unknown	Network traffic detected: HTTP traffic on port 50412 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50341 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51139
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51133
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50689 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51242 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51131
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51132
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51137
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51138
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51135
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51136
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51140
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51141
Source: unknown	Network traffic detected: HTTP traffic on port 51270 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51230 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51471 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50260 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50690 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51282 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51041 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50517 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50219 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51539 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50448 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50461 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51540 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50959 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50529 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50473 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50272 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50100 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51311 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51294 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51552 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50660 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50530 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50960 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51458 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51229 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50207 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50436 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50659 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50296 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51188
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51189
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51186
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51187
Source: unknown	Network traffic detected: HTTP traffic on port 50112 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51564 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51191
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51190
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51195
Source: unknown	Network traffic detected: HTTP traffic on port 50542 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51196
Source: unknown	Network traffic detected: HTTP traffic on port 50972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51193
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51194
Source: unknown	Network traffic detected: HTTP traffic on port 49971 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51199
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51197
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51198
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51100 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51217 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51576 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50124 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50647 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50284 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51112 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50859
Source: unknown	Network traffic detected: HTTP traffic on port 50749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50851
Source: unknown	Network traffic detected: HTTP traffic on port 51044 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51365 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51124 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50866
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50868
Source: unknown	Network traffic detected: HTTP traffic on port 50956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51353 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50862
Source: unknown	Network traffic detected: HTTP traffic on port 50864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51238 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 50852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50878
Source: unknown	Network traffic detected: HTTP traffic on port 51056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51226 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51251 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50879
Source: unknown	Network traffic detected: HTTP traffic on port 50932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50870
Source: unknown	Network traffic detected: HTTP traffic on port 50130 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50871
Source: unknown	Network traffic detected: HTTP traffic on port 51020 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51136 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50873
Source: unknown	Network traffic detected: HTTP traffic on port 50291 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839

Source: unknown	HTTPS traffic detected: 23.1.237.25:443 -> 192.168.2.16:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49799 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:51042 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_BITS_4636_599795672

Source: classification engine

Classification label: mal56.win@90/6@840/850

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.tinyurl.com/stationnement-infraction
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1620,i,8043334423922879722,12289632449776647744,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=auction_worklet.mojom.AuctionWorkletService --lang=en-US --service-sandbox-type=service_with_jit --mojo-platform-channel-handle=5872 --field-trial-handle=1620,i,8043334423922879722,12289632449776647744,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=auction_worklet.mojom.AuctionWorkletService --lang=en-US --service-sandbox-type=service_with_jit --mojo-platform-channel-handle=5776 --field-trial-handle=1620,i,8043334423922879722,12289632449776647744,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=auction_worklet.mojom.AuctionWorkletService --lang=en-US --service-sandbox-type=service_with_jit --mojo-platform-channel-handle=3228 --field-trial-handle=1620,i,8043334423922879722,12289632449776647744,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=auction_worklet.mojom.AuctionWorkletService --lang=en-US --service-sandbox-type=service_with_jit --mojo-platform-channel-handle=6524 --field-trial-handle=1620,i,8043334423922879722,12289632449776647744,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=auction_worklet.mojom.AuctionWorkletService --lang=en-US --service-sandbox-type=service_with_jit --mojo-platform-channel-handle=6532 --field-trial-handle=1620,i,8043334423922879722,12289632449776647744,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1620,i,8043334423922879722,12289632449776647744,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=auction_worklet.mojom.AuctionWorkletService --lang=en-US --service-sandbox-type=service_with_jit --mojo-platform-channel-handle=5872 --field-trial-handle=1620,i,8043334423922879722,12289632449776647744,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=auction_worklet.mojom.AuctionWorkletService --lang=en-US --service-sandbox-type=service_with_jit --mojo-platform-channel-handle=5776 --field-trial-handle=1620,i,8043334423922879722,12289632449776647744,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=auction_worklet.mojom.AuctionWorkletService --lang=en-US --service-sandbox-type=service_with_jit --mojo-platform-channel-handle=3228 --field-trial-handle=1620,i,8043334423922879722,12289632449776647744,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=auction_worklet.mojom.AuctionWorkletService --lang=en-US --service-sandbox-type=service_with_jit --mojo-platform-channel-handle=6524 --field-trial-handle=1620,i,8043334423922879722,12289632449776647744,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=auction_worklet.mojom.AuctionWorkletService --lang=en-US --service-sandbox-type=service_with_jit --mojo-platform-channel-handle=6532 --field-trial-handle=1620,i,8043334423922879722,12289632449776647744,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact	Resource Development	Reconnaissance
Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	11 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	2 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Abuse Accessibility Features	Acquire Infrastructure	Gather Victim Identity Information
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	1 Non-Application Layer Protocol	SIM Card Swap	Obtain Device Cloud Backups	Network Denial of Service	Domains	Credentials
Domain Accounts	At	Logon Script (Windows)	1 Extra Window Memory Injection	1 Extra Window Memory Injection	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	2 Application Layer Protocol			Data Encrypted for Impact	DNS Server	Email Addresses

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://www.tinyurl.com/stationnement-infraction	100%	Avira URL Cloud	phishing
http://www.tinyurl.com/stationnement-infraction	5%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Link
jsdelivr.map.fastly.net	0%	Virustotal	Browse
ad-delivery.net	0%	Virustotal	Browse
cdn.confiant-integrations.net	0%	Virustotal	Browse
api.btloader.com	0%	Virustotal	Browse
oa.openxcdn.net	0%	Virustotal	Browse
optimise.net	0%	Virustotal	Browse
cdn.hadronid.net	0%	Virustotal	Browse
d.pub.network	0%	Virustotal	Browse
freestar-io.videoplayerhub.com	0%	Virustotal	Browse
btloader.com	0%	Virustotal	Browse
c.pub.network	0%	Virustotal	Browse
id.hadron.ad.gt	0%	Virustotal	Browse
a.pub.network	0%	Virustotal	Browse
sb.scorecardresearch.com	0%	Virustotal	Browse
api.intentiq.com	0%	Virustotal	Browse
api.floors.dev	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
about:blank	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
um.simpli.fi	34.171.234.26	true	false		high
rtb-csync-use1.smartadserver.com	23.105.12.172	true	false		high
bidder.da1.vip.prod.criteo.com	74.119.118.151	true	false		high
global.px.quantserve.com	192.184.68.254	true	false		high
ssum.casalemedia.com	104.18.36.155	true	false		high
us-east-eb2.3lift.com	52.223.22.214	true	false		high
d1udg0ppdtlio6.cloudfront.net	18.238.152.2	true	false		high
pugm-sv3pairbc.pubmnet.com	192.82.242.209	true	false		unknown
rtb.openx.net	35.227.252.103	true	false		high
1.cpm.ak-is2.net	173.239.59.72	true	false		unknown
bttrack.com	192.132.33.68	true	false		unknown
serving.stat-rock.com	199.101.133.2	true	false		unknown
crb.kargo.com	3.229.81.23	true	false		high
api.intentiq.com	18.161.170.64	true	false	0%, Virustotal, Browse	unknown
syncelb-240036109.us-east-1.elb.amazonaws.com	3.226.219.138	true	false		high
api-2-0.spot.im	13.225.47.33	true	false		high
sync.intentiq.com	18.245.124.32	true	false		unknown
id.rlcdn.com	35.244.154.8	true	false		high
bcp.crwdcntrl.net	3.226.158.19	true	false		high
match.adsrvr.org	52.223.40.198	true	false		high
rtactivateloadbalancer-2076579973.us-east-1.elb.amazonaws.com	54.90.49.71	true	false		high
pagead-googlehosted.l.google.com	142.250.114.132	true	false		high
creativecdn.com	185.184.8.90	true	false		high
pugm-vac.pubmnet.com	8.28.7.81	true	false		unknown
lax-1-sync.go.sonobi.com	72.34.250.75	true	false		high
m.deepintent.com	169.197.150.7	true	false		unknown
dcs-public-edge-usw2-219535174.us-west-2.elb.amazonaws.com	52.40.168.59	true	false		high
sync-unosync-com.geodns.me	23.227.146.18	true	false		unknown
optimise.net	34.111.152.239	true	false	0%, Virustotal, Browse	unknown
d1ykf07e75w7ss.cloudfront.net	18.161.143.26	true	false		high
sjc-direct-bgp.contextweb.com	74.214.196.131	true	false		high
oajs.openx.net	34.120.107.143	true	false		high
ssum-sec.casalemedia.com	104.18.36.155	true	false		high
btlr-us-east-1.sharethrough.com	52.55.204.172	true	false		high
sync.sxp.smartclip.net	35.186.194.101	true	false		high
clients.l.google.com	142.250.113.139	true	false		high
config.aps.amazon-adsystem.com	108.156.211.122	true	false		high
www.googletagservices.com	142.251.116.157	true	false		high
hde.tynt.com	67.202.105.33	true	false		high
vid-io-iad.springserve.com	3.213.97.139	true	false		high
rtb.adentifi.com	72.44.44.12	true	false		unknown
outbrain.map.fastly.net	146.75.106.132	true	false		unknown
synchroscript.deliveryengine.adswizz.com	18.245.124.125	true	false		high
pixel.tapad.com	34.111.113.62	true	false		high
match-us-west-1-ecs.sharethrough.com	13.56.42.24	true	false		high
ssp.ads.betweendigital.com	172.240.127.129	true	false		high
sync-dmp.mobtrakk.com	5.161.62.221	true	false		unknown
ad-delivery.net	104.26.3.70	true	false	0%, Virustotal, Browse	unknown
outspot2-ams.adx.opera.com	82.145.213.8	true	false		high
ssbsync-usw1.smartadserver.com	23.83.76.68	true	false		high
jsdelivr.map.fastly.net	151.101.65.229	true	false	0%, Virustotal, Browse	unknown
imagesync33000-fpb.pubmnet.com	104.36.113.110	true	false		unknown
nmm-use1-prod-alb-pbs-server-1662300823.us-east-1.elb.amazonaws.com	44.212.208.100	true	false		high
vid-io-sin.springserve.com	18.138.59.118	true	false		high
ih.adscale.de	3.126.125.188	true	false		high
na-ice.360yield.com	3.212.106.63	true	false		high
gob-njr3.pubmnet.com	104.36.115.111	true	false		unknown
ds-pr-bh.ybp.gysm.yahoodns.net	54.85.196.91	true	false		unknown
sync.1rx.io	69.194.240.13	true	false		high
idaas-ext.cph.liveintent.com	34.232.58.254	true	false		high
1099493781.rsc.cdn77.org	156.146.38.47	true	false		unknown
cm127.appier.org	172.105.221.29	true	false		high
us-u.openx.net	34.98.64.218	true	false		high
securepubads46.g.doubleclick.net	142.251.116.156	true	false		high
pool-use-gce-sc.reims.iponweb.net	35.211.118.13	true	false		unknown
d1jvc9b8z3vcjs.cloudfront.net	108.156.218.235	true	false		high
sid.storygize.net	143.244.208.184	true	false		unknown
sb.scorecardresearch.com	18.238.171.31	true	false	0%, Virustotal, Browse	unknown
prod.appnexus.map.fastly.net	151.101.1.108	true	false		unknown
part-0029.t-0009.t-msedge.net	13.107.246.57	true	false		unknown
pubads46.g.doubleclick.net	142.250.114.154	true	false		high
user-data-us-east.bidswitch.net	35.211.178.172	true	false		unknown
s0.2mdn.net	142.251.116.148	true	false		high
nase.vap.lijit.com	63.251.86.50	true	false		high
pixel-origin.mathtag.com	216.200.232.249	true	false		high
load-use1.exelator.com	52.0.156.250	true	false		high
1651846316.rsc.cdn77.org	156.146.38.47	true	false		unknown
pug-sv3c.pubmnet.com	204.237.133.120	true	false		unknown
ps.eyeota.net	50.16.174.192	true	false		high
widget.da1.vip.prod.criteo.com	74.119.118.138	true	false		high
pxl.iqm.com	52.1.232.25	true	false		unknown
lynx-prod-beacon-alb-498367235.us-east-1.elb.amazonaws.com	34.233.0.32	true	false		high
d.pub.network	34.160.152.31	true	false	0%, Virustotal, Browse	unknown
pool-use.zagreb.iponweb.net	35.211.233.246	true	false		unknown
adserver.technoratimedia.com	193.122.130.38	true	false		unknown
pmp.mxptint.net	207.207.55.242	true	false		unknown
ats-eks.us-east-1.dcs-online-targeting-prd.aws.oath.cloud	34.200.65.202	true	false		unknown
cs.yellowblue.io	18.235.26.124	true	false		unknown
pug-sfo-bc.pubmnet.com	104.36.113.107	true	false		unknown
ny5-prebid.a-mx.net	147.75.198.144	true	false		unknown
cm119.appier.org	172.105.220.23	true	false		high
cs.admanmedia.com	80.77.87.161	true	false		high
id5-sync.com	162.19.138.120	true	false		unknown
pixel-a.sitescout.com	207.198.113.90	true	false		high
live.rezync.com	18.238.132.7	true	false		high
cdn.w55c.net	54.227.205.3	true	false		high
dualstack.tls13.taboola.map.fastly.net	151.101.1.44	true	false		unknown
lga-direct-bgp.contextweb.com	198.148.27.131	true	false		high
cdn.hadronid.net	172.67.36.110	true	false	0%, Virustotal, Browse	unknown
sync.im-apps.net	34.149.101.235	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://eb2.3lift.com/getuid?redir=https%3A%2F%2Fsync.spotim.market%2Fcsync%3Ft%3Da%26ep%3D644680%26extuid%3D%24UID%26traffic_source%3Dsnippet%26session%3D48A324C1FF4E783D%26sp%3D750078%26pb%3D612004%26c%3D649285%26a%3D644680%26domain%3Dvisitor.omnitagjs.com&gdpr=0&gdpr_consent={gdpr_consent}	false		high
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158111&userIdMacro=(PM_UID)&gdpr=&gdpr_consent=&predirect=https%3A%2F%2Fssp.api.tappx.com%2Fcs%2Fusync%3Fidmn%3D76%26type%3Diframe%26id%3D%28PM_UID%29%26auxuid%3D	false		high
https://ssp.api.tappx.com/cs/usync?idmn=1060&type=iframe&id=&auxuid=	false		high
https://onetag-sys.com/usync/?pubId=5adb88524e24e50	false		unknown
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAEBLE7LKuoAABNQmDTZTg&gdpr=0	false		high
https://cs-server-s2s.yellowblue.io/cs?aid=11576&id=F1599980-01CB-4F5A-BAC2-A66E1F797B77#US_PRIVACY	false		unknown
https://s.amazon-adsystem.com/v3/pr?exlist=n-mediagrid_n-LoopMe_n-MediaNet_n-Beeswax_ox-db5_cnv_n-smaato_n-sharethrough_n-onetag_pm-db5_ym_rbd_ppt_n-vmg_n-baidu_an-db5_n-Rise_3lift_n-Outbrain&fv=1.0&a=cm&cm3ppd=1&dmt=3	false		high
https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fssp.api.tappx.com%2Fcs%2Fusync%3Fidmn%3D50%26type%3Diframe%26id%3D%24UID%26auxuid%3D	false		high
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0ODkmdGw9NDMyMDA=&piggybackCookie=OPU833b0970810e40148befb3031e882ec1	false		high
https://sync.spotim.market/csync?t=a&ep=281178&extuid=F1599980-01CB-4F5A-BAC2-A66E1F797B77&traffic_source=snippet&session=48A324C1FF4E783D&sp=750078&pb=612004&c=570607&a=281178&domain=visitor.omnitagjs.com	false		unknown
https://securepubads.g.doubleclick.net/static/topics/topics_frame.html	false		high
https://s.amazon-adsystem.com/dcm?pid=3b882453-6770-4785-baf8-a598533c054a&id=F1599980-01CB-4F5A-BAC2-A66E1F797B77&redir=true&gdpr=0&gdpr_consent=	false		high
https://hde.tynt.com/deb/?m=xch&rt=html&id=0010b00001siQHqAAM&ru=https%3A%2F%2Fssp.api.tappx.com%2Fcs%2Fusync%3Fidmn%3D58%26type%3Diframe%26id%3D33XUSERID33X%26auxuid%3D&b=1	false		high
about:blank	false	Avira URL Cloud: safe	low
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:k2P7AGgV1Rl2DB5&gdpr=0&gdpr_consent=	false		high
https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=90553821405950341038	false		high
https://ssp.api.tappx.com/cs/usync?idmn=1111&type=iframe&id=A4853786181098938841&auxuid=	false		high
https://pbs.nextmillmedia.com/setuid?bidder=grid&uid=e272b9ed-67cd-4361-8df9-11727d710aed	false		unknown
https://eus.rubiconproject.com/usync.html?p=rise_engage&endpoint=us-east	false		high
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=1908244422708291736&gdpr=0&gdpr_consent=	false		high
https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=F1599980-01CB-4F5A-BAC2-A66E1F797B77	false		unknown
https://prebid.a-mo.net/cchain/0?gdpr=&gdpr_consent=&us_privacy={{US_PRIVACY}}&gpp={{.GPP}}&gpp_sid={{.GPPSID}}&s=pbs&cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Damx%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%7B%7BUS_PRIVACY%7D%7D%26uid%3D%24UID	false		unknown
https://www.google.com/recaptcha/api2/aframe	false		high
https://pbs.nextmillmedia.com/setuid?bidder=pubmatic&uid=F1599980-01CB-4F5A-BAC2-A66E1F797B77	false		unknown
https://vid.vidoomy.com/sync?gdpr=&gdpr_consent=&us_privacy={{US_PRIVACY}}&redirect=https%3A%2F%2Fssp.api.tappx.com%2Fcs%2Fusync%3Fidmn%3D380%26type%3Diframe%26id%3D%7B%7BVID%7D%7D%26auxuid%3D	false		unknown
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156498&gdpr=&gdpr_consent=&userIdMacro=(PM_UID)&predirect=https%3A%2F%2Fa.vidoomy.com%2Fapi%2Frtbserver%2Fpbscookie%3Fuid%3D%28PM_UID%29%26vid%3D1ba9e6b1908d898d908cd657b22bd85a%26dspid%3Dpubmatic	false		high
https://widgets.outbrain.com/nanoWidget/externals/obUserFrame/test.html?lsd=4d0b6913-8edf-4a30-a958-25f7b19d1868	false		high
https://ssum.casalemedia.com/usermatch?s=191709&gdpr=&gdpr_consent=&us_privacy=&cb=https%3A%2F%2Fvid-io-pdx.springserve.com%2Fusersync%3Faid%3D1000005%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uuid%3D	false		high
https://tinyurl.com/app/nospam/tinyurl.com/stationnement-infraction	false		high
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=WErPEB1sWKl0G34wzjuMmtRmKQI&gdpr=0&gdpr_consent=	false		high
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:C93CC78360E24BDE8E4F66973F469D05&gdpr=0&gdpr_consent=	false		high
https://eus.rubiconproject.com/usync.html?p=17888&endpoint=us-east&nmuid=	false		high
https://hde.tynt.com/deb/?m=xch&rt=html&id=0015a00003HljHyAAJ&ru=https%3A%2F%2Fvisitor-us-west-2.omnitagjs.com%2Fvisitor%2Fsync%3Fname%3D33ACROSS%26ttl%3D720%26uid%3D2f9442d7df2189f76c8b593d5f54ce95%26visitor%3D33XUSERID33X%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent=&b=1	false		high
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=-XWVofh1nqPidc_19neBrf90zaziecj29yNzzXdU	false		high
https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=	false		high
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI5NDcmdGw9MTI5NjAw&piggybackCookie=872289234802	false		high
https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D$UID	false		high
https://onetag-sys.com/usync/?redir=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Donetag%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24%7BUSER_TOKEN%7D&gdpr=&gdpr_consent=&us_privacy=	false		unknown
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:d1196595-7528-4500-b6fc-d7eb32db5b6b&gdpr=0&gdpr_consent=	false		high
https://ssp.api.tappx.com/cs/usersync.php?gdpr_optin=&gdpr_consent=&us_privacy=&type=iframe&ruid=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dtappx%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%7B%7BTPPXUID%7D%7D	false		high
https://widgets.outbrain.com/widgetOBUserSync/obUserSync.html#pid=203177&dmpenabled=true&filterDMP=&d=Bvo62RHKUODdnKa_Z8rYFE4MXVc4vfJzjQuBfttglvczKYxasS-UC4PRQtYh8V0z&gdpr=0&cmpNeeded=false&gdprVer=null&ccpa=1---&country=US&obRecsAbtestAndVars=386-2483,1090-3454,1410-4955,1155-3748,1412-4941,1419-4964,1164-3780,1103-3503,1359-4728,784-2396,1360-4730,1169-3791,979-4239,980-4243,981-4590,792-2427,927-3101,1125-3606,1323-4539,1203-3960,1333-4572,822-2522,1399-4862,1401-4879,1082-3419,699-2183,1403-4896,1149-3716,1405-4906&initiator=ob	false		high
https://ssbsync.smartadserver.com/api/sync?callerId=22&gdpr=0&gdpr_consent=	false		high
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156696	false		high
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.spotim.market%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID%26traffic_source%3Dsnippet%26session%3D48A324C1FF4E783D%26sp%3D750078%26pb%3D612004%26c%3D570607%26a%3D281178%26domain%3Dvisitor.omnitagjs.com	false		high
https://visitor.omnitagjs.com/visitor/sync?uid=9f93135e824096b627ff609f5cdee636&visitor=904dc11b6a7bb5d0&name=OPENWEB	false		high
https://sync.adkernel.com/user-sync?zone=200784&r=https%3A%2F%2Fssp.api.tappx.com%2Fcs%2Fusync%3Fidmn%3D1111%26type%3Diframe%26id%3D%7BUID%7D%26auxuid%3D	false		high
https://sync-amz.ads.yieldmo.com/tamptsync?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dym.com%26id%3D%24UID	false		high
https://visitor.omnitagjs.com/visitor/isync?uid=19340f4f097d16f41f34fc0274981ca4&name=PrebidServer&gdpr=&gdpr_consent=&us_privacy=&url=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dadyoulike%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%5BBUYER_USERID%5D	false		high
https://ssc-cms.33across.com/ps/?m=xch&rt=html&gdpr=&gdpr_consent=&us_privacy={{US_PRIVACY}}&ru=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3D33across%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%7B%7BUS_PRIVACY%7D%7D%26uid%3D33XUSERID33X&id=zzz000000000002zzz	false		high
https://ssp.api.tappx.com/cs/usync?idmn=13&type=iframe&id=H7heiLZHFxSP01CqRiGR7Sx4&auxuid=	false		high
https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@	false		high
https://ads.yieldmo.com/pbcas?us_privacy=&gdpr=0&gdpr_consent=&type=iframe	false		high
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=0047709c-aa48-11ee-8541-2b83a51adcc2	false		high
https://s.amazon-adsystem.com/ecm3?ex=pubmatic.com&id=PM_UIDF1599980-01CB-4F5A-BAC2-A66E1F797B77	false		high
https://eb2.3lift.com/getuid?gdpr=&cmp_cs=&us_privacy={{US_PRIVACY}}&gpp={{.GPP}}&gpp_sid={{.GPPSID}}&redir=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dtriplelift%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%7B%7BUS_PRIVACY%7D%7D%26uid%3D%24UID	false		high
https://widgets.outbrain.com/nanoWidget/externals/obUserFrame/test.html?lsd=8840a7c0-c0fd-4c42-b95f-bef99eff492a	false		high
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}	false		high
https://u.openx.net/w/1.0/cm?id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D	false		high
https://pbs.nextmillmedia.com/setuid?bidder=appnexus&uid=3318430922085059266	false		unknown
https://eus.rubiconproject.com/usync.html?p=pbs-adaptmx	false		high
https://s.spotim.market/sync.html?aid=750078&gdpr=0&gdpr_consent=	false		unknown
https://ssp.api.tappx.com/cs/usync?idmn=380&type=iframe&id=1ba9e6b1908d898d908cd657b22bd85a&auxuid=	false		high
https://eus.rubiconproject.com/usync.html?p=adyoulike&endpoint=eu&gdpr=0&gdpr_consent=	false		high
https://pbs.nextmillmedia.com/setuid?bidder=ix&uid=ZZV1LNlvjIr4rxCk4F90ywAA&2627	false		unknown
https://ads.pubmatic.com/AdServer/js/showad.js#PIX&kdntuid=1&p=undefinedgdpr=0&gdpr_consent=&us_privacy=1---	false		high
https://gum.criteo.com/syncframe?origin=publishertag&topUrl=tinyurl.com#{%22uid%22:{%22origin%22:0},%22lwid%22:{%22origin%22:0},%22bundle%22:{%22value%22:%22SFIfkV9WWGhXV1pxblZmTk04RGh6b1A2UUdsd3BkU2FnRlNyRHhhTnpobnRVcFYwSyUyRkFDc2Zlekh0bmRkQ0R0RVhMYUNHMXBIT3NXOU9QSDJxVm0zc0x3NTUxeU91VGdlbTVOM24lMkJnZUszeXBxYTlZVFBEdk1ZNmtGS08xQjJUV3dwbmU%22,%22origin%22:3},%22optout%22:{%22value%22:false,%22origin%22:0},%22sid%22:{%22origin%22:0},%22tld%22:%22tinyurl.com%22,%22topUrl%22:%22tinyurl.com%22,%22version%22:144,%22cw%22:true,%22lsw%22:true,%22origin%22:%22publishertag%22,%22requestId%22:%220.35593394255545774%22}	false		high
https://ssp.api.tappx.com/cs/usync?idmn=76&type=iframe&id=F1599980-01CB-4F5A-BAC2-A66E1F797B77&auxuid=	false		high
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-6118a49d-770b-4bd1-8a33-56c5cc6be31c-005	false		high
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID	false		high
https://onetag-sys.com/usync/?pubId=7a07370227fc000&gdpr=0&gdpr_consent=	false		unknown
https://pbs.nextmillmedia.com/setuid?bidder=yieldmo&uid=VEqevvvUUev3J9iYjevX	false		unknown
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=1797288129577652243	false		high
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-mediagrid_n-LoopMe_n-MediaNet_n-Beeswax_ox-db5_cnv_n-smaato_n-sharethrough_n-onetag_pm-db5_ym_rbd_ppt_n-vmg_n-baidu_an-db5_n-Rise_3lift_n-Outbrain&dcc=t	false		high
https://vid-io-pdx.springserve.com/usersync?aid=1000010&gdpr=&gdpr_consent=&us_privacy=&uuid=F1599980-01CB-4F5A-BAC2-A66E1F797B77	false		high
https://s.amazon-adsystem.com/ecm3?id=4070193924377947321&ex=appnexus.com	false		high
https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&gpp=&gpp_sid=&redir=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID&ld=1	false		high
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=SFf5fDGgAjajV3xNLHWVZQ	false		high
https://pbs.nextmillmedia.com/setuid?bidder=openx&uid=5ddf3ef1-6c90-48db-be75-103de84c12aa	false		unknown
https://google-bidout-d.openx.net/w/1.0/pd?plm=5	false		high
https://cs-server-s2s.yellowblue.io/cs?aid=11576&id=F1599980-01CB-4F5A-BAC2-A66E1F797B77	false		unknown
https://bh.contextweb.com/visitormatch?p=547259,530912,534301,548607,543793,561117&rurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3D%25%25VGUID%25%25%26ex%3DPulsepoint&reat=1	false		high
https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fvid-io-pdx.springserve.com%2Fusersync%3Faid%3D1000010%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uuid%3D	false		high
https://rtb.gumgum.com/usync/14048?gdpr=&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fvid-io-pdx.springserve.com%2Fusersync%3Faid%3D1000004%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uuid%3D	false		high
https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_consent=	false		high
https://ads.pubmatic.com/AdServer/js/user_sync.html?&p=156423&us_privacy=&predirect=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dh%26us_privacy%3D%26bidder_id%3D25%26external_user_id%3D	false		high
https://eus.rubiconproject.com/usync.html?p=tappx&endpoint=us-east	false		high
https://events-ssc.33across.com/match?liv=h&us_privacy=&bidder_id=25&external_user_id=F1599980-01CB-4F5A-BAC2-A66E1F797B77	false		high
https://cookies.nextmillmedia.com/sync?gdpr=&gdpr_consent=&us_privacy={{US_PRIVACY}}&redirect=https%3A%2F%2Fssp.api.tappx.com%2Fcs%2Fusync%3Fidmn%3D1060%26type%3Diframe%26id%3D%5BNMUID%5D%26auxuid%3D	false		unknown
https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east	false		high
https://s.amazon-adsystem.com/ecm3?ex=vmg.com&id=eS0wOExrUURkRTJ1S2JFX1lxSDNyc0RGQUhKZ09IeUkwU35B	false		high
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=Q7575800761170928406	false		high
https://sync.targeting.unrulymedia.com/csync/RX-6118a49d-770b-4bd1-8a33-56c5cc6be31c-005	false		high
https://onetag-sys.com/usync/?pubId=69f48c2160c8113&gdpr=0&gdpr_consent=	false		unknown
https://cs-server-s2s.yellowblue.io/sync-iframe?redirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Drise.com%26id%3D%7BpartnerId%7D	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
147.75.198.144	ny5-prebid.a-mx.net	Switzerland	54825	PACKETUS	false
18.154.242.79	d2fashanjl7d9f.cloudfront.net	United States	16509	AMAZON-02US	false
216.22.16.4	unknown	United States	30633	LEASEWEB-USA-WDCUS	false
50.116.194.21	unknown	United States	6336	TURN-US-ASNUS	false
13.228.158.204	unknown	United States	16509	AMAZON-02US	false
130.211.23.194	api.btloader.com	United States	15169	GOOGLEUS	false
156.146.38.47	1099493781.rsc.cdn77.org	United States	60068	CDN77GB	false
173.223.108.24	unknown	United States	16625	AKAMAI-ASUS	false
37.157.2.230	unknown	Denmark	198622	ADFORMDK	false
142.250.115.148	unknown	United States	15169	GOOGLEUS	false
172.240.127.129	ssp.ads.betweendigital.com	United States	7979	SERVERS-COMUS	false
23.20.118.254	rtb.gumgum.com	United States	14618	AMAZON-AESUS	false
44.212.208.100	nmm-use1-prod-alb-pbs-server-1662300823.us-east-1.elb.amazonaws.com	United States	14618	AMAZON-AESUS	false
104.254.150.241	unknown	United States	29990	ASN-APPNEXUS	false
23.36.57.94	unknown	United States	16625	AKAMAI-ASUS	false
108.156.211.122	config.aps.amazon-adsystem.com	United States	16509	AMAZON-02US	false
13.56.42.24	match-us-west-1-ecs.sharethrough.com	United States	16509	AMAZON-02US	false
8.39.36.196	unknown	United States	26667	RUBICONPROJECTUS	false
173.223.108.212	unknown	United States	16625	AKAMAI-ASUS	false
69.90.254.78	ums.acuityplatform.com	Canada	13768	COGECO-PEER1CA	false
142.250.113.95	unknown	United States	15169	GOOGLEUS	false
142.250.113.94	unknown	United States	15169	GOOGLEUS	false
3.227.185.122	unknown	United States	14618	AMAZON-AESUS	false
35.211.118.13	pool-use-gce-sc.reims.iponweb.net	United States	19527	GOOGLE-2US	false
3.229.81.23	crb.kargo.com	United States	14618	AMAZON-AESUS	false
205.180.87.137	unknown	United States	25751	VALUECLICKUS	false
18.238.152.2	d1udg0ppdtlio6.cloudfront.net	United States	16509	AMAZON-02US	false
199.38.167.131	unknown	United States	54312	ROCKETFUELUS	false
173.239.59.72	1.cpm.ak-is2.net	United States	20264	WEBAIR-INTERNET-2US	false
199.38.167.130	unknown	United States	54312	ROCKETFUELUS	false
151.101.1.44	dualstack.tls13.taboola.map.fastly.net	United States	54113	FASTLYUS	false
107.178.254.65	pippio.com	United States	15169	GOOGLEUS	false
72.251.229.176	unknown	United States	29791	VOXEL-DOT-NETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
52.87.108.188	match.prod.bidr.io	United States	14618	AMAZON-AESUS	false
23.83.76.57	rtb-csync-usw1.smartadserver.com	United States	395954	LEASEWEB-USA-LAX-11US	false
142.250.115.132	unknown	United States	15169	GOOGLEUS	false
52.95.115.196	unknown	United States	16509	AMAZON-02US	false
193.122.130.38	adserver.technoratimedia.com	United States	31898	ORACLE-BMC-31898US	false
142.251.116.149	ad.doubleclick.net	United States	15169	GOOGLEUS	false
104.21.68.74	cm.rtbsystem.com	United States	13335	CLOUDFLARENETUS	false
142.251.116.148	s0.2mdn.net	United States	15169	GOOGLEUS	false
151.101.2.49	unknown	United States	54113	FASTLYUS	false
35.245.149.6	us-gcp-multilbtcp.ssp.tappx.com	United States	15169	GOOGLEUS	false
38.133.127.95	sadc1.outbrain.org	United States	22075	AS-OUTBRAINUS	false
142.251.116.94	unknown	United States	15169	GOOGLEUS	false
34.149.101.235	sync.im-apps.net	United States	2686	ATGS-MMD-ASUS	false
8.43.72.97	unknown	United States	26667	RUBICONPROJECTUS	false
66.225.223.191	unknown	United States	3949	NTTA-3946US	false
172.67.36.110	cdn.hadronid.net	United States	13335	CLOUDFLARENETUS	false
199.101.133.2	serving.stat-rock.com	United States	40824	WZCOM-US	false
162.19.138.120	id5-sync.com	United States	209	CENTURYLINK-US-LEGACY-QWESTUS	false
34.48.49.3	unknown	United States	2686	ATGS-MMD-ASUS	false
52.73.1.8	io-cookie-sync-1725936127.us-east-1.elb.amazonaws.com	United States	14618	AMAZON-AESUS	false
3.215.169.119	unknown	United States	14618	AMAZON-AESUS	false
34.200.65.202	ats-eks.us-east-1.dcs-online-targeting-prd.aws.oath.cloud	United States	14618	AMAZON-AESUS	false
54.186.123.163	vid.springserve.com	United States	16509	AMAZON-02US	false
104.22.4.69	unknown	United States	13335	CLOUDFLARENETUS	false
18.238.171.31	sb.scorecardresearch.com	United States	16509	AMAZON-02US	false
44.210.193.9	nmm-use1-prod-alb-pbs-cookiesync-1017292304.us-east-1.elb.amazonaws.com	United States	14618	AMAZON-AESUS	false
35.186.154.107	cm-supply-web.gammaplatform.com	United States	15169	GOOGLEUS	false
34.233.0.32	lynx-prod-beacon-alb-498367235.us-east-1.elb.amazonaws.com	United States	14618	AMAZON-AESUS	false
18.245.124.84	unknown	United States	16509	AMAZON-02US	false
52.1.232.25	pxl.iqm.com	United States	14618	AMAZON-AESUS	false
108.156.218.235	d1jvc9b8z3vcjs.cloudfront.net	United States	16509	AMAZON-02US	false
18.161.135.68	unknown	United States	3	MIT-GATEWAYSUS	false
192.184.69.201	unknown	United States	27281	QUANTCASTUS	false
35.161.81.190	vid-io-cle.springserve.com	United States	16509	AMAZON-02US	false
74.214.196.131	sjc-direct-bgp.contextweb.com	United States	19189	PULSEPOINTUS	false
204.237.133.120	pug-sv3c.pubmnet.com	United States	62713	AS-PUBMATICUS	false
172.67.41.60	btloader.com	United States	13335	CLOUDFLARENETUS	false
143.244.208.184	sid.storygize.net	United States	174	COGENT-174US	false
34.102.163.6	ad.mrtnsvr.com	United States	15169	GOOGLEUS	false
54.200.95.152	visitor-us-west-2.omnitagjs.com	United States	16509	AMAZON-02US	false
104.69.87.146	unknown	United States	20940	AKAMAI-ASN1EU	false
100.24.165.228	unknown	United States	14618	AMAZON-AESUS	false
18.161.170.43	s.ad.smaato.net	United States	3	MIT-GATEWAYSUS	false
18.235.217.234	rtb.adstanding.com	United States	14618	AMAZON-AESUS	false
162.19.138.117	lb.eu-1-id5-sync.com	United States	209	CENTURYLINK-US-LEGACY-QWESTUS	false
18.196.5.91	unknown	United States	16509	AMAZON-02US	false
50.31.142.127	unknown	United States	22075	AS-OUTBRAINUS	false
204.79.197.200	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
54.236.155.124	unknown	United States	14618	AMAZON-AESUS	false
18.245.124.32	sync.intentiq.com	United States	16509	AMAZON-02US	false
74.119.118.134	static.da1.vip.prod.criteo.net	United States	19750	AS-CRITEOUS	false
34.232.58.254	idaas-ext.cph.liveintent.com	United States	14618	AMAZON-AESUS	false
35.207.24.140	dorpat.geo.iponweb.net	United States	19527	GOOGLE-2US	false
142.250.114.94	unknown	United States	15169	GOOGLEUS	false
74.119.118.138	widget.da1.vip.prod.criteo.com	United States	19750	AS-CRITEOUS	false
142.250.114.95	unknown	United States	15169	GOOGLEUS	false
142.250.114.132	pagead-googlehosted.l.google.com	United States	15169	GOOGLEUS	false
23.218.224.11	unknown	United States	6453	AS6453US	false
207.207.55.242	pmp.mxptint.net	United States	3900	TEXASNET-ASNUS	false
45.137.176.88	sync.adotmob.com	Spain	60350	VPFR	false
23.105.12.143	unknown	United States	30633	LEASEWEB-USA-WDCUS	false
35.214.242.163	envoy-hl.envoy-csync1.core-b8mf.ov1o.com	United States	19527	GOOGLE-2US	false
162.19.138.83	unknown	United States	209	CENTURYLINK-US-LEGACY-QWESTUS	false
69.173.151.100	unknown	United States	26667	RUBICONPROJECTUS	false
52.6.102.233	unknown	United States	14618	AMAZON-AESUS	false
34.120.107.143	oajs.openx.net	United States	15169	GOOGLEUS	false

General Information

Joe Sandbox version:	38.0.0 Ammolite
Analysis ID:	1369345
Start date and time:	2024-01-03 15:53:42 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	http://www.tinyurl.com/stationnement-infraction
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	12
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.win@90/6@840/850

Warnings

Exclude process from analysis (whitelisted): SIHClient.exe
Excluded IPs from analysis (whitelisted): 142.250.113.94, 34.104.35.123, 142.250.114.95, 142.251.116.94
Excluded domains from analysis (whitelisted): fonts.googleapis.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, fonts.gstatic.com, clientservices.googleapis.com
Not all processes where analyzed, report is missing behavior information

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 3 13:54:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.992019233389184
Encrypted:	false
SSDEEP:
MD5:	9993A882845D740AF3F6ECB0D316FD7F
SHA1:	CD70FAE8FDE723D1B1728370DFB27E90649E3AB6
SHA-256:	75289DA5CD3AD267B52D8D3DF5A9381B0134DFBA1913A8E62103B7FF8A4BBAB9
SHA-512:	4ABA8B8DF10D12B42C192658B236332D0415559ACCB59EBAFA5F063DF7D42571ADCE6D5A1423540261598FFE2F3439648B571BD08CA735545E8439240544B698
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....N?..T>..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I#X.v....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V#X.v....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V#X.v....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V#X.v..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V#X.v...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........r..T.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 3 13:54:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.00937359930119
Encrypted:	false
SSDEEP:
MD5:	EB3AE837AA6618B19042E343B79555EC
SHA1:	680814ECF905FF730AFDB22617B6D5F8521FBCFC
SHA-256:	B59173BD0FA3C9D2A13B441B1D278C8AEF67DF9EC59DD4EBA4A5B1011E3FA7E2
SHA-512:	6F6944C55470633AB2DE1E762207ECFE7BDEC109D27FE1F9867F3CFF7B44F2C3A7BB743ADC634A55967379A6E273CCD651F44C69C8D20D600501229629E37BAA
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,........T>..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I#X.v....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V#X.v....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V#X.v....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V#X.v..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V#X.v...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........r..T.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.011935487726501
Encrypted:	false
SSDEEP:
MD5:	A7B3613D039488CFC2B9DCA2628D36CE
SHA1:	A91A2A642D386277B12E88C95310E66774EF4C72
SHA-256:	575C10E00DB78085FBE1B176C41843997D125A09D9DF8E2E4B311A8E1C082DE8
SHA-512:	B37B2D8A97E01544CA09989BB0CF8B779A9DAB7D6012A0AD4125215D7C84E1550DB06DAABB998BF5879B2CC053D69953C88E30CF010B269BAF7FB8DA4503B0BC
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I#X.v....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V#X.v....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V#X.v....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V#X.v..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........r..T.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 3 13:54:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	4.006036023527125
Encrypted:	false
SSDEEP:
MD5:	1E1C462C7118526BCD701D666AB8DBEE
SHA1:	9317716D4B10CAAFBD7B89AB3B4A26618AE4D7EF
SHA-256:	259B0E4A852BAA84AF3B63C2E1CC4BE413112C320DF38D9C61C9ABA5FAC15208
SHA-512:	8B339009E852DC6104091185586CC5A1ADC865224E7EDC6F851386459871CF920B9BADE9A1317766CC172C9473E4DFB44357789BDEB91210A2FDB0D1A7991D2A
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....~u.T>..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I#X.v....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V#X.v....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V#X.v....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V#X.v..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V#X.v...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........r..T.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 3 13:54:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9959033285973495
Encrypted:	false
SSDEEP:
MD5:	AA5206E3DE9541217AB16B82CCEDBDF9
SHA1:	3FEED2282CF055A4B06DF7051ED38479CCC7BFE9
SHA-256:	9EADE486B796642D9E81906210A6B0F56B1656C51C014CDCB90FC5A1F3E57E7F
SHA-512:	0B7913A1CCC61111DC21208868B86DB18102A4AA97AE1D27BB28E7F3606D59409B405F2579FEB963FD8E2D69B35A3FD76F3DA1FEF30C19C6F1B98F0841A7AFC1
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....+...T>..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I#X.v....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V#X.v....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V#X.v....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V#X.v..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V#X.v...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........r..T.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 3 13:54:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.0030632370504655
Encrypted:	false
SSDEEP:
MD5:	267BE571424518E2A233C8F20BEC1A68
SHA1:	2702427604A5C8146FD9FC65151E80938729F6C8
SHA-256:	BE0E363FB0084D1AE8B68D25CC5EAEBC5BF85C71F465269100B0B27A80F93E49
SHA-512:	B857837AEE33D409FC6A1E49E35935FA457C7D98C2156587AEE3A6B1D807207BE9286F37FB609518BCC1201B4F9464E71BD3FECACB877E011ED4C250EA5F6124
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......m.T>..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I#X.v....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V#X.v....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V#X.v....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V#X.v..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V#X.v...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........r..T.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Static File Info

⊘No static file info

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://www.tinyurl.com/stationnement-infraction

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Static File Info

Windows Analysis Report
http://www.tinyurl.com/stationnement-infraction