Edit tour

Windows Analysis Report
http://lijit.com

Overview

General Information

Sample URL:	http://lijit.com
Analysis ID:	562527
Infos:

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Drops PE files

Found iframes

PE file contains sections with non-standard names

No HTML title found

Form action URLs do not match main URL

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6332 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "http://lijit.com MD5: C139654B5C1438A95B321BB01AD63EF6)

chrome.exe (PID: 6556 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1564,13595487648583302405,3110836150026139459,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1932 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)

cleanup

HTTP traffic detected: GET / HTTP/1.1Host: lijit.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: angular.js.1.dr	String found in binary or memory: http://angularjs.org
Source: widevinecdm.dll.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: widevinecdm.dll.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: widevinecdm.dll.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: widevinecdm.dll.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: widevinecdm.dll.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: widevinecdm.dll.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: widevinecdm.dll.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: widevinecdm.dll.1.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: widevinecdm.dll.1.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: widevinecdm.dll.1.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: widevinecdm.dll.1.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: angular.js.1.dr	String found in binary or memory: http://errors.angularjs.org/1.6.4-local
Source: History Provider Cache.1.dr	String found in binary or memory: http://lijit.com/2;Lijit
Source: widevinecdm.dll.1.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: widevinecdm.dll.1.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: widevinecdm.dll.1.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: widevinecdm.dll.1.dr	String found in binary or memory: http://ocsp.digicert.com0O
Source: mirroring_hangouts.js.1.dr	String found in binary or memory: http://tools.ietf.org/html/rfc1950
Source: mirroring_hangouts.js.1.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: widevinecdm.dll.1.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: mirroring_hangouts.js.1.dr	String found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions
Source: mirroring_hangouts.js.1.dr	String found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
Source: 2dd6a120-1e50-4e1c-9343-3106e141294e.tmp.3.dr, 8f53b7b9-af9d-41a5-aa8f-4d6a69835220.tmp.3.dr, manifest.json1.1.dr, 29df7120-4ea5-4e74-b7b4-fd59dfba73ed.tmp.3.dr	String found in binary or memory: https://accounts.google.com
Source: craw_window.js.1.dr	String found in binary or memory: https://accounts.google.com/MergeSession
Source: 2dd6a120-1e50-4e1c-9343-3106e141294e.tmp.3.dr, 8f53b7b9-af9d-41a5-aa8f-4d6a69835220.tmp.3.dr, manifest.json1.1.dr, 29df7120-4ea5-4e74-b7b4-fd59dfba73ed.tmp.3.dr	String found in binary or memory: https://apis.google.com
Source: mirroring_common.js.1.dr	String found in binary or memory: https://apis.google.com/js/client.js
Source: mirroring_common.js.1.dr	String found in binary or memory: https://castedumessaging-pa.googleapis.com/v1
Source: 2dd6a120-1e50-4e1c-9343-3106e141294e.tmp.3.dr, 8f53b7b9-af9d-41a5-aa8f-4d6a69835220.tmp.3.dr, 29df7120-4ea5-4e74-b7b4-fd59dfba73ed.tmp.3.dr	String found in binary or memory: https://clients2.google.com
Source: mirroring_hangouts.js.1.dr	String found in binary or memory: https://clients2.google.com/cr/report
Source: manifest.json0.1.dr, manifest.json.1.dr, manifest.json1.1.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 2dd6a120-1e50-4e1c-9343-3106e141294e.tmp.3.dr, 8f53b7b9-af9d-41a5-aa8f-4d6a69835220.tmp.3.dr, 29df7120-4ea5-4e74-b7b4-fd59dfba73ed.tmp.3.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: mirroring_hangouts.js.1.dr	String found in binary or memory: https://clients6.google.com
Source: 2dd6a120-1e50-4e1c-9343-3106e141294e.tmp.3.dr, 29df7120-4ea5-4e74-b7b4-fd59dfba73ed.tmp.3.dr	String found in binary or memory: https://content-autofill.googleapis.com
Source: manifest.json1.1.dr	String found in binary or memory: https://content.googleapis.com
Source: common.js.1.dr, mirroring_cast_streaming.js.1.dr	String found in binary or memory: https://crash.corp.google.com/samples?reportid=&q=
Source: mirroring_hangouts.js.1.dr	String found in binary or memory: https://creativecommons.org/publicdomain/zero/1.0/.
Source: 2dd6a120-1e50-4e1c-9343-3106e141294e.tmp.3.dr, 8f53b7b9-af9d-41a5-aa8f-4d6a69835220.tmp.3.dr, 29df7120-4ea5-4e74-b7b4-fd59dfba73ed.tmp.3.dr, d8d837a7-a1ab-4d3c-852b-02927a88920b.tmp.3.dr, 44f2ff87-727f-4f2c-8c13-d938c64150a1.tmp.3.dr	String found in binary or memory: https://dns.google
Source: mirroring_common.js.1.dr	String found in binary or memory: https://docs.google.com
Source: manifest.json1.1.dr	String found in binary or memory: https://feedback.googleusercontent.com
Source: 8f53b7b9-af9d-41a5-aa8f-4d6a69835220.tmp.3.dr	String found in binary or memory: https://fonts.googleapis.com
Source: manifest.json1.1.dr	String found in binary or memory: https://fonts.googleapis.com;
Source: 2dd6a120-1e50-4e1c-9343-3106e141294e.tmp.3.dr, 8f53b7b9-af9d-41a5-aa8f-4d6a69835220.tmp.3.dr, 29df7120-4ea5-4e74-b7b4-fd59dfba73ed.tmp.3.dr	String found in binary or memory: https://fonts.gstatic.com
Source: manifest.json1.1.dr	String found in binary or memory: https://fonts.gstatic.com;
Source: angular.js.1.dr, material_css_min.css.1.dr	String found in binary or memory: https://github.com/angular/material
Source: craw_background.js.1.dr, craw_window.js.1.dr	String found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
Source: mirroring_hangouts.js.1.dr	String found in binary or memory: https://github.com/madler/zlib/blob/master/zlib.h
Source: mirroring_hangouts.js.1.dr	String found in binary or memory: https://hangouts.clients6.google.com
Source: manifest.json1.1.dr	String found in binary or memory: https://hangouts.google.com/
Source: mirroring_hangouts.js.1.dr	String found in binary or memory: https://hangouts.google.com/hangouts/_/logpref
Source: History Provider Cache.1.dr	String found in binary or memory: https://lijit.com/2;Lijit
Source: mirroring_common.js.1.dr	String found in binary or memory: https://meet.google.com
Source: mirroring_hangouts.js.1.dr	String found in binary or memory: https://meetings.clients6.google.com
Source: mirroring_common.js.1.dr	String found in binary or memory: https://networktraversal.googleapis.com/v1alpha
Source: 2dd6a120-1e50-4e1c-9343-3106e141294e.tmp.3.dr, 8f53b7b9-af9d-41a5-aa8f-4d6a69835220.tmp.3.dr, 29df7120-4ea5-4e74-b7b4-fd59dfba73ed.tmp.3.dr	String found in binary or memory: https://ogs.google.com
Source: manifest.json0.1.dr, craw_window.js.1.dr	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: 2dd6a120-1e50-4e1c-9343-3106e141294e.tmp.3.dr, 8f53b7b9-af9d-41a5-aa8f-4d6a69835220.tmp.3.dr, 29df7120-4ea5-4e74-b7b4-fd59dfba73ed.tmp.3.dr	String found in binary or memory: https://play.google.com
Source: mirroring_hangouts.js.1.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: mirroring_hangouts.js.1.dr	String found in binary or memory: https://preprod-hangouts-googleapis.sandbox.google.com
Source: 2dd6a120-1e50-4e1c-9343-3106e141294e.tmp.3.dr, 29df7120-4ea5-4e74-b7b4-fd59dfba73ed.tmp.3.dr	String found in binary or memory: https://r4---sn-4g5e6ns7.gvt1.com
Source: 2dd6a120-1e50-4e1c-9343-3106e141294e.tmp.3.dr, 29df7120-4ea5-4e74-b7b4-fd59dfba73ed.tmp.3.dr	String found in binary or memory: https://redirector.gvt1.com
Source: manifest.json0.1.dr, craw_window.js.1.dr	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: 2dd6a120-1e50-4e1c-9343-3106e141294e.tmp.3.dr, 8f53b7b9-af9d-41a5-aa8f-4d6a69835220.tmp.3.dr, 29df7120-4ea5-4e74-b7b4-fd59dfba73ed.tmp.3.dr	String found in binary or memory: https://ssl.gstatic.com
Source: messages.json27.1.dr, messages.json83.1.dr, feedback.html.1.dr, messages.json28.1.dr, messages.json34.1.dr, messages.json17.1.dr, messages.json29.1.dr, messages.json48.1.dr, messages.json3.1.dr, messages.json62.1.dr, messages.json85.1.dr, messages.json4.1.dr, messages.json87.1.dr, messages.json86.1.dr, messages.json44.1.dr, messages.json69.1.dr, messages.json1.1.dr, messages.json18.1.dr, messages.json15.1.dr, messages.json33.1.dr, messages.json7.1.dr	String found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json27.1.dr, messages.json83.1.dr, feedback.html.1.dr, messages.json28.1.dr, messages.json34.1.dr, messages.json17.1.dr, messages.json29.1.dr, messages.json48.1.dr, messages.json3.1.dr, messages.json62.1.dr, messages.json85.1.dr, messages.json4.1.dr, messages.json87.1.dr, messages.json86.1.dr, messages.json44.1.dr, messages.json69.1.dr, messages.json1.1.dr, messages.json18.1.dr, messages.json15.1.dr, messages.json33.1.dr, messages.json7.1.dr	String found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: craw_background.js.1.dr, craw_window.js.1.dr	String found in binary or memory: https://www-googleapis-staging.sandbox.google.com
Source: widevinecdm.dll.1.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: 2dd6a120-1e50-4e1c-9343-3106e141294e.tmp.3.dr, 29df7120-4ea5-4e74-b7b4-fd59dfba73ed.tmp.3.dr	String found in binary or memory: https://www.google-analytics.com
Source: 2dd6a120-1e50-4e1c-9343-3106e141294e.tmp.3.dr, 8f53b7b9-af9d-41a5-aa8f-4d6a69835220.tmp.3.dr, manifest.json1.1.dr, 29df7120-4ea5-4e74-b7b4-fd59dfba73ed.tmp.3.dr	String found in binary or memory: https://www.google.com
Source: manifest.json0.1.dr	String found in binary or memory: https://www.google.com/
Source: craw_window.js.1.dr	String found in binary or memory: https://www.google.com/accounts/OAuthLogin?issueuberauth=1
Source: craw_window.js.1.dr	String found in binary or memory: https://www.google.com/images/cleardot.gif
Source: craw_window.js.1.dr	String found in binary or memory: https://www.google.com/images/dot2.gif
Source: craw_window.js.1.dr	String found in binary or memory: https://www.google.com/images/x2.gif
Source: craw_background.js.1.dr	String found in binary or memory: https://www.google.com/intl/en-US/chrome/blank.html
Source: mirroring_hangouts.js.1.dr	String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: feedback_script.js.1.dr	String found in binary or memory: https://www.google.com/tools/feedback
Source: manifest.json1.1.dr	String found in binary or memory: https://www.google.com;
Source: 2dd6a120-1e50-4e1c-9343-3106e141294e.tmp.3.dr, 8f53b7b9-af9d-41a5-aa8f-4d6a69835220.tmp.3.dr, craw_background.js.1.dr, 29df7120-4ea5-4e74-b7b4-fd59dfba73ed.tmp.3.dr, craw_window.js.1.dr	String found in binary or memory: https://www.googleapis.com
Source: manifest.json0.1.dr	String found in binary or memory: https://www.googleapis.com/
Source: manifest.json1.1.dr	String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json1.1.dr	String found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json0.1.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json0.1.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json1.1.dr	String found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json1.1.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json1.1.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json1.1.dr	String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json1.1.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json0.1.dr	String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json0.1.dr	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json1.1.dr	String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: mirroring_common.js.1.dr	String found in binary or memory: https://www.googleapis.com/calendar/v3
Source: mirroring_common.js.1.dr	String found in binary or memory: https://www.googleapis.com/hangouts/v1
Source: 2dd6a120-1e50-4e1c-9343-3106e141294e.tmp.3.dr, 29df7120-4ea5-4e74-b7b4-fd59dfba73ed.tmp.3.dr	String found in binary or memory: https://www.googleoptimize.com
Source: 2dd6a120-1e50-4e1c-9343-3106e141294e.tmp.3.dr, 29df7120-4ea5-4e74-b7b4-fd59dfba73ed.tmp.3.dr	String found in binary or memory: https://www.googletagmanager.com
Source: 2dd6a120-1e50-4e1c-9343-3106e141294e.tmp.3.dr, 8f53b7b9-af9d-41a5-aa8f-4d6a69835220.tmp.3.dr, 29df7120-4ea5-4e74-b7b4-fd59dfba73ed.tmp.3.dr	String found in binary or memory: https://www.gstatic.com
Source: common.js.1.dr	String found in binary or memory: https://www.gstatic.com/hangouts_echo_detector/release/%
Source: manifest.json1.1.dr	String found in binary or memory: https://www.gstatic.com;

Source: unknown	HTTPS traffic detected: 13.248.132.126:443 -> 192.168.2.3:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.248.132.126:443 -> 192.168.2.3:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 94.31.29.99:443 -> 192.168.2.3:49907 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 94.31.29.99:443 -> 192.168.2.3:49908 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.114.109:443 -> 192.168.2.3:49955 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.114.109:443 -> 192.168.2.3:49954 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.187.114:443 -> 192.168.2.3:50032 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.187.114:443 -> 192.168.2.3:50257 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 94.31.29.99:443 -> 192.168.2.3:50318 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.135.254.63:443 -> 192.168.2.3:50424 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.135.254.63:443 -> 192.168.2.3:50433 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.135.254.63:443 -> 192.168.2.3:50442 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 94.31.29.99:443 -> 192.168.2.3:50560 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\f6798c58-db7e-406a-8b58-2d8eaa1e789b.tmp

Jump to behavior

Source: classification engine

Classification label: clean2.win@46/200@56/34

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "http://lijit.com
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1564,13595487648583302405,3110836150026139459,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1932 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1564,13595487648583302405,3110836150026139459,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1932 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-61F4FAF3-18BC.pma

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Source:	Binary string: widevinecdm.dll.pdb source: widevinecdm.dll.1.dr
Source:	Binary string: widevinecdm.dll.pdb@ source: widevinecdm.dll.1.dr

Source: widevinecdm.dll.1.dr	Static PE information: section name: .00cfg
Source: widevinecdm.dll.1.dr	Static PE information: section name: .rodata
Source: widevinecdm.dll.1.dr	Static PE information: section name: _RDATA

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\6332_505347239\_platform_specific\win_x64\widevinecdm.dll

Jump to dropped file

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
1 Drive-by Compromise	Windows Management Instrumentation	Path Interception	1 Process Injection	3 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	2 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	2 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	3 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	1 Ingress Tool Transfer	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://lijit.com	0%	Virustotal		Browse
http://lijit.com	0%	Avira URL Cloud	safe

Dropped Files

Source	Detection	Scanner	Link
C:\Users\user\AppData\Local\Temp\6332_505347239\_platform_specific\win_x64\widevinecdm.dll	0%	Virustotal	Browse
C:\Users\user\AppData\Local\Temp\6332_505347239\_platform_specific\win_x64\widevinecdm.dll	0%	Metadefender	Browse
C:\Users\user\AppData\Local\Temp\6332_505347239\_platform_specific\win_x64\widevinecdm.dll	0%	ReversingLabs

Source	Detection	Scanner	Label
https://www.googleoptimize.com	0%	URL Reputation	safe
https://dns.google	0%	URL Reputation	safe
https://www.google.com;	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
forms.hsforms.com	104.16.88.5	true	false	unknown
cdn2.hubspot.net	104.17.241.204	true	false	high
forms.hubspot.com	104.19.155.83	true	false	high
sovrn.com	34.135.254.63	true	false	high
d2mvl3dkxvehny.cloudfront.net	143.204.215.25	true	false	high
js.hs-analytics.net	104.17.68.176	true	false	unknown
1g3v9y2l2llh2lksnu1v316y-wpengine.netdna-ssl.com	94.31.29.99	true	false	high
ipapi.co	104.26.8.44	true	false	high
group23.sites.hscoscdn20.net	199.60.103.254	true	false	unknown
track.hubspot.com	104.19.155.83	true	false	high
fresnel.vimeocdn.com	34.120.202.204	true	false	high
js.hsforms.net	104.17.184.73	true	false	high
js.hs-scripts.com	104.17.210.204	true	false	high
web-2099239636.us-east-1.elb.amazonaws.com	3.227.218.120	true	false	high
js.hubspotfeedback.com	104.17.112.162	true	false	unknown
js.hs-banner.com	104.18.20.191	true	false	unknown
public.hubapi.com	104.17.201.204	true	false	high
a.nel.cloudflare.com	35.190.80.1	true	false	high
accounts.google.com	142.250.203.109	true	false	high
quickkoala.io	162.242.174.138	true	false	unknown
www-google-analytics.l.google.com	142.250.203.110	true	false	high
feedback.hubapi.com	104.17.200.204	true	false	high
app.hubspot.com	104.19.154.83	true	false	high
www-googletagmanager.l.google.com	172.217.168.8	true	false	high
vimeo.com	151.101.192.217	true	false	high
www.googleoptimize.com	142.250.203.110	true	false	unknown
vimeo.map.fastly.net	151.101.0.217	true	false	unknown
js.hsleadflows.net	104.17.231.204	true	false	unknown
js-na1.hs-scripts.com	104.17.211.204	true	false	high
f.hubspotusercontent20.net	104.16.187.114	true	false	unknown
clients.l.google.com	142.250.203.110	true	false	high
www.sovrn.com	34.135.254.63	true	false	high
googlehosted.l.googleusercontent.com	172.217.168.33	true	false	high
s.w.org	192.0.77.48	true	false	high
js.hscollectedforms.net	104.17.128.171	true	false	unknown
lijit.com	13.248.132.126	true	false	high
vimeo-video.map.fastly.net	151.101.114.109	true	false	unknown
v.pinimg.com	unknown	unknown	false	high
i.vimeocdn.com	unknown	unknown	false	high
ct.pinterest.com	unknown	unknown	false	high
clients2.googleusercontent.com	unknown	unknown	false	high
use.fontawesome.com	unknown	unknown	false	high
clients2.google.com	unknown	unknown	false	high
www.viglink.com	unknown	unknown	false	high
code.jquery.com	unknown	unknown	false	high
f.vimeocdn.com	unknown	unknown	false	high
knowledge.sovrn.com	unknown	unknown	false	high
i.pinimg.com	unknown	unknown	false	high
assets.calendly.com	unknown	unknown	false	high
www.linkedin.com	unknown	unknown	false	high
px.ads.linkedin.com	unknown	unknown	false	high
snap.licdn.com	unknown	unknown	false	high
s.pinimg.com	unknown	unknown	false	high
www.pinterest.ch	unknown	unknown	false	high
player.vimeo.com	unknown	unknown	false	high
www.pinterest.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
https://player.vimeo.com/video/180965741?color=5D9FE7&title=0&byline=0&portrait=0	false	high
https://lijit.com/	false	high
https://www.pinterest.ch/ct.html	false	high
https://www.sovrn.com/publishers/commerce/	false	high
https://knowledge.sovrn.com/what-is-the-lijit-ad-serving-domain	false	high
https://www.sovrn.com/	false	high
http://lijit.com/	false	high
https://www.sovrn.com/publishers/signal/	false	high
https://www.sovrn.com/publishers/data/	false	high
https://www.sovrn.com/advertising-tools/	false	high
https://www.sovrn.com/#content	false	high
https://player.vimeo.com/video/361117679?color=5D9FE7?color=5D9FE7&title=0&byline=0&portrait=0	false	high
https://knowledge.sovrn.com/contact-us	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://apis.google.com/js/client.js	mirroring_common.js.1.dr	false		high
https://www.google.com/images/cleardot.gif	craw_window.js.1.dr	false		high
https://play.google.com	2dd6a120-1e50-4e1c-9343-3106e141294e.tmp.3.dr, 8f53b7b9-af9d-41a5-aa8f-4d6a69835220.tmp.3.dr, 29df7120-4ea5-4e74-b7b4-fd59dfba73ed.tmp.3.dr	false		high
https://crash.corp.google.com/samples?reportid=&q=	common.js.1.dr, mirroring_cast_streaming.js.1.dr	false		high
https://www.google.com/log?format=json&hasfast=true	mirroring_hangouts.js.1.dr	false		high
https://sandbox.google.com/payments/v4/js/integrator.js	manifest.json0.1.dr, craw_window.js.1.dr	false		high
http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01	mirroring_hangouts.js.1.dr	false		high
https://accounts.google.com/MergeSession	craw_window.js.1.dr	false		high
https://preprod-hangouts-googleapis.sandbox.google.com	mirroring_hangouts.js.1.dr	false		high
https://lijit.com/2;Lijit	History Provider Cache.1.dr	false		high
https://www.google.com	2dd6a120-1e50-4e1c-9343-3106e141294e.tmp.3.dr, 8f53b7b9-af9d-41a5-aa8f-4d6a69835220.tmp.3.dr, manifest.json1.1.dr, 29df7120-4ea5-4e74-b7b4-fd59dfba73ed.tmp.3.dr	false		high
https://www.googleoptimize.com	2dd6a120-1e50-4e1c-9343-3106e141294e.tmp.3.dr, 29df7120-4ea5-4e74-b7b4-fd59dfba73ed.tmp.3.dr	false	URL Reputation: safe	unknown
https://hangouts.clients6.google.com	mirroring_hangouts.js.1.dr	false		high
https://meet.google.com	mirroring_common.js.1.dr	false		high
https://hangouts.google.com/hangouts/_/logpref	mirroring_hangouts.js.1.dr	false		high
https://accounts.google.com	2dd6a120-1e50-4e1c-9343-3106e141294e.tmp.3.dr, 8f53b7b9-af9d-41a5-aa8f-4d6a69835220.tmp.3.dr, manifest.json1.1.dr, 29df7120-4ea5-4e74-b7b4-fd59dfba73ed.tmp.3.dr	false		high
https://clients2.google.com/cr/report	mirroring_hangouts.js.1.dr	false		high
http://angularjs.org	angular.js.1.dr	false		high
https://creativecommons.org/publicdomain/zero/1.0/.	mirroring_hangouts.js.1.dr	false		high
https://github.com/angular/material	angular.js.1.dr, material_css_min.css.1.dr	false		high
https://apis.google.com	2dd6a120-1e50-4e1c-9343-3106e141294e.tmp.3.dr, 8f53b7b9-af9d-41a5-aa8f-4d6a69835220.tmp.3.dr, manifest.json1.1.dr, 29df7120-4ea5-4e74-b7b4-fd59dfba73ed.tmp.3.dr	false		high
https://www.google.com/accounts/OAuthLogin?issueuberauth=1	craw_window.js.1.dr	false		high
https://github.com/madler/zlib/blob/master/zlib.h	mirroring_hangouts.js.1.dr	false		high
https://www-googleapis-staging.sandbox.google.com	craw_background.js.1.dr, craw_window.js.1.dr	false		high
https://clients2.google.com	2dd6a120-1e50-4e1c-9343-3106e141294e.tmp.3.dr, 8f53b7b9-af9d-41a5-aa8f-4d6a69835220.tmp.3.dr, 29df7120-4ea5-4e74-b7b4-fd59dfba73ed.tmp.3.dr	false		high
https://www.google.com/tools/feedback	feedback_script.js.1.dr	false		high
http://www.apache.org/licenses/LICENSE-2.0	mirroring_hangouts.js.1.dr	false		high
https://dns.google	2dd6a120-1e50-4e1c-9343-3106e141294e.tmp.3.dr, 8f53b7b9-af9d-41a5-aa8f-4d6a69835220.tmp.3.dr, 29df7120-4ea5-4e74-b7b4-fd59dfba73ed.tmp.3.dr, d8d837a7-a1ab-4d3c-852b-02927a88920b.tmp.3.dr, 44f2ff87-727f-4f2c-8c13-d938c64150a1.tmp.3.dr	false	URL Reputation: safe	unknown
https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p	craw_background.js.1.dr, craw_window.js.1.dr	false		high
https://www.google.com/intl/en-US/chrome/blank.html	craw_background.js.1.dr	false		high
https://ogs.google.com	2dd6a120-1e50-4e1c-9343-3106e141294e.tmp.3.dr, 8f53b7b9-af9d-41a5-aa8f-4d6a69835220.tmp.3.dr, 29df7120-4ea5-4e74-b7b4-fd59dfba73ed.tmp.3.dr	false		high
https://support.google.com/chromecast/troubleshooter/2995236	messages.json27.1.dr, messages.json83.1.dr, feedback.html.1.dr, messages.json28.1.dr, messages.json34.1.dr, messages.json17.1.dr, messages.json29.1.dr, messages.json48.1.dr, messages.json3.1.dr, messages.json62.1.dr, messages.json85.1.dr, messages.json4.1.dr, messages.json87.1.dr, messages.json86.1.dr, messages.json44.1.dr, messages.json69.1.dr, messages.json1.1.dr, messages.json18.1.dr, messages.json15.1.dr, messages.json33.1.dr, messages.json7.1.dr	false		high
http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions	mirroring_hangouts.js.1.dr	false		high
https://payments.google.com/payments/v4/js/integrator.js	manifest.json0.1.dr, craw_window.js.1.dr	false		high
https://www.google.com;	manifest.json1.1.dr	false	Avira URL Cloud: safe	low
https://hangouts.google.com/	manifest.json1.1.dr	false		high
https://www.google.com/images/x2.gif	craw_window.js.1.dr	false		high
https://www.google.com/images/dot2.gif	craw_window.js.1.dr	false		high
https://meetings.clients6.google.com	mirroring_hangouts.js.1.dr	false		high
https://play.google.com/log?format=json&hasfast=true	mirroring_hangouts.js.1.dr	false		high
http://lijit.com/2;Lijit	History Provider Cache.1.dr	false		high
http://tools.ietf.org/html/rfc1950	mirroring_hangouts.js.1.dr	false		high
https://support.google.com/chromecast/answer/2998456	messages.json27.1.dr, messages.json83.1.dr, feedback.html.1.dr, messages.json28.1.dr, messages.json34.1.dr, messages.json17.1.dr, messages.json29.1.dr, messages.json48.1.dr, messages.json3.1.dr, messages.json62.1.dr, messages.json85.1.dr, messages.json4.1.dr, messages.json87.1.dr, messages.json86.1.dr, messages.json44.1.dr, messages.json69.1.dr, messages.json1.1.dr, messages.json18.1.dr, messages.json15.1.dr, messages.json33.1.dr, messages.json7.1.dr	false		high
https://clients2.googleusercontent.com	2dd6a120-1e50-4e1c-9343-3106e141294e.tmp.3.dr, 8f53b7b9-af9d-41a5-aa8f-4d6a69835220.tmp.3.dr, 29df7120-4ea5-4e74-b7b4-fd59dfba73ed.tmp.3.dr	false		high
https://docs.google.com	mirroring_common.js.1.dr	false		high
https://www.google.com/	manifest.json0.1.dr	false		high
https://feedback.googleusercontent.com	manifest.json1.1.dr	false		high
https://clients2.google.com/service/update2/crx	manifest.json0.1.dr, manifest.json.1.dr, manifest.json1.1.dr	false		high
https://clients6.google.com	mirroring_hangouts.js.1.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.26.8.44	ipapi.co	United States	13335	CLOUDFLARENETUS	false
104.19.155.83	forms.hubspot.com	United States	13335	CLOUDFLARENETUS	false
104.17.68.176	js.hs-analytics.net	United States	13335	CLOUDFLARENETUS	false
104.16.187.114	f.hubspotusercontent20.net	United States	13335	CLOUDFLARENETUS	false
104.18.20.191	js.hs-banner.com	United States	13335	CLOUDFLARENETUS	false
151.101.0.217	vimeo.map.fastly.net	United States	54113	FASTLYUS	false
199.60.103.254	group23.sites.hscoscdn20.net	Canada	23181	QUICKSILVER1CA	false
104.17.200.204	feedback.hubapi.com	United States	13335	CLOUDFLARENETUS	false
104.17.210.204	js.hs-scripts.com	United States	13335	CLOUDFLARENETUS	false
172.217.168.8	www-googletagmanager.l.google.com	United States	15169	GOOGLEUS	false
104.17.112.162	js.hubspotfeedback.com	United States	13335	CLOUDFLARENETUS	false
104.17.231.204	js.hsleadflows.net	United States	13335	CLOUDFLARENETUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
3.227.218.120	web-2099239636.us-east-1.elb.amazonaws.com	United States	14618	AMAZON-AESUS	false
104.17.128.171	js.hscollectedforms.net	United States	13335	CLOUDFLARENETUS	false
142.250.203.109	accounts.google.com	United States	15169	GOOGLEUS	false
104.17.201.204	public.hubapi.com	United States	13335	CLOUDFLARENETUS	false
94.31.29.99	1g3v9y2l2llh2lksnu1v316y-wpengine.netdna-ssl.com	United Kingdom	33438	HIGHWINDS2US	false
104.17.184.73	js.hsforms.net	United States	13335	CLOUDFLARENETUS	false
143.204.215.25	d2mvl3dkxvehny.cloudfront.net	United States	16509	AMAZON-02US	false
104.19.154.83	app.hubspot.com	United States	13335	CLOUDFLARENETUS	false
104.17.211.204	js-na1.hs-scripts.com	United States	13335	CLOUDFLARENETUS	false
162.242.174.138	quickkoala.io	United States	19994	RACKSPACEUS	false
151.101.114.109	vimeo-video.map.fastly.net	United States	54113	FASTLYUS	false
34.120.202.204	fresnel.vimeocdn.com	United States	15169	GOOGLEUS	false
151.101.192.217	vimeo.com	United States	54113	FASTLYUS	false
34.135.254.63	sovrn.com	United States	2686	ATGS-MMD-ASUS	false
104.17.241.204	cdn2.hubspot.net	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.217.168.33	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
104.16.88.5	forms.hsforms.com	United States	13335	CLOUDFLARENETUS	false
13.248.132.126	lijit.com	United States	16509	AMAZON-02US	false

Private

IP
192.168.2.1
127.0.0.1

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	562527
Start date:	29.01.2022
Start time:	00:28:49
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 6m 16s
Hypervisor based Inspection enabled:	false
Report type:	light
Cookbook file name:	browseurl.jbs
Sample URL:	http://lijit.com
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	24
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean2.win@46/200@56/34
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Adjust boot time Enable AMSI Browse: https://www.sovrn.com/ Browse: https://knowledge.sovrn.com/what-is-the-lijit-ad-serving-domain Browse: https://www.sovrn.com/contact/ Browse: https://www.sovrn.com/#content Browse: https://www.sovrn.com/advertising-tools/ Browse: https://www.sovrn.com/publishers/signal/ Browse: https://www.sovrn.com/publishers/commerce/ Browse: https://www.sovrn.com/publishers/data/

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, WMIADAP.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
TCP Packets have been reduced to 100
Created / dropped Files have been reduced to 100
Excluded IPs from analysis (whitelisted): 2.20.157.220, 2.20.156.69, 142.250.203.110, 173.194.182.73, 34.104.35.123, 142.250.203.99, 69.16.175.42, 69.16.175.10, 104.21.78.7, 172.67.214.69, 2.20.156.249, 142.250.203.106, 104.18.14.176, 104.18.15.176, 92.123.101.114, 92.123.101.81, 95.101.180.83, 95.101.180.11, 13.107.42.14, 172.217.168.10, 172.217.168.42, 172.217.168.74
Excluded domains from analysis (whitelisted): cds.s5x3j6q5.hwcdn.net, v.pinimg.com.edgesuite.net, e6449.dsca.akamaiedge.net, store-images.s-microsoft.com-c.edgekey.net, clientservices.googleapis.com, use.fontawesome.com.cdn.cloudflare.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, r4.sn-4g5e6ns7.gvt1.com, arc.msn.com, e12564.dspb.akamaiedge.net, 2-01-37d2-0006.cdx.cedexis.net, l-0005.l-msedge.net, redirector.gvt1.com, www.googletagmanager.com, 2-01-37d2-0018.cdx.cedexis.net, sovrnknowledge.wpengine.com, update.googleapis.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, e6449.a.akamaiedge.net, www.gstatic.com, prod.fs.microsoft.com.akadns.net, r4---sn-4g5e6ns7.gvt1.com, www.google-analytics.com, a1863.dscv.akamai.net, www-linkedin-com.l-0005.l-msedge.net, fs.microsoft.com, 2-01-37d2-0004.cdx.cedexis.net, content-autofill.googleapis.com, i-pinimg-com-cdn-cloudflare-net.pinimg.com.cdn.cloudflare.net, 2-01-37d2-0007.cdx.c
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtQueryVolumeInformationFile calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Report size getting too big, too many NtWriteVirtualMemory calls found.

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	451603
Entropy (8bit):	5.009711072558331
Encrypted:	false
SSDEEP:	12288:ZHfRTyGZ6lup8Cfrvq4JBPKh+FBlESBw4p6:NfOCzvRKhGvwJ
MD5:	A78AD14E77147E7DE3647E61964C0335
SHA1:	CECC3DD41F4CEA0192B24300C71E1911BD4FCE45
SHA-256:	0D6803758FF8F87081FAFD62E90F0950DFB2DD7991E9607FE76A8F92D0E893FA
SHA-512:	DDE24D5AD50D68FC91E9E325D31E66EF8F624B6BB3A07D14FFED1104D3AB5F4EF1D7969A5CDE0DFBB19CB31C506F7DE97AF67C2F244F7E7E8E10648EA8321101
Malicious:	false
Reputation:	low
Preview:	BDic.... ....6...."..Z..4g....6.2...{/...3...5....AF 1363.AF nm.AF pt.AF n1.AF p.AF tc.AF SM.AF M.AF S.AF MS.AF MNR.AF GDS.AF MNT.AF MH.AF MR.AF SZMR.AF MJ.AF MT.AF MY.AF MRZ.AF MN.AF MG.AF RM.AF N.AF MV.AF XM.AF DSM.AF SD.AF G.AF R.AF MNX.AF MRS.AF MD.AF MNRB.AF B.AF ZSMR.AF PM.AF SMNGJ.AF SMN.AF ZMR.AF SMGB.AF MZR.AF GM.AF SMR.AF SMDG.AF RMZ.AF ZM.AF MDG.AF MDT.AF SMNXT.AF SDY.AF LSDG.AF LGDS.AF GLDS.AF UY.AF U.AF DSGNX.AF GNDSX.AF DSG.AF Y.AF GS.AF IEMS.AF YP.AF ZGDRS.AF XGNVDS.AF UT.AF GNDS.AF GVDS.AF MYPS.AF XGNDS.AF TPRY.AF MDSG.AF ZGSDR.AF DYSG.AF PMYTNS.AF AGDS.AF DRZGS.AF PY.AF GSPMDY.AF EGVDS.AF SL.AF GNXDS.AF DSBG.AF IM.AF I.AF MDGS.AF SMY.AF DSGN.AF DSLG.AF GMDS.AF MDSBG.AF SGD.AF IY.AF P.AF DSMG.AF BLZGDRS.AF TR.AF AGSD.AF ZGBDRSL.AF PTRY.AF ASDGV.AF ASM.AF ICANGSD.AF ICAM.AF IKY.AF AMS.AF PMYTRS.AF BZGVDRS.AF SDRBZG.AF GVMDS.AF PSM.AF DGLS.AF GNVXDS.AF AGDSL.AF DGS.AF XDSGNV.AF BZGDRS.AF AM.AF AS.AF A.AF LDSG.AF AGVDS.AF SDG.AF LDSMG.AF EDSMG.AF EY.AF DRSMZG.AF PRYT.AF LZ

Source: https://www.sovrn.com/	HTTP Parser: Iframe src: https://player.vimeo.com/video/180965741?color=5D9FE7&title=0&byline=0&portrait=0
Source: https://www.sovrn.com/	HTTP Parser: Iframe src: https://www.pinterest.com/ct.html
Source: https://www.sovrn.com/	HTTP Parser: Iframe src: https://player.vimeo.com/video/180965741?color=5D9FE7&title=0&byline=0&portrait=0
Source: https://www.sovrn.com/	HTTP Parser: Iframe src: https://www.pinterest.com/ct.html
Source: https://www.sovrn.com/	HTTP Parser: Iframe src: https://player.vimeo.com/video/180965741?color=5D9FE7&title=0&byline=0&portrait=0
Source: https://www.sovrn.com/	HTTP Parser: Iframe src: https://www.pinterest.com/ct.html
Source: https://www.sovrn.com/#content	HTTP Parser: Iframe src: https://player.vimeo.com/video/180965741?color=5D9FE7&title=0&byline=0&portrait=0
Source: https://www.sovrn.com/#content	HTTP Parser: Iframe src: https://www.pinterest.com/ct.html
Source: https://www.sovrn.com/advertising-tools/	HTTP Parser: Iframe src: https://www.pinterest.com/ct.html
Source: https://www.sovrn.com/publishers/signal/	HTTP Parser: Iframe src: https://www.pinterest.com/ct.html
Source: https://www.sovrn.com/advertising-tools/	HTTP Parser: Iframe src: https://www.pinterest.com/ct.html
Source: https://www.sovrn.com/publishers/commerce/	HTTP Parser: Iframe src: https://player.vimeo.com/video/361117679?color=5D9FE7?color=5D9FE7&title=0&byline=0&portrait=0
Source: https://www.sovrn.com/publishers/commerce/	HTTP Parser: Iframe src: https://www.pinterest.com/ct.html
Source: https://www.sovrn.com/publishers/data/	HTTP Parser: Iframe src: https://www.pinterest.com/ct.html
Source: https://www.sovrn.com/publishers/signal/	HTTP Parser: Iframe src: https://www.pinterest.com/ct.html
Source: https://www.sovrn.com/publishers/commerce/	HTTP Parser: Iframe src: https://player.vimeo.com/video/361117679?color=5D9FE7?color=5D9FE7&title=0&byline=0&portrait=0
Source: https://www.sovrn.com/publishers/commerce/	HTTP Parser: Iframe src: https://www.pinterest.com/ct.html

Source: https://www.sovrn.com/	HTTP Parser: HTML title missing
Source: https://www.sovrn.com/	HTTP Parser: HTML title missing
Source: https://knowledge.sovrn.com/what-is-the-lijit-ad-serving-domain	HTTP Parser: HTML title missing
Source: https://knowledge.sovrn.com/contact-us	HTTP Parser: HTML title missing
Source: https://www.sovrn.com/#content	HTTP Parser: HTML title missing
Source: https://www.sovrn.com/advertising-tools/	HTTP Parser: HTML title missing
Source: https://www.sovrn.com/publishers/signal/	HTTP Parser: HTML title missing
Source: https://www.sovrn.com/advertising-tools/	HTTP Parser: HTML title missing
Source: https://www.sovrn.com/publishers/commerce/	HTTP Parser: HTML title missing
Source: https://www.sovrn.com/publishers/data/	HTTP Parser: HTML title missing
Source: https://www.sovrn.com/publishers/signal/	HTTP Parser: HTML title missing
Source: https://www.sovrn.com/publishers/commerce/	HTTP Parser: HTML title missing

Source: https://www.sovrn.com/advertising-tools/	HTTP Parser: Form action: https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/7216873/8159a7b3-e7ac-4967-bb96-ea7ac4ead928 sovrn hsforms
Source: https://www.sovrn.com/publishers/signal/	HTTP Parser: Form action: https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/7216873/8159a7b3-e7ac-4967-bb96-ea7ac4ead928 sovrn hsforms
Source: https://www.sovrn.com/advertising-tools/	HTTP Parser: Form action: https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/7216873/8159a7b3-e7ac-4967-bb96-ea7ac4ead928 sovrn hsforms
Source: https://www.sovrn.com/publishers/commerce/	HTTP Parser: Form action: https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/7216873/8159a7b3-e7ac-4967-bb96-ea7ac4ead928 sovrn hsforms
Source: https://www.sovrn.com/publishers/signal/	HTTP Parser: Form action: https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/7216873/8159a7b3-e7ac-4967-bb96-ea7ac4ead928 sovrn hsforms
Source: https://www.sovrn.com/publishers/commerce/	HTTP Parser: Form action: https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/7216873/8159a7b3-e7ac-4967-bb96-ea7ac4ead928 sovrn hsforms

Source: https://www.sovrn.com/	HTTP Parser: No <meta name="author".. found
Source: https://www.sovrn.com/	HTTP Parser: No <meta name="author".. found
Source: https://knowledge.sovrn.com/what-is-the-lijit-ad-serving-domain	HTTP Parser: No <meta name="author".. found
Source: https://www.sovrn.com/	HTTP Parser: No <meta name="author".. found
Source: https://knowledge.sovrn.com/contact-us	HTTP Parser: No <meta name="author".. found
Source: https://www.sovrn.com/#content	HTTP Parser: No <meta name="author".. found
Source: https://www.sovrn.com/advertising-tools/	HTTP Parser: No <meta name="author".. found
Source: https://www.sovrn.com/publishers/signal/	HTTP Parser: No <meta name="author".. found
Source: https://www.sovrn.com/advertising-tools/	HTTP Parser: No <meta name="author".. found
Source: https://www.sovrn.com/publishers/commerce/	HTTP Parser: No <meta name="author".. found
Source: https://www.sovrn.com/publishers/data/	HTTP Parser: No <meta name="author".. found
Source: https://www.sovrn.com/publishers/signal/	HTTP Parser: No <meta name="author".. found
Source: https://www.sovrn.com/publishers/commerce/	HTTP Parser: No <meta name="author".. found

Source: https://www.sovrn.com/	HTTP Parser: No <meta name="copyright".. found
Source: https://www.sovrn.com/	HTTP Parser: No <meta name="copyright".. found
Source: https://knowledge.sovrn.com/what-is-the-lijit-ad-serving-domain	HTTP Parser: No <meta name="copyright".. found
Source: https://www.sovrn.com/	HTTP Parser: No <meta name="copyright".. found
Source: https://knowledge.sovrn.com/contact-us	HTTP Parser: No <meta name="copyright".. found
Source: https://www.sovrn.com/#content	HTTP Parser: No <meta name="copyright".. found
Source: https://www.sovrn.com/advertising-tools/	HTTP Parser: No <meta name="copyright".. found
Source: https://www.sovrn.com/publishers/signal/	HTTP Parser: No <meta name="copyright".. found
Source: https://www.sovrn.com/advertising-tools/	HTTP Parser: No <meta name="copyright".. found
Source: https://www.sovrn.com/publishers/commerce/	HTTP Parser: No <meta name="copyright".. found
Source: https://www.sovrn.com/publishers/data/	HTTP Parser: No <meta name="copyright".. found
Source: https://www.sovrn.com/publishers/signal/	HTTP Parser: No <meta name="copyright".. found
Source: https://www.sovrn.com/publishers/commerce/	HTTP Parser: No <meta name="copyright".. found

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 29, 2022 00:29:42.454762936 CET	49741	80	192.168.2.3	13.248.132.126
Jan 29, 2022 00:29:42.455347061 CET	49742	80	192.168.2.3	13.248.132.126
Jan 29, 2022 00:29:42.463313103 CET	49745	443	192.168.2.3	142.250.203.109
Jan 29, 2022 00:29:42.463355064 CET	443	49745	142.250.203.109	192.168.2.3
Jan 29, 2022 00:29:42.463427067 CET	49745	443	192.168.2.3	142.250.203.109
Jan 29, 2022 00:29:42.463674068 CET	49745	443	192.168.2.3	142.250.203.109
Jan 29, 2022 00:29:42.463692904 CET	443	49745	142.250.203.109	192.168.2.3
Jan 29, 2022 00:29:42.474363089 CET	80	49741	13.248.132.126	192.168.2.3
Jan 29, 2022 00:29:42.474494934 CET	49741	80	192.168.2.3	13.248.132.126
Jan 29, 2022 00:29:42.474772930 CET	49741	80	192.168.2.3	13.248.132.126
Jan 29, 2022 00:29:42.474905968 CET	80	49742	13.248.132.126	192.168.2.3
Jan 29, 2022 00:29:42.474983931 CET	49742	80	192.168.2.3	13.248.132.126
Jan 29, 2022 00:29:42.494002104 CET	80	49741	13.248.132.126	192.168.2.3
Jan 29, 2022 00:29:42.525341988 CET	443	49745	142.250.203.109	192.168.2.3
Jan 29, 2022 00:29:42.550637960 CET	49745	443	192.168.2.3	142.250.203.109
Jan 29, 2022 00:29:42.550663948 CET	443	49745	142.250.203.109	192.168.2.3
Jan 29, 2022 00:29:42.552819014 CET	443	49745	142.250.203.109	192.168.2.3
Jan 29, 2022 00:29:42.552889109 CET	49745	443	192.168.2.3	142.250.203.109
Jan 29, 2022 00:29:42.676275015 CET	80	49741	13.248.132.126	192.168.2.3
Jan 29, 2022 00:29:42.772212029 CET	49746	443	192.168.2.3	13.248.132.126
Jan 29, 2022 00:29:42.772265911 CET	443	49746	13.248.132.126	192.168.2.3
Jan 29, 2022 00:29:42.772358894 CET	49746	443	192.168.2.3	13.248.132.126
Jan 29, 2022 00:29:42.772716045 CET	49746	443	192.168.2.3	13.248.132.126
Jan 29, 2022 00:29:42.772757053 CET	443	49746	13.248.132.126	192.168.2.3
Jan 29, 2022 00:29:42.804512024 CET	49741	80	192.168.2.3	13.248.132.126
Jan 29, 2022 00:29:42.818788052 CET	49745	443	192.168.2.3	142.250.203.109
Jan 29, 2022 00:29:42.819020033 CET	49745	443	192.168.2.3	142.250.203.109
Jan 29, 2022 00:29:42.819051027 CET	443	49745	142.250.203.109	192.168.2.3
Jan 29, 2022 00:29:42.819104910 CET	443	49745	142.250.203.109	192.168.2.3
Jan 29, 2022 00:29:42.897985935 CET	443	49745	142.250.203.109	192.168.2.3
Jan 29, 2022 00:29:42.898091078 CET	49745	443	192.168.2.3	142.250.203.109
Jan 29, 2022 00:29:42.899545908 CET	49745	443	192.168.2.3	142.250.203.109
Jan 29, 2022 00:29:42.899569988 CET	443	49745	142.250.203.109	192.168.2.3
Jan 29, 2022 00:29:43.123717070 CET	443	49746	13.248.132.126	192.168.2.3
Jan 29, 2022 00:29:43.124039888 CET	49746	443	192.168.2.3	13.248.132.126
Jan 29, 2022 00:29:43.124069929 CET	443	49746	13.248.132.126	192.168.2.3
Jan 29, 2022 00:29:43.125965118 CET	443	49746	13.248.132.126	192.168.2.3
Jan 29, 2022 00:29:43.126069069 CET	49746	443	192.168.2.3	13.248.132.126
Jan 29, 2022 00:29:43.128418922 CET	49746	443	192.168.2.3	13.248.132.126
Jan 29, 2022 00:29:43.128619909 CET	443	49746	13.248.132.126	192.168.2.3
Jan 29, 2022 00:29:43.128801107 CET	49746	443	192.168.2.3	13.248.132.126
Jan 29, 2022 00:29:43.128832102 CET	443	49746	13.248.132.126	192.168.2.3
Jan 29, 2022 00:29:43.168530941 CET	49746	443	192.168.2.3	13.248.132.126
Jan 29, 2022 00:29:43.260524988 CET	443	49746	13.248.132.126	192.168.2.3
Jan 29, 2022 00:29:43.260560989 CET	443	49746	13.248.132.126	192.168.2.3
Jan 29, 2022 00:29:43.260639906 CET	49746	443	192.168.2.3	13.248.132.126
Jan 29, 2022 00:29:43.260659933 CET	443	49746	13.248.132.126	192.168.2.3
Jan 29, 2022 00:29:43.260711908 CET	49746	443	192.168.2.3	13.248.132.126
Jan 29, 2022 00:29:43.260739088 CET	443	49746	13.248.132.126	192.168.2.3
Jan 29, 2022 00:29:43.260790110 CET	49746	443	192.168.2.3	13.248.132.126
Jan 29, 2022 00:29:43.262219906 CET	49746	443	192.168.2.3	13.248.132.126
Jan 29, 2022 00:29:43.262243032 CET	443	49746	13.248.132.126	192.168.2.3
Jan 29, 2022 00:29:43.332777023 CET	49749	443	192.168.2.3	13.248.132.126
Jan 29, 2022 00:29:43.332830906 CET	443	49749	13.248.132.126	192.168.2.3
Jan 29, 2022 00:29:43.332917929 CET	49749	443	192.168.2.3	13.248.132.126
Jan 29, 2022 00:29:43.333178997 CET	49749	443	192.168.2.3	13.248.132.126
Jan 29, 2022 00:29:43.333199978 CET	443	49749	13.248.132.126	192.168.2.3
Jan 29, 2022 00:29:43.333789110 CET	49750	443	192.168.2.3	13.248.132.126
Jan 29, 2022 00:29:43.333830118 CET	443	49750	13.248.132.126	192.168.2.3
Jan 29, 2022 00:29:43.333961010 CET	49750	443	192.168.2.3	13.248.132.126
Jan 29, 2022 00:29:43.334147930 CET	49750	443	192.168.2.3	13.248.132.126
Jan 29, 2022 00:29:43.334176064 CET	443	49750	13.248.132.126	192.168.2.3
Jan 29, 2022 00:29:43.334789038 CET	49751	443	192.168.2.3	13.248.132.126
Jan 29, 2022 00:29:43.334841013 CET	443	49751	13.248.132.126	192.168.2.3
Jan 29, 2022 00:29:43.334949970 CET	49751	443	192.168.2.3	13.248.132.126
Jan 29, 2022 00:29:43.335117102 CET	49751	443	192.168.2.3	13.248.132.126
Jan 29, 2022 00:29:43.335139990 CET	443	49751	13.248.132.126	192.168.2.3
Jan 29, 2022 00:29:43.351675987 CET	49752	443	192.168.2.3	13.248.132.126
Jan 29, 2022 00:29:43.351748943 CET	443	49752	13.248.132.126	192.168.2.3
Jan 29, 2022 00:29:43.351881027 CET	49752	443	192.168.2.3	13.248.132.126
Jan 29, 2022 00:29:43.352065086 CET	49752	443	192.168.2.3	13.248.132.126
Jan 29, 2022 00:29:43.352091074 CET	443	49752	13.248.132.126	192.168.2.3
Jan 29, 2022 00:29:43.352576971 CET	49753	443	192.168.2.3	13.248.132.126
Jan 29, 2022 00:29:43.352643967 CET	443	49753	13.248.132.126	192.168.2.3
Jan 29, 2022 00:29:43.352745056 CET	49753	443	192.168.2.3	13.248.132.126
Jan 29, 2022 00:29:43.352972984 CET	49754	443	192.168.2.3	13.248.132.126
Jan 29, 2022 00:29:43.353017092 CET	443	49754	13.248.132.126	192.168.2.3
Jan 29, 2022 00:29:43.353104115 CET	49754	443	192.168.2.3	13.248.132.126
Jan 29, 2022 00:29:43.353228092 CET	49753	443	192.168.2.3	13.248.132.126
Jan 29, 2022 00:29:43.353257895 CET	443	49753	13.248.132.126	192.168.2.3
Jan 29, 2022 00:29:43.353389025 CET	49754	443	192.168.2.3	13.248.132.126
Jan 29, 2022 00:29:43.353413105 CET	443	49754	13.248.132.126	192.168.2.3
Jan 29, 2022 00:29:43.553831100 CET	443	49749	13.248.132.126	192.168.2.3
Jan 29, 2022 00:29:43.555155039 CET	49749	443	192.168.2.3	13.248.132.126
Jan 29, 2022 00:29:43.555185080 CET	443	49749	13.248.132.126	192.168.2.3
Jan 29, 2022 00:29:43.556066036 CET	443	49749	13.248.132.126	192.168.2.3
Jan 29, 2022 00:29:43.556721926 CET	49749	443	192.168.2.3	13.248.132.126
Jan 29, 2022 00:29:43.556876898 CET	49749	443	192.168.2.3	13.248.132.126
Jan 29, 2022 00:29:43.556950092 CET	443	49749	13.248.132.126	192.168.2.3
Jan 29, 2022 00:29:43.571952105 CET	443	49753	13.248.132.126	192.168.2.3
Jan 29, 2022 00:29:43.572135925 CET	443	49752	13.248.132.126	192.168.2.3
Jan 29, 2022 00:29:43.572350979 CET	49753	443	192.168.2.3	13.248.132.126
Jan 29, 2022 00:29:43.572408915 CET	443	49753	13.248.132.126	192.168.2.3
Jan 29, 2022 00:29:43.572534084 CET	49752	443	192.168.2.3	13.248.132.126
Jan 29, 2022 00:29:43.572607040 CET	443	49752	13.248.132.126	192.168.2.3
Jan 29, 2022 00:29:43.573367119 CET	443	49754	13.248.132.126	192.168.2.3
Jan 29, 2022 00:29:43.573723078 CET	49754	443	192.168.2.3	13.248.132.126
Jan 29, 2022 00:29:43.573755026 CET	443	49754	13.248.132.126	192.168.2.3
Jan 29, 2022 00:29:43.574232101 CET	443	49753	13.248.132.126	192.168.2.3
Jan 29, 2022 00:29:43.574378014 CET	49753	443	192.168.2.3	13.248.132.126

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Jan 29, 2022 00:29:42.428852081 CET	192.168.2.3	8.8.8.8	0xf9b2	Standard query (0)	lijit.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:29:42.431309938 CET	192.168.2.3	8.8.8.8	0x1d5f	Standard query (0)	clients2.google.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:29:42.433576107 CET	192.168.2.3	8.8.8.8	0xcca5	Standard query (0)	accounts.google.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:29:46.096728086 CET	192.168.2.3	8.8.8.8	0x62fd	Standard query (0)	lijit.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:29:48.525435925 CET	192.168.2.3	8.8.8.8	0x115	Standard query (0)	clients2.googleusercontent.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:29:52.207479954 CET	192.168.2.3	8.8.8.8	0x5c07	Standard query (0)	www.sovrn.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:29:53.176026106 CET	192.168.2.3	8.8.8.8	0xc8b1	Standard query (0)	1g3v9y2l2llh2lksnu1v316y-wpengine.netdna-ssl.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:29:53.393491030 CET	192.168.2.3	8.8.8.8	0xdfcb	Standard query (0)	s.w.org	A (IP address)	IN (0x0001)
Jan 29, 2022 00:29:53.394804001 CET	192.168.2.3	8.8.8.8	0x6c67	Standard query (0)	use.fontawesome.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:29:53.395776987 CET	192.168.2.3	8.8.8.8	0x5f67	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:29:54.722853899 CET	192.168.2.3	8.8.8.8	0xeee	Standard query (0)	s.pinimg.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:29:56.185457945 CET	192.168.2.3	8.8.8.8	0xe31	Standard query (0)	js.hs-analytics.net	A (IP address)	IN (0x0001)
Jan 29, 2022 00:29:56.844579935 CET	192.168.2.3	8.8.8.8	0xa7e2	Standard query (0)	ct.pinterest.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:29:57.311920881 CET	192.168.2.3	8.8.8.8	0x8b19	Standard query (0)	ipapi.co	A (IP address)	IN (0x0001)
Jan 29, 2022 00:29:57.412606955 CET	192.168.2.3	8.8.8.8	0x47ad	Standard query (0)	quickkoala.io	A (IP address)	IN (0x0001)
Jan 29, 2022 00:29:57.459466934 CET	192.168.2.3	8.8.8.8	0x3206	Standard query (0)	www.pinterest.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:29:57.460170031 CET	192.168.2.3	8.8.8.8	0x8664	Standard query (0)	track.hubspot.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:29:57.711396933 CET	192.168.2.3	8.8.8.8	0x1dc9	Standard query (0)	player.vimeo.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:29:57.844914913 CET	192.168.2.3	8.8.8.8	0x2a38	Standard query (0)	www.pinterest.ch	A (IP address)	IN (0x0001)
Jan 29, 2022 00:29:58.220007896 CET	192.168.2.3	8.8.8.8	0x71ba	Standard query (0)	f.vimeocdn.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:29:58.220696926 CET	192.168.2.3	8.8.8.8	0xf1ef	Standard query (0)	i.vimeocdn.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:29:58.221251011 CET	192.168.2.3	8.8.8.8	0xc02b	Standard query (0)	fresnel.vimeocdn.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:29:58.493005991 CET	192.168.2.3	8.8.8.8	0x31e6	Standard query (0)	i.pinimg.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:29:58.500835896 CET	192.168.2.3	8.8.8.8	0x62ea	Standard query (0)	v.pinimg.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:29:58.566663980 CET	192.168.2.3	8.8.8.8	0xc3c8	Standard query (0)	js.hs-scripts.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:29:58.609992981 CET	192.168.2.3	8.8.8.8	0x8e2	Standard query (0)	www.googleoptimize.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:29:58.731519938 CET	192.168.2.3	8.8.8.8	0x4630	Standard query (0)	js.hs-banner.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:29:58.732362032 CET	192.168.2.3	8.8.8.8	0x94d1	Standard query (0)	js.hsleadflows.net	A (IP address)	IN (0x0001)
Jan 29, 2022 00:29:58.733036995 CET	192.168.2.3	8.8.8.8	0x55e	Standard query (0)	snap.licdn.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:29:58.733418941 CET	192.168.2.3	8.8.8.8	0x34ec	Standard query (0)	js.hscollectedforms.net	A (IP address)	IN (0x0001)
Jan 29, 2022 00:29:58.891930103 CET	192.168.2.3	8.8.8.8	0xc32a	Standard query (0)	px.ads.linkedin.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:29:59.145191908 CET	192.168.2.3	8.8.8.8	0x59fa	Standard query (0)	forms.hubspot.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:29:59.190097094 CET	192.168.2.3	8.8.8.8	0x2a90	Standard query (0)	www.linkedin.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:29:59.398159981 CET	192.168.2.3	8.8.8.8	0x517a	Standard query (0)	forms.hsforms.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:30:00.667028904 CET	192.168.2.3	8.8.8.8	0xd174	Standard query (0)	f.hubspotusercontent20.net	A (IP address)	IN (0x0001)
Jan 29, 2022 00:30:00.804867029 CET	192.168.2.3	8.8.8.8	0xfdc1	Standard query (0)	1g3v9y2l2llh2lksnu1v316y-wpengine.netdna-ssl.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:30:01.324475050 CET	192.168.2.3	8.8.8.8	0x1f4d	Standard query (0)	vimeo.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:30:02.810867071 CET	192.168.2.3	8.8.8.8	0xb5bb	Standard query (0)	knowledge.sovrn.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:30:03.204438925 CET	192.168.2.3	8.8.8.8	0x5f4e	Standard query (0)	i.vimeocdn.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:30:04.407047987 CET	192.168.2.3	8.8.8.8	0xb996	Standard query (0)	cdn2.hubspot.net	A (IP address)	IN (0x0001)
Jan 29, 2022 00:30:04.583996058 CET	192.168.2.3	8.8.8.8	0xe17d	Standard query (0)	js.hubspotfeedback.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:30:04.793917894 CET	192.168.2.3	8.8.8.8	0x12c1	Standard query (0)	feedback.hubapi.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:30:04.794595003 CET	192.168.2.3	8.8.8.8	0x8775	Standard query (0)	public.hubapi.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:30:04.829551935 CET	192.168.2.3	8.8.8.8	0x63d5	Standard query (0)	app.hubspot.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:30:06.413559914 CET	192.168.2.3	8.8.8.8	0x892e	Standard query (0)	knowledge.sovrn.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:30:10.488104105 CET	192.168.2.3	8.8.8.8	0xb840	Standard query (0)	f.hubspotusercontent20.net	A (IP address)	IN (0x0001)
Jan 29, 2022 00:30:26.257399082 CET	192.168.2.3	8.8.8.8	0x4bd1	Standard query (0)	js.hsforms.net	A (IP address)	IN (0x0001)
Jan 29, 2022 00:30:28.310538054 CET	192.168.2.3	8.8.8.8	0xec37	Standard query (0)	a.nel.cloudflare.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:30:38.484894991 CET	192.168.2.3	8.8.8.8	0x3170	Standard query (0)	www.viglink.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:30:39.533302069 CET	192.168.2.3	8.8.8.8	0xe516	Standard query (0)	sovrn.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:30:40.857727051 CET	192.168.2.3	8.8.8.8	0x451a	Standard query (0)	js-na1.hs-scripts.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:30:42.582561016 CET	192.168.2.3	8.8.8.8	0xafef	Standard query (0)	www.viglink.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:30:43.247199059 CET	192.168.2.3	8.8.8.8	0x4c92	Standard query (0)	sovrn.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:30:44.094639063 CET	192.168.2.3	8.8.8.8	0xdeaf	Standard query (0)	www.sovrn.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:30:46.252686977 CET	192.168.2.3	8.8.8.8	0x62fd	Standard query (0)	assets.calendly.com	A (IP address)	IN (0x0001)
Jan 29, 2022 00:31:00.288830042 CET	192.168.2.3	8.8.8.8	0xd84e	Standard query (0)	quickkoala.io	A (IP address)	IN (0x0001)

Target ID:	1
Start time:	00:29:38
Start date:	29/01/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "http://lijit.com
Imagebase:	0x7ff68b0a0000
File size:	2150896 bytes
MD5 hash:	C139654B5C1438A95B321BB01AD63EF6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Target ID:	3
Start time:	00:29:40
Start date:	29/01/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1564,13595487648583302405,3110836150026139459,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1932 /prefetch:8
Imagebase:	0x7ff68b0a0000
File size:	2150896 bytes
MD5 hash:	C139654B5C1438A95B321BB01AD63EF6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Description:	Adversaries may gain access to a system through a user visiting a website over the normal course of browsing. With this technique, the user's web browser is typically targeted for exploitation, but adversaries may also use compromised websites for non-exploitation behavior such as acquiring Application Access Token .
Tactics:	Initial Access
Data Sources:	Network device logs, Network intrusion detection system, Packet capture, Process use of network, SSL/TLS inspection, Web proxy
Platforms:	Linux, macOS, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://lijit.com

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Overview

Sigma Overview

Jbx Signature Overview

Phishing

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic

C:\Users\user\AppData\Local\Google\Chrome\User Data\0c14505d-0f2d-4fbf-9e74-8b568a2d0c1d.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\234b1768-537f-4939-b41e-2731569afd32.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\286b9a4f-04eb-4f26-9537-b4ee646db027.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\72aad41b-6a0d-4dc3-b6d3-c649bd4f64dc.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\8c028a80-7257-4f23-aae9-e491b50354bd.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\92d025ba-bf1b-4223-9d91-acc100fd0c9b.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\115b5a41-6e74-41a4-9117-9d5dc0e6f3fa.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\29df7120-4ea5-4e74-b7b4-fd59dfba73ed.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\2dd6a120-1e50-4e1c-9343-3106e141294e.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\34edbd4a-e245-44ec-9b06-d0da1331cb0a.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\55eb8d88-6d41-4fc5-abaf-4925f73264a4.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\55f32e52-4f3c-4ad5-8109-805f2757a9e2.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\75348905-db1f-43ce-9f48-bef33cb71b44.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\879c9b2a-5e33-4e1b-b8b2-62a2d22f69d3.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\8c1675ad-0bc3-450b-ad1f-9f7a538b3c94.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\8f53b7b9-af9d-41a5-aa8f-4d6a69835220.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\90249c99-f1c4-47f4-baf6-f0f08927c3bd.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_1\_metadata\computed_hashes.json

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old (copy)

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent StateMP (copy)

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences38 (copy)

Windows Analysis Report
http://lijit.com