Edit tour

Windows Analysis Report
https://discoverevvnt.com/framed/eyJwX2lkIjoiY2Fzd2VsbG1lc3Nlbmdlci5jb20iLCJ3aWRnZXQiOnRydWUsImxhbmRzY2FwZSI6ZmFsc2UsIm51bWJlciI6MywidmlydHVhbCI6ZmFsc2UsImNfaWQiOm51bGwsImRfYmFja2ZpbGxfaW1hZ2VzIjpmYWxzZX0=/widget

Overview

General Information

Sample URL:	https://discoverevvnt.com/framed/eyJwX2lkIjoiY2Fzd2VsbG1lc3Nlbmdlci5jb20iLCJ3aWRnZXQiOnRydWUsImxhbmRzY2FwZSI6ZmFsc2UsIm51bWJlciI6MywidmlydHVhbCI6ZmFsc2UsImNfaWQiOm51bGwsImRfYmFja2ZpbGxfaW1hZ2VzIjpmYWx
Analysis ID:	1279274

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

HTML page contains hidden URLs or javascript code

Connects to several IPs in different countries

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 1700 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://discoverevvnt.com/framed/eyJwX2lkIjoiY2Fzd2VsbG1lc3Nlbmdlci5jb20iLCJ3aWRnZXQiOnRydWUsImxhbmRzY2FwZSI6ZmFsc2UsIm51bWJlciI6MywidmlydHVhbCI6ZmFsc2UsImNfaWQiOm51bGwsImRfYmFja2ZpbGxfaW1hZ2VzIjpmYWxzZX0=/widget MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)

chrome.exe (PID: 4608 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1752,i,18061903182322032512,5776762701903284659,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6373315980741255&output=html&h=90&slotname=4828246007&adk=444658243&adf=3279755403&pi=t.ma~as.4828246007&w=728&rdp=false&format=728x90&url=https%3A%2F%2Fwww.caswellmessenger.com%2Flocal-events%2F%3F_evDiscoveryPath%3D%2Fevent%252F122876x-junior-chef-camp-international-week&ea=0&alternate_ad_url=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsrh%2Fadx%3FhookId%3Dx_IL_INSEARCH&wgl=1&uach=WyJXaW5kb3dzIiwiOC4wLjAiLCJ4ODYiLCIiLCIxMDQuMC41MTEyLjEwMiIsW10sMCxudWxsLCI2NCIsW1siQ2hyb21pdW0iLCIxMDQuMC41MTEyLjEwMiJdLFsiIE5vdCBBO0JyYW5kIiwiOTkuMC4wLjAiXSxbIkdvb2dsZSBDaHJvbWUiLCIxMDQuMC41MTEyLjEwMiJdXSwwXQ..&dt=1690297525407&bpp=28&bdt=1980&idt=989&shv=r20230719&mjsv=m202307190101&ptt=9&saldr=aa&correlator=2523143402712&frm=23&ife=1&pv=2&ga_vid=1252151918.1690297526&ga_sid=1690297526&ga_hid=1734097163&ga_fc=0&nhd=1&u_tz=120&u_his=2&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=268&ady=1023&biw=1263&bih=913&isw=728&ish=90&ifk=2121387315&scr_x=0&scr_y=2...

HTTP Parser: Base64 decoded: hiq1fr3TdtTnrvBOoh-H3HlVy316X624sQubNC7I3b5l6PJkUvzyWnuy6sUPB1vw9TcAV6qgqFVxmbqT0NhXlaHvE4xwjwAT-xrfQpASgBi6AB--NxpEEqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YBwEAEYXTIC6wI6AoBASL39wT...

Source: https://discoverevvnt.com/framed/eyJwX2lkIjoiY2Fzd2VsbG1lc3Nlbmdlci5jb20iLCJ3aWRnZXQiOnRydWUsImxhbmRzY2FwZSI6ZmFsc2UsIm51bWJlciI6MywidmlydHVhbCI6ZmFsc2UsImNfaWQiOm51bGwsImRfYmFja2ZpbGxfaW1hZ2VzIjpmYWxzZX0=/widget	HTTP Parser: No favicon
Source: https://www.caswellmessenger.com/local-events/?_evDiscoveryPath=/event%2F122876x-junior-chef-camp-international-week	HTTP Parser: No favicon
Source: https://discoverevvnt.com/framed/eyJwX2lkIjoiY2Fzd2VsbG1lc3Nlbmdlci5jb20iLCJ3aWRnZXQiOmZhbHNlLCJsYW5kc2NhcGUiOmZhbHNlLCJ2aXJ0dWFsIjpmYWxzZSwiY19pZCI6bnVsbCwiZF9iYWNrZmlsbF9pbWFnZXMiOmZhbHNlfQ==/event/122876x-junior-chef-camp-international-week	HTTP Parser: No favicon
Source: https://de.tynt.com/deb/?m=xch&rt=html&sid=0010b00002CpYhEAAV	HTTP Parser: No favicon
Source: https://google-bidout-d.openx.net/w/1.0/pd?plm=5	HTTP Parser: No favicon
Source: https://router.infolinks.com/usync/manage?pid=3119781&wsid=0&pdom=www.caswellmessenger.com&purl=https%3A%2F%2Fwww.caswellmessenger.com%2Flocal-events%2F%3F_evDiscoveryPath%3D%2Fevent%252F122876x-junior-chef-camp-international-week	HTTP Parser: No favicon
Source: about:blank	HTTP Parser: No favicon
Source: about:blank	HTTP Parser: No favicon
Source: about:blank	HTTP Parser: No favicon
Source: https://onetag-sys.com/usync/?pubId=598ce3ddaee8c90	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/html/r20230719/r20190131/zrt_lookup.html	HTTP Parser: No favicon
Source: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6373315980741255&output=html&h=90&slotname=4828246007&adk=444658243&adf=3279755403&pi=t.ma~as.4828246007&w=728&rdp=false&format=728x90&url=https%3A%2F%2Fwww.caswellmessenger.com%2Flocal-events%2F%3F_evDiscoveryPath%3D%2Fevent%252F122876x-junior-chef-camp-international-week&ea=0&alternate_ad_url=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsrh%2Fadx%3FhookId%3Dx_IL_INSEARCH&wgl=1&uach=WyJXaW5kb3dzIiwiOC4wLjAiLCJ4ODYiLCIiLCIxMDQuMC41MTEyLjEwMiIsW10sMCxudWxsLCI2NCIsW1siQ2hyb21pdW0iLCIxMDQuMC41MTEyLjEwMiJdLFsiIE5vdCBBO0JyYW5kIiwiOTkuMC4wLjAiXSxbIkdvb2dsZSBDaHJvbWUiLCIxMDQuMC41MTEyLjEwMiJdXSwwXQ..&dt=1690297525407&bpp=28&bdt=1980&idt=989&shv=r20230719&mjsv=m202307190101&ptt=9&saldr=aa&correlator=2523143402712&frm=23&ife=1&pv=2&ga_vid=1252151918.1690297526&ga_sid=1690297526&ga_hid=1734097163&ga_fc=0&nhd=1&u_tz=120&u_his=2&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=268&ady=1023&biw=1263&bih=913&isw=728&ish=90&ifk=2121387315&scr_x=0&scr_y=2...	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/aframe	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/aframe	HTTP Parser: No favicon
Source: about:blank	HTTP Parser: No favicon
Source: about:blank	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/aframe	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6373315980741255&output=html&h=90&slotname=4828246007&adk=444658243&adf=3279755402&pi=t.ma~as.4828246007&w=728&rdp=false&format=728x90&url=https%3A%2F%2Fwww.caswellmessenger.com%2Flocal-events%2F%3F_evDiscoveryPath%3D%2Fevent%252F122876x-junior-chef-camp-international-week&ea=0&alternate_ad_url=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsrh%2Fadx%3FhookId%3Dx_IL_INSEARCH&wgl=1&uach=WyJXaW5kb3dzIiwiOC4wLjAiLCJ4ODYiLCIiLCIxMDQuMC41MTEyLjEwMiIsW10sMCxudWxsLCI2NCIsW1siQ2hyb21pdW0iLCIxMDQuMC41MTEyLjEwMiJdLFsiIE5vdCBBO0JyYW5kIiwiOTkuMC4wLjAiXSxbIkdvb2dsZSBDaHJvbWUiLCIxMDQuMC41MTEyLjEwMiJdXSwwXQ..&dt=1690297554198&bpp=3&bdt=113&idt=73&shv=r20230719&mjsv=m202307190101&ptt=9&saldr=aa&correlator=2523143402712&frm=23&ife=1&pv=1&ga_vid=33912213.1690297554&ga_sid=1690297554&ga_hid=135215665&ga_fc=0&nhd=1&u_tz=120&u_his=2&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=268&ady=1023&biw=1263&bih=913&isw=728&ish=90&ifk=527778732&scr_x=0&scr_y=200&eid=...	HTTP Parser: No favicon
Source: about:blank	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/aframe	HTTP Parser: No favicon
Source: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6373315980741255&output=html&h=90&slotname=4828246007&adk=444658243&adf=3279755402&pi=t.ma~as.4828246007&w=728&rdp=false&format=728x90&url=https%3A%2F%2Fwww.caswellmessenger.com%2Flocal-events%2F%3F_evDiscoveryPath%3D%2Fevent%252F122876x-junior-chef-camp-international-week&ea=0&alternate_ad_url=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsrh%2Fadx%3FhookId%3Dx_IL_INSEARCH&wgl=1&uach=WyJXaW5kb3dzIiwiOC4wLjAiLCJ4ODYiLCIiLCIxMDQuMC41MTEyLjEwMiIsW10sMCxudWxsLCI2NCIsW1siQ2hyb21pdW0iLCIxMDQuMC41MTEyLjEwMiJdLFsiIE5vdCBBO0JyYW5kIiwiOTkuMC4wLjAiXSxbIkdvb2dsZSBDaHJvbWUiLCIxMDQuMC41MTEyLjEwMiJdXSwwXQ..&dt=1690297584967&bpp=4&bdt=21&idt=24&shv=r20230719&mjsv=m202307190101&ptt=9&saldr=aa&correlator=2523143402712&frm=23&ife=1&pv=1&ga_vid=507880409.1690297585&ga_sid=1690297585&ga_hid=1013387248&ga_fc=0&nhd=1&u_tz=120&u_his=2&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=268&ady=1023&biw=1263&bih=913&isw=728&ish=90&ifk=305916337&scr_x=0&scr_y=200&eid...	HTTP Parser: No favicon
Source: about:blank	HTTP Parser: No favicon
Source: about:blank	HTTP Parser: No favicon
Source: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=3251&pub_id=1503928	HTTP Parser: No favicon
Source: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=3251&pub_id=1503928	HTTP Parser: No favicon

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\GoogleUpdater

Source: unknown

Network traffic detected: IP country count 10

Source: unknown

DNS traffic detected: queries for: discoverevvnt.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51944
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51945
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51942
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51947
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51940
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51914 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51941
Source: unknown	Network traffic detected: HTTP traffic on port 51937 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 51984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51959
Source: unknown	Network traffic detected: HTTP traffic on port 52002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51839
Source: unknown	Network traffic detected: HTTP traffic on port 51869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51957
Source: unknown	Network traffic detected: HTTP traffic on port 51892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51958
Source: unknown	Network traffic detected: HTTP traffic on port 52048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51952
Source: unknown	Network traffic detected: HTTP traffic on port 52083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51950
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52072 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51848
Source: unknown	Network traffic detected: HTTP traffic on port 51868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51969
Source: unknown	Network traffic detected: HTTP traffic on port 52003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52084 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51960
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51961
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51948 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51925 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 51846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51977
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51975
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51855
Source: unknown	Network traffic detected: HTTP traffic on port 51903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51976
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51970
Source: unknown	Network traffic detected: HTTP traffic on port 51959 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51973
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51974
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51972
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 51962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52095 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51900
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 51847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51901
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51904
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51905
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51903
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52082 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51908
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51909
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51906
Source: unknown	Network traffic detected: HTTP traffic on port 52050 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51907
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 51871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51911
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51912
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51910
Source: unknown	Network traffic detected: HTTP traffic on port 52027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51915
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51916
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51913
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51914
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 51936 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51919
Source: unknown	Network traffic detected: HTTP traffic on port 52059 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51918
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 52093 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51922
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51923
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 51870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51920
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51921
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 52026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51927
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51924
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 51893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51925
Source: unknown	Network traffic detected: HTTP traffic on port 51958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51928
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51929
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 51963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 52094 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51933
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51931
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51932
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51937
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51938
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51936
Source: unknown	Network traffic detected: HTTP traffic on port 52004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51930
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 51895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52092 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 51976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 52033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 51894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 52081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52070 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51980
Source: unknown	Network traffic detected: HTTP traffic on port 52047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51860
Source: unknown	Network traffic detected: HTTP traffic on port 52024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51863
Source: unknown	Network traffic detected: HTTP traffic on port 51933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51864
Source: unknown	Network traffic detected: HTTP traffic on port 51956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51862
Source: unknown	Network traffic detected: HTTP traffic on port 51965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51879
Source: unknown	Network traffic detected: HTTP traffic on port 51896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51870
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51871
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51990
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51995
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51873
Source: unknown	Network traffic detected: HTTP traffic on port 52013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51887
Source: unknown	Network traffic detected: HTTP traffic on port 51977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51888
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51881
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51880
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51884
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51899
Source: unknown	Network traffic detected: HTTP traffic on port 51873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51893
Source: unknown	Network traffic detected: HTTP traffic on port 52046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51895
Source: unknown	Network traffic detected: HTTP traffic on port 51966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52091 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52089 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52077 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52009
Source: unknown	Network traffic detected: HTTP traffic on port 52031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52002
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52003
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52004
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52078 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52019
Source: unknown	Network traffic detected: HTTP traffic on port 51874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52011
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52015
Source: unknown	Network traffic detected: HTTP traffic on port 51919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52090 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52024
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52022
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52023
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52026
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52027
Source: unknown	Network traffic detected: HTTP traffic on port 51920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52019 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52031
Source: unknown	Network traffic detected: HTTP traffic on port 51863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52087 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52054 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52079
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52077
Source: unknown	Network traffic detected: HTTP traffic on port 51843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52078
Source: unknown	Network traffic detected: HTTP traffic on port 52086 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52082
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52083
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52080
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52081
Source: unknown	Network traffic detected: HTTP traffic on port 51969 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52086
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52087
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52084
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52085
Source: unknown	Network traffic detected: HTTP traffic on port 51889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52052 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52089
Source: unknown	Network traffic detected: HTTP traffic on port 51970 -> 443

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 70.42.32.63
Source: unknown	TCP traffic detected without corresponding DNS query: 70.42.32.63
Source: unknown	TCP traffic detected without corresponding DNS query: 70.42.32.63
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 70.42.32.63
Source: unknown	TCP traffic detected without corresponding DNS query: 70.42.32.63
Source: unknown	TCP traffic detected without corresponding DNS query: 70.42.32.63
Source: unknown	TCP traffic detected without corresponding DNS query: 70.42.32.63
Source: unknown	TCP traffic detected without corresponding DNS query: 70.42.32.63
Source: unknown	TCP traffic detected without corresponding DNS query: 70.42.32.63
Source: unknown	TCP traffic detected without corresponding DNS query: 70.42.32.63

Source: classification engine

Classification label: clean1.win@36/384@106/773

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\GoogleUpdater

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://discoverevvnt.com/framed/eyJwX2lkIjoiY2Fzd2VsbG1lc3Nlbmdlci5jb20iLCJ3aWRnZXQiOnRydWUsImxhbmRzY2FwZSI6ZmFsc2UsIm51bWJlciI6MywidmlydHVhbCI6ZmFsc2UsImNfaWQiOm51bGwsImRfYmFja2ZpbGxfaW1hZ2VzIjpmYWxzZX0=/widget
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1752,i,18061903182322032512,5776762701903284659,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1752,i,18061903182322032512,5776762701903284659,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\GoogleUpdater

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	2 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	2 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	1 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	2 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Source	Detection	Scanner	Label	Link
https://discoverevvnt.com/framed/eyJwX2lkIjoiY2Fzd2VsbG1lc3Nlbmdlci5jb20iLCJ3aWRnZXQiOnRydWUsImxhbmRzY2FwZSI6ZmFsc2UsIm51bWJlciI6MywidmlydHVhbCI6ZmFsc2UsImNfaWQiOm51bGwsImRfYmFja2ZpbGxfaW1hZ2VzIjpmYWxzZX0=/widget	0%	Avira URL Cloud	safe
https://discoverevvnt.com/framed/eyJwX2lkIjoiY2Fzd2VsbG1lc3Nlbmdlci5jb20iLCJ3aWRnZXQiOnRydWUsImxhbmRzY2FwZSI6ZmFsc2UsIm51bWJlciI6MywidmlydHVhbCI6ZmFsc2UsImNfaWQiOm51bGwsImRfYmFja2ZpbGxfaW1hZ2VzIjpmYWxzZX0=/widget	0%	Virustotal		Browse

Source	Detection	Scanner	Label	Link
https://discoverevvnt.com/framed/eyJwX2lkIjoiY2Fzd2VsbG1lc3Nlbmdlci5jb20iLCJ3aWRnZXQiOnRydWUsImxhbmRzY2FwZSI6ZmFsc2UsIm51bWJlciI6MywidmlydHVhbCI6ZmFsc2UsImNfaWQiOm51bGwsImRfYmFja2ZpbGxfaW1hZ2VzIjpmYWxzZX0=/widget	0%	Virustotal		Browse
https://onetag-sys.com/usync/?pubId=598ce3ddaee8c90	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
beacons3.gvt2.com	142.250.186.163	true	false	unknown
d2avimlm6gq3h9.cloudfront.net	18.66.123.194	true	false	high
ae2-use-2.algolia.net	35.170.230.142	true	false	unknown
lax1-ib.adnxs.com	104.254.151.69	true	false	high
static.nl3.vip.prod.criteo.net	178.250.1.3	true	false	high
global.px.quantserve.com	91.228.74.244	true	false	high
id5-sync.com	162.19.138.117	true	false	unknown
eu-u.openx.net	35.244.159.8	true	false	high
discoverevvnt.com	13.32.145.57	true	false	unknown
eu-eb2.3lift.com	76.223.111.18	true	false	high
stats.g.doubleclick.net	64.233.184.155	true	false	high
s3.amazonaws.com	52.216.220.232	true	false	high
ats-eks.eu-central-1.dcs-online-targeting-prd.aws.oath.cloud	3.71.149.231	true	false	unknown
cm.g.doubleclick.net	142.250.181.226	true	false	high
sync.1rx.io	46.228.174.117	true	false	high
us.shb-sync.com	8.2.110.33	true	false	unknown
www.google.com	142.250.186.132	true	false	high
api.segment.io	54.203.25.147	true	false	high
data00.adlooxtracking.com	35.241.31.249	true	false	unknown
id.rlcdn.com	35.244.174.68	true	false	high
spug-amsfpairbc.pubmnet.com	198.47.127.20	true	false	unknown
bcp.crwdcntrl.net	34.247.103.19	true	false	high
router.infolinks.com	172.66.41.9	true	false	high
match.adsrvr.org	52.223.40.198	true	false	high
d1q81vmkf5a56u.cloudfront.net	52.222.174.42	true	false	high
pagead-googlehosted.l.google.com	142.250.186.33	true	false	high
google.com	142.250.184.238	true	false	high
us-u.openx.net	34.98.64.218	true	false	high
ampcid.google.com	142.250.185.174	true	false	high
securepubads46.g.doubleclick.net	172.217.16.194	true	false	high
zeta-ssp-385516103.us-east-1.elb.amazonaws.com	50.19.34.26	true	false	high
invstatic101.creativecdn.com	34.96.70.87	true	false	high
esp.rtbhouse.com	35.190.39.111	true	false	high
pug-lhr-bc.pubmnet.com	185.64.191.210	true	false	unknown
euw-ice.360yield.com	52.17.64.122	true	false	high
cs.media.net	23.212.88.20	true	false	high
gum.fr3.vip.prod.criteo.com	178.250.7.13	true	false	high
oajs.openx.net	34.120.135.53	true	false	high
envoy-hl.envoy-csync1.core-b8mf.ov1o.com	35.214.249.3	true	false	unknown
googleads.g.doubleclick.net	172.217.16.194	true	false	high
j.adlooxtracking.com	172.67.36.21	true	false	unknown
www.google.co.uk	142.250.185.67	true	false	unknown
prod.appnexus.map.fastly.net	151.101.193.108	true	false	unknown
resources.infolinks.com	172.66.42.247	true	false	high
clients.l.google.com	172.217.18.14	true	false	high
cm-x.mgid.com	8.2.110.161	true	false	high
pixel-origin.mathtag.com	185.29.132.245	true	false	high
46-105-201-233.any.cdn.anycast.me	46.105.201.233	true	false	unknown
www.googletagservices.com	172.217.18.98	true	false	high
iad-2-sync.go.sonobi.com	69.166.1.10	true	false	high
beacons-handoff.gcp.gvt2.com	142.251.143.35	true	false	unknown
oa.openxcdn.net	34.102.146.192	true	false	unknown
google-bidout-d.openx.net	34.98.64.218	true	false	high
u.openx.net	34.98.64.218	true	false	high
de.tynt.com	67.202.105.31	true	false	high
adservice.google.com	142.250.186.34	true	false	high
ssbsync-itx5.smartadserver.com	185.86.138.152	true	false	high
emea.vap.lijit.com	216.52.2.39	true	false	high
d296je7bbdd650.cloudfront.net	99.86.8.175	true	false	high
adserver-vpc-alb-1-1446435489.eu-west-1.elb.amazonaws.com	54.217.105.8	true	false	high
pixel.33across.com	67.202.105.21	true	false	high
sp-20230201110230995100000008-1530450753.us-east-2.elb.amazonaws.com	3.134.250.243	true	false	high
cdn.id5-sync.com	104.22.52.86	true	false	unknown
am-vip001.taboola.com	141.226.228.48	true	false	high
rt3065.infolinks.com	172.66.41.9	true	false	high
sync.adotmob.com	185.183.112.148	true	false	high
pixel.tapad.com	34.111.113.62	true	false	high
accounts.google.com	142.250.185.109	true	false	high
caswellmessenger.com	192.104.182.209	true	false	unknown
s.amazon-adsystem.com	52.46.130.91	true	false	high
aax-eu.amazon-adsystem.com	67.220.226.234	true	false	high
fr-xn.lb.indexww.com	185.80.39.216	true	false	unknown
region1.analytics.google.com	216.239.32.36	true	false	high
m86-use.algolianet.com	20.84.30.83	true	false	unknown
alb-aws-fr-bruges-1875226813.eu-central-1.elb.amazonaws.com	18.195.47.22	true	false	high
tags.crwdcntrl.net	18.155.129.21	true	false	high
onetag-sys.com	51.89.9.252	true	false	unknown
imagesync-lhrc.pubmnet.com	185.64.190.79	true	false	unknown
ib.anycast.adnxs.com	37.252.172.123	true	false	high
securepubads.g.doubleclick.net	unknown	unknown	false	high
d.adroll.com	unknown	unknown	false	high
ssc-cms.33across.com	unknown	unknown	false	high
sync.go.sonobi.com	unknown	unknown	false	high
62c9wikgtl-2.algolianet.com	unknown	unknown	false	unknown
static.adbutter.net	unknown	unknown	false	unknown
clients2.google.com	unknown	unknown	false	high
sync.targeting.unrulymedia.com	unknown	unknown	false	high
62c9wikgtl-dsn.algolia.net	unknown	unknown	false	unknown
static.criteo.net	unknown	unknown	false	high
csync.loopme.me	unknown	unknown	false	high
acdn.adnxs.com	unknown	unknown	false	high
cdn-ima.33across.com	unknown	unknown	false	high
c1.adform.net	unknown	unknown	false	high
pixel.rubiconproject.com	unknown	unknown	false	high
www.caswellmessenger.com	unknown	unknown	false	unknown
ssum-sec.casalemedia.com	unknown	unknown	false	high
sync.mathtag.com	unknown	unknown	false	high
p.rfihub.com	unknown	unknown	false	high
cdn.jsdelivr.net	unknown	unknown	false	high
image8.pubmatic.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
about:blank	false		low
https://googleads.g.doubleclick.net/pagead/html/r20230719/r20190131/zrt_lookup.html	false		high
https://www.caswellmessenger.com/local-events/?_evDiscoveryPath=/event%2F122876x-junior-chef-camp-international-week	false		unknown
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6373315980741255&output=html&h=90&slotname=4828246007&adk=444658243&adf=3279755402&pi=t.ma~as.4828246007&w=728&rdp=false&format=728x90&url=https%3A%2F%2Fwww.caswellmessenger.com%2Flocal-events%2F%3F_evDiscoveryPath%3D%2Fevent%252F122876x-junior-chef-camp-international-week&ea=0&alternate_ad_url=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsrh%2Fadx%3FhookId%3Dx_IL_INSEARCH&wgl=1&uach=WyJXaW5kb3dzIiwiOC4wLjAiLCJ4ODYiLCIiLCIxMDQuMC41MTEyLjEwMiIsW10sMCxudWxsLCI2NCIsW1siQ2hyb21pdW0iLCIxMDQuMC41MTEyLjEwMiJdLFsiIE5vdCBBO0JyYW5kIiwiOTkuMC4wLjAiXSxbIkdvb2dsZSBDaHJvbWUiLCIxMDQuMC41MTEyLjEwMiJdXSwwXQ..&dt=1690297554198&bpp=3&bdt=113&idt=73&shv=r20230719&mjsv=m202307190101&ptt=9&saldr=aa&correlator=2523143402712&frm=23&ife=1&pv=1&ga_vid=33912213.1690297554&ga_sid=1690297554&ga_hid=135215665&ga_fc=0&nhd=1&u_tz=120&u_his=2&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=268&ady=1023&biw=1263&bih=913&isw=728&ish=90&ifk=527778732&scr_x=0&scr_y=200&eid=44759927%2C44759842%2C44759876%2C44788441&oid=2&pvsid=1649280869326373&tmod=1048364686&uas=0&nvt=1&ref=https%3A%2F%2Fdiscoverevvnt.com%2F&loc=EMPTY&top=https%3A%2F%2Fwww.caswellmessenger.com%2Flocal-events%2F%3F_evDiscoveryPath%3D%2Fevent%252F122876x-junior-chef-camp-international-week&fc=640&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C728%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.13phz9smi9p&fsb=1&dtd=80	false		high
https://router.infolinks.com/usync/manage?pid=3119781&wsid=0&pdom=www.caswellmessenger.com&purl=https%3A%2F%2Fwww.caswellmessenger.com%2Flocal-events%2F%3F_evDiscoveryPath%3D%2Fevent%252F122876x-junior-chef-camp-international-week	false		high
https://discoverevvnt.com/framed/eyJwX2lkIjoiY2Fzd2VsbG1lc3Nlbmdlci5jb20iLCJ3aWRnZXQiOnRydWUsImxhbmRzY2FwZSI6ZmFsc2UsIm51bWJlciI6MywidmlydHVhbCI6ZmFsc2UsImNfaWQiOm51bGwsImRfYmFja2ZpbGxfaW1hZ2VzIjpmYWxzZX0=/widget	false	0%, Virustotal, Browse	unknown
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6373315980741255&output=html&h=90&slotname=4828246007&adk=444658243&adf=3279755403&pi=t.ma~as.4828246007&w=728&rdp=false&format=728x90&url=https%3A%2F%2Fwww.caswellmessenger.com%2Flocal-events%2F%3F_evDiscoveryPath%3D%2Fevent%252F122876x-junior-chef-camp-international-week&ea=0&alternate_ad_url=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsrh%2Fadx%3FhookId%3Dx_IL_INSEARCH&wgl=1&uach=WyJXaW5kb3dzIiwiOC4wLjAiLCJ4ODYiLCIiLCIxMDQuMC41MTEyLjEwMiIsW10sMCxudWxsLCI2NCIsW1siQ2hyb21pdW0iLCIxMDQuMC41MTEyLjEwMiJdLFsiIE5vdCBBO0JyYW5kIiwiOTkuMC4wLjAiXSxbIkdvb2dsZSBDaHJvbWUiLCIxMDQuMC41MTEyLjEwMiJdXSwwXQ..&dt=1690297525407&bpp=28&bdt=1980&idt=989&shv=r20230719&mjsv=m202307190101&ptt=9&saldr=aa&correlator=2523143402712&frm=23&ife=1&pv=2&ga_vid=1252151918.1690297526&ga_sid=1690297526&ga_hid=1734097163&ga_fc=0&nhd=1&u_tz=120&u_his=2&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=268&ady=1023&biw=1263&bih=913&isw=728&ish=90&ifk=2121387315&scr_x=0&scr_y=200&eid=44759927%2C44759842%2C44759876%2C31076341%2C31076448%2C44788442&oid=2&pvsid=3133920908168062&tmod=1048364686&uas=0&nvt=1&ref=https%3A%2F%2Fdiscoverevvnt.com%2F&loc=EMPTY&top=https%3A%2F%2Fwww.caswellmessenger.com%2Flocal-events%2F%3F_evDiscoveryPath%3D%2Fevent%252F122876x-junior-chef-camp-international-week&fc=640&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C728%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.roxtxu40t9rs&fsb=1&dtd=1038	false		high
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6373315980741255&output=html&h=90&slotname=4828246007&adk=444658243&adf=3279755402&pi=t.ma~as.4828246007&w=728&rdp=false&format=728x90&url=https%3A%2F%2Fwww.caswellmessenger.com%2Flocal-events%2F%3F_evDiscoveryPath%3D%2Fevent%252F122876x-junior-chef-camp-international-week&ea=0&alternate_ad_url=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsrh%2Fadx%3FhookId%3Dx_IL_INSEARCH&wgl=1&uach=WyJXaW5kb3dzIiwiOC4wLjAiLCJ4ODYiLCIiLCIxMDQuMC41MTEyLjEwMiIsW10sMCxudWxsLCI2NCIsW1siQ2hyb21pdW0iLCIxMDQuMC41MTEyLjEwMiJdLFsiIE5vdCBBO0JyYW5kIiwiOTkuMC4wLjAiXSxbIkdvb2dsZSBDaHJvbWUiLCIxMDQuMC41MTEyLjEwMiJdXSwwXQ..&dt=1690297584967&bpp=4&bdt=21&idt=24&shv=r20230719&mjsv=m202307190101&ptt=9&saldr=aa&correlator=2523143402712&frm=23&ife=1&pv=1&ga_vid=507880409.1690297585&ga_sid=1690297585&ga_hid=1013387248&ga_fc=0&nhd=1&u_tz=120&u_his=2&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=268&ady=1023&biw=1263&bih=913&isw=728&ish=90&ifk=305916337&scr_x=0&scr_y=200&eid=44759927%2C44759842%2C44759876%2C31076250%2C31076342%2C31076445%2C44788442&oid=2&pvsid=3133535228459505&tmod=1048364686&uas=0&nvt=1&ref=https%3A%2F%2Fdiscoverevvnt.com%2F&loc=EMPTY&top=https%3A%2F%2Fwww.caswellmessenger.com%2Flocal-events%2F%3F_evDiscoveryPath%3D%2Fevent%252F122876x-junior-chef-camp-international-week&fc=640&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C728%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.fe0mpkrdghto&fsb=1&dtd=31	false		high
https://google-bidout-d.openx.net/w/1.0/pd?plm=5	false		high
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1	false		high
https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=3251&pub_id=1503928	false		high
https://de.tynt.com/deb/?m=xch&rt=html&sid=0010b00002CpYhEAAV	false		high
https://discoverevvnt.com/framed/eyJwX2lkIjoiY2Fzd2VsbG1lc3Nlbmdlci5jb20iLCJ3aWRnZXQiOmZhbHNlLCJsYW5kc2NhcGUiOmZhbHNlLCJ2aXJ0dWFsIjpmYWxzZSwiY19pZCI6bnVsbCwiZF9iYWNrZmlsbF9pbWFnZXMiOmZhbHNlfQ==/event/122876x-junior-chef-camp-international-week	false		unknown
https://www.google.com/recaptcha/api2/aframe	false		high
https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=www.caswellmessenger.com#{%22uid%22:{%22origin%22:0},%22lwid%22:{%22origin%22:0},%22bundle%22:{%22origin%22:0},%22optout%22:{%22value%22:false,%22origin%22:0},%22sid%22:{%22origin%22:0},%22tld%22:%22caswellmessenger.com%22,%22topUrl%22:%22www.caswellmessenger.com%22,%22version%22:139,%22cw%22:true,%22lsw%22:true,%22origin%22:%22publishertagids%22,%22requestId%22:%220.55878058807844%22}	false		high
https://onetag-sys.com/usync/?pubId=598ce3ddaee8c90	false	0%, Virustotal, Browse	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.109	accounts.google.com	United States	15169	GOOGLEUS	false
142.250.186.68	unknown	United States	15169	GOOGLEUS	false
142.250.186.67	unknown	United States	15169	GOOGLEUS	false
34.96.70.87	invstatic101.creativecdn.com	United States	15169	GOOGLEUS	false
216.52.2.39	emea.vap.lijit.com	United States	29791	VOXEL-DOT-NETUS	false
51.89.9.252	onetag-sys.com	France	16276	OVHFR	false
13.32.145.57	discoverevvnt.com	United States	16509	AMAZON-02US	false
104.22.52.86	cdn.id5-sync.com	United States	13335	CLOUDFLARENETUS	false
192.104.182.209	caswellmessenger.com	United States	10668	LEE-ASNUS	false
185.29.132.245	pixel-origin.mathtag.com	United Kingdom	30419	MEDIAMATH-INCUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
34.104.35.123	unknown	United States	15169	GOOGLEUS	false
35.190.39.111	esp.rtbhouse.com	United States	15169	GOOGLEUS	false
8.2.110.33	us.shb-sync.com	United States	46636	NATCOWEBUS	false
52.17.64.122	euw-ice.360yield.com	United States	16509	AMAZON-02US	false
35.241.31.249	data00.adlooxtracking.com	United States	15169	GOOGLEUS	false
185.86.138.152	ssbsync-itx5.smartadserver.com	France	201081	SMARTADSERVERFR	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
23.212.88.20	cs.media.net	United States	16625	AKAMAI-ASUS	false
193.0.160.130	unknown	Netherlands	54312	ROCKETFUELUS	false
67.202.105.21	pixel.33across.com	United States	32748	STEADFASTUS	false
99.86.8.175	d296je7bbdd650.cloudfront.net	United States	16509	AMAZON-02US	false
35.244.174.68	id.rlcdn.com	United States	15169	GOOGLEUS	false
52.216.220.232	s3.amazonaws.com	United States	16509	AMAZON-02US	false
172.67.36.21	j.adlooxtracking.com	United States	13335	CLOUDFLARENETUS	false
172.217.18.14	clients.l.google.com	United States	15169	GOOGLEUS	false
104.18.35.34	unknown	United States	13335	CLOUDFLARENETUS	false
216.239.32.36	region1.analytics.google.com	United States	15169	GOOGLEUS	false
20.84.30.83	m86-use.algolianet.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
185.80.39.216	fr-xn.lb.indexww.com	Netherlands	27381	CASALE-MEDIACA	false
216.58.206.35	unknown	United States	15169	GOOGLEUS	false
37.252.172.123	ib.anycast.adnxs.com	European Union	29990	ASN-APPNEXUS	false
46.228.164.11	unknown	United Kingdom	56396	TURNGB	false
141.226.228.48	am-vip001.taboola.com	Israel	200478	TABOOLA-ASIL	false
172.217.18.97	unknown	United States	15169	GOOGLEUS	false
54.203.25.147	api.segment.io	United States	16509	AMAZON-02US	false
172.217.18.98	www.googletagservices.com	United States	15169	GOOGLEUS	false
37.157.3.30	unknown	Denmark	198622	ADFORMDK	false
216.58.212.170	unknown	United States	15169	GOOGLEUS	false
142.250.186.138	unknown	United States	15169	GOOGLEUS	false
185.64.190.79	imagesync-lhrc.pubmnet.com	United Kingdom	62713	AS-PUBMATICUS	false
178.250.1.3	static.nl3.vip.prod.criteo.net	France	44788	ASN-CRITEO-EUROPEFR	false
104.16.89.20	unknown	United States	13335	CLOUDFLARENETUS	false
18.155.129.21	tags.crwdcntrl.net	United States	16509	AMAZON-02US	false
142.250.181.226	cm.g.doubleclick.net	United States	15169	GOOGLEUS	false
142.250.185.174	ampcid.google.com	United States	15169	GOOGLEUS	false
34.247.103.19	bcp.crwdcntrl.net	United States	16509	AMAZON-02US	false
142.251.143.35	beacons-handoff.gcp.gvt2.com	United States	15169	GOOGLEUS	false
52.46.130.91	s.amazon-adsystem.com	United States	16509	AMAZON-02US	false
178.250.7.13	gum.fr3.vip.prod.criteo.com	France	44788	ASN-CRITEO-EUROPEFR	false
172.217.16.130	unknown	United States	15169	GOOGLEUS	false
162.19.138.117	id5-sync.com	United States	209	CENTURYLINK-US-LEGACY-QWESTUS	false
46.228.174.117	sync.1rx.io	United Kingdom	56396	TURNGB	false
108.177.15.157	unknown	United States	15169	GOOGLEUS	false
46.105.201.233	46-105-201-233.any.cdn.anycast.me	France	16276	OVHFR	false
91.228.74.244	global.px.quantserve.com	United Kingdom	27281	QUANTCASTUS	false
151.101.193.108	prod.appnexus.map.fastly.net	United States	54113	FASTLYUS	false
216.239.34.36	unknown	United States	15169	GOOGLEUS	false
185.183.112.148	sync.adotmob.com	Netherlands	60350	VPFR	false
198.47.127.20	spug-amsfpairbc.pubmnet.com	United States	62713	AS-PUBMATICUS	false
142.250.184.227	unknown	United States	15169	GOOGLEUS	false
142.250.186.33	pagead-googlehosted.l.google.com	United States	15169	GOOGLEUS	false
142.250.186.34	adservice.google.com	United States	15169	GOOGLEUS	false
142.250.185.67	www.google.co.uk	United States	15169	GOOGLEUS	false
69.173.144.165	unknown	United States	26667	RUBICONPROJECTUS	false
3.75.62.37	unknown	United States	16509	AMAZON-02US	false
104.16.133.24	unknown	United States	13335	CLOUDFLARENETUS	false
8.2.110.161	cm-x.mgid.com	United States	46636	NATCOWEBUS	false
35.170.230.142	ae2-use-2.algolia.net	United States	14618	AMAZON-AESUS	false
50.19.34.26	zeta-ssp-385516103.us-east-1.elb.amazonaws.com	United States	14618	AMAZON-AESUS	false
34.120.135.53	oajs.openx.net	United States	15169	GOOGLEUS	false
69.166.1.10	iad-2-sync.go.sonobi.com	United States	27630	AS-XFERNETUS	false
54.217.105.8	adserver-vpc-alb-1-1446435489.eu-west-1.elb.amazonaws.com	United States	16509	AMAZON-02US	false
172.217.16.194	securepubads46.g.doubleclick.net	United States	15169	GOOGLEUS	false
142.250.184.238	google.com	United States	15169	GOOGLEUS	false
52.223.40.198	match.adsrvr.org	United States	8987	AMAZONEXPANSIONGB	false
52.222.174.42	d1q81vmkf5a56u.cloudfront.net	United States	16509	AMAZON-02US	false
23.32.184.180	unknown	United States	16625	AKAMAI-ASUS	false
172.217.18.100	unknown	United States	15169	GOOGLEUS	false
3.71.149.231	ats-eks.eu-central-1.dcs-online-targeting-prd.aws.oath.cloud	United States	16509	AMAZON-02US	false
185.64.191.210	pug-lhr-bc.pubmnet.com	United Kingdom	62713	AS-PUBMATICUS	false
35.244.159.8	eu-u.openx.net	United States	15169	GOOGLEUS	false
172.217.23.97	unknown	United States	15169	GOOGLEUS	false
3.134.250.243	sp-20230201110230995100000008-1530450753.us-east-2.elb.amazonaws.com	United States	16509	AMAZON-02US	false
35.214.249.3	envoy-hl.envoy-csync1.core-b8mf.ov1o.com	United States	19527	GOOGLE-2US	false
192.104.182.109	unknown	United States	10668	LEE-ASNUS	false
67.202.105.31	de.tynt.com	United States	32748	STEADFASTUS	false
216.58.212.130	unknown	United States	15169	GOOGLEUS	false
142.250.184.200	unknown	United States	15169	GOOGLEUS	false
76.223.111.18	eu-eb2.3lift.com	United States	16509	AMAZON-02US	false
172.217.16.202	unknown	United States	15169	GOOGLEUS	false
142.250.186.163	beacons3.gvt2.com	United States	15169	GOOGLEUS	false
172.66.42.247	resources.infolinks.com	United States	13335	CLOUDFLARENETUS	false
104.254.151.69	lax1-ib.adnxs.com	United States	29990	ASN-APPNEXUS	false
185.89.210.141	unknown	Germany	29990	ASN-APPNEXUS	false
172.66.41.9	router.infolinks.com	United States	13335	CLOUDFLARENETUS	false
34.111.113.62	pixel.tapad.com	United States	15169	GOOGLEUS	false
67.220.226.234	aax-eu.amazon-adsystem.com	United States	18450	WEBNXUS	false
34.102.146.192	oa.openxcdn.net	United States	15169	GOOGLEUS	false
34.98.64.218	us-u.openx.net	United States	15169	GOOGLEUS	false

General Information

Joe Sandbox Version:	38.0.0 Beryl
Analysis ID:	1279274
Start date and time:	2023-07-25 17:04:33 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://discoverevvnt.com/framed/eyJwX2lkIjoiY2Fzd2VsbG1lc3Nlbmdlci5jb20iLCJ3aWRnZXQiOnRydWUsImxhbmRzY2FwZSI6ZmFsc2UsIm51bWJlciI6MywidmlydHVhbCI6ZmFsc2UsImNfaWQiOm51bGwsImRfYmFja2ZpbGxfaW1hZ2VzIjpmYWxzZX0=/widget
Analysis system description:	Windows 10 64 bit version 1909 (MS Office 2019, IE 11, Chrome 104, Firefox 88, Adobe Reader DC 21, Java 8 u291, 7-Zip)
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.win@36/384@106/773

Warnings

Exclude process from analysis (whitelisted): SIHClient.exe
Excluded IPs from analysis (whitelisted): 142.250.186.67, 34.104.35.123, 142.250.184.200, 142.250.186.138, 142.250.186.106, 216.58.206.42, 142.250.184.202, 142.250.185.234, 142.250.184.234, 142.250.185.170, 142.250.181.234, 142.250.186.170, 142.250.185.138, 142.250.185.202, 142.250.186.42, 172.217.18.10, 172.217.16.202, 142.250.185.106, 142.250.186.74, 216.239.32.36, 216.239.34.36, 104.16.133.24, 104.16.132.24, 142.250.186.136, 216.58.212.170, 142.250.184.206, 142.250.181.226, 172.217.18.97, 142.250.185.174, 172.217.23.97, 172.217.18.98, 142.250.185.131, 142.250.184.227, 104.16.89.20, 104.16.88.20, 104.16.87.20, 104.16.86.20, 104.16.85.20, 104.18.35.34, 172.64.152.222
Excluded domains from analysis (whitelisted): fonts.googleapis.com, cdn.jsdelivr.net.cdn.cloudflare.net, content-autofill.googleapis.com, slscr.update.microsoft.com, fonts.gstatic.com, clientservices.googleapis.com, pagead2.googlesyndication.com, region1.google-analytics.com, edgedl.me.gvt1.com, cdn-ima.33across.com.cdn.cloudflare.net, login.live.com, www.googletagmanager.com, 599ce8c42f9044131b814cca22b1d039.safeframe.googlesyndication.com, tpc.googlesyndication.com, bloximages.chicago2.vip.townnews.com.cdn.cloudflare.net, www.google-analytics.com
Not all processes where analyzed, report is missing behavior information

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (41219)
Category:	downloaded
Size (bytes):	41279
Entropy (8bit):	5.133330928837474
Encrypted:	false
SSDEEP:
MD5:	4911CA4064900E4C513465B887060152
SHA1:	10F4A1F81FC8CCF48BF5653DA516DC3BF9142089
SHA-256:	CA372F1D4CED7E2A37E83EB5B880159BA569A4FBF613B9CC2894A6C8726C13F6
SHA-512:	0629D31F0AA3FEDFE582246F7BD56B561EEA8B2843E6B7C681A4158DE7F16EF9D190B678F884DC05C25DB63593E5FE4220E46BB3A54D1510D1A0A6C591AE1588
Malicious:	false
Reputation:	low
URL:	https://cdn-ima.33across.com/ob.js
Preview:	/! For license information please see ob.js.LICENSE.txt /.!function(){var t={193:function(t,e,r){function n(t){return n="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(t){return typeof t}:function(t){return t&&"function"==typeof Symbol&&t.constructor===Symbol&&t!==Symbol.prototype?"symbol":typeof t},n(t)}function o(t,e){return function(t){if(Array.isArray(t))return t}(t)\|\|function(t,e){var r=null==t?null:"undefined"!=typeof Symbol&&t[Symbol.iterator]\|\|t["@@iterator"];if(null!=r){var n,o,i,a,c=[],u=!0,s=!1;try{if(i=(r=r.call(t)).next,0===e){if(Object(r)!==r)return;u=!1}else for(;!(u=(n=i.call(r)).done)&&(c.push(n.value),c.length!==e);u=!0);}catch(t){s=!0,o=t}finally{try{if(!u&&null!=r.return&&(a=r.return(),Object(a)!==a))return}finally{if(s)throw o}}return c}}(t,e)\|\|function(t,e){if(t){if("string"==typeof t)return i(t,e);var r=Object.prototype.toString.call(t).slice(8,-1);return"Object"===r&&t.constructor&&(r=t.constructor.name),"Map"===r\|\|"Set"===r?Array.from(t):

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (2020)
Category:	downloaded
Size (bytes):	12817
Entropy (8bit):	5.34459161517544
Encrypted:	false
SSDEEP:
MD5:	1D3D22DF067F5219073F9C0FABB74FDD
SHA1:	D5C226022639323D93946DF3571404116041E588
SHA-256:	55A119C0394F901A8A297E109C17B5E5402689708B999AB10691C16179F32A4A
SHA-512:	0B6B13B576E8CC05BD85B275631879875A5DBCB70FD78E6C93B259317ED6FD5D886F37D0CC6E099C3D3A8B66FEA2A4C2C631EB5548C1AB2CD7CB5FA4D41EA769
Malicious:	false
Reputation:	low
URL:	https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Preview:	<!DOCTYPE html>.<meta charset=utf-8><script>.(function(){/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.'use strict';function m(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var p="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,d){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=d.value;return a};.function aa(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var d=a[b];if(d&&d.Math==Math)return d}throw Error("Cannot find global object");}var r=aa(this),u="function"===typeof Symbol&&"symbol"===typeof Symbol("x"),v={},w={};function x(a,b){var d=w[b];if(null==d)return a[b];d=a[d];return void 0!==d?d:a[b]}.function y(a,b,d){if(b)a:{var e=a.split(".");a=1===e.length;var g=e[0],k;!a&&g in v?k=v:k=r;for(g=0;g<e.length-1;g++){var c=e[g];if(!(c in k))break a;k=k[c]}e=e[

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	106105
Entropy (8bit):	5.299406341054336
Encrypted:	false
SSDEEP:
MD5:	5C49E9EB6BFF019644B28902B918235B
SHA1:	FF0F8245C3DBC0E22E0DD24A291E5E68A9E3F6BF
SHA-256:	02D53D408327F328065EDB9FCDF34DA0A33CF9D4B9551A58D4417D57CDD2CA83
SHA-512:	025DC2C89223CAB54D2C8C977C771A9B7E233EB8788EB5206DE3343EAD31473F7C41AD18777B5AD78965F457FE7EDCEE3F0AFEEF0D65A6A7F65BA67D68540535
Malicious:	false
Reputation:	low
URL:	https://discoverevvnt.com/_next/static/chunks/main-62be57948b11b758.js
Preview:	(self.webpackChunk_N_E=self.webpackChunk_N_E\|\|[]).push([[179],{5300:function(e,t){"use strict";Object.defineProperty(t,"__esModule",{value:!0}),t.default=function(e,t){(null==t\|\|t>e.length)&&(t=e.length);for(var n=0,r=new Array(t);n<t;n++)r[n]=e[n];return r}},6564:function(e,t){"use strict";Object.defineProperty(t,"__esModule",{value:!0}),t.default=function(e){if(Array.isArray(e))return e}},2568:function(e,t,n){"use strict";Object.defineProperty(t,"__esModule",{value:!0}),t.default=function(e){if(Array.isArray(e))return a.default(e)};var r,a=(r=n(5300))&&r.__esModule?r:{default:r}},8646:function(e,t){"use strict";Object.defineProperty(t,"__esModule",{value:!0}),t.default=function(e){if(void 0===e)throw new ReferenceError("this hasn't been initialised - super() hasn't been called");return e}},932:function(e,t){"use strict";function n(e,t,n,r,a,o,i){try{var u=e[o](i),c=u.value}catch(l){return void n(l)}u.done?t(c):Promise.resolve(c).then(r,a)}t.Z=function(e){return function(){var t=this,

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	3964
Entropy (8bit):	5.1031423469011115
Encrypted:	false
SSDEEP:
MD5:	FC77EBC37B8BDB5DC34764AF4793CAF6
SHA1:	5988C584DDEE602815C8083E8C597193E5F76518
SHA-256:	22B708F3EBD27EED5651B3B2BBE8E7DF0135344EE6830FF1D63F741D47A67CC5
SHA-512:	DE5F53170F5C80750020C9CA82BAE3ABA02C9DA3EEED2DAA50267051C377A6B5E16CDDAFE52384E2DA2DC976A582A5DF1D48B5DD63624473EA29054EE5B12AE7
Malicious:	false
Reputation:	low
URL:	https://static.adbutter.net/libjs/third-party-pixel.js
Preview:	/*.. Created by william on 19/01/16... */..function guv(url){.. if(url === undefined){.. url = window.location.href;.. }.. for (var t = [], e = url.slice(url.indexOf("?") + 1).split("&"), n = 0; n < e.length; n++){.. var i = e[n].indexOf("="), o = e[n].substring(0, i), d = e[n].substring(i + 1, e[n].length); t.push(o), t[o] = d}return t}....function buildQuery(parameters){.. var qs = "";.. for(var key in parameters) {.. if(key !== "pos" \|\| key !== "lang"){.. continue;.. }.. var value = parameters[key];.. qs += encodeURIComponent(key) + "=" + encodeURIComponent(value) + "&";.. }.. if (qs.length > 0){.. qs = qs.substring(0, qs.length-1); //chop off last "&".. qs = "?" + qs;.. }.. return qs;..}....function affDiv(display){.. document.getElementById('information_adchoices_link').style.display = display;..}....function getAdchoicesUrl(urlGam,queryGam){.. if(!urlGam){.. var urlGam =

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (10119), with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	103255
Entropy (8bit):	4.981994944065798
Encrypted:	false
SSDEEP:
MD5:	ACBBDDB99F42679CBB04C8154860412B
SHA1:	AEC143BF9BBEE9BBF3585A9054711488FA29DFEC
SHA-256:	B4E03FBD19A2646E00B244E1658623AC0CA532390660F40E0D229E92EFA8B124
SHA-512:	C209FB2A609999ECA88F9CD15DEABE438C2117967827FEA83159BC8A23AB7710794A93920BF0B2F7A809E8401DD6723053C247C597FF6D24F0B5482E888A7355
Malicious:	false
Reputation:	low
URL:	https://www.caswellmessenger.com/local-events/?_evDiscoveryPath=/event%2F122876x-junior-chef-camp-international-week
Preview:	..<!DOCTYPE html>.. <html lang="en">.. <head>.<base href="https://www.caswellmessenger.com/content/tncms/live/" />.<meta name="tncms-access-version" content="" />.<meta name="keywords" content="the caswell messenger" />.<meta name="description" content="" />.<meta name="author" content="The Caswell Messenger" />.<meta name="viewport" content="width=device-width, initial-scale=1.0" />.<meta name="apple-mobile-web-app-capable" content="yes" />.<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent" />.<meta name="robots" content="max-image-preview:standard" />.<meta property="og:type" content="website" />.<meta property="og:url" content="https://www.caswellmessenger.com/local-events/" />.<meta property="og:title" content="Local Events" />.<meta property="og:site_name" content="The Caswell Messenger" />.<meta property="og:section" content="Home" />.<meta property="fb:app_id" content="240597132746242" />.<meta property="article:publisher" content="www.f

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://discoverevvnt.com/framed/eyJwX2lkIjoiY2Fzd2VsbG1lc3Nlbmdlci5jb20iLCJ3aWRnZXQiOnRydWUsImxhbmRzY2FwZSI6ZmFsc2UsIm51bWJlciI6MywidmlydHVhbCI6ZmFsc2UsImNfaWQiOm51bGwsImRfYmFja2ZpbGxfaW1hZ2VzIjpmYWxzZX0=/widget

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

General Information

Warnings

Created / dropped Files

Chrome Cache Entry: 272

Chrome Cache Entry: 273

Chrome Cache Entry: 274

Chrome Cache Entry: 276

Chrome Cache Entry: 277

Chrome Cache Entry: 278

Chrome Cache Entry: 279

Chrome Cache Entry: 280

Chrome Cache Entry: 283

Chrome Cache Entry: 286

Chrome Cache Entry: 287

Chrome Cache Entry: 288

Chrome Cache Entry: 290

Chrome Cache Entry: 292

Chrome Cache Entry: 294

Chrome Cache Entry: 295

Chrome Cache Entry: 296

Chrome Cache Entry: 297

Chrome Cache Entry: 302

Chrome Cache Entry: 303

Chrome Cache Entry: 305

Chrome Cache Entry: 306

Chrome Cache Entry: 307

Chrome Cache Entry: 309

Chrome Cache Entry: 310

Chrome Cache Entry: 311

Chrome Cache Entry: 312

Chrome Cache Entry: 313

Chrome Cache Entry: 316

Chrome Cache Entry: 317

Chrome Cache Entry: 318

Chrome Cache Entry: 319

Chrome Cache Entry: 320

Chrome Cache Entry: 321

Chrome Cache Entry: 322

Chrome Cache Entry: 323

Chrome Cache Entry: 325

Chrome Cache Entry: 328

Chrome Cache Entry: 329

Chrome Cache Entry: 330

Chrome Cache Entry: 331

Windows Analysis Report
https://discoverevvnt.com/framed/eyJwX2lkIjoiY2Fzd2VsbG1lc3Nlbmdlci5jb20iLCJ3aWRnZXQiOnRydWUsImxhbmRzY2FwZSI6ZmFsc2UsIm51bWJlciI6MywidmlydHVhbCI6ZmFsc2UsImNfaWQiOm51bGwsImRfYmFja2ZpbGxfaW1hZ2VzIjpmYWxzZX0=/widget