Windows Analysis Report https://content.allsearchsite.com/pn/ad/1?request={"domain"%3A"content.allsearchsite.com"%2C"url"%3A"https%3A%2F%2Ffcm.googleapis.com%2Ffcm%2Fsend%2Fcvwm4b7Ly10%3AAPA91bHg2-9Tfq2sRDnIPnGF2AYDLMHk7Bz7WkBHkBhJUw4jx-2Ufxc-qczLIfRV6eah3J0xFMhp41f9A38imL_o-mbxPW_iSLCIN0jCQ058cutgDD5s-fs_T_2x_67HSk_pQpSntln4"%2C"auth"%3A"JUvQ7HFAKn8wsxK54EcsFQ"%2C"p256dh"%3A"BBlMR4FxFZEjMKyeWQuFRSeKy443_BbFE9agyrb0TxmwiRqgqxGydBALOc25CL3YNpvoapAuGtH9zks1xEUZZGw"%2C"collection_id"%3A6219%2C"

Overview

General Information

Sample URL:	https://content.allsearchsite.com/pn/ad/1?request={"domain"%3A"content.allsearchsite.com"%2C"url"%3A"https%3A%2F%2Ffcm.googleapis.com%2Ffcm%2Fsend%2Fcvwm4b7Ly10%3AAPA91bHg2-9Tfq2sRDnIPnGF2AYDLMHk7Bz7WkBHkBhJUw4jx-2Ufxc-qczLIfRV6eah3J0xFMhp41f9A38imL_o-mbxPW_iSLCIN0jCQ058cutgDD5s-fs_T_2x_67HSk_pQpSntln4"%2C"auth"%3A"JUvQ7HFAKn8wsxK54EcsFQ"%2C"p256dh"%3A"BBlMR4FxFZEjMKyeWQuFRSeKy443_BbFE9agyrb0TxmwiRqgqxGydBALOc25CL3YNpvoapAuGtH9zks1xEUZZGw"%2C"collection_id"%3A6219%2C"
Analysis ID:	442201
Infos:
Most interesting Screenshot:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Signatures

There are no high impact signatures.

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 13.224.193.16:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.193.16:443 -> 192.168.2.4:49735 version: TLS 1.2

Source: unknown

DNS traffic detected: queries for: content.allsearchsite.com

Source: OpenWith.exe, 00000007.00000003.693149131.00000223147BD000.00000004.00000001.sdmp

String found in binary or memory: https://content.allsearchsite.com/pn/ad/1?request=%7B%22domain%22%3A%22content.allsearchsite.com%22%

Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734

Source: unknown	HTTPS traffic detected: 13.224.193.16:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.193.16:443 -> 192.168.2.4:49735 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@4/9@1/1

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{09114393-D96C-11EB-90EB-ECF4BBEA1588}.dat

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF35B25C35ECC438B1.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\System32\OpenWith.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6380 CREDAT:17410 /prefetch:2
Source: unknown	Process created: C:\Windows\System32\OpenWith.exe C:\Windows\system32\OpenWith.exe -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6380 CREDAT:17410 /prefetch:2	Jump to behavior

Source: C:\Windows\System32\OpenWith.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Screenshots

Behavior

Click here to start
Slideshow Behavior Animation

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
13.224.193.16	d2ug5wl2kln4vu.cloudfront.net	United States		16509	AMAZON-02US	false

Contacted Domains

Name	IP	Active
d2ug5wl2kln4vu.cloudfront.net	13.224.193.16	true
content.allsearchsite.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
0	false		low

ID:	442201
Product:	CloudBasic
Start time:	08:25:14
Start date:	30.06.2021
Cookbook:	browseurl.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{09114393-D96C-11EB-90EB-ECF4BBEA1588}.dat	Microsoft Word Document	7E5F365F120EDD513983E87F6507879B	4DE71896C844FDA348A30C0D03C99D71B3F67C81	162DA5CA7601C2E48F49ED6A4D6B5703D6F57E24B06247D4BFB2F124FD87B61C
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{09114395-D96C-11EB-90EB-ECF4BBEA1588}.dat	Microsoft Word Document	6523F0086E7C8B6998AABE15DE5BF2E2	899F592E3CE879003343918B8615AB1994FE9182	EAC31369DBC2B93486D375410EF012F39FAA5FB647CD500F7EB8FEED0E0BB84A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\1[1].json	ASCII text, with no line terminators	73165ADE65656304956388F70FAB6238	BC1C09DC23643EBB1D3590E8E41E8BC61A5A0FC5	C390AE7A46A48E3D0D3A34AB350B28C207611452ADB25A48B632C3901EA2C973
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\1.json.wmo1bsl.partial	ASCII text, with no line terminators	73165ADE65656304956388F70FAB6238	BC1C09DC23643EBB1D3590E8E41E8BC61A5A0FC5	C390AE7A46A48E3D0D3A34AB350B28C207611452ADB25A48B632C3901EA2C973
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\1.json.wmo1bsl.partial:Zone.Identifier	ASCII text, with CRLF line terminators	FBCCF14D504B7B2DBCB5A5BDA75BD93B	D59FC84CDD5217C6CF74785703655F78DA6B582B	EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\1.json:Zone.Identifier	very short file (no magic)	ECCBC87E4B5CE2FE28308FD9F2A7BAF3	77DE68DAECD823BABBB58EDB1C8E14D7106E83BB	4E07408562BEDB8B60CE05C1DECFE3AD16B72230967DE01F640B7E4729B49FCE
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log	ASCII text, with CRLF line terminators	EF5BE1C6F1D82202837E2D2E53DA4F08	20B3A81DE233A86BBEAD8A4924B2BD23A91B09DE	D62282A95E9E8BE970D32306F150B1E559D01D6E755E99AF9747814A881ECF7E
C:\Users\user\AppData\Local\Temp\~DF1AF7292703251BF9.TMP	data	B15D98E5E3AC02B571B6E64BB229ED4C	582A960A151CC5C7B84E8A848BC0F964949823CB	55FF21BF8C015AC9FACBEFFB8C944E681B958762769B7108844F4E752FB5E56B
C:\Users\user\AppData\Local\Temp\~DF35B25C35ECC438B1.TMP	data	F552B46C404C462E7500C6B0775A4605	DA89BD6D107EDF8A55304BBD6C5DF63436677973	73979A997984734123822A6366E3C9213542038BA9928F041D8EF509C6A527E0

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance:

Networking:

System Summary:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs