Analysis Report Information-Account-Prime-Disable-Service.pdf

Overview

General Information

Sample Name: Information-Account-Prime-Disable-Service.pdf
Analysis ID: 338148
MD5: 7ef4760a44a8cc65c4261a5227fdad25
SHA1: 19af34bf781eb79717cc1db64d3d1923da115fe6
SHA256: 29c631b5ce054c8b4b11fbaa06aa26d5edeb9e06d53315d7eddbe18469b15b20

Most interesting Screenshot:

Detection

Score: 22
Range: 0 - 100
Whitelisted: false
Confidence: 60%

Signatures

Machine Learning detection for sample
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Found iframes
HTML title does not match URL
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware

Classification

AV Detection:

barindex
Machine Learning detection for sample
Source: Information-Account-Prime-Disable-Service.pdf Joe Sandbox ML: detected

Phishing:

barindex
Found iframes
Source: https://ykm.de/register.html HTTP Parser: Iframe src: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8989771679754051&output=html&h=280&adk=3088186576&adf=3175363789&pi=t.aa~a.1255761255~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1610417349&rafmt=1&to=qs&pwprc=4778228967&psa=1&format=1200x280&url=https%3A%2F%2Fykm.de%2Fregister.html&flash=29.0.0&fwr=0&rpe=1&resp_fmts=3&wgl=1&adsid=NT&dt=1610417348788&bpp=10&bdt=515&idt=314&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D8b5e4409b88a7409-224663149da600da%3AT%3D1610384913%3ART%3D1610384913%3AS%3DALNI_MaRpNz1-0IYcClgw8Hhh0iIAUFJCA&prev_fmts=0x0&nras=1&correlator=6343227133430&frm=20&pv=1&ga_vid=2041299598.1610417313&ga_sid=1610417349&ga_hid=488988360&ga_fc=0&u_tz=-480&u_his=4&u_java=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_nplug=1&u_nmime=2&adx=32&ady=85&biw=1263&bih=906&scr_x=0&scr_y=0&eid=21068769%2C21068945&oid=3&pvsid=387605769970244&pem=30&rx=0&eae=0&fc=1920&docm=11&brdim=0%2C78%2C-8%2C-8%2C1280%2C%2C1296%2C1000%2C1280%2C906&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=1&ifi=1&uci=a!1&xpc=hZWRzNH2jw&p=https%3A//ykm.de&dtd=400
Source: https://ykm.de/register.html HTTP Parser: Iframe src: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8989771679754051&output=html&adk=1812271804&adf=3025194257&lmt=1610417349&plat=1%3A32776%2C2%3A32776%2C9%3A32776%2C10%3A32%2C11%3A32%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&format=0x0&url=https%3A%2F%2Fykm.de%2Fregister.html&ea=0&flash=29.0.0&pra=5&wgl=1&dt=1610417348751&bpp=37&bdt=482&idt=181&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D8b5e4409b88a7409-224663149da600da%3AT%3D1610384913%3ART%3D1610384913%3AS%3DALNI_MaRpNz1-0IYcClgw8Hhh0iIAUFJCA&nras=1&correlator=6343227133430&frm=20&pv=2&ga_vid=2041299598.1610417313&ga_sid=1610417349&ga_hid=488988360&ga_fc=1&u_tz=-480&u_his=4&u_java=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_nplug=1&u_nmime=2&adx=-12245933&ady=-12245933&biw=1263&bih=906&scr_x=0&scr_y=0&eid=21068769%2C21068945&oid=3&pvsid=387605769970244&pem=30&rx=0&eae=2&fc=1920&docm=11&brdim=0%2C78%2C-8%2C-8%2C1280%2C%2C1296%2C1000%2C1280%2C906&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=1&ifi=0&uci=a!0&dtd=341
Source: https://ykm.de/register.html HTTP Parser: Iframe src: https://tpc.googlesyndication.com/sodar/sodar2/220/runner.html
Source: https://ykm.de/register.html HTTP Parser: Iframe src: https://googleads.g.doubleclick.net/pagead/html/r20201203/r20190131/zrt_lookup.html#
Source: https://ykm.de/member_login.html HTTP Parser: Iframe src: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8989771679754051&output=html&adk=1812271804&adf=3025194257&lmt=1610417363&plat=1%3A32776%2C2%3A32776%2C9%3A32776%2C10%3A32%2C11%3A32%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&format=0x0&url=https%3A%2F%2Fykm.de%2Fmember_login.html&ea=0&flash=29.0.0&pra=5&wgl=1&dt=1610417362885&bpp=27&bdt=546&idt=197&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D8b5e4409b88a7409-224663149da600da%3AT%3D1610384913%3ART%3D1610384913%3AS%3DALNI_MaRpNz1-0IYcClgw8Hhh0iIAUFJCA&nras=1&correlator=3237432082960&frm=20&pv=2&ga_vid=2041299598.1610417313&ga_sid=1610417363&ga_hid=40148678&ga_fc=1&u_tz=-480&u_his=8&u_java=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_nplug=1&u_nmime=2&adx=-12245933&ady=-12245933&biw=1280&bih=906&scr_x=0&scr_y=0&eid=21068083%2C21068769%2C21069109&oid=3&pvsid=3325573467270068&pem=30&rx=0&eae=2&fc=1920&docm=11&brdim=0%2C78%2C-8%2C-8%2C1280%2C%2C1296%2C1000%2C1280%2C906&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=1&ifi=0&uci=a!0&dtd=278
Source: https://ykm.de/member_login.html HTTP Parser: Iframe src: https://googleads.g.doubleclick.net/pagead/html/r20201203/r20190131/zrt_lookup.html#
Source: https://ykm.de/register.html HTTP Parser: Iframe src: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8989771679754051&output=html&h=280&adk=3088186576&adf=3175363789&pi=t.aa~a.1255761255~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1610417349&rafmt=1&to=qs&pwprc=4778228967&psa=1&format=1200x280&url=https%3A%2F%2Fykm.de%2Fregister.html&flash=29.0.0&fwr=0&rpe=1&resp_fmts=3&wgl=1&adsid=NT&dt=1610417348788&bpp=10&bdt=515&idt=314&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D8b5e4409b88a7409-224663149da600da%3AT%3D1610384913%3ART%3D1610384913%3AS%3DALNI_MaRpNz1-0IYcClgw8Hhh0iIAUFJCA&prev_fmts=0x0&nras=1&correlator=6343227133430&frm=20&pv=1&ga_vid=2041299598.1610417313&ga_sid=1610417349&ga_hid=488988360&ga_fc=0&u_tz=-480&u_his=4&u_java=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_nplug=1&u_nmime=2&adx=32&ady=85&biw=1263&bih=906&scr_x=0&scr_y=0&eid=21068769%2C21068945&oid=3&pvsid=387605769970244&pem=30&rx=0&eae=0&fc=1920&docm=11&brdim=0%2C78%2C-8%2C-8%2C1280%2C%2C1296%2C1000%2C1280%2C906&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=1&ifi=1&uci=a!1&xpc=hZWRzNH2jw&p=https%3A//ykm.de&dtd=400
Source: https://ykm.de/register.html HTTP Parser: Iframe src: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8989771679754051&output=html&adk=1812271804&adf=3025194257&lmt=1610417349&plat=1%3A32776%2C2%3A32776%2C9%3A32776%2C10%3A32%2C11%3A32%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&format=0x0&url=https%3A%2F%2Fykm.de%2Fregister.html&ea=0&flash=29.0.0&pra=5&wgl=1&dt=1610417348751&bpp=37&bdt=482&idt=181&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D8b5e4409b88a7409-224663149da600da%3AT%3D1610384913%3ART%3D1610384913%3AS%3DALNI_MaRpNz1-0IYcClgw8Hhh0iIAUFJCA&nras=1&correlator=6343227133430&frm=20&pv=2&ga_vid=2041299598.1610417313&ga_sid=1610417349&ga_hid=488988360&ga_fc=1&u_tz=-480&u_his=4&u_java=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_nplug=1&u_nmime=2&adx=-12245933&ady=-12245933&biw=1263&bih=906&scr_x=0&scr_y=0&eid=21068769%2C21068945&oid=3&pvsid=387605769970244&pem=30&rx=0&eae=2&fc=1920&docm=11&brdim=0%2C78%2C-8%2C-8%2C1280%2C%2C1296%2C1000%2C1280%2C906&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=1&ifi=0&uci=a!0&dtd=341
Source: https://ykm.de/register.html HTTP Parser: Iframe src: https://tpc.googlesyndication.com/sodar/sodar2/220/runner.html
Source: https://ykm.de/register.html HTTP Parser: Iframe src: https://googleads.g.doubleclick.net/pagead/html/r20201203/r20190131/zrt_lookup.html#
Source: https://ykm.de/member_login.html HTTP Parser: Iframe src: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8989771679754051&output=html&adk=1812271804&adf=3025194257&lmt=1610417363&plat=1%3A32776%2C2%3A32776%2C9%3A32776%2C10%3A32%2C11%3A32%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&format=0x0&url=https%3A%2F%2Fykm.de%2Fmember_login.html&ea=0&flash=29.0.0&pra=5&wgl=1&dt=1610417362885&bpp=27&bdt=546&idt=197&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D8b5e4409b88a7409-224663149da600da%3AT%3D1610384913%3ART%3D1610384913%3AS%3DALNI_MaRpNz1-0IYcClgw8Hhh0iIAUFJCA&nras=1&correlator=3237432082960&frm=20&pv=2&ga_vid=2041299598.1610417313&ga_sid=1610417363&ga_hid=40148678&ga_fc=1&u_tz=-480&u_his=8&u_java=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_nplug=1&u_nmime=2&adx=-12245933&ady=-12245933&biw=1280&bih=906&scr_x=0&scr_y=0&eid=21068083%2C21068769%2C21069109&oid=3&pvsid=3325573467270068&pem=30&rx=0&eae=2&fc=1920&docm=11&brdim=0%2C78%2C-8%2C-8%2C1280%2C%2C1296%2C1000%2C1280%2C906&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=1&ifi=0&uci=a!0&dtd=278
Source: https://ykm.de/member_login.html HTTP Parser: Iframe src: https://googleads.g.doubleclick.net/pagead/html/r20201203/r20190131/zrt_lookup.html#
HTML title does not match URL
Source: https://ykm.de/register.html HTTP Parser: Title: Register - YKM.de Quickly Shorten Url does not match URL
Source: https://ykm.de/member_login.html HTTP Parser: Title: Login - YKM.de Quickly Shorten Url does not match URL
Source: https://ykm.de/register.html HTTP Parser: Title: Register - YKM.de Quickly Shorten Url does not match URL
Source: https://ykm.de/member_login.html HTTP Parser: Title: Login - YKM.de Quickly Shorten Url does not match URL
Source: https://ykm.de/register.html HTTP Parser: No <meta name="author".. found
Source: https://ykm.de/member_login.html HTTP Parser: No <meta name="author".. found
Source: https://ykm.de/register.html HTTP Parser: No <meta name="author".. found
Source: https://ykm.de/member_login.html HTTP Parser: No <meta name="author".. found
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll Jump to behavior
Source: unknown HTTPS traffic detected: 74.114.154.21:443 -> 192.168.2.3:49744 version: TLS 1.2
Source: unknown HTTPS traffic detected: 74.114.154.21:443 -> 192.168.2.3:49743 version: TLS 1.2
Source: unknown HTTPS traffic detected: 192.0.78.27:443 -> 192.168.2.3:49746 version: TLS 1.2
Source: unknown HTTPS traffic detected: 192.0.78.27:443 -> 192.168.2.3:49745 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.28.25.219:443 -> 192.168.2.3:49747 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.28.25.219:443 -> 192.168.2.3:49748 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.217.20.226:443 -> 192.168.2.3:49751 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.217.20.226:443 -> 192.168.2.3:49752 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.217.23.34:443 -> 192.168.2.3:49754 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.217.23.34:443 -> 192.168.2.3:49753 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.217.23.1:443 -> 192.168.2.3:49755 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.217.23.1:443 -> 192.168.2.3:49757 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.217.23.1:443 -> 192.168.2.3:49758 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.217.23.1:443 -> 192.168.2.3:49756 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.217.23.1:443 -> 192.168.2.3:49760 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.217.23.1:443 -> 192.168.2.3:49759 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.217.23.34:443 -> 192.168.2.3:49763 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.217.23.34:443 -> 192.168.2.3:49764 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.217.23.2:443 -> 192.168.2.3:49766 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.217.23.2:443 -> 192.168.2.3:49765 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.217.23.66:443 -> 192.168.2.3:49768 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.217.23.66:443 -> 192.168.2.3:49767 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.217.22.194:443 -> 192.168.2.3:49769 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.217.22.194:443 -> 192.168.2.3:49770 version: TLS 1.2

Networking:

barindex
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 172.217.22.194 172.217.22.194
Source: Joe Sandbox View IP Address: 74.114.154.21 74.114.154.21
Source: Joe Sandbox View IP Address: 172.217.23.2 172.217.23.2
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 9e10692f1b7f78228b2d4e424db3a98c
Source: msapplication.xml0.23.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xe65086e6,0x01d6e887</date><accdate>0xe65086e6,0x01d6e887</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.23.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xe65086e6,0x01d6e887</date><accdate>0xe652e959,0x01d6e887</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.23.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xe657adeb,0x01d6e887</date><accdate>0xe657adeb,0x01d6e887</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.23.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xe657adeb,0x01d6e887</date><accdate>0xe657adeb,0x01d6e887</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.23.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xe65a1083,0x01d6e887</date><accdate>0xe65a1083,0x01d6e887</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.23.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xe65a1083,0x01d6e887</date><accdate>0xe65a1083,0x01d6e887</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: index[2].htm.24.dr String found in binary or memory: s (pt)", "admin":"Admin", "ban_type":"Ban Type", "plugin_title":"plugin title", "directory_name":"directory name", "installed":"installed?", "faq_page_content":"<div> <h4>How can my site benefit from using shortened urls?</h4> Shorten long urls such as:<br/><br/> <pre>http://maps.google.co.uk/maps?oe=utf-8&client=firefox-a&rlz=1R1GGLL_en-GB___GB423&um=1&ie=UTF-8&q=google+maps+big+ben<br/>&fb=1&gl=uk&hq=google+maps+big+ben&hnear=google+maps+big+ben&cid=0,0,7629721680134612<br/>123&ei=AukATpvoBpDA8QPaq4mzDQ&sa=X&oi=local_result&ct=image&resnum=1&ved=0CCAQnwIwAA</pre> <br/> Into a shorter version such as:<br/><br/> <pre><a href=\"http://[[[_CONFIG_SITE_FULL_URL]]]\">http://[[[_CONFIG_SITE_FULL_URL]]]/a</a></pre> <br/> Then post to Twitter, Facebook, send via email, use on your existing website, advertising, affiliate links, the uses are endless. <hr> </div> <div> <h4>How can I view how many visitors have clicked on my short url?</h4> You can see details stats including unique visitors, visiting countries, browsers and more by adding <code>~s</code> onto the end of your short url. <hr> </div> <div> <h4>Can I automatically expire my urls after x clicks?</h4> Yes. When you create the url, you can specify a \'total uses\' value which only allows the short url to be used this amount of times. The url will be expired after the total visits reaches this value. <hr> </div> <div> <h4>Can I protect my short with a password?</h4> Yes. When creating the url, specify a password within the \'password\' input. The visitor will be prompted to enter the password when the visit the url. <hr> </div> <div> <h4>How many urls can I create?</h4> There are no limits on the amount of urls you can create. <hr> </div> <div> <h4>What are the benefits of registering an account?</h4> View and manage all your short urls in one place. Easily view your url statistics and share your urls through social media. <hr> </div>", "terms_page_name":"Terms", "terms_meta_description":"Terms", "terms_meta_keywords":"terms", "terms_page_content":"<ol><li>Users of this website (Users) agree to be bound by these terms and conditions, which are subject to change at the sole discretion of the site. Your use of and access to this site indicate your acceptance of these terms and conditions.</li><li>This site was created as a free service to make posting long URLs easier. This service is provided without warranty of any kind. Short URLs used in spam (including email and forum spam) will be disabled.</li><li>This site may include third party content which is subject to that third party\'s terms and conditions of use.</li><li>This site may include links to third party
Source: index[2].htm.24.dr String found in binary or memory: s (pt)", "admin":"Admin", "ban_type":"Ban Type", "plugin_title":"plugin title", "directory_name":"directory name", "installed":"installed?", "faq_page_content":"<div> <h4>How can my site benefit from using shortened urls?</h4> Shorten long urls such as:<br/><br/> <pre>http://maps.google.co.uk/maps?oe=utf-8&client=firefox-a&rlz=1R1GGLL_en-GB___GB423&um=1&ie=UTF-8&q=google+maps+big+ben<br/>&fb=1&gl=uk&hq=google+maps+big+ben&hnear=google+maps+big+ben&cid=0,0,7629721680134612<br/>123&ei=AukATpvoBpDA8QPaq4mzDQ&sa=X&oi=local_result&ct=image&resnum=1&ved=0CCAQnwIwAA</pre> <br/> Into a shorter version such as:<br/><br/> <pre><a href=\"http://[[[_CONFIG_SITE_FULL_URL]]]\">http://[[[_CONFIG_SITE_FULL_URL]]]/a</a></pre> <br/> Then post to Twitter, Facebook, send via email, use on your existing website, advertising, affiliate links, the uses are endless. <hr> </div> <div> <h4>How can I view how many visitors have clicked on my short url?</h4> You can see details stats including unique visitors, visiting countries, browsers and more by adding <code>~s</code> onto the end of your short url. <hr> </div> <div> <h4>Can I automatically expire my urls after x clicks?</h4> Yes. When you create the url, you can specify a \'total uses\' value which only allows the short url to be used this amount of times. The url will be expired after the total visits reaches this value. <hr> </div> <div> <h4>Can I protect my short with a password?</h4> Yes. When creating the url, specify a password within the \'password\' input. The visitor will be prompted to enter the password when the visit the url. <hr> </div> <div> <h4>How many urls can I create?</h4> There are no limits on the amount of urls you can create. <hr> </div> <div> <h4>What are the benefits of registering an account?</h4> View and manage all your short urls in one place. Easily view your url statistics and share your urls through social media. <hr> </div>", "terms_page_name":"Terms", "terms_meta_description":"Terms", "terms_meta_keywords":"terms", "terms_page_content":"<ol><li>Users of this website (Users) agree to be bound by these terms and conditions, which are subject to change at the sole discretion of the site. Your use of and access to this site indicate your acceptance of these terms and conditions.</li><li>This site was created as a free service to make posting long URLs easier. This service is provided without warranty of any kind. Short URLs used in spam (including email and forum spam) will be disabled.</li><li>This site may include third party content which is subject to that third party\'s terms and conditions of use.</li><li>This site may include links to third party
Source: unknown DNS traffic detected: queries for: umblr.com
Source: jflickrfeed.min[1].js.24.dr String found in binary or memory: http://api.flickr.com/services/feeds/
Source: jquery.min[1].js.24.dr String found in binary or memory: http://blindsignals.com/index.php/2009/07/jquery-delay/
Source: jquery.min[1].js.24.dr String found in binary or memory: http://bugs.jquery.com/ticket/12282#comment:15
Source: jquery.min[1].js.24.dr String found in binary or memory: http://bugs.jquery.com/ticket/12359
Source: AcroRd32.exe, 00000001.00000002.379695109.0000000008B4D000.00000002.00000001.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: AcroRd32.exe, 00000001.00000002.379695109.0000000008B4D000.00000002.00000001.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: AcroRd32.exe, 00000001.00000002.379695109.0000000008B4D000.00000002.00000001.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: AcroRd32.exe, 00000001.00000002.379695109.0000000008B4D000.00000002.00000001.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: AcroRd32.exe, 00000001.00000002.394253994.000000000CF38000.00000004.00000001.sdmp String found in binary or memory: http://cipa.jp/exif/1.0/
Source: AcroRd32.exe, 00000001.00000002.394253994.000000000CF38000.00000004.00000001.sdmp String found in binary or memory: http://cipa.jp/exif/1.0/(15)
Source: AcroRd32.exe, 00000001.00000002.394253994.000000000CF38000.00000004.00000001.sdmp String found in binary or memory: http://cipa.jp/exif/1.0/ER_1
Source: AcroRd32.exe, 00000001.00000002.379695109.0000000008B4D000.00000002.00000001.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: AcroRd32.exe, 00000001.00000002.379695109.0000000008B4D000.00000002.00000001.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: AcroRd32.exe, 00000001.00000002.379695109.0000000008B4D000.00000002.00000001.sdmp String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: AcroRd32.exe, 00000001.00000002.379695109.0000000008B4D000.00000002.00000001.sdmp String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: AcroRd32.exe, 00000001.00000002.379695109.0000000008B4D000.00000002.00000001.sdmp String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: AcroRd32.exe, 00000001.00000002.379695109.0000000008B4D000.00000002.00000001.sdmp String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: AcroRd32.exe, 00000001.00000002.379695109.0000000008B4D000.00000002.00000001.sdmp String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: AcroRd32.exe, 00000001.00000002.379695109.0000000008B4D000.00000002.00000001.sdmp String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: jquery.tweet[1].js.24.dr String found in binary or memory: http://daringfireball.net/2010/07/improved_regex_for_matching_urls
Source: jquery.min[1].js.24.dr String found in binary or memory: http://dev.w3.org/csswg/cssom/#resolved-values
Source: jquery.min[1].js.24.dr String found in binary or memory: http://erik.eae.net/archives/2007/07/27/18.54.15/#comment-102291
Source: jquery.min[1].js.24.dr String found in binary or memory: http://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript
Source: font-awesome.min[1].css.24.dr String found in binary or memory: http://fontawesome.io
Source: font-awesome.min[1].css.24.dr String found in binary or memory: http://fontawesome.io/license
Source: f[1].txt0.24.dr String found in binary or memory: http://googleads.g.doubleclick.net
Source: jquery.easing.1.3[1].js.24.dr String found in binary or memory: http://gsgd.co.uk/sandbox/jquery/easing/
Source: jquery.min[1].js.24.dr String found in binary or memory: http://helpful.knobs-dials.com/index.php/Component_returned_failure_code:_0x80040111_(NS_ERROR_NOT_A
Source: docs[1].css.24.dr String found in binary or memory: http://html.orange-idea.com/veles/images/read_more.png
Source: AcroRd32.exe, 00000001.00000002.393703092.000000000CE06000.00000004.00000001.sdmp String found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/
Source: AcroRd32.exe, 00000001.00000002.393703092.000000000CE06000.00000004.00000001.sdmp String found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/.
Source: AcroRd32.exe, 00000001.00000002.393703092.000000000CE06000.00000004.00000001.sdmp String found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/
Source: jquery.min[1].js.24.dr String found in binary or memory: http://javascript.nwbox.com/IEContentLoaded/
Source: jquery.min[1].js.24.dr String found in binary or memory: http://jquery.com/
Source: jquery.min[1].js.24.dr String found in binary or memory: http://jquery.org/license
Source: jquery-ui-1.10.2.custom.min[1].js.24.dr String found in binary or memory: http://jqueryui.com
Source: jquery.min[1].js.24.dr String found in binary or memory: http://json.org/json2.js
Source: jquery.min[1].js.24.dr String found in binary or memory: http://jsperf.com/getall-vs-sizzle/2
Source: faq[1].htm.24.dr, index[2].htm.24.dr String found in binary or memory: http://maps.google.co.uk/maps?oe=utf-8&client=firefox-a&rlz=1R1GGLL_en-GB___GB423&um=1&ie=UTF-8&q=go
Source: AcroRd32.exe, 00000001.00000002.393703092.000000000CE06000.00000004.00000001.sdmp String found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/
Source: AcroRd32.exe, 00000001.00000002.393703092.000000000CE06000.00000004.00000001.sdmp String found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/E
Source: AcroRd32.exe, 00000001.00000002.379695109.0000000008B4D000.00000002.00000001.sdmp String found in binary or memory: http://ocsp.digicert.com0C
Source: AcroRd32.exe, 00000001.00000002.379695109.0000000008B4D000.00000002.00000001.sdmp String found in binary or memory: http://ocsp.digicert.com0H
Source: AcroRd32.exe, 00000001.00000002.379695109.0000000008B4D000.00000002.00000001.sdmp String found in binary or memory: http://ocsp.digicert.com0I
Source: AcroRd32.exe, 00000001.00000002.379695109.0000000008B4D000.00000002.00000001.sdmp String found in binary or memory: http://ocsp.digicert.com0O
Source: f[1].txt0.24.dr String found in binary or memory: http://pagead2.googlesyndication.com
Source: jquery.tweet[1].js.24.dr String found in binary or memory: http://search.twitter.com/operators)
Source: jquery.min[1].js.24.dr String found in binary or memory: http://sizzlejs.com/
Source: docs[1].css.24.dr String found in binary or memory: http://themeforest.net/user/OrangeIdea/portfolio
Source: jquery.tweet[1].js.24.dr String found in binary or memory: http://tweet.seaofclouds.com/
Source: jquery.min[1].js.24.dr String found in binary or memory: http://weblogs.java.net/blog/driscoll/archive/2009/09/08/eval-javascript-global-context
Source: AcroRd32.exe, 00000001.00000003.373081997.000000000D2C6000.00000004.00000001.sdmp String found in binary or memory: http://www.adobe.coH
Source: AcroRd32.exe, 00000001.00000002.393703092.000000000CE06000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/extension/
Source: AcroRd32.exe, 00000001.00000002.393703092.000000000CE06000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/extension/K
Source: AcroRd32.exe, 00000001.00000002.393703092.000000000CE06000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/field#
Source: AcroRd32.exe, 00000001.00000002.394253994.000000000CF38000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: AcroRd32.exe, 00000001.00000002.393703092.000000000CE06000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/property#
Source: AcroRd32.exe, 00000001.00000002.393703092.000000000CE06000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/property#B
Source: AcroRd32.exe, 00000001.00000002.393703092.000000000CE06000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/schema#
Source: AcroRd32.exe, 00000001.00000002.393703092.000000000CE06000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/schema#c
Source: AcroRd32.exe, 00000001.00000002.393703092.000000000CE06000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/schema#z
Source: AcroRd32.exe, 00000001.00000002.393703092.000000000CE06000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/type#
Source: AcroRd32.exe, 00000001.00000002.393703092.000000000CE06000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/type#i
Source: AcroRd32.exe, 00000001.00000002.394253994.000000000CF38000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfe/ns/id/
Source: AcroRd32.exe, 00000001.00000002.394253994.000000000CF38000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfe/ns/id/(
Source: AcroRd32.exe, 00000001.00000002.394253994.000000000CF38000.00000004.00000001.sdmp String found in binary or memory: http://www.aiim.org/pdfe/ns/id/Z
Source: jquery.waitforimages[1].js.24.dr String found in binary or memory: http://www.alexanderdickson.com/
Source: msapplication.xml.23.dr String found in binary or memory: http://www.amazon.com/
Source: f[1].txt.24.dr, bootstrap-responsive[1].css.24.dr String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: bootstrap.min[1].js.24.dr String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.txt
Source: AcroRd32.exe, 00000001.00000002.379695109.0000000008B4D000.00000002.00000001.sdmp String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: msapplication.xml1.23.dr String found in binary or memory: http://www.google.com/
Source: index[2].htm.24.dr String found in binary or memory: http://www.google.com/privacy.html
Source: msapplication.xml2.23.dr String found in binary or memory: http://www.live.com/
Source: jflickrfeed.min[1].js.24.dr String found in binary or memory: http://www.newmediacampaigns.com/page/jquery-flickr-plugin
Source: AcroRd32.exe, 00000001.00000002.394253994.000000000CF38000.00000004.00000001.sdmp String found in binary or memory: http://www.npes.org/pdfx/ns/id/
Source: msapplication.xml3.23.dr String found in binary or memory: http://www.nytimes.com/
Source: jquery.autosize-min[1].js.24.dr String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: options[1].css.24.dr String found in binary or memory: http://www.orange-idea.com/assets/builder/link.png
Source: options[1].css.24.dr String found in binary or memory: http://www.orange-idea.com/assets/builder/zoom.png
Source: AcroRd32.exe, 00000001.00000002.376215224.0000000007C90000.00000002.00000001.sdmp String found in binary or memory: http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default
Source: AcroRd32.exe, 00000001.00000002.376215224.0000000007C90000.00000002.00000001.sdmp String found in binary or memory: http://www.osmf.org/drm/default
Source: AcroRd32.exe, 00000001.00000002.376215224.0000000007C90000.00000002.00000001.sdmp String found in binary or memory: http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn
Source: AcroRd32.exe, 00000001.00000002.376215224.0000000007C90000.00000002.00000001.sdmp String found in binary or memory: http://www.osmf.org/layout/anchor
Source: AcroRd32.exe, 00000001.00000002.376215224.0000000007C90000.00000002.00000001.sdmp String found in binary or memory: http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributes
Source: AcroRd32.exe, 00000001.00000002.376215224.0000000007C90000.00000002.00000001.sdmp String found in binary or memory: http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs
Source: AcroRd32.exe, 00000001.00000002.376215224.0000000007C90000.00000002.00000001.sdmp String found in binary or memory: http://www.osmf.org/subclip/1.0
Source: AcroRd32.exe, 00000001.00000002.392423113.000000000B51E000.00000004.00000001.sdmp String found in binary or memory: http://www.quicktime.com.Acrobat
Source: msapplication.xml4.23.dr String found in binary or memory: http://www.reddit.com/
Source: msapplication.xml5.23.dr String found in binary or memory: http://www.twitter.com/
Source: msapplication.xml6.23.dr String found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml7.23.dr String found in binary or memory: http://www.youtube.com/
Source: faq[1].htm.24.dr String found in binary or memory: http://ykm.de/a
Source: ZeroClipboard.min[1].js.24.dr String found in binary or memory: http://zeroclipboard.org/
Source: index[2].htm.24.dr, IUE4OCQZ.htm.24.dr String found in binary or memory: https://...
Source: AcroRd32.exe, 00000001.00000002.391756660.000000000B27C000.00000004.00000001.sdmp String found in binary or memory: https://.OKCancelEdit
Source: AcroRd32.exe, 00000001.00000002.392044752.000000000B3C1000.00000004.00000001.sdmp String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/
Source: AcroRd32.exe, 00000001.00000002.392044752.000000000B3C1000.00000004.00000001.sdmp String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/-V_
Source: AcroRd32.exe, 00000001.00000002.392044752.000000000B3C1000.00000004.00000001.sdmp String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/;WE~_F
Source: AcroRd32.exe, 00000001.00000002.393703092.000000000CE06000.00000004.00000001.sdmp String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/
Source: AcroRd32.exe, 00000001.00000002.393703092.000000000CE06000.00000004.00000001.sdmp String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/#
Source: AcroRd32.exe, 00000001.00000002.392044752.000000000B3C1000.00000004.00000001.sdmp String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/xW
Source: js[1].js.24.dr String found in binary or memory: https://ade.googlesyndication.com/ddm/activity
Source: f[1].txt.24.dr String found in binary or memory: https://adsense.com.
Source: f[1].txt.24.dr String found in binary or memory: https://adservice.google.com
Source: js[1].js.24.dr String found in binary or memory: https://adservice.google.com/ddm/regclk
Source: analytics[1].js.24.dr String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: AcroRd32.exe, 00000001.00000003.372898356.000000000CE75000.00000004.00000001.sdmp String found in binary or memory: https://api.echosign.com
Source: AcroRd32.exe, 00000001.00000003.372898356.000000000CE75000.00000004.00000001.sdmp String found in binary or memory: https://api.echosign.com15)/
Source: AcroRd32.exe, 00000001.00000002.394772228.000000000D0DA000.00000004.00000001.sdmp String found in binary or memory: https://api.echosign.comRL
Source: f[1].txt.24.dr String found in binary or memory: https://attestation.android.com
Source: jquery.min[1].js.24.dr String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=29084
Source: jquery.min[1].js.24.dr String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=491668
Source: jquery.min[1].js.24.dr String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=649285
Source: f[1].txt0.24.dr String found in binary or memory: https://cdn.ampproject.org/amp4ads-host-v0.js
Source: f[1].txt0.24.dr String found in binary or memory: https://cdn.ampproject.org/rtv/%
Source: jquery.min[1].js.24.dr String found in binary or memory: https://developer.mozilla.org/en-US/docs/CSS/display
Source: jquery.min[1].js.24.dr String found in binary or memory: https://developer.mozilla.org/en/Security/CSP)
Source: f[1].txt0.24.dr String found in binary or memory: https://fundingchoicesmessages.google.com/uf/%
Source: jquery.min[1].js.24.dr String found in binary or memory: https://github.com/jquery/jquery/pull/764
Source: js[1].js.24.dr String found in binary or memory: https://github.com/krux/postscribe/blob/master/LICENSE.
Source: jquery.tweet[1].js.24.dr String found in binary or memory: https://github.com/seaofclouds/tweet
Source: f[1].txt0.24.dr String found in binary or memory: https://googleads.g.doubleclick.net
Source: ~DF006BB75F40C378F3.TMP.23.dr String found in binary or memory: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8989771679754051&o
Source: ~DF006BB75F40C378F3.TMP.23.dr String found in binary or memory: https://googleads.g.doubleclick.net/pagead/html/r20201203/r20190131/zrt_lookup.html
Source: ~DF006BB75F40C378F3.TMP.23.dr String found in binary or memory: https://googleads.g.doubleclick.net/pagead/html/r20201203/r20190131/zrt_lookup.html#
Source: redirect[1].htm.24.dr String found in binary or memory: https://href.li/?https://ykm.de/65f0a4768a364c17
Source: ~DF006BB75F40C378F3.TMP.23.dr, {0E7866F9-547B-11EB-90E4-ECF4BB862DED}.dat.23.dr String found in binary or memory: https://href.li/?https://ykm.de/65f0a4768a364c1717&t=MDZmNTEyZmUxYzY5ZjJkNjc3MDI5MTI0MjhiODVlNzBhYTA
Source: register[1].htm.24.dr String found in binary or memory: https://html5shim.googlecode.com/svn/trunk/html5.js
Source: AcroRd32.exe, 00000001.00000002.380377428.0000000009470000.00000004.00000001.sdmp String found in binary or memory: https://ims-na1.adobelogin.com
Source: js[1].js.24.dr, f[1].txt0.24.dr String found in binary or memory: https://pagead2.googlesyndication.com
Source: js[1].js.24.dr String found in binary or memory: https://pagead2.googlesyndication.com/
Source: sodar2[1].js.24.dr, runner[1].htm.24.dr String found in binary or memory: https://pagead2.googlesyndication.com/bg/%
Source: f[1].txt0.24.dr String found in binary or memory: https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=
Source: f[1].txt0.24.dr String found in binary or memory: https://pagead2.googlesyndication.com/pagead/expansion_embed.js
Source: f[1].txt.24.dr String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204
Source: f[1].txt.24.dr String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=
Source: f[1].txt0.24.dr String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=gfp_cw_status
Source: f[1].txt0.24.dr String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=imerr&err=
Source: f[1].txt.24.dr String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=plmetrics
Source: runner[1].htm.24.dr String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=219
Source: sodar2[1].js.24.dr String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=220
Source: f[1].txt.24.dr String found in binary or memory: https://pagead2.googlesyndication.com/pagead/js/
Source: register[1].htm.24.dr String found in binary or memory: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Source: f[1].txt.24.dr String found in binary or memory: https://pagead2.googlesyndication.com/pagead/js/managed/adsense/
Source: f[1].txt0.24.dr String found in binary or memory: https://pagead2.googlesyndication.com/pagead/osd.js
Source: f[1].txt0.24.dr String found in binary or memory: https://partner.googleadservices.com/gampad/cookie.js
Source: analytics[1].js.24.dr String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: AcroRd32.exe, 00000001.00000002.394314194.000000000CF4A000.00000004.00000001.sdmp String found in binary or memory: https://t.umblr.com
Source: AcroRd32.exe, 00000001.00000002.380628525.0000000009560000.00000004.00000001.sdmp String found in binary or memory: https://t.umblr.com/redirect?z=https%3A%2F%2Fclick-email2.giize.com%2F_PeXKkjgCsfgwYIEhjR9526431&t=N
Source: {0E7866F9-547B-11EB-90E4-ECF4BB862DED}.dat.23.dr String found in binary or memory: https://t.umblr.com/redirect?z=https%3A%2F%2Fykm.de%2F65f0a4768a364c17&t=MDZmNTEyZmUxYzY5ZjJkNjc3MDI
Source: sodar2[1].js.24.dr String found in binary or memory: https://tpc.googlesyndication.com
Source: f[1].txt0.24.dr String found in binary or memory: https://tpc.googlesyndication.com/sodar/%
Source: ~DF006BB75F40C378F3.TMP.23.dr, sodar2[1].js.24.dr String found in binary or memory: https://tpc.googlesyndication.com/sodar/sodar2/220/runner.html
Source: register[1].htm.24.dr, index[2].htm.24.dr String found in binary or memory: https://wurlie.net
Source: ~DF006BB75F40C378F3.TMP.23.dr, {0E7866F9-547B-11EB-90E4-ECF4BB862DED}.dat.23.dr String found in binary or memory: https://wurlie.net/
Source: ~DF006BB75F40C378F3.TMP.23.dr String found in binary or memory: https://wurlie.net/r_login.html
Source: {0E7866F9-547B-11EB-90E4-ECF4BB862DED}.dat.23.dr String found in binary or memory: https://wurlie.net/r_login.htmlhort
Source: AcroRd32.exe, 00000001.00000002.379695109.0000000008B4D000.00000002.00000001.sdmp String found in binary or memory: https://www.digicert.com/CPS0
Source: js[1].js.24.dr String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: analytics[1].js.24.dr String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: analytics[1].js.24.dr String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: js[1].js.24.dr, sodar2[1].js.24.dr String found in binary or memory: https://www.google.com
Source: f[1].txt.24.dr String found in binary or memory: https://www.google.com/adsense
Source: sodar2[1].js.24.dr String found in binary or memory: https://www.google.com/recaptcha/api2/aframe
Source: js[1].js.24.dr String found in binary or memory: https://www.google.com/travel/flights/click/conversion/
Source: js[1].js.24.dr String found in binary or memory: https://www.googletagmanager.com/debug/bootstrap
Source: analytics[1].js.24.dr String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: register[1].htm.24.dr String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-406118-10
Source: f[1].txt0.24.dr String found in binary or memory: https://www.googletagservices.com/activeview/js/current/osd.js
Source: js[1].js.24.dr String found in binary or memory: https://www.googletraveladservices.com/travel/clk/pagead/conversion/
Source: f[1].txt0.24.dr String found in binary or memory: https://www.gstatic.com/adsense/autoads/icons/arrow_left_24px_grey_800.svg
Source: f[1].txt0.24.dr String found in binary or memory: https://www.gstatic.com/adsense/autoads/icons/close_24px_grey_700.svg
Source: f[1].txt0.24.dr String found in binary or memory: https://www.gstatic.com/adsense/autoads/icons/gpp_good_24px_blue_600.svg
Source: f[1].txt0.24.dr String found in binary or memory: https://www.gstatic.com/adsense/autoads/icons/gpp_good_24px_grey_800.svg
Source: register[1].htm.24.dr, index[2].htm.24.dr String found in binary or memory: https://www.mfscripts.com
Source: ~DF006BB75F40C378F3.TMP.23.dr String found in binary or memory: https://www.mfscripts.com/
Source: ~DF006BB75F40C378F3.TMP.23.dr String found in binary or memory: https://www.mfscripts.com/html
Source: {0E7866F9-547B-11EB-90E4-ECF4BB862DED}.dat.23.dr String found in binary or memory: https://www.mfscripts.com/htmlhort
Source: ~DF006BB75F40C378F3.TMP.23.dr String found in binary or memory: https://www.mfscripts.com/n.ico
Source: register[1].htm.24.dr, faq[1].htm.24.dr, index[2].htm.24.dr String found in binary or memory: https://ykm.de
Source: ~DF006BB75F40C378F3.TMP.23.dr String found in binary or memory: https://ykm.de/
Source: KQGQMC7O.htm.24.dr String found in binary or memory: https://ykm.de/65f0a4768a364c17
Source: register[1].htm.24.dr, index[2].htm.24.dr String found in binary or memory: https://ykm.de/admin/assets/images/icons/flags/de.png
Source: register[1].htm.24.dr, index[2].htm.24.dr String found in binary or memory: https://ykm.de/admin/assets/images/icons/flags/us.png
Source: register[1].htm.24.dr, bookmarklet[1].htm.24.dr String found in binary or memory: https://ykm.de/api.html
Source: bookmarklet[1].htm.24.dr String found in binary or memory: https://ykm.de/api.html#activate
Source: bookmarklet[1].htm.24.dr String found in binary or memory: https://ykm.de/api.html#createBasic
Source: bookmarklet[1].htm.24.dr String found in binary or memory: https://ykm.de/api.html#createOptions
Source: bookmarklet[1].htm.24.dr String found in binary or memory: https://ykm.de/api.html#disable
Source: bookmarklet[1].htm.24.dr String found in binary or memory: https://ykm.de/api.html#info
Source: bookmarklet[1].htm.24.dr String found in binary or memory: https://ykm.de/api.html#list
Source: ~DF006BB75F40C378F3.TMP.23.dr, {0E7866F9-547B-11EB-90E4-ECF4BB862DED}.dat.23.dr, bookmarklet[1].htm.24.dr String found in binary or memory: https://ykm.de/bookmarklet.html
Source: ~DF006BB75F40C378F3.TMP.23.dr String found in binary or memory: https://ykm.de/bookmarklet.html88186576&adf=3175363789&pi=t.aa~a.1255761255~rp.4&w=1200&fwrn=4&fwrnh
Source: ~DF006BB75F40C378F3.TMP.23.dr String found in binary or memory: https://ykm.de/bookmarklet.htmlP
Source: ~DF006BB75F40C378F3.TMP.23.dr String found in binary or memory: https://ykm.de/bookmarklet.htmlTBookmarklet
Source: register[1].htm.24.dr String found in binary or memory: https://ykm.de/contact.html
Source: bookmarklet[1].htm.24.dr String found in binary or memory: https://ykm.de/convert_html_links.html
Source: {0E7866F9-547B-11EB-90E4-ECF4BB862DED}.dat.23.dr String found in binary or memory: https://ykm.de/error.html?e=This
Source: bookmarklet[1].htm.24.dr String found in binary or memory: https://ykm.de/export_url_data.php
Source: ~DF006BB75F40C378F3.TMP.23.dr, faq[1].htm.24.dr, bookmarklet[1].htm.24.dr String found in binary or memory: https://ykm.de/faq.html
Source: ~DF006BB75F40C378F3.TMP.23.dr String found in binary or memory: https://ykm.de/faq.htmlDFAQ
Source: ~DF006BB75F40C378F3.TMP.23.dr String found in binary or memory: https://ykm.de/faq.htmlhtml
Source: ~DF006BB75F40C378F3.TMP.23.dr String found in binary or memory: https://ykm.de/faq.htmlhtmlO1SPS
Source: {0E7866F9-547B-11EB-90E4-ECF4BB862DED}.dat.23.dr String found in binary or memory: https://ykm.de/faq.htmlhtmlis
Source: ~DF006BB75F40C378F3.TMP.23.dr, imagestore.dat.24.dr String found in binary or memory: https://ykm.de/favicon.ico
Source: member_login[1].htm.24.dr String found in binary or memory: https://ykm.de/forgot_password.html
Source: register[1].htm.24.dr String found in binary or memory: https://ykm.de/impressum.html
Source: index[2].htm.24.dr, IUE4OCQZ.htm.24.dr String found in binary or memory: https://ykm.de/index.html
Source: ~DF006BB75F40C378F3.TMP.23.dr, index[2].htm.24.dr, {0E7866F9-547B-11EB-90E4-ECF4BB862DED}.dat.23.dr String found in binary or memory: https://ykm.de/index.html?_t=Deutsch
Source: ~DF006BB75F40C378F3.TMP.23.dr, index[2].htm.24.dr, {0E7866F9-547B-11EB-90E4-ECF4BB862DED}.dat.23.dr String found in binary or memory: https://ykm.de/index.html?_t=English
Source: index[2].htm.24.dr, bookmarklet[1].htm.24.dr String found in binary or memory: https://ykm.de/index.html?agreeTerms=1&submitted=1&longUrl=
Source: index[2].htm.24.dr, bookmarklet[1].htm.24.dr String found in binary or memory: https://ykm.de/index.html?agreeTerms=1&submitted=1&postToTwitter=1&longUrl=
Source: {0E7866F9-547B-11EB-90E4-ECF4BB862DED}.dat.23.dr String found in binary or memory: https://ykm.de/index.htmle=This
Source: ~DF006BB75F40C378F3.TMP.23.dr, member_login[1].htm.24.dr String found in binary or memory: https://ykm.de/member_login.html
Source: ~DF006BB75F40C378F3.TMP.23.dr, {0E7866F9-547B-11EB-90E4-ECF4BB862DED}.dat.23.dr String found in binary or memory: https://ykm.de/member_login.htmlHLogin
Source: {0E7866F9-547B-11EB-90E4-ECF4BB862DED}.dat.23.dr String found in binary or memory: https://ykm.de/member_login.htmlhort
Source: ~DF006BB75F40C378F3.TMP.23.dr, index[2].htm.24.dr, {0E7866F9-547B-11EB-90E4-ECF4BB862DED}.dat.23.dr, recent_urls[1].htm.24.dr String found in binary or memory: https://ykm.de/recent_urls.html
Source: ~DF006BB75F40C378F3.TMP.23.dr String found in binary or memory: https://ykm.de/recent_urls.htmlTRecent
Source: ~DF006BB75F40C378F3.TMP.23.dr, faq[1].htm.24.dr String found in binary or memory: https://ykm.de/register.html
Source: ~DF006BB75F40C378F3.TMP.23.dr String found in binary or memory: https://ykm.de/register.htmlNRegister
Source: {0E7866F9-547B-11EB-90E4-ECF4BB862DED}.dat.23.dr String found in binary or memory: https://ykm.de/register.htmlis
Source: register[1].htm.24.dr, index[2].htm.24.dr String found in binary or memory: https://ykm.de/report_url.html
Source: ~DF006BB75F40C378F3.TMP.23.dr, {0E7866F9-547B-11EB-90E4-ECF4BB862DED}.dat.23.dr String found in binary or memory: https://ykm.de/rror.html?e=This
Source: register[1].htm.24.dr, index[2].htm.24.dr String found in binary or memory: https://ykm.de/terms.html
Source: register[1].htm.24.dr String found in binary or memory: https://ykm.de/themes/ykm/images/favicon.ico
Source: register[1].htm.24.dr String found in binary or memory: https://ykm.de/themes/ykm/images/logo/_default.png
Source: index[2].htm.24.dr, IUE4OCQZ.htm.24.dr String found in binary or memory: https://ykm.de/themes/ykm/images/plus_icon.png
Source: index[2].htm.24.dr, IUE4OCQZ.htm.24.dr String found in binary or memory: https://ykm.de/themes/ykm/images/star_icon.png
Source: index[2].htm.24.dr, IUE4OCQZ.htm.24.dr String found in binary or memory: https://ykm.de/themes/ykm/images/twitter_icon.png
Source: register[1].htm.24.dr String found in binary or memory: https://ykm.de/themes/ykm/js/ZeroClipboard/ZeroClipboard.min.js
Source: register[1].htm.24.dr String found in binary or memory: https://ykm.de/themes/ykm/js/jquery-ui-1.10.2.custom.min.js
Source: register[1].htm.24.dr String found in binary or memory: https://ykm.de/themes/ykm/js/jquery.autosize-min.js
Source: register[1].htm.24.dr String found in binary or memory: https://ykm.de/themes/ykm/js/jquery.dataTables.min.js
Source: register[1].htm.24.dr String found in binary or memory: https://ykm.de/themes/ykm/js/jquery.min.js
Source: register[1].htm.24.dr String found in binary or memory: https://ykm.de/themes/ykm/js/theme/bootstrap.min.js
Source: register[1].htm.24.dr String found in binary or memory: https://ykm.de/themes/ykm/js/theme/custom.js
Source: register[1].htm.24.dr String found in binary or memory: https://ykm.de/themes/ykm/js/theme/jflickrfeed.min.js
Source: register[1].htm.24.dr String found in binary or memory: https://ykm.de/themes/ykm/js/theme/jquery.easing.1.3.js
Source: register[1].htm.24.dr String found in binary or memory: https://ykm.de/themes/ykm/js/theme/jquery.tweet.js
Source: register[1].htm.24.dr String found in binary or memory: https://ykm.de/themes/ykm/js/theme/jquery.waitforimages.js
Source: register[1].htm.24.dr String found in binary or memory: https://ykm.de/themes/ykm/js/theme/testimonialrotator.js
Source: register[1].htm.24.dr String found in binary or memory: https://ykm.de/themes/ykm/styles/css/bootstrap-responsive.css
Source: register[1].htm.24.dr String found in binary or memory: https://ykm.de/themes/ykm/styles/css/bootstrap.css
Source: register[1].htm.24.dr String found in binary or memory: https://ykm.de/themes/ykm/styles/css/builder.css
Source: register[1].htm.24.dr String found in binary or memory: https://ykm.de/themes/ykm/styles/css/docs.css
Source: register[1].htm.24.dr String found in binary or memory: https://ykm.de/themes/ykm/styles/css/font-awesome.min.css
Source: register[1].htm.24.dr String found in binary or memory: https://ykm.de/themes/ykm/styles/css/fonts.css
Source: register[1].htm.24.dr String found in binary or memory: https://ykm.de/themes/ykm/styles/css/layouts/orange.css
Source: register[1].htm.24.dr String found in binary or memory: https://ykm.de/themes/ykm/styles/css/options.css
Source: register[1].htm.24.dr String found in binary or memory: https://ykm.de/themes/ykm/styles/css/wide_layout.css
Source: register[1].htm.24.dr String found in binary or memory: https://ykm.de/themes/ykm/styles/screen.css
Source: register[1].htm.24.dr, bookmarklet[1].htm.24.dr String found in binary or memory: https://ykm.de/tools.html
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown HTTPS traffic detected: 74.114.154.21:443 -> 192.168.2.3:49744 version: TLS 1.2
Source: unknown HTTPS traffic detected: 74.114.154.21:443 -> 192.168.2.3:49743 version: TLS 1.2
Source: unknown HTTPS traffic detected: 192.0.78.27:443 -> 192.168.2.3:49746 version: TLS 1.2
Source: unknown HTTPS traffic detected: 192.0.78.27:443 -> 192.168.2.3:49745 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.28.25.219:443 -> 192.168.2.3:49747 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.28.25.219:443 -> 192.168.2.3:49748 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.217.20.226:443 -> 192.168.2.3:49751 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.217.20.226:443 -> 192.168.2.3:49752 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.217.23.34:443 -> 192.168.2.3:49754 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.217.23.34:443 -> 192.168.2.3:49753 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.217.23.1:443 -> 192.168.2.3:49755 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.217.23.1:443 -> 192.168.2.3:49757 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.217.23.1:443 -> 192.168.2.3:49758 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.217.23.1:443 -> 192.168.2.3:49756 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.217.23.1:443 -> 192.168.2.3:49760 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.217.23.1:443 -> 192.168.2.3:49759 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.217.23.34:443 -> 192.168.2.3:49763 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.217.23.34:443 -> 192.168.2.3:49764 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.217.23.2:443 -> 192.168.2.3:49766 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.217.23.2:443 -> 192.168.2.3:49765 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.217.23.66:443 -> 192.168.2.3:49768 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.217.23.66:443 -> 192.168.2.3:49767 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.217.22.194:443 -> 192.168.2.3:49769 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.217.22.194:443 -> 192.168.2.3:49770 version: TLS 1.2
Source: classification engine Classification label: sus22.winPDF@19/166@10/11
Source: Information-Account-Prime-Disable-Service.pdf Initial sample: https://t.umblr.com/redirect?z=https%3A%2F%2Fykm.de%2F65f0a4768a364c17&t=MDZmNTEyZmUxYzY5ZjJkNjc3MDI5MTI0MjhiODVlNzBhYTAzZWMzZCwwY2IyNWEwNWYyMzA5MGNlNzYxMzg5ZTFhMTcwMTA4Y2U5NmEwYzZl&ts=1610149120
Source: Information-Account-Prime-Disable-Service.pdf Initial sample: https://t.umblr.com/redirect?z=https%3A%2F%2Fclick-email2.giize.com%2F_PeXKkjgCsfgwYIEhjR9526431&t=NjhlMjZlNjIzYTkwZmNhNzQ4MzZkN2ZhY2VmYzhkODliNTYyMmM5NSw3NjcwNzJhMWFiMzRkNjk3ZTE2YTE0MGQyZTQ2YWQxYWM5N2U4MjBm&ts=1607177201
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe File created: C:\Users\user\AppData\Local\Temp\acrord32_sbx\A9Rc4bt2d_p7y4ku_4lg.tmp Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe File read: C:\Users\desktop.ini Jump to behavior
Source: unknown Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' 'C:\Users\user\Desktop\Information-Account-Prime-Disable-Service.pdf'
Source: unknown Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\Information-Account-Prime-Disable-Service.pdf'
Source: unknown Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043
Source: unknown Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1676,6902283869037015468,17832798338356840690,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=13817734648253318396 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=13817734648253318396 --renderer-client-id=2 --mojo-platform-channel-handle=1720 --allow-no-sandbox-job /prefetch:1
Source: unknown Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1676,6902283869037015468,17832798338356840690,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=11890072385820109879 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2
Source: unknown Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1676,6902283869037015468,17832798338356840690,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=1881667437359436119 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1881667437359436119 --renderer-client-id=4 --mojo-platform-channel-handle=1860 --allow-no-sandbox-job /prefetch:1
Source: unknown Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1676,6902283869037015468,17832798338356840690,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=5458918827524385669 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=5458918827524385669 --renderer-client-id=5 --mojo-platform-channel-handle=1864 --allow-no-sandbox-job /prefetch:1
Source: unknown Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1676,6902283869037015468,17832798338356840690,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=13143280483817159406 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=13143280483817159406 --renderer-client-id=6 --mojo-platform-channel-handle=2140 --allow-no-sandbox-job /prefetch:1
Source: unknown Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' https://t.umblr.com/redirect?z=https%3A%2F%2Fykm.de%2F65f0a4768a364c17&t=MDZmNTEyZmUxYzY5ZjJkNjc3MDI5MTI0MjhiODVlNzBhYTAzZWMzZCwwY2IyNWEwNWYyMzA5MGNlNzYxMzg5ZTFhMTcwMTA4Y2U5NmEwYzZl&ts=1610149120
Source: unknown Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4736 CREDAT:17410 /prefetch:2
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\Information-Account-Prime-Disable-Service.pdf' Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043 Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' https://t.umblr.com/redirect?z=https%3A%2F%2Fykm.de%2F65f0a4768a364c17&t=MDZmNTEyZmUxYzY5ZjJkNjc3MDI5MTI0MjhiODVlNzBhYTAzZWMzZCwwY2IyNWEwNWYyMzA5MGNlNzYxMzg5ZTFhMTcwMTA4Y2U5NmEwYzZl&ts=1610149120 Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1676,6902283869037015468,17832798338356840690,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=13817734648253318396 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=13817734648253318396 --renderer-client-id=2 --mojo-platform-channel-handle=1720 --allow-no-sandbox-job /prefetch:1 Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1676,6902283869037015468,17832798338356840690,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=11890072385820109879 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2 Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1676,6902283869037015468,17832798338356840690,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=1881667437359436119 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1881667437359436119 --renderer-client-id=4 --mojo-platform-channel-handle=1860 --allow-no-sandbox-job /prefetch:1 Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1676,6902283869037015468,17832798338356840690,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=5458918827524385669 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=5458918827524385669 --renderer-client-id=5 --mojo-platform-channel-handle=1864 --allow-no-sandbox-job /prefetch:1 Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1676,6902283869037015468,17832798338356840690,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=13143280483817159406 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=13143280483817159406 --renderer-client-id=6 --mojo-platform-channel-handle=2140 --allow-no-sandbox-job /prefetch:1 Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4736 CREDAT:17410 /prefetch:2 Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe File opened: C:\Windows\SysWOW64\Msftedit.dll Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll Jump to behavior
Source: Information-Account-Prime-Disable-Service.pdf Initial sample: PDF keyword /JS count = 0
Source: Information-Account-Prime-Disable-Service.pdf Initial sample: PDF keyword /JavaScript count = 0
Source: Information-Account-Prime-Disable-Service.pdf Initial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: AcroRd32.exe, 00000001.00000002.394314194.000000000CF4A000.00000004.00000001.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Anti Debugging:

barindex
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Code function: 1_2_0503F003 LdrInitializeThunk, 1_2_0503F003
Source: AcroRd32.exe, 00000001.00000002.375084454.0000000005930000.00000002.00000001.sdmp Binary or memory string: Program Manager
Source: AcroRd32.exe, 00000001.00000002.375084454.0000000005930000.00000002.00000001.sdmp Binary or memory string: Shell_TrayWnd
Source: AcroRd32.exe, 00000001.00000002.375084454.0000000005930000.00000002.00000001.sdmp Binary or memory string: Progman
Source: AcroRd32.exe, 00000001.00000002.375084454.0000000005930000.00000002.00000001.sdmp Binary or memory string: Progmanlock
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 338148 Sample: Information-Account-Prime-D... Startdate: 11/01/2021 Architecture: WINDOWS Score: 22 36 ykm.de 2->36 44 Machine Learning detection for sample 2->44 8 AcroRd32.exe 16 45 2->8         started        signatures3 process4 process5 10 RdrCEF.exe 68 8->10         started        13 iexplore.exe 6 88 8->13         started        15 AcroRd32.exe 10 7 8->15         started        dnsIp6 38 192.168.2.1 unknown unknown 10->38 17 RdrCEF.exe 10->17         started        20 RdrCEF.exe 10->20         started        22 RdrCEF.exe 10->22         started        26 2 other processes 10->26 40 t.umblr.com 13->40 24 iexplore.exe 159 13->24         started        42 umblr.com 15->42 process7 dnsIp8 28 80.0.0.0 NTLGB United Kingdom 17->28 30 pagead46.l.doubleclick.net 172.217.20.226, 443, 49751, 49752 GOOGLEUS United States 24->30 32 172.217.22.194, 443, 49769, 49770 GOOGLEUS United States 24->32 34 11 other IPs or domains 24->34
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
104.28.25.219
 unknown United States
13335 CLOUDFLARENETUS false
172.217.22.194
 unknown United States
15169 GOOGLEUS false
192.0.78.27
 unknown United States
2635 AUTOMATTICUS false
74.114.154.21
 unknown Canada
2635 AUTOMATTICUS false
172.217.23.2
 unknown United States
15169 GOOGLEUS false
172.217.23.1
 unknown United States
15169 GOOGLEUS false
172.217.23.66
 unknown United States
15169 GOOGLEUS false
172.217.23.34
 unknown United States
15169 GOOGLEUS false
80.0.0.0
 unknown United Kingdom
5089 NTLGB false
172.217.20.226
 unknown United States
15169 GOOGLEUS false

Private
IP
192.168.2.1

Contacted Domains

Name IP Active
pagead46.l.doubleclick.net 172.217.20.226 true
umblr.com 74.114.154.17 true
partnerad.l.doubleclick.net 172.217.23.34 true
ykm.de 104.28.25.219 true
t.umblr.com 74.114.154.21 true
googlehosted.l.googleusercontent.com 172.217.23.1 true
href.li 192.0.78.27 true
googleads.g.doubleclick.net unknown unknown
www.googletagservices.com unknown unknown
themes.googleusercontent.com unknown unknown
adservice.google.co.uk unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://ykm.de/register.html true
    		unknown
    https://ykm.de/bookmarklet.html true
      		unknown
      https://ykm.de/faq.html true
        		unknown
        https://ykm.de/member_login.html true
          		unknown