Windows Analysis Report
2450856955_.svg

Overview

General Information

Sample name:	2450856955_.svg
Analysis ID:	1640805
MD5:	2b477830945f5e4b4f90f18f2573da0e
SHA1:	00ea95a42750c08beb60b8680e6e1fa59ebce3ea
SHA256:	940bf0763253f6cce3af8b86975de803c139d0c6adc85908518c4c9a56f6ca01
Infos:

Detection

HTMLPhisher, Invisible JS, Tycoon2FA

Score:	96
Range:	0 - 100
Confidence:	100%

Signatures

Yara detected AntiDebug via timestamp check

Yara detected HtmlPhish44

Yara detected HtmlPhish80

Yara detected Invisible JS

Yara detected Obfuscation Via HangulCharacter

Yara detected Tycoon 2FA PaaS

AI detected suspicious Javascript

Yara detected JavaScript embedded in SVG

Creates files inside the system directory

Deletes files inside the Windows folder

Detected non-DNS traffic on DNS port

HTML page contains hidden javascript code

IP address seen in connection with other malware

Classification

Signatures

Phishing

Yara detected HtmlPhish44

Source: Yara match

File source: dropped/chromecache_112, type: DROPPED

Yara detected HtmlPhish80

Source: Yara match

File source: 2450856955_.svg, type: SAMPLE

Yara detected Invisible JS

Source: Yara match	File source: 2.4.d.script.csv, type: HTML
Source: Yara match	File source: 2.0.pages.csv, type: HTML
Source: Yara match	File source: 2.1.pages.csv, type: HTML

Yara detected Obfuscation Via HangulCharacter

Source: Yara match	File source: 2.4.d.script.csv, type: HTML
Source: Yara match	File source: 2.0.pages.csv, type: HTML
Source: Yara match	File source: 2.1.pages.csv, type: HTML

Yara detected Tycoon 2FA PaaS

Source: Yara match	File source: 2.9..script.csv, type: HTML
Source: Yara match	File source: 2.5.d.script.csv, type: HTML
Source: Yara match	File source: 2.0.pages.csv, type: HTML
Source: Yara match	File source: 2.1.pages.csv, type: HTML

AI detected suspicious Javascript

Source: 2.5.d.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: anonymous function... This script demonstrates several high-risk behaviors, including detecting browser automation tools, blocking keyboard shortcuts and right-click functionality, and redirecting the user to an external website. The combination of these behaviors suggests a highly suspicious and potentially malicious script.
Source: 0.1..script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: data:application/ecmascript;base64,dHJ5IHsKICAgIGZ... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The `duruwo` function appears to be decoding a heavily encoded string, which could be used to execute malicious code or redirect the user to a suspicious domain. Additionally, the script attempts to modify the DOM and change the window location, which could be part of a phishing or malware attack. Overall, the combination of these behaviors suggests a high-risk script that should be further investigated.
Source: 2.3..script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://my_ontinet_zoneid_matias_003386_2630_envir... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The use of `atob()` and `decodeURIComponent()` to decode and execute remote code is a clear indicator of malicious intent. Additionally, the script appears to be sending data to an untrusted domain, which further increases the risk. Overall, this script exhibits a high level of suspicion and should be treated as a potential security threat.
Source: 2.4.d.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: anonymous function... This script demonstrates high-risk behaviors, including dynamic code execution through the use of `eval()` and potential data exfiltration. The obfuscated code and encoded strings further increase the risk. Overall, this script exhibits a high level of malicious intent and should be treated with caution.

Yara detected JavaScript embedded in SVG

Source: Yara match

File source: 2450856955_.svg, type: SAMPLE

HTML page contains hidden javascript code

Source: https://my_ontinet_zoneid_matias_003386_2630_environmental_tech-stack_.kvtwzs.ru/s23Rup/#3matias%40ontinet.com

HTTP Parser: Base64 decoded: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Graphic Card Web Template</title> <style> body { font-family: 'Montserrat', sa...

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1907635799\LICENSE.txt

Jump to behavior

Source: unknown	HTTPS traffic detected: 142.250.184.196:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.130.137:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.17.25.14:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.4.189:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.4.189:443 -> 192.168.2.4:49754 version: TLS 1.2

Detected non-DNS traffic on DNS port

Source: global traffic	TCP traffic: 192.168.2.4:59878 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.4:61096 -> 1.1.1.1:53

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 104.18.94.41 104.18.94.41
Source: Joe Sandbox View	IP Address: 104.21.80.1 104.21.80.1
Source: Joe Sandbox View	IP Address: 104.21.80.1 104.21.80.1
Source: Joe Sandbox View	IP Address: 151.101.130.137 151.101.130.137
Source: Joe Sandbox View	IP Address: 151.101.130.137 151.101.130.137

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 216.58.206.35
Source: unknown	TCP traffic detected without corresponding DNS query: 216.58.206.35
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.96.59
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /1j62lrLoAbFxkaOYAHFkVclgVmjGAxtUjqTZn7UiXMsoPyS3SXJOlMBsSD7X1stjQpnwbxlhMWGpEDaWPMhHnrmybr4vBLYM7YQzbOurHmTOED6xgkvaGZrBFkM08MtxV2zHyJWPfKLrXtI8SQz6837ifCv9x5XeBTGXI4Jlu1ENngh3FXmI6LFMMWKNZsGAfRXNr9WY/PwUzLXL9eNHEzHfc6kDqvZ42JspRZWGJ6Rn6zyPqfYZ3JZUCi9vRUN0mjpCFN0kWqUiTdQ8J3W2FICDZv3SKTf3aaenUJzMwXNC6YQiEVz94Fl3gVXrTJZ1cDUSuPIyBStL90NOD5Oeds2sUdx5n7DENBHM0bxtjaU7MbH4E0KdL0QRI6vD5kSXtLLPkhLeVbCNvaaKo/matias@ontinet.com HTTP/1.1Host: jgsbfomp3t.moydovv.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /s23Rup/ HTTP/1.1Host: my_ontinet_zoneid_matias_003386_2630_environmental_tech-stack_.kvtwzs.ruConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://jgsbfomp3t.moydovv.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /s23Rup/ HTTP/1.1Host: my_ontinet_zoneid_matias_003386_2630_environmental_tech-stack_.kvtwzs.ruConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://jgsbfomp3t.moydovv.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImxONWVTM2ZCeThlOUVCM3FKeEMzUmc9PSIsInZhbHVlIjoiVXE4RGZGTm8rUXFSam5mK0JFeVFsUStUYU1lM1hGa002RnhzcnZNYm5XZnpDS0ZoVkZJVmRhMVBHQm9GeGVhdHd2SkVqSC84S0gzT3RLWEtIOGdpRm5hekYxY3E4VlVtczFHVkc0QXFxU2FkM21nYXhnS1VCZ2wrNHhsSmJHanciLCJtYWMiOiIwZWE4NjQ1NmJhNjFlMjk1NWU2ZTk0YTZiZWFkY2RhMjZjMzgxZWM3OWIyMzIyZjZjNTRkYTA2ZmNhOTkwZTI5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImZtVHd3K0xEaFErQWR6cnRld1hKYXc9PSIsInZhbHVlIjoiSStLYWs3QVFtdk1BU0JNR0NJbVpORXFFZmV5NUhxamF0NjM4N1NUVVhyUnZvelZtNC9sN0FWZmROTkgzUVlTWTg1T216czVEeWFraE00RU15RzIvZ2FlNyttWjVSaVhEUHBBRStKWmJmcnFoelVqVEJMSnZORUFWeXhQMEZLNGwiLCJtYWMiOiJmMGNjODZkZjhlMGVjNTAxZWU3YmM5OWMzM2RkYjgyOWNhNGIxN2Q5ZmY1ZDllZTVkNWJjYTEwMGVlNTEwZDU5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://my_ontinet_zoneid_matias_003386_2630_environmental_tech-stack_.kvtwzs.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://my_ontinet_zoneid_matias_003386_2630_environmental_tech-stack_.kvtwzs.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://my_ontinet_zoneid_matias_003386_2630_environmental_tech-stack_.kvtwzs.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/g/f3b948d8acb8/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://my_ontinet_zoneid_matias_003386_2630_environmental_tech-stack_.kvtwzs.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.png HTTP/1.1Host: developers.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://my_ontinet_zoneid_matias_003386_2630_environmental_tech-stack_.kvtwzs.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.png HTTP/1.1Host: developers.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=SYdWBAOfp8vwyfff8HrC0bWQ_tzFPju8bVvZ54OG4dg-1742233820-1.0.1.1-RjowuA7Zy3kGqKlYjVD248pdgslc.UQF6KwZ0XUrFdLH5pmNCj0zUiSkSBtmQ85_yDh1pDYPiJreLwj5G_pN7ZuZsku0r7BY5Tq5WNmwjeA

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: jgsbfomp3t.moydovv.com
Source: global traffic	DNS traffic detected: DNS query: my_ontinet_zoneid_matias_003386_2630_environmental_tech-stack_.kvtwzs.ru
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: developers.cloudflare.com

Source: unknown

HTTP traffic detected: POST /report/v4?s=OQ450PiB7IOUNZUtJA8bYCXu2%2B06W8g6r3hwRNvDeiKjrUpJaHm31Uxm1RCOq2UZ8Zjry4uVz8h8AbUROJkobMCLd9fftNfrFgNd73pfG808RVc%2F6%2F3R8zSJDMJo HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 519Content-Type: application/reports+jsonOrigin: https://my_ontinet_zoneid_matias_003386_2630_environmental_tech-stack_.kvtwzs.ruUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://2k.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://33across.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://360yield.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://3lift.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://a-mo.net
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://acxiom.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://ad-score.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://ad-stir.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://ad.gt
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://adentifi.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://adform.net
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://adingo.jp
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://admatrix.jp
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://admission.net
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://admixer.net
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://adnami.io
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://adnxs.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://adroll.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://adsafeprotected.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://adscale.de
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://adsmeasurement.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://adsrvr.org
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://adswizz.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://adthrive.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://adtrafficquality.google
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://advividnetwork.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://aggregation-service-site-dot-clz200258-datateam-italy.ew.r.appspot.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://akpytela.cz
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://alketech.eu
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://amazon-adsystem.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://aniview.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://anonymised.io
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://apex-football.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://aphub.ai
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://appconsent.io
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://appier.net
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://appsflyer.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://appsflyersdk.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://aqfer.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://atirun.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://atomex.net
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://audience360.com.au
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://audienceproject.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://authorizedvault.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://avads.net
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://ayads.io
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://azubiyo.de
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://beaconmax.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://bidswitch.net
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://bidtheatre.net
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://blendee.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://bluems.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://boost-web.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://bounceexchange.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://bypass.jp
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://casalemedia.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://cazamba.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://cdn-net.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://clickonometrics.pl
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://connatix.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://connected-stories.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://convertunits.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://coupang.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://cpx.to
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://crcldu.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://creative-serving.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://creativecdn.com
Source: LICENSE.txt.0.dr	String found in binary or memory: https://creativecommons.org/.
Source: LICENSE.txt.0.dr	String found in binary or memory: https://creativecommons.org/compatiblelicenses
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://criteo.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://ctnsnet.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://d-edgeconnect.media
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://dabbs.net
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://dailymail.co.uk
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://dailymotion.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://daum.net
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://deepintent.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://demand.supply
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://display.io
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://disqus.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://docomo.ne.jp
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://dotdashmeredith.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://dotomi.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://doubleclick.net
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://doubleverify.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://dreammail.jp
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://dynalyst.jp
Source: LICENSE.txt.0.dr	String found in binary or memory: https://easylist.to/)
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://ebayadservices.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://ebis.ne.jp
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://edkt.io
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://elle.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://elnacional.cat
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://eloan.co.jp
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://euleriancdn.net
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://explorefledge.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://ezoic.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://fanbyte.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://fandom.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://finn.no
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://flashtalking.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://fout.jp
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://fwmrm.net
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://gama.globo
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://get3rdspace.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://getcapi.co
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://getyourguide.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://ghtinc.com
Source: LICENSE.txt.0.dr	String found in binary or memory: https://github.com/easylist)
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://globo.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://gmossp-sp.jp
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://gokwik.co
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://google-analytics.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://googleadservices.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://googlesyndication.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://grxchange.gr
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://gsspat.jp
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://gumgum.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://gunosy.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://halcy.de
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://html-load.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://i-mobile.co.jp
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://im-apps.net
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://impact-ad.jp
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://indexww.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://ingereck.net
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://inmobi.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://innovid.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://iobeya.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://jivox.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://jkforum.net
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://kargo.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://kidoz.net
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://kompaspublishing.nl
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://ladsp.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://linkedin.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://logly.co.jp
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://lucead.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://lwadm.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://mail.ru
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://media.net
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://media6degrees.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://mediaintelligence.de
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://mediamath.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://mediavine.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://metro.co.uk
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://microad.jp
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://momento.dev
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://moshimo.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://naver.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://nexxen.tech
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://nhnace.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://nodals.io
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://onet.pl
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://onetag-sys.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://open-bid.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://openx.net
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://optable.co
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://outbrain.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://paa-reporting-advertising.amazon
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://payment.goog
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://permutive.app
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://pinterest.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://postrelease.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://presage.io
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://primecaster.net
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://privacy-sandbox-demos-ad-server.dev
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://privacy-sandbox-demos-dsp-a.dev
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://privacy-sandbox-demos-dsp-b.dev
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://privacy-sandbox-demos-dsp-x.dev
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://privacy-sandbox-demos-dsp-y.dev
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://privacy-sandbox-demos-dsp.dev
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://privacy-sandbox-demos-ssp-a.dev
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://privacy-sandbox-demos-ssp-b.dev
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://privacy-sandbox-demos-ssp-x.dev
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://privacy-sandbox-demos-ssp-y.dev
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://privacy-sandbox-demos-ssp.dev
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://privacy-sandbox-test.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://privacy-sandcastle-dev-ad-server.web.app
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://privacy-sandcastle-dev-dsp-a1.web.app
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://privacy-sandcastle-dev-dsp-b1.web.app
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://privacy-sandcastle-dev-dsp-x.web.app
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://privacy-sandcastle-dev-dsp-y.web.app
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://privacy-sandcastle-dev-dsp.web.app
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://privacy-sandcastle-dev-ssp-a.web.app
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://privacy-sandcastle-dev-ssp-b.web.app
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://privacy-sandcastle-dev-ssp-x.web.app
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://privacy-sandcastle-dev-ssp-y.web.app
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://privacy-sandcastle-dev-ssp.web.app
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://ptb-msmt-static-5jyy5ulagq-uc.a.run.app
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://pub.network
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://pubmatic.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://pubtm.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://quantserve.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://quora.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://r2b2.io
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://relevant-digital.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://retargetly.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://rubiconproject.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://samplicio.us
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://sascdn.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://seedtag.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://semafor.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://sephora.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://shared-storage-demo-content-producer.web.app
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://shared-storage-demo-publisher-a.web.app
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://shared-storage-demo-publisher-b.web.app
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://shinobi.jp
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://shinystat.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://simeola.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://singular.net
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://sitescout.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://smadexprivacysandbox.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://snapchat.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://socdm.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://sportradarserving.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://stackadapt.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://storygize.net
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://superfine.org
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://t13.io
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://taboola.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://tailtarget.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://tamedia.com.tw
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://tangooserver.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://teads.tv
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://theryn.io
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://tiktok.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://tncid.app
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://toponad.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://torneos.gg
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://tpmark.net
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://tribalfusion.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://trip.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://triptease.io
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://trkkn.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://tya-dev.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://uinterbox.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://undertone.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://unrulymedia.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://uol.com.br
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://usemax.de
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://validate.audio
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://verve.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://vg.no
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://vidazoo.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://vpadn.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://washingtonpost.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://weborama-tech.ru
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://weborama.fr
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://wepowerconnections.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://worldhistory.org
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://wp.pl
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://yahoo.co.jp
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://yahoo.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://yelp.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://yieldlab.net
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://yieldmo.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://youronlinechoices.eu

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59887
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61099 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61099
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 142.250.184.196:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.130.137:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.17.25.14:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.4.189:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.4.189:443 -> 192.168.2.4:49754 version: TLS 1.2

Creates files inside the system directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\scoped_dir7908_1332870359	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1240182271	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1240182271\privacy-sandbox-attestations.dat	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1240182271\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1240182271\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1240182271\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1240182271\manifest.fingerprint	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\scoped_dir7908_1584524789	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1907635799	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1907635799\LICENSE.txt	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1907635799\Filtering Rules	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1907635799\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1907635799\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1907635799\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1907635799\manifest.fingerprint	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\scoped_dir7908_1549853901	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_871971482	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_871971482\history_search_strings_farmhashed.binarypb	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_871971482\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_871971482\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_871971482\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_871971482\manifest.fingerprint	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\scoped_dir7908_1026112281	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_954579125	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_954579125\keys.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_954579125\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_954579125\LICENSE	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_954579125\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_954579125\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_954579125\manifest.fingerprint	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\scoped_dir7908_154108385	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1343124906	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1343124906\ssl_error_assistant.pb	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1343124906\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1343124906\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1343124906\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1343124906\manifest.fingerprint	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\scoped_dir7908_193147266	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_988393040	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_988393040\crl-set	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_988393040\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_988393040\LICENSE	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_988393040\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_988393040\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_988393040\manifest.fingerprint	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\scoped_dir7908_393353710	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1746420661	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1746420661\download_file_types.pb	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1746420661\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1746420661\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1746420661\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1746420661\manifest.fingerprint	Jump to behavior

Deletes files inside the Windows folder

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir7908_1332870359

Jump to behavior

Source: classification engine

Classification label: mal96.phis.evad.winSVG@33/45@20/13

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2052,i,12485301464721545060,17313609642391752455,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2136 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\2450856955_.svg"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2052,i,12485301464721545060,17313609642391752455,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2136 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1907635799\LICENSE.txt

Jump to behavior

Malware Analysis System Evasion

Yara detected AntiDebug via timestamp check

Source: Yara match

File source: 2.5.d.script.csv, type: HTML

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.184.196	www.google.com	United States	15169	GOOGLEUS	false
104.18.94.41	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
104.21.80.1	jgsbfomp3t.moydovv.com	United States	13335	CLOUDFLARENETUS	false
151.101.130.137	code.jquery.com	United States	54113	FASTLYUS	false
188.114.97.3	my_ontinet_zoneid_matias_003386_2630_environmental_tech-stack_.kvtwzs.ru	European Union	13335	CLOUDFLARENETUS	false
104.21.96.1	unknown	United States	13335	CLOUDFLARENETUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
104.16.4.189	developers.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
104.17.25.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.16
192.168.2.7
192.168.2.4
192.168.2.5

Contacted Domains

Name	IP	Active
my_ontinet_zoneid_matias_003386_2630_environmental_tech-stack_.kvtwzs.ru	188.114.97.3	true
a.nel.cloudflare.com	35.190.80.1	true
code.jquery.com	151.101.130.137	true
developers.cloudflare.com	104.16.4.189	true
cdnjs.cloudflare.com	104.17.25.14	true
challenges.cloudflare.com	104.18.94.41	true
www.google.com	142.250.184.196	true
jgsbfomp3t.moydovv.com	104.21.80.1	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://my_ontinet_zoneid_matias_003386_2630_environmental_tech-stack_.kvtwzs.ru/s23Rup/	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/turnstile/v0/g/f3b948d8acb8/api.js	false		high
https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js	false		high
https://my_ontinet_zoneid_matias_003386_2630_environmental_tech-stack_.kvtwzs.ru/s23Rup/#3matias%40ontinet.com	false		unknown

Name	Type	MD5	SHA1	SHA256
C:\Windows\SystemTemp\chrome_BITS_7908_220010099\puffpatch_out	Google Chrome extension, version 3	95778546493345DD2E3F1E48583B371D	BCA90D6DC7E7F8E231036E0C3D185C429B09A3C6	5C635BBBB3BFC63910E29A0BE9FF5EE0990CCA2D3AAA56E4F4CD2C480C81B7DF
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1240182271\_metadata\verified_contents.json	JSON data	0F48EA696FDF31DABB72FD4A472E4A93	A24862DAB4B7146073F74165D733E8EDA45C5185	57645239B1AECD3BFF0EDF2C489A55221855D4DD690541F57129449D34DC2CE6
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1240182271\manifest.fingerprint	ASCII text, with no line terminators	ABB7EA6FFEFB13622CB47C36A07B9175	E593E3B6161F9DF88BACBEF7987BF76F3A886FD5	6AC28AE1C8DFDE9830AC0B6C6DF657731FB2C895701AFE13F5682F82C5C69137
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1240182271\manifest.json	JSON data	A6B4EE3137180CAD95E7BEFB62CBF122	FA26A56140944B21D6A1ECC7FB3EFC0D97D3EF23	A1742392406FF6DD5BFD1B2C080EB66BBD7474561A62FD8AB3CCD8300597135D
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1240182271\privacy-sandbox-attestations.dat	data	BA9EB9F524A133FEB268463CE7BE918D	B91835A18402B8652939B5A25F8DDF1DBD0418A0	5103766F23C8FE7FD12DC97F4B8671BC954943BCECFCA4842346E9F2F5FB27AD
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1343124906\_metadata\verified_contents.json	JSON data	6D1D175F88B64546105E3E7C31D1129A	75A1B56F55BB62B05365A0FDBFC7941DE77CBFAF	A0BC246E8E160A9BB32FA60F4E7A04D148A17125F426509466031E07731FDF81
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1343124906\manifest.fingerprint	ASCII text, with no line terminators	684DA5CCA8ADC8CA59CBE5B082CFE0B5	B8784E02DB81C5F846A7848455A2C6629A88BD64	F48C9D93CC216AF13BBFAD15DD5E6D1679CD35D318E664029DDF61EFC6E51A5D
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1343124906\manifest.json	JSON data	4AAA0ED8099ECC1DA778A9BC39393808	0E4A733A5AF337F101CFA6BEA5EBC153380F7B05	20B91160E2611D3159AD82857323FEBC906457756678AB73F305C3A1E399D18D
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1343124906\ssl_error_assistant.pb	data	E2F792C9E2DD86F39E8286B2EAD2FC70	8A32867614D2A23E473ED642056DED8E566687F9	AC354A4723AAA4F06BEC385DDDE4A4D0983AD51456F52B31A8068EC97D5B5EA7
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1746420661\_metadata\verified_contents.json	JSON data	DB6B5E9AD82567AC91E385C844EE48E8	A036AB1A8414849A86251A2FF9BF6710A9C9F4E7	52C7DEEAF3D58CD2DFCD83742FB8A98EA190A3D00D472A7CD7EEA5906DADC42C
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1746420661\download_file_types.pb	data	D28B6246CBA1D78930D98B7B943D4FC0	4936EBC7DBE0C2875046CAC3A4DCAA35A7434740	239557F40C6F3A18673D220534B1A34289021142DC9BA0D438A3A678333A0EC6
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1746420661\manifest.fingerprint	ASCII text, with no line terminators	0A07A8A7914A071E6811D81670554730	81F0F6EC7A80017DEBC7DA02EE490F054D3E5D3F	B60DE962335450BF4502F51F99568F5F7BF4F640F964E0B5ACCBE33C7099A919
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1746420661\manifest.json	JSON data	C08A4E8FE2334119D49CA6967C23850F	13C566B819D8E087246C80919E938EF2828B5DC4	5B01512276C45ECC43D4BFA9A912BDAF7AFC26150881F2A0119972BFFDBD8AB0
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1907635799\Filtering Rules	data	5F2E8BC6FD4937FBB0939C6773064F3E	524FAECE2A5491EF2739C2424F962C9ADF74E891	4723C6E42380C6A90A601C9BF6E4DD72136958516DE05623DC8D342B6E05F00C
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1907635799\LICENSE.txt	ASCII text, with CRLF line terminators	D33AAA5246E1CE0A94FA15BA0C407AE2	11D197ACB61361657D638154A9416DC3249EC9FB	1D4FF95CE9C6E21FE4A4FF3B41E7A0DF88638DD449D909A7B46974D3DFAB7311
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1907635799\_metadata\verified_contents.json	JSON data	B34777C83FE725443F6706F838BFCC71	FB5FAB94D7E51A04BFECD8CA892A0268A491B68B	93FCA3B0D84D2A8B73AEB4F9750EC4075D564677CA62FA9BBD976D5D5619E90C
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1907635799\manifest.fingerprint	ASCII text, with no line terminators	00336491D5151AE40C377A836A97D4E1	B66D1B09F3473DAC79E036F30C12003E1707E0A0	3D4821C7C552D1D9F0A36859C34432433A7084B27D7928011B0534215EFFD3C9
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1907635799\manifest.json	JSON data	9585CB6CAE92DF90F9FCE1091C6DA40A	FCA8BDED549311578C4623680159FFED831FC38B	337415AF627A5C520DE87843330D5B49D8041E4BCD3154B5BEC1D2A1F5EB997E
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_871971482\_metadata\verified_contents.json	JSON data	576F86C13500904B2CFF79E7EE9813BF	A448BFCB7487342E71203F696C91364A881B1A07	A6EDBEAD87C0D10CA54F31D719232D4766ECD85247C639097D68777812203BBB
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_871971482\history_search_strings_farmhashed.binarypb	data	07A6A55A8B1305A04B488B3433378A40	39249258EEA0473B37E468CCDB9C59D7B70B25B9	A30999F36D840D218ED88CD402C072824EE11D141265BB66F972317075338DFE
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_871971482\manifest.fingerprint	ASCII text, with no line terminators	226C19B7ABCCA37C5553C59906378234	8707E3D4D89E0C9103366A1553EAB54FA268D8D5	47502668458687050B5C0B7651DEF5507590571536FE77EC8B613D3EC0DBE737
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_871971482\manifest.json	JSON data	ACB265E0B9230EBC82351E2923EFC08B	1D2DA6BABC7723DFAC6E564AA1CA3C00A2F55608	B61F963ECEC53F776FBE7B5E4C8CC9DD8C7235BE24496FC18577D5836DFCB93B
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_954579125\LICENSE	ASCII text	EE002CB9E51BB8DFA89640A406A1090A	49EE3AD535947D8821FFDEB67FFC9BC37D1EBBB2	3DBD2C90050B652D63656481C3E5871C52261575292DB77D4EA63419F187A55B
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_954579125\_metadata\verified_contents.json	JSON data	28706AD42E4C615A683C2494BC0BD2AF	6B0465B3D5E85A3EA76C646BA8652C4DC0248DC0	709BBB3E3A17E2B7BBF9F4AFDCF465312695342CE4EB203DF284233EACEE086F
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_954579125\keys.json	JSON data	BEF4F9F856321C6DCCB47A61F605E823	8E60AF5B17ED70DB0505D7E1647A8BC9F7612939	FD1847DF25032C4EEF34E045BA0333F9BD3CB38C14344F1C01B48F61F0CFD5C5
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_954579125\manifest.fingerprint	ASCII text, with no line terminators	030D9E3F4502E24594ABCA380C073974	AE068D4F8C668477DD8F4BC2892F09D0802130E0	FD86A9E808BCC78B926C111633615D9A807D60A20CE2BAC7360915336ABB738F
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_954579125\manifest.json	JSON data	7F4B594A35D631AF0E37FEA02DF71E72	F7BC71621EA0C176CA1AB0A3C9FE52DBCA116F57	530882D7F535AE57A4906CA735B119C9E36480CBB780C7E8AD37C9C8FDF3D9B1
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_988393040\LICENSE	ASCII text	EE002CB9E51BB8DFA89640A406A1090A	49EE3AD535947D8821FFDEB67FFC9BC37D1EBBB2	3DBD2C90050B652D63656481C3E5871C52261575292DB77D4EA63419F187A55B
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_988393040\_metadata\verified_contents.json	JSON data	E97A52709A090D59B37CFE9428619C12	735B7E2E8537FE109E816E1C7FD8F73A9DC50455	95E9BB16C5779E49D0C69EA6C7A21A6BD0A51C0383897BDD92FD36D0C7D84B85
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_988393040\crl-set	data	42D706B35C1A4A547665FFD6FCBB4612	F3F3DEB1B85E4BCAA4AC86464C4A01CCA42E5FCE	EA1A2AC88328584C0B7848753A63500E8864E55D3E3B901BC2459B40DCCD764E
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_988393040\manifest.fingerprint	ASCII text, with no line terminators	A1E9FDEA2693FE0ED92291BD74FD1415	8D8D9E6B7FAD923283E93A0DAD45098D4CB06D16	73AE6C79A1922B35D8FBBEEEC80DAF77F7449187504F3F2E86C053BEED930C8C
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_988393040\manifest.json	JSON data	6CDB7C99D5F1582AB2C3395F76785CB3	03C21099D54CE2E6860394E59CB3AC87BCA76EEA	6ADDB89FDFABB1552B16196144A0D1924EFCBE5FBA78043263CB6A6010058CE6
Chrome Cache Entry: 106	ASCII text, with very long lines (48316), with no line terminators	2CA03AD87885AB983541092B87ADB299	1A17F60BF776A8C468A185C1E8E985C41A50DC27	8E3B0117F4DF4BE452C0B6AF5B8F0A0ACF9D4ADE23D08D55D7E312AF22077762
Chrome Cache Entry: 107	HTML document, ASCII text, with CRLF line terminators	5875F7B344E438D3833FEE8CC1A34B41	785573F9FD3304B8E28BB815346C772335034A7E	6D6198488A73BE0A56C5814748FADECF517AC662919CA1CA20B629FB62E0A126
Chrome Cache Entry: 108	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	FC3B7BBE7970F47579127561139060E2	3F7C5783FE1F4404CB16304A5A274778EA3ABD25	85E6223AFDBD5BADF2C79BCFBAA6FE686ACAA781ECA52C196647FFABB3BE2FFE
Chrome Cache Entry: 109	ASCII text, with very long lines (65447)	8FB8FEE4FCC3CC86FF6C724154C49C42	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
Chrome Cache Entry: 110	ASCII text, with very long lines (48238)	184E29DE57C67BC329C650F294847C16	961208535893142386BA3EFE1444B4F8A90282C3	DD03BA1DD6D73643A8ED55F4CEBC059D673046975D106D26D245326178C2EB9D
Chrome Cache Entry: 111	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	FC3B7BBE7970F47579127561139060E2	3F7C5783FE1F4404CB16304A5A274778EA3ABD25	85E6223AFDBD5BADF2C79BCFBAA6FE686ACAA781ECA52C196647FFABB3BE2FFE
Chrome Cache Entry: 112	HTML document, ASCII text, with very long lines (65368)	A1B52D66B2F1A26D919893AB2FA171EC	EF4AF38BD5A5CAE635DEB84EE1BCED17DE9E8072	7E34B5FD86E57432B5AA0A3BB2AC3C5BB8657960ABEEEE80C17251657373C7C7

Phishing

Yara detected HtmlPhish44

Source: Yara match

File source: dropped/chromecache_112, type: DROPPED

Yara detected HtmlPhish80

Source: Yara match

File source: 2450856955_.svg, type: SAMPLE

Yara detected Invisible JS

Source: Yara match	File source: 2.4.d.script.csv, type: HTML
Source: Yara match	File source: 2.0.pages.csv, type: HTML
Source: Yara match	File source: 2.1.pages.csv, type: HTML

Yara detected Obfuscation Via HangulCharacter

Source: Yara match	File source: 2.4.d.script.csv, type: HTML
Source: Yara match	File source: 2.0.pages.csv, type: HTML
Source: Yara match	File source: 2.1.pages.csv, type: HTML

Yara detected Tycoon 2FA PaaS

Source: Yara match	File source: 2.9..script.csv, type: HTML
Source: Yara match	File source: 2.5.d.script.csv, type: HTML
Source: Yara match	File source: 2.0.pages.csv, type: HTML
Source: Yara match	File source: 2.1.pages.csv, type: HTML

AI detected suspicious Javascript

Source: 2.5.d.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: anonymous function... This script demonstrates several high-risk behaviors, including detecting browser automation tools, blocking keyboard shortcuts and right-click functionality, and redirecting the user to an external website. The combination of these behaviors suggests a highly suspicious and potentially malicious script.
Source: 0.1..script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: data:application/ecmascript;base64,dHJ5IHsKICAgIGZ... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The `duruwo` function appears to be decoding a heavily encoded string, which could be used to execute malicious code or redirect the user to a suspicious domain. Additionally, the script attempts to modify the DOM and change the window location, which could be part of a phishing or malware attack. Overall, the combination of these behaviors suggests a high-risk script that should be further investigated.
Source: 2.3..script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://my_ontinet_zoneid_matias_003386_2630_envir... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The use of `atob()` and `decodeURIComponent()` to decode and execute remote code is a clear indicator of malicious intent. Additionally, the script appears to be sending data to an untrusted domain, which further increases the risk. Overall, this script exhibits a high level of suspicion and should be treated as a potential security threat.
Source: 2.4.d.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: anonymous function... This script demonstrates high-risk behaviors, including dynamic code execution through the use of `eval()` and potential data exfiltration. The obfuscated code and encoded strings further increase the risk. Overall, this script exhibits a high level of malicious intent and should be treated with caution.

Yara detected JavaScript embedded in SVG

Source: Yara match

File source: 2450856955_.svg, type: SAMPLE

HTML page contains hidden javascript code

Source: https://my_ontinet_zoneid_matias_003386_2630_environmental_tech-stack_.kvtwzs.ru/s23Rup/#3matias%40ontinet.com

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1907635799\LICENSE.txt

Jump to behavior

Source: unknown	HTTPS traffic detected: 142.250.184.196:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.130.137:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.17.25.14:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.4.189:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.4.189:443 -> 192.168.2.4:49754 version: TLS 1.2

Detected non-DNS traffic on DNS port

Source: global traffic	TCP traffic: 192.168.2.4:59878 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.4:61096 -> 1.1.1.1:53

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 104.18.94.41 104.18.94.41
Source: Joe Sandbox View	IP Address: 104.21.80.1 104.21.80.1
Source: Joe Sandbox View	IP Address: 104.21.80.1 104.21.80.1
Source: Joe Sandbox View	IP Address: 151.101.130.137 151.101.130.137
Source: Joe Sandbox View	IP Address: 151.101.130.137 151.101.130.137

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 216.58.206.35
Source: unknown	TCP traffic detected without corresponding DNS query: 216.58.206.35
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.96.59
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /1j62lrLoAbFxkaOYAHFkVclgVmjGAxtUjqTZn7UiXMsoPyS3SXJOlMBsSD7X1stjQpnwbxlhMWGpEDaWPMhHnrmybr4vBLYM7YQzbOurHmTOED6xgkvaGZrBFkM08MtxV2zHyJWPfKLrXtI8SQz6837ifCv9x5XeBTGXI4Jlu1ENngh3FXmI6LFMMWKNZsGAfRXNr9WY/PwUzLXL9eNHEzHfc6kDqvZ42JspRZWGJ6Rn6zyPqfYZ3JZUCi9vRUN0mjpCFN0kWqUiTdQ8J3W2FICDZv3SKTf3aaenUJzMwXNC6YQiEVz94Fl3gVXrTJZ1cDUSuPIyBStL90NOD5Oeds2sUdx5n7DENBHM0bxtjaU7MbH4E0KdL0QRI6vD5kSXtLLPkhLeVbCNvaaKo/matias@ontinet.com HTTP/1.1Host: jgsbfomp3t.moydovv.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /s23Rup/ HTTP/1.1Host: my_ontinet_zoneid_matias_003386_2630_environmental_tech-stack_.kvtwzs.ruConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://jgsbfomp3t.moydovv.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /s23Rup/ HTTP/1.1Host: my_ontinet_zoneid_matias_003386_2630_environmental_tech-stack_.kvtwzs.ruConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://jgsbfomp3t.moydovv.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImxONWVTM2ZCeThlOUVCM3FKeEMzUmc9PSIsInZhbHVlIjoiVXE4RGZGTm8rUXFSam5mK0JFeVFsUStUYU1lM1hGa002RnhzcnZNYm5XZnpDS0ZoVkZJVmRhMVBHQm9GeGVhdHd2SkVqSC84S0gzT3RLWEtIOGdpRm5hekYxY3E4VlVtczFHVkc0QXFxU2FkM21nYXhnS1VCZ2wrNHhsSmJHanciLCJtYWMiOiIwZWE4NjQ1NmJhNjFlMjk1NWU2ZTk0YTZiZWFkY2RhMjZjMzgxZWM3OWIyMzIyZjZjNTRkYTA2ZmNhOTkwZTI5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImZtVHd3K0xEaFErQWR6cnRld1hKYXc9PSIsInZhbHVlIjoiSStLYWs3QVFtdk1BU0JNR0NJbVpORXFFZmV5NUhxamF0NjM4N1NUVVhyUnZvelZtNC9sN0FWZmROTkgzUVlTWTg1T216czVEeWFraE00RU15RzIvZ2FlNyttWjVSaVhEUHBBRStKWmJmcnFoelVqVEJMSnZORUFWeXhQMEZLNGwiLCJtYWMiOiJmMGNjODZkZjhlMGVjNTAxZWU3YmM5OWMzM2RkYjgyOWNhNGIxN2Q5ZmY1ZDllZTVkNWJjYTEwMGVlNTEwZDU5IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://my_ontinet_zoneid_matias_003386_2630_environmental_tech-stack_.kvtwzs.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://my_ontinet_zoneid_matias_003386_2630_environmental_tech-stack_.kvtwzs.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://my_ontinet_zoneid_matias_003386_2630_environmental_tech-stack_.kvtwzs.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/g/f3b948d8acb8/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://my_ontinet_zoneid_matias_003386_2630_environmental_tech-stack_.kvtwzs.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.png HTTP/1.1Host: developers.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://my_ontinet_zoneid_matias_003386_2630_environmental_tech-stack_.kvtwzs.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.png HTTP/1.1Host: developers.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=SYdWBAOfp8vwyfff8HrC0bWQ_tzFPju8bVvZ54OG4dg-1742233820-1.0.1.1-RjowuA7Zy3kGqKlYjVD248pdgslc.UQF6KwZ0XUrFdLH5pmNCj0zUiSkSBtmQ85_yDh1pDYPiJreLwj5G_pN7ZuZsku0r7BY5Tq5WNmwjeA

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: jgsbfomp3t.moydovv.com
Source: global traffic	DNS traffic detected: DNS query: my_ontinet_zoneid_matias_003386_2630_environmental_tech-stack_.kvtwzs.ru
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: developers.cloudflare.com

Source: unknown

Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://2k.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://33across.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://360yield.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://3lift.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://a-mo.net
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://acxiom.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://ad-score.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://ad-stir.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://ad.gt
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://adentifi.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://adform.net
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://adingo.jp
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://admatrix.jp
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://admission.net
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://admixer.net
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://adnami.io
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://adnxs.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://adroll.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://adsafeprotected.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://adscale.de
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://adsmeasurement.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://adsrvr.org
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://adswizz.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://adthrive.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://adtrafficquality.google
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://advividnetwork.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://aggregation-service-site-dot-clz200258-datateam-italy.ew.r.appspot.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://akpytela.cz
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://alketech.eu
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://amazon-adsystem.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://aniview.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://anonymised.io
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://apex-football.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://aphub.ai
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://appconsent.io
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://appier.net
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://appsflyer.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://appsflyersdk.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://aqfer.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://atirun.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://atomex.net
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://audience360.com.au
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://audienceproject.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://authorizedvault.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://avads.net
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://ayads.io
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://azubiyo.de
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://beaconmax.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://bidswitch.net
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://bidtheatre.net
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://blendee.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://bluems.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://boost-web.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://bounceexchange.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://bypass.jp
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://casalemedia.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://cazamba.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://cdn-net.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://clickonometrics.pl
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://connatix.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://connected-stories.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://convertunits.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://coupang.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://cpx.to
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://crcldu.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://creative-serving.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://creativecdn.com
Source: LICENSE.txt.0.dr	String found in binary or memory: https://creativecommons.org/.
Source: LICENSE.txt.0.dr	String found in binary or memory: https://creativecommons.org/compatiblelicenses
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://criteo.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://ctnsnet.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://d-edgeconnect.media
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://dabbs.net
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://dailymail.co.uk
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://dailymotion.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://daum.net
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://deepintent.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://demand.supply
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://display.io
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://disqus.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://docomo.ne.jp
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://dotdashmeredith.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://dotomi.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://doubleclick.net
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://doubleverify.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://dreammail.jp
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://dynalyst.jp
Source: LICENSE.txt.0.dr	String found in binary or memory: https://easylist.to/)
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://ebayadservices.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://ebis.ne.jp
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://edkt.io
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://elle.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://elnacional.cat
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://eloan.co.jp
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://euleriancdn.net
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://explorefledge.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://ezoic.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://fanbyte.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://fandom.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://finn.no
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://flashtalking.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://fout.jp
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://fwmrm.net
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://gama.globo
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://get3rdspace.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://getcapi.co
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://getyourguide.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://ghtinc.com
Source: LICENSE.txt.0.dr	String found in binary or memory: https://github.com/easylist)
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://globo.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://gmossp-sp.jp
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://gokwik.co
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://google-analytics.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://googleadservices.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://googlesyndication.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://grxchange.gr
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://gsspat.jp
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://gumgum.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://gunosy.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://halcy.de
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://html-load.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://i-mobile.co.jp
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://im-apps.net
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://impact-ad.jp
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://indexww.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://ingereck.net
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://inmobi.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://innovid.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://iobeya.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://jivox.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://jkforum.net
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://kargo.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://kidoz.net
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://kompaspublishing.nl
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://ladsp.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://linkedin.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://logly.co.jp
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://lucead.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://lwadm.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://mail.ru
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://media.net
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://media6degrees.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://mediaintelligence.de
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://mediamath.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://mediavine.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://metro.co.uk
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://microad.jp
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://momento.dev
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://moshimo.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://naver.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://nexxen.tech
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://nhnace.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://nodals.io
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://onet.pl
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://onetag-sys.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://open-bid.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://openx.net
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://optable.co
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://outbrain.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://paa-reporting-advertising.amazon
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://payment.goog
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://permutive.app
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://pinterest.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://postrelease.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://presage.io
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://primecaster.net
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://privacy-sandbox-demos-ad-server.dev
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://privacy-sandbox-demos-dsp-a.dev
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://privacy-sandbox-demos-dsp-b.dev
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://privacy-sandbox-demos-dsp-x.dev
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://privacy-sandbox-demos-dsp-y.dev
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://privacy-sandbox-demos-dsp.dev
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://privacy-sandbox-demos-ssp-a.dev
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://privacy-sandbox-demos-ssp-b.dev
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://privacy-sandbox-demos-ssp-x.dev
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://privacy-sandbox-demos-ssp-y.dev
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://privacy-sandbox-demos-ssp.dev
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://privacy-sandbox-test.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://privacy-sandcastle-dev-ad-server.web.app
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://privacy-sandcastle-dev-dsp-a1.web.app
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://privacy-sandcastle-dev-dsp-b1.web.app
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://privacy-sandcastle-dev-dsp-x.web.app
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://privacy-sandcastle-dev-dsp-y.web.app
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://privacy-sandcastle-dev-dsp.web.app
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://privacy-sandcastle-dev-ssp-a.web.app
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://privacy-sandcastle-dev-ssp-b.web.app
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://privacy-sandcastle-dev-ssp-x.web.app
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://privacy-sandcastle-dev-ssp-y.web.app
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://privacy-sandcastle-dev-ssp.web.app
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://ptb-msmt-static-5jyy5ulagq-uc.a.run.app
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://pub.network
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://pubmatic.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://pubtm.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://quantserve.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://quora.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://r2b2.io
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://relevant-digital.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://retargetly.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://rubiconproject.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://samplicio.us
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://sascdn.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://seedtag.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://semafor.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://sephora.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://shared-storage-demo-content-producer.web.app
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://shared-storage-demo-publisher-a.web.app
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://shared-storage-demo-publisher-b.web.app
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://shinobi.jp
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://shinystat.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://simeola.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://singular.net
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://sitescout.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://smadexprivacysandbox.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://snapchat.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://socdm.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://sportradarserving.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://stackadapt.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://storygize.net
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://superfine.org
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://t13.io
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://taboola.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://tailtarget.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://tamedia.com.tw
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://tangooserver.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://teads.tv
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://theryn.io
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://tiktok.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://tncid.app
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://toponad.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://torneos.gg
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://tpmark.net
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://tribalfusion.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://trip.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://triptease.io
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://trkkn.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://tya-dev.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://uinterbox.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://undertone.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://unrulymedia.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://uol.com.br
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://usemax.de
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://validate.audio
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://verve.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://vg.no
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://vidazoo.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://vpadn.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://washingtonpost.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://weborama-tech.ru
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://weborama.fr
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://wepowerconnections.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://worldhistory.org
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://wp.pl
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://yahoo.co.jp
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://yahoo.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://yelp.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://yieldlab.net
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://yieldmo.com
Source: privacy-sandbox-attestations.dat.0.dr	String found in binary or memory: https://youronlinechoices.eu

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59887
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61099 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61099
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 142.250.184.196:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.130.137:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.17.25.14:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.4.189:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.4.189:443 -> 192.168.2.4:49754 version: TLS 1.2

Creates files inside the system directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\scoped_dir7908_1332870359	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1240182271	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1240182271\privacy-sandbox-attestations.dat	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1240182271\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1240182271\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1240182271\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1240182271\manifest.fingerprint	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\scoped_dir7908_1584524789	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1907635799	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1907635799\LICENSE.txt	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1907635799\Filtering Rules	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1907635799\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1907635799\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1907635799\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1907635799\manifest.fingerprint	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\scoped_dir7908_1549853901	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_871971482	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_871971482\history_search_strings_farmhashed.binarypb	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_871971482\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_871971482\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_871971482\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_871971482\manifest.fingerprint	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\scoped_dir7908_1026112281	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_954579125	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_954579125\keys.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_954579125\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_954579125\LICENSE	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_954579125\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_954579125\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_954579125\manifest.fingerprint	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\scoped_dir7908_154108385	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1343124906	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1343124906\ssl_error_assistant.pb	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1343124906\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1343124906\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1343124906\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1343124906\manifest.fingerprint	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\scoped_dir7908_193147266	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_988393040	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_988393040\crl-set	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_988393040\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_988393040\LICENSE	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_988393040\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_988393040\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_988393040\manifest.fingerprint	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\scoped_dir7908_393353710	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1746420661	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1746420661\download_file_types.pb	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1746420661\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1746420661\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1746420661\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1746420661\manifest.fingerprint	Jump to behavior

Deletes files inside the Windows folder

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir7908_1332870359

Jump to behavior

Source: classification engine

Classification label: mal96.phis.evad.winSVG@33/45@20/13

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2052,i,12485301464721545060,17313609642391752455,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2136 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\2450856955_.svg"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2052,i,12485301464721545060,17313609642391752455,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2136 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7908_1907635799\LICENSE.txt

Jump to behavior

Malware Analysis System Evasion

Yara detected AntiDebug via timestamp check

Source: Yara match

File source: 2.5.d.script.csv, type: HTML

ID:	1640805
Product:	CloudBasic
Start time:	18:49:12
Start date:	17.03.2025
Sample:	2450856955_.svg
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	2b477830945f5e4b4f90f18f2573da0e
SHA1:	00ea95a42750c08beb60b8680e6e1fa59ebce3ea
SHA256:	940bf0763253f6cce3af8b86975de803c139d0c6adc85908518c4c9a56f6ca01

Windows Analysis Report
2450856955_.svg

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Persistence and Installation Behavior

Malware Analysis System Evasion

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report 2450856955_.svg

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Persistence and Installation Behavior

Malware Analysis System Evasion

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
2450856955_.svg