Loading ...

Play interactive tourEdit tour

Analysis Report https://offer.kou.pn/viewer/?property_code=millercoors_CoorsLightAmericaCouldUseABeer#!/ageGate?redirectTo=%2Fdesktop

Overview

General Information

Sample URL:https://offer.kou.pn/viewer/?property_code=millercoors_CoorsLightAmericaCouldUseABeer#!/ageGate?redirectTo=%2Fdesktop

Most interesting Screenshot:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

No high impact signatures.

Classification

Startup

  • System is w10x64
  • iexplore.exe (PID: 1628 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
    • iexplore.exe (PID: 5028 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1628 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

Source: global trafficHTTP traffic detected: GET /en/privacy HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: molsoncoors.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /en/privacy HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: www.molsoncoors.com
Source: privacy-policy[1].htm.2.drString found in binary or memory: <div class="field field--name-body field--type-text-with-summary field--label-hidden field--item"><p><a aria-label="MillerCoors Facebook page external link" href="https://www.facebook.com/molsoncoors" target="_blank"><i aria-hidden="" class="fa fa-facebook-official"> equals www.facebook.com (Facebook)
Source: viewer[1].htm.2.drString found in binary or memory: <script src="https://www.youtube.com/iframe_api"></script> equals www.youtube.com (Youtube)
Source: offerviewer[1].css.2.drString found in binary or memory: /* Hack to show YouTube iframe with responsive height https://www.h3xed.com/web-development/how-to-make-a-responsive-100-width-youtube-iframe-embed */ } equals www.youtube.com (Youtube)
Source: mixpanel-2-latest.min[1].js.2.drString found in binary or memory: "postMessage"in window;a.ba=a.eb;var b=a.eb.match(/(?:youtube(?:-nocookie)?\.com\/(?:[^/]+\/.+\/|(?:v|e(?:mbed)?)\/|.*[?&]v=)|youtu\.be\/)([^"&?/ ]{11})/i),c=a.eb.match(/vimeo\.com\/.*?(\d+)/i);if(b){if(a.fa=p,a.rd=b[1],a.sd)window.onYouTubeIframeAPIReady=function(){a.k("video-frame")&&a.lc()},b=document.createElement("script"),b.src=a.Ya+"www.youtube.com/iframe_api",c=document.getElementsByTagName("script")[0],c.parentNode.insertBefore(b,c)}else if(c)a.fa=p,a.pd=c[1];if(a.Z("ie",7)||a.Z("firefox", equals www.youtube.com (Youtube)
Source: www-widgetapi[1].js.2.drString found in binary or memory: ;function Y(a,b,c){this.m=this.f=this.g=null;this.l=wa(this);this.h=0;this.A=!1;this.u=[];this.i=null;this.S=c;this.U={};c=document;if(a="string"===typeof a?c.getElementById(a):a)if(c="iframe"==a.tagName.toLowerCase(),b.host||(b.host=c?Ab(a.src):"https://www.youtube.com"),this.g=new gd(b),c||(b=re(this,a),this.m=a,(c=a.parentNode)&&c.replaceChild(b,a),a=b),this.f=a,this.f.id||(this.f.id="widget"+wa(this.f)),ad[this.f.id]=this,window.postMessage){this.i=new M;se(this);b=T(this.g,"events");for(var d in b)b.hasOwnProperty(d)&& equals www.youtube.com (Youtube)
Source: privacy-policy[1].htm.2.drString found in binary or memory: </i> </a> <a aria-label="MillerCoors LinkedIn page external link" href="https://www.linkedin.com/company/molson-coors" target="_blank"> <i aria-hidden="" class="fa fa-linkedin"> equals www.linkedin.com (Linkedin)
Source: privacy-policy[1].htm.2.drString found in binary or memory: </i> </a> <a aria-label="MillerCoors Twitter page external link" href="https://www.twitter.com/molsoncoors" target="_blank"> <i aria-hidden="" class="fa fa-twitter"> equals www.twitter.com (Twitter)
Source: msapplication.xml0.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x0ec2622f,0x01d63113</date><accdate>0x0ec2622f,0x01d63113</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x0ec2622f,0x01d63113</date><accdate>0x0ec2622f,0x01d63113</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x0ecf0b1a,0x01d63113</date><accdate>0x0ecf0b1a,0x01d63113</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x0ecf0b1a,0x01d63113</date><accdate>0x0ecf0b1a,0x01d63113</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x0ed1ba05,0x01d63113</date><accdate>0x0ed1ba05,0x01d63113</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x0ed1ba05,0x01d63113</date><accdate>0x0ed1ba05,0x01d63113</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: mixpanel-2-latest.min[1].js.2.drString found in binary or memory: a+'<a id="button-link" href="'+this.ba+'">'+this.de+"</a>"+d+"</div></div></div>"}this.rd?(b=this.Ya+"www.youtube.com/embed/"+this.rd+"?wmode=transparent&showinfo=0&modestbranding=0&rel=0&autoplay=1&loop=0&vq=hd1080",this.sd&&(b+="&enablejsapi=1&html5=1&controls=0",c='<div id="video-controls"><div id="video-progress" class="video-progress-el"><div id="video-progress-total" class="video-progress-el"></div><div id="video-elapsed" class="video-progress-el"></div></div><div id="video-time" class="video-progress-el"></div></div>')): equals www.youtube.com (Youtube)
Source: iframe_api[1].js.2.drString found in binary or memory: if (!window['YT']) {var YT = {loading: 0,loaded: 0};}if (!window['YTConfig']) {var YTConfig = {'host': 'http://www.youtube.com'};}if (!YT.loading) {YT.loading = 1;(function(){var l = [];YT.ready = function(f) {if (YT.loaded) {f();} else {l.push(f);}};window.onYTReady = function() {YT.loaded = 1;for (var i = 0; i < l.length; i++) {try {l[i]();} catch (e) {}}};YT.setConfig = function(c) {for (var k in c) {if (c.hasOwnProperty(k)) {YTConfig[k] = c[k];}}};var a = document.createElement('script');a.type = 'text/javascript';a.id = 'www-widgetapi-script';a.src = 'https://s.ytimg.com/yts/jsbin/www-widgetapi-vflcS5aan/www-widgetapi.js';a.async = true;var c = document.currentScript;if (c) {var n = c.nonce || c.getAttribute('nonce');if (n) {a.setAttribute('nonce', n);}}var b = document.getElementsByTagName('script')[0];b.parentNode.insertBefore(a, b);})();} equals www.youtube.com (Youtube)
Source: privacy-policy[1].htm.2.drString found in binary or memory: s Data Policy, located at <a href="https://www.facebook.com/full_data_use_policy" target="_blank">https://www.facebook.com/full_data_use_policy</a>. As a result, we cannot be responsible for any use of your information or content by a third party social network, which you use at your own risk.</p> equals www.facebook.com (Facebook)
Source: unknownDNS traffic detected: queries for: offer.kou.pn
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://blog.alexmaccaw.com/css-transitions
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://brm.io/jquery-match-height/
Source: viewer[1].htm.2.drString found in binary or memory: http://cdn.appdynamics.com
Source: adrum-ext.5f3ed04179a28c18e6b99b8ebb7abf59[1].js.2.drString found in binary or memory: http://code.google.com/p/episodes/
Source: viewer[1].htm.2.drString found in binary or memory: http://col.eum-appdynamics.com
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://developer.ean.com/general_info/Valid_Credit_Card_Types
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://docs.jquery.com/Plugins/Validation/Methods/accept
Source: fontawesome-webfont[1].eot.2.drString found in binary or memory: http://fontawesome.io
Source: fontawesome-webfont[1].eot.2.drString found in binary or memory: http://fontawesome.io/license/
Source: fontawesome-webfont[1].eot.2.drString found in binary or memory: http://fontawesome.iohttp://fontawesome.iohttp://fontawesome.io/license/http://fontawesome.io/licens
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://getbootstrap.com)
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://getbootstrap.com/javascript/#affix
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://getbootstrap.com/javascript/#alerts
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://getbootstrap.com/javascript/#buttons
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://getbootstrap.com/javascript/#carousel
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://getbootstrap.com/javascript/#collapse
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://getbootstrap.com/javascript/#dropdowns
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://getbootstrap.com/javascript/#modals
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://getbootstrap.com/javascript/#popovers
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://getbootstrap.com/javascript/#scrollspy
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://getbootstrap.com/javascript/#tabs
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://getbootstrap.com/javascript/#tooltip
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://getbootstrap.com/javascript/#transitions
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://github.com/robloach/jquery-once
Source: privacy-policy[1].htm.2.drString found in binary or memory: http://ir.molsoncoors.com/news/default.aspx
Source: av[1].htm.2.dr, responsibly-refreshing[1].htm.2.drString found in binary or memory: http://ir.molsoncoors.com/overview/default.aspx
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://jqueryboilerplate.com
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://jqueryvalidation.org/
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://jqueryvalidation.org/Validator.element/
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://jqueryvalidation.org/Validator.form/
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://jqueryvalidation.org/Validator.resetForm/
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://jqueryvalidation.org/Validator.showErrors/
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://jqueryvalidation.org/blank-selector/
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://jqueryvalidation.org/creditcard-method/
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://jqueryvalidation.org/date-method/
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://jqueryvalidation.org/dateISO-method/
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://jqueryvalidation.org/digits-method/
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://jqueryvalidation.org/email-method/
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://jqueryvalidation.org/equalTo-method/
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://jqueryvalidation.org/filled-selector/
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://jqueryvalidation.org/jQuery.validator.addMethod/
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://jqueryvalidation.org/jQuery.validator.format/
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://jqueryvalidation.org/jQuery.validator.setDefaults/
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://jqueryvalidation.org/max-method/
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://jqueryvalidation.org/maxlength-method/
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://jqueryvalidation.org/min-method/
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://jqueryvalidation.org/minlength-method/
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://jqueryvalidation.org/number-method/
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://jqueryvalidation.org/range-method/
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://jqueryvalidation.org/rangelength-method/
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://jqueryvalidation.org/remote-method/
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://jqueryvalidation.org/required-method/
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://jqueryvalidation.org/rules/
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://jqueryvalidation.org/unchecked-selector/
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://jqueryvalidation.org/url-method/
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://jqueryvalidation.org/valid/
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://jqueryvalidation.org/validate/
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://jsapi.info/jquery/1.7.1/val#L2363
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://jsperf.com/dataset-vs-jquery-data/4
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://locutus.io/php/strings/strip_tags/
Source: mixpanel-2-latest.min[1].js.2.drString found in binary or memory: http://mixpanel.com?from=inapp
Source: viewer[1].htm.2.drString found in binary or memory: http://molsoncoors.com/en/privacy
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://mths.be/placeholder
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://opensource.org/licenses/GPL-2.0
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://opensource.org/licenses/MIT
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://projects.scottsplayground.com/iri/
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://stackoverflow.com/a/3923320/94656
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://underscorejs.org
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://wicky.nillia.ms/enquire.js
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://www.aa-asterisk.org.uk/index.php/Regular_Expressions_for_Validating_and_Formatting_GB_Telepho
Source: privacy-policy[1].htm.2.drString found in binary or memory: http://www.aboutads.info/choices/
Source: privacy-policy[1].htm.2.drString found in binary or memory: http://www.allaboutcookies.org/
Source: msapplication.xml.1.drString found in binary or memory: http://www.amazon.com/
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.dr, adrum-ext.5f3ed04179a28c18e6b99b8ebb7abf59[1].js.2.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: privacy-policy[1].htm.2.drString found in binary or memory: http://www.gib.ca/tours-tastings/
Source: msapplication.xml1.1.drString found in binary or memory: http://www.google.com/
Source: privacy-policy[1].htm.2.drString found in binary or memory: http://www.google.com/safetycenter/tools/#manage-your-ads-preferences
Source: msapplication.xml2.1.drString found in binary or memory: http://www.live.com/
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://www.modernizr.com/)
Source: privacy[1].htm.2.drString found in binary or memory: http://www.molsoncoors.com/en/privacy
Source: app[1].js.2.drString found in binary or memory: http://www.molsoncoors.com/en/sustainability/responsibly-refreshing
Source: privacy-policy[1].htm.2.drString found in binary or memory: http://www.networkadvertising.org/choices/
Source: msapplication.xml3.1.drString found in binary or memory: http://www.nytimes.com/
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: msapplication.xml4.1.drString found in binary or memory: http://www.reddit.com/
Source: msapplication.xml5.1.drString found in binary or memory: http://www.twitter.com/
Source: Responsible%20Marketing[1].jpg.2.drString found in binary or memory: http://www.webdam.com
Source: Responsible%20Marketing[1].jpg.2.drString found in binary or memory: http://www.webdam.com2015:11:13
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: http://www.whatwg.org/specs/web-apps/current-work/multipage/states-of-the-type-attribute.html#e-mail
Source: msapplication.xml6.1.drString found in binary or memory: http://www.wikipedia.com/
Source: iframe_api[1].js.2.drString found in binary or memory: http://www.youtube.com
Source: msapplication.xml7.1.drString found in binary or memory: http://www.youtube.com/
Source: mixpanel-2-latest.min[1].js.2.drString found in binary or memory: https://api-js.mixpanel.com
Source: launch-2870b3a18ea9.min[1].js.2.drString found in binary or memory: https://assets.adobedtm.com/284fab1c816f/1a92847956c5/launch-2870b3a18ea9.js
Source: AppMeasurement.min[1].js.2.drString found in binary or memory: https://assets.adobedtm.com/extensions/EP308220a2a4c4403f97fc1960100db40f/AppMeasurement.js
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: https://avbypass2.millercoors.com/av/gate/?url=
Source: viewer[1].htm.2.drString found in binary or memory: https://cdn.appdynamics.com
Source: viewer[1].htm.2.drString found in binary or memory: https://cdn.appdynamics.com/adrum-xd.5f3ed04179a28c18e6b99b8ebb7abf59.html
Source: mixpanel-2-latest.min[1].js.2.drString found in binary or memory: https://cdn.mxpnl.com
Source: viewer[1].htm.2.drString found in binary or memory: https://cdn.mxpnl.com/libs/mixpanel-2-latest.min.js
Source: viewer[1].htm.2.drString found in binary or memory: https://col.eum-appdynamics.com
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://creemoresprings.com/en/index#thetour
Source: www-widgetapi[1].js.2.drString found in binary or memory: https://developers.google.com/youtube/iframe_api_reference#Events
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://en.pernstejn.cz/brewery/tours/
Source: app[1].js.2.drString found in binary or memory: https://f.fontdeck.com/s/css/js/
Source: viewer[1].htm.2.drString found in binary or memory: https://fonts.googleapis.com/css?family=Montserrat
Source: css[2].css.2.drString found in binary or memory: https://fonts.gstatic.com/s/montserrat/v14/JTURjIg1_i6t8kCHKm45_cJD3gnD-A.woff)
Source: css[2].css.2.drString found in binary or memory: https://fonts.gstatic.com/s/montserrat/v14/JTURjIg1_i6t8kCHKm45_dJE3gnD-A.woff)
Source: css[2].css.2.drString found in binary or memory: https://fonts.gstatic.com/s/montserrat/v14/JTURjIg1_i6t8kCHKm45_epG3gnD-A.woff)
Source: css[2].css.2.drString found in binary or memory: https://fonts.gstatic.com/s/montserrat/v14/JTUSjIg1_i6t8kCHKm459WlhzQ.woff)
Source: css[1].css.2.drString found in binary or memory: https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UN7rgOUuhv.woff)
Source: css[1].css.2.drString found in binary or memory: https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UN_r8OUuhv.woff)
Source: css[1].css.2.drString found in binary or memory: https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UNirkOUuhv.woff)
Source: css[1].css.2.drString found in binary or memory: https://fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFVZ0d.woff)
Source: geoip2[1].js.2.drString found in binary or memory: https://geoip-js.com/geoip/v2.1/
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: https://github.com/Mathachew/jquery-autotab
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: https://github.com/carhartl/jquery-cookie
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: https://github.com/flatlogic/bootstrap-tabcollapse/issues/23
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: https://github.com/jquery/jquery-simulate
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: https://github.com/jquery/jquery-ui/blob/master/ui/widget.js
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: https://github.com/mathiasbynens/jquery-placeholder/pull/99
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: https://github.com/twbs/bootstrap/issues/14093
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: https://github.com/twbs/bootstrap/issues/20280
Source: viewer[1].htm.2.drString found in binary or memory: https://km-cdn.s3.amazonaws.com/prod/8.15.0/workflow/OfferViewer/
Source: viewer[1].htm.2.drString found in binary or memory: https://km-cdn.s3.amazonaws.com/static/offerImages/millercoors/31a6f21f-247c-4ee8-a2d7-ef716e9f43ca.
Source: viewer[1].htm.2.drString found in binary or memory: https://km-cdn.s3.amazonaws.com/static/offerImages/millercoors/d7163815-2e07-491a-98f6-b156aa83ab3e.
Source: mixpanel-2-latest.min[1].js.2.drString found in binary or memory: https://mixpanel.com
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://molsoncoors.ethicspointvp.com/custom/molsoncoors/forms/data/form_data.asp
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://na6.salesforce.com/secur/login_portal.jsp?orgId=00D80000000KuKd&amp;portalId=06080000000MkJ7
Source: ~DF3D077512DAB49DAA.TMP.1.drString found in binary or memory: https://offer.kou.pn/viewer/?property_code=millercoors_CoorsLightAmericaCouldUseABeer
Source: {378ABF41-9D06-11EA-AADD-C25F135D3C65}.dat.1.drString found in binary or memory: https://offer.kou.pn/viewer/?property_code=millercoors_CoorsLightAmericaCouldUseABeer#
Source: ~DF3D077512DAB49DAA.TMP.1.drString found in binary or memory: https://offer.kou.pn/viewer/?property_code=millercoors_CoorsLightAmericaCouldUseABeerN
Source: iframe_api[1].js.2.drString found in binary or memory: https://s.ytimg.com/yts/jsbin/www-widgetapi-vflcS5aan/www-widgetapi.js
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://tools.google.com/dlpage/gaoptout
Source: app[1].js.2.drString found in binary or memory: https://use.typekit.net
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://www.centrumstaropramen.cz/en/
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://www.coorsbrewerytour.com/
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://www.drupal.org)
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: https://www.drupal.org/node/2815083
Source: js_HQQF8WEWWozXepU-YrnN7IkcOvc-NeRqgh0NcPqqWTQ[1].js.2.drString found in binary or memory: https://www.drupal.org/project/bootstrap/issues/3013236
Source: offerviewer[1].css.2.drString found in binary or memory: https://www.h3xed.com/web-development/how-to-make-a-responsive-100-width-youtube-iframe-embed
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://www.instagram.com/molsoncoors
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://www.leinie.com/tours
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://www.linkedin.com/company/molson-coors
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://www.millerbrewerytour.com/tour-information
Source: av[1].htm.2.drString found in binary or memory: https://www.molsoncoors.com/av
Source: ~DF3D077512DAB49DAA.TMP.1.drString found in binary or memory: https://www.molsoncoors.com/av?url=https://www.molsoncoors.com/sustainability/responsibly-refreshing
Source: av[1].htm.2.drString found in binary or memory: https://www.molsoncoors.com/en-AR/av
Source: av[1].htm.2.drString found in binary or memory: https://www.molsoncoors.com/en-AU/av
Source: av[1].htm.2.drString found in binary or memory: https://www.molsoncoors.com/en-CA/av
Source: av[1].htm.2.drString found in binary or memory: https://www.molsoncoors.com/en-CH/av
Source: av[1].htm.2.drString found in binary or memory: https://www.molsoncoors.com/en-CN/av
Source: av[1].htm.2.drString found in binary or memory: https://www.molsoncoors.com/en-CO/av
Source: av[1].htm.2.drString found in binary or memory: https://www.molsoncoors.com/en-CR/av
Source: av[1].htm.2.drString found in binary or memory: https://www.molsoncoors.com/en-DE/av
Source: av[1].htm.2.drString found in binary or memory: https://www.molsoncoors.com/en-DK/av
Source: av[1].htm.2.drString found in binary or memory: https://www.molsoncoors.com/en-ES/av
Source: av[1].htm.2.drString found in binary or memory: https://www.molsoncoors.com/en-FI/av
Source: av[1].htm.2.drString found in binary or memory: https://www.molsoncoors.com/en-FR/av
Source: av[1].htm.2.drString found in binary or memory: https://www.molsoncoors.com/en-GB/av
Source: av[1].htm.2.drString found in binary or memory: https://www.molsoncoors.com/en-GT/av
Source: av[1].htm.2.drString found in binary or memory: https://www.molsoncoors.com/en-IE/av
Source: av[1].htm.2.drString found in binary or memory: https://www.molsoncoors.com/en-JP/av
Source: av[1].htm.2.drString found in binary or memory: https://www.molsoncoors.com/en-KP/av
Source: av[1].htm.2.drString found in binary or memory: https://www.molsoncoors.com/en-KR/av
Source: av[1].htm.2.drString found in binary or memory: https://www.molsoncoors.com/en-MX/av
Source: av[1].htm.2.drString found in binary or memory: https://www.molsoncoors.com/en-PA/av
Source: av[1].htm.2.drString found in binary or memory: https://www.molsoncoors.com/en-PR/av
Source: av[1].htm.2.drString found in binary or memory: https://www.molsoncoors.com/en-SE/av
Source: av[1].htm.2.drString found in binary or memory: https://www.molsoncoors.com/en-US/av
Source: privacy[1].htm0.2.drString found in binary or memory: https://www.molsoncoors.com/en/privacy
Source: av[1].htm.2.drString found in binary or memory: https://www.molsoncoors.com/fr-CA/av
Source: av[1].htm.2.drString found in binary or memory: https://www.molsoncoors.com/fr-FR/av
Source: av[1].htm.2.drString found in binary or memory: https://www.molsoncoors.com/fr/av
Source: responsibly-refreshing[1].htm.2.drString found in binary or memory: https://www.molsoncoors.com/fr/durabilite/rafraichissement-responsible
Source: terms-and-conditions[1].htm.2.drString found in binary or memory: https://www.molsoncoors.com/fr/modalites
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://www.molsoncoors.com/fr/politique-confidentialite
Source: ~DF3D077512DAB49DAA.TMP.1.drString found in binary or memory: https://www.molsoncoors.com/privacy-policy
Source: ~DF3D077512DAB49DAA.TMP.1.drString found in binary or memory: https://www.molsoncoors.com/privacy-policy:Privacy
Source: ~DF3D077512DAB49DAA.TMP.1.drString found in binary or memory: https://www.molsoncoors.com/privacy-policyillercoors_CoorsLightAmericaCouldUseABeer#
Source: responsibly-refreshing[1].htm.2.drString found in binary or memory: https://www.molsoncoors.com/sites/molsonco/files/2020-01/Responsibly_Refreshing.jpg
Source: responsibly-refreshing[1].htm.2.drString found in binary or memory: https://www.molsoncoors.com/sites/molsonco/files/2020-01/Responsibly_Refreshing.jpg&quot;);
Source: imagestore.dat.2.drString found in binary or memory: https://www.molsoncoors.com/sites/molsonco/files/MolsonCoors-Logo-Favicon.png
Source: responsibly-refreshing[1].htm.2.drString found in binary or memory: https://www.molsoncoors.com/sites/molsonco/files/styles/visual_navigation_item_medium/public/2020-01
Source: responsibly-refreshing[1].htm.2.drString found in binary or memory: https://www.molsoncoors.com/sites/molsonco/files/styles/visual_navigation_item_medium/public/2020-02
Source: responsibly-refreshing[1].htm.2.drString found in binary or memory: https://www.molsoncoors.com/sites/molsonco/files/styles/visual_navigation_item_small/public/2020-01/
Source: responsibly-refreshing[1].htm.2.drString found in binary or memory: https://www.molsoncoors.com/sites/molsonco/files/styles/visual_navigation_item_small/public/2020-02/
Source: responsibly-refreshing[1].htm.2.drString found in binary or memory: https://www.molsoncoors.com/sustainability/responsibly-refreshing
Source: terms-and-conditions[1].htm.2.drString found in binary or memory: https://www.molsoncoors.com/terms-and-conditions
Source: ~DF3D077512DAB49DAA.TMP.1.drString found in binary or memory: https://www.molsoncoors.com/terms-and-conditionsFTerms
Source: {378ABF41-9D06-11EA-AADD-C25F135D3C65}.dat.1.drString found in binary or memory: https://www.molsoncoors.com/terms-and-conditionsRoot
Source: {378ABF41-9D06-11EA-AADD-C25F135D3C65}.dat.1.drString found in binary or memory: https://www.molsoncoors.com/terms-and-conditionseABeer#
Source: ~DF3D077512DAB49DAA.TMP.1.drString found in binary or memory: https://www.molsoncoors.com/terms-and-conditionsoors_CoorsLightAmericaCouldUseABeer#
Source: {378ABF41-9D06-11EA-AADD-C25F135D3C65}.dat.1.drString found in binary or memory: https://www.molsoncoors.com/terms-and-conditionss.com/av?url=https://www.molsonc
Source: {378ABF41-9D06-11EA-AADD-C25F135D3C65}.dat.1.drString found in binary or memory: https://www.molsoncoors.com/terms-and-conditionss.com/sustainability/responsibly
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://www.molsoncoorsblog.com
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://www.quantcast.com/opt-out
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://www.twitter.com/molsoncoors
Source: www-widgetapi[1].js.2.drString found in binary or memory: https://www.youtube.com
Source: viewer[1].htm.2.drString found in binary or memory: https://www.youtube.com/iframe_api
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745

Source: classification engineClassification label: clean0.win@3/85@17/11
Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\HighJump to behavior
Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Temp\~DFDCB818D0239A7797.TMPJump to behavior
Source: C:\Program Files\internet explorer\iexplore.exeFile read: C:\Users\desktop.iniJump to behavior
Source: unknownProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1628 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1628 CREDAT:17410 /prefetch:2Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Accept
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Accept
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: agree
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Accept
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Accept
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: agree
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_171\bin\msvcr100.dllJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsGraphical User Interface2Winlogon Helper DLLProcess Injection1Masquerading1Credential DumpingFile and Directory Discovery1Remote File Copy1Data from Local SystemData CompressedStandard Cryptographic Protocol2Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Replication Through Removable MediaService ExecutionPort MonitorsAccessibility FeaturesProcess Injection1Network SniffingApplication Window DiscoveryRemote ServicesData from Removable MediaExfiltration Over Other Network MediumStandard Non-Application Layer Protocol2Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
External Remote ServicesWindows Management InstrumentationAccessibility FeaturesPath InterceptionRootkitInput CaptureQuery RegistryWindows Remote ManagementData from Network Shared DriveAutomated ExfiltrationStandard Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Drive-by CompromiseScheduled TaskSystem FirmwareDLL Search Order HijackingObfuscated Files or InformationCredentials in FilesSystem Network Configuration DiscoveryLogon ScriptsInput CaptureData EncryptedRemote File Copy1SIM Card SwapPremium SMS Toll Fraud

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet