Analysis Report https://somervoice.somervillema.gov/novel-coronavirus-resources-for-businesses/widgets/16897/videos/2327

Overview

General Information

Sample URL:	https://somervoice.somervillema.gov/novel-coronavirus-resources-for-businesses/widgets/16897/videos/2327
Analysis ID:	349157
Most interesting Screenshot:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Queries the volume information (name, serial number etc) of a device

Classification

Signatures

Compliance:

Uses new MSVCR Dlls

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 54.177.210.138:443 -> 192.168.2.5:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.5:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.5:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.23.66:443 -> 192.168.2.5:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.23.66:443 -> 192.168.2.5:49763 version: TLS 1.2

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Source: Traffic	Snort IDS: 466 ICMP L3retriever Ping 192.168.2.5: -> 143.204.15.131:
Source: Traffic	Snort IDS: 466 ICMP L3retriever Ping 192.168.2.5: -> 216.58.207.170:
Source: Traffic	Snort IDS: 466 ICMP L3retriever Ping 192.168.2.5: -> 216.58.207.174:
Source: Traffic	Snort IDS: 466 ICMP L3retriever Ping 192.168.2.5: -> 143.204.15.81:
Source: Traffic	Snort IDS: 466 ICMP L3retriever Ping 192.168.2.5: -> 104.16.18.94:

Source: wtuxe7VPD3U[1].htm.6.dr	String found in binary or memory: <link rel="canonical" href="https://www.youtube.com/watch?v=wtuxe7VPD3U"> equals www.youtube.com (Youtube)
Source: base[1].js.6.dr	String found in binary or memory: (g.Ym(b,"www.youtube.com"),c=b.toString()):c=Nw(c);b=new Pw(c);b.set("cmo=pf","1");d&&b.set("cmo=td","a1.googlevideo.com");return b}; equals www.youtube.com (Youtube)
Source: {E57A1C95-6806-11EB-90E5-ECF4BB570DC9}.dat.5.dr	String found in binary or memory: 8https://www.youtube.com/embed/wtuxe7VPD3U?feature=oembed equals www.youtube.com (Youtube)
Source: wget.exe, 00000002.00000002.237274437.0000000001048000.00000004.00000001.sdmp, 2327.2.dr	String found in binary or memory: <a data-ariahandle="project_video_li" data-childId="1442" class="video-thumbnail-link" href="https://somervoice.somervillema.gov/novel-coronavirus-resources-for-businesses/widgets/16897/videos/1442"><img alt="3.23 SBA's Economic Disaster Relief Loan w/ Dan Martiniello of SBA Boston" data-url="https://www.youtube.com/watch?v=cuSif0I20vE" class="video-thumbnail wide" id="video_image_thumb_1442" style="cursor:pointer; padding: 7px; border: 1px solid #ccc; margin-bottom:10px; width: 140px; height: 96px;" src="https://i.ytimg.com/vi/cuSif0I20vE/hqdefault.jpg" /></a> equals www.youtube.com (Youtube)
Source: wget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.dr	String found in binary or memory: <a data-ariahandle="project_video_li" data-childId="1443" class="video-thumbnail-link" href="https://somervoice.somervillema.gov/novel-coronavirus-resources-for-businesses/widgets/16897/videos/1443"><img alt="3.25 Considerations for Restaurants w/Rethink Restaurants" data-url="https://www.youtube.com/watch?v=5GRcO6cLNs8" class="video-thumbnail wide" id="video_image_thumb_1443" style="cursor:pointer; padding: 7px; border: 1px solid #ccc; margin-bottom:10px; width: 140px; height: 96px;" src="https://i.ytimg.com/vi/5GRcO6cLNs8/hqdefault.jpg" /></a> equals www.youtube.com (Youtube)
Source: wget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.dr	String found in binary or memory: <a data-ariahandle="project_video_li" data-childId="1745" class="video-thumbnail-link" href="https://somervoice.somervillema.gov/novel-coronavirus-resources-for-businesses/widgets/16897/videos/1745"><img alt="De-Escalation Techniques for Businesses" data-url="https://www.youtube.com/watch?v=KTb4H2DQcdc" class="video-thumbnail wide" id="video_image_thumb_1745" style="cursor:pointer; padding: 7px; border: 1px solid #ccc; margin-bottom:10px; width: 140px; height: 96px;" src="https://i.ytimg.com/vi/KTb4H2DQcdc/hqdefault.jpg" /></a> equals www.youtube.com (Youtube)
Source: wget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.dr	String found in binary or memory: <iframe title="Mayor's Business Town Hall 2.2.2021" width="427" height="240" src="https://www.youtube.com/embed/wtuxe7VPD3U?feature=oembed" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe> equals www.youtube.com (Youtube)
Source: wtuxe7VPD3U[1].htm.6.dr	String found in binary or memory: <noscript><div class="player-unavailable"><h1 class="message">An error occurred.</h1><div class="submessage"><a href="https://www.youtube.com/watch?v=wtuxe7VPD3U" target="_blank">Try watching this video on www.youtube.com</a>, or enable JavaScript if it is disabled in your browser.</div></div></noscript></body></html> equals www.youtube.com (Youtube)
Source: base[1].js.6.dr	String found in binary or memory: b),this.U=!1,this.videoData.Y("html5_playready_enable_non_persist_license")&&(this.F.pst="0"));b=BH(this.B)?lta(c.initData).replace("skd://","https://"):this.B.C;this.videoData.Y("enable_shadow_yttv_channels")&&(b=new g.Wm(b),document.location.origin&&document.location.origin.includes("green")?g.Ym(b,"web-green-qa.youtube.com"):g.Ym(b,"www.youtube.com"),b=b.toString());this.baseUrl=b;this.fairplayKeyId=Qd(this.baseUrl,"ek")\|\|"";if(b=Qd(this.baseUrl,"cpi")\|\|"")this.cryptoPeriodIndex=Number(b);this.ga= equals www.youtube.com (Youtube)
Source: base[1].js.6.dr	String found in binary or memory: g.FO.prototype.B=function(a){var b=this;Bpa(this);var c=a.ly,d=this.api.S();"GENERIC_WITHOUT_LINK"!==c\|\|d.I?"TOO_MANY_REQUESTS"===c?(d=this.api.getVideoData(),this.Gc(IO(this,"TOO_MANY_REQUESTS_WITH_LINK",d.Ml(),void 0,void 0,void 0,!1))):"HTML5_NO_AVAILABLE_FORMATS_FALLBACK"!==c\|\|d.I?this.Gc(g.GO(a.errorMessage)):this.Gc(IO(this,"HTML5_NO_AVAILABLE_FORMATS_FALLBACK_WITH_LINK_SHORT","//www.youtube.com/supported_browsers")):(a=d.hostLanguage,c="//support.google.com/youtube/?p=player_error1",a&&(c= equals www.youtube.com (Youtube)
Source: base[1].js.6.dr	String found in binary or memory: g.ND=function(a){a=CD(a.U);return"www.youtube-nocookie.com"===a?"www.youtube.com":a}; equals www.youtube.com (Youtube)
Source: base[1].js.6.dr	String found in binary or memory: g.dE=function(a){var b=g.OD(a);!a.Y("yt_embeds_disable_new_error_lozenge_url")&&Kha.includes(b)&&(b="www.youtube.com");return a.protocol+"://"+b}; equals www.youtube.com (Youtube)
Source: base[1].js.6.dr	String found in binary or memory: g.k.clone=function(){var a=new bn;a.C=this.C;this.u&&(a.u=this.u.clone(),a.B=this.B);return a};var jn="://secure-...imrworldwide.com/ ://cdn.imrworldwide.com/ ://aksecure.imrworldwide.com/ ://[^.]*.moatads.com ://youtube[0-9]+.moatpixel.com ://pm.adsafeprotected.com/youtube ://pm.test-adsafeprotected.com/youtube ://e[0-9]+.yt.srs.doubleverify.com www.google.com/pagead/xsul www.youtube.com/pagead/slav".split(" "),Pda=/\bocr\b/;var Qda=/(?:\[\|%5B)([a-zA-Z0-9_]+)(?:\]\|%5D)/g;var JD={hY:"LIVING_ROOM_APP_MODE_UNSPECIFIED",eY:"LIVING_ROOM_APP_MODE_MAIN",dY:"LIVING_ROOM_APP_MODE_KIDS",fY:"LIVING_ROOM_APP_MODE_MUSIC",gY:"LIVING_ROOM_APP_MODE_UNPLUGGED",cY:"LIVING_ROOM_APP_MODE_GAMING"},Vxa={C0:"PLAYBACK_TYPE_UNKNOWN",w0:"PLAYBACK_TYPE_APPLICATION",v0:"PLAYBACK_TYPE_ADS",A0:"PLAYBACK_TYPE_REMOTE",B0:"PLAYBACK_TYPE_SECONDARY_CAMERA",z0:"PLAYBACK_TYPE_PREROLL_INTERSTITIAL",y0:"PLAYBACK_TYPE_POSTROLL_INTERSTITIAL",x0:"PLAYBACK_TYPE_MIDROLL_INTERSTITIAL"};mn.prototype.set=function(a,b){b=void 0===b?!0:b;0<=a&&52>a&&0===a%1&&this.u[a]!=b&&(this.u[a]=b,this.B=-1)}; equals www.youtube.com (Youtube)
Source: base[1].js.6.dr	String found in binary or memory: g.k.getVideoUrl=function(a,b,c,d,e){b={list:b};c&&(e?b.time_continue=c:b.t=c);c=g.OD(this);d&&"www.youtube.com"===c?d="https://youtu.be/"+a:g.HD(this)?(d="https://"+c+"/fire",b.v=a):(d=this.protocol+"://"+c+"/watch",b.v=a,gr&&(a=Zp())&&(b.ebc=a));return g.Kd(d,b)}; equals www.youtube.com (Youtube)
Source: base[1].js.6.dr	String found in binary or memory: kL.prototype.replace=function(a,b){for(var c=g.q(a),d=c.next();!d.done;d=c.next())delete this.u[d.value.encryptedTokenJarContents];zla(this,b)};lL.prototype.Gr=function(a){var b,c,d=null===(b=a.responseContext)\|\|void 0===b?void 0:b.locationPlayabilityToken;void 0!==d&&(this.locationPlayabilityToken=d,this.u=void 0,"TVHTML5"===(null===(c=a.responseContext)\|\|void 0===c?void 0:c.clientName)?(this.localStorage=Ala(this))&&this.localStorage.set("yt-location-playability-token",d,15552E3):g.Dq("YT_CL",JSON.stringify({x4:d}),15552E3,void 0,!0))};var Dla={bluetooth:"CONN_DISCO",cellular:"CONN_CELLULAR_UNKNOWN",ethernet:"CONN_WIFI",none:"CONN_NONE",wifi:"CONN_WIFI",wimax:"CONN_CELLULAR_4G",other:"CONN_UNKNOWN",unknown:"CONN_UNKNOWN","slow-2g":"CONN_CELLULAR_2G","2g":"CONN_CELLULAR_2G","3g":"CONN_CELLULAR_3G","4g":"CONN_CELLULAR_4G"};var oL;g.u(nL,Qq);nL.prototype.gu=function(a,b){var c=Qq.prototype.gu.call(this,a,b);return Object.assign(Object.assign({},c),this.u)};var Tla=/[&\?]action_proxy=1/,Sla=/[&\?]token=([\w-])/,Ula=/[&\?]video_id=([\w-])/,Vla=/[&\?]index=([\d-])/,Wla=/[&\?]m_pos_ms=([\d-])/,Zla=/[&\?]vvt=([\w-])/,$la=/[&\?]mt=([\d-])/,Nla="ca_type dt el flash u_tz u_his u_h u_w u_ah u_aw u_cd u_nplug u_nmime frm u_java bc bih biw brdim vis wgl".split(" "),Xla="www.youtube-nocookie.com youtube-nocookie.com www.youtube-nocookie.com:443 youtube.googleapis.com www.youtubeedu.com www.youtubeeducation.com video.google.com redirector.gvt1.com".split(" "), equals www.youtube.com (Youtube)
Source: base[1].js.6.dr	String found in binary or memory: l,"Trusted Ad Domain URL");this.ka=R(!1,a.privembed);this.protocol=0===this.dc.indexOf("http:")?"http":"https";this.U=Iw((b?b.customBaseYoutubeUrl:a.BASE_YT_URL)\|\|"")\|\|Iw(this.dc)\|\|this.protocol+"://www.youtube.com/";l=b?b.eventLabel:a.el;h="detailpage";"adunit"===l?h=this.B?"embedded":"detailpage":"embedded"===l\|\|this.C?h=gD(h,l,Iha):l&&(h="embedded");this.da=h;Fp();l=null;h=b?b.playerStyle:a.ps;var m=g.fb(mD,h);!h\|\|m&&!this.C\|\|(l=h);this.playerStyle=l;this.K=(this.I=g.fb(mD,this.playerStyle))&& equals www.youtube.com (Youtube)
Source: base[1].js.6.dr	String found in binary or memory: new Set;this.deviceHasDisplay=b?!b.deviceIsAudioOnly:R(!0,a.deviceHasDisplay);this.Vc=hD(this.Vc,a.ismb);t=a;g.eB(this.experiments,"html5_qoe_intercept")?t=g.eB(this.experiments,"html5_qoe_intercept"):this.Gj?(t=t.vss_host\|\|"s.youtube.com",this.Y("www_for_videostats")&&"s.youtube.com"===t&&(t=CD(this.U)\|\|"www.youtube.com")):t="video.google.com";this.Uh=t;DD(this,a,!0);this.N=new UC;g.E(this,this.N);t=b?b.innertubeApiKey:iD("",a.innertube_api_key);r=b?b.innertubeApiVersion:iD("",a.innertube_api_version); equals www.youtube.com (Youtube)
Source: base[1].js.6.dr	String found in binary or memory: oha=function(a,b){if(!a.u["0"]){var c=new nB("0","fakesb",void 0,new iB(0,0,0,void 0,void 0,"auto"),null,null,1);a.u["0"]=b?new fA(new Pw("http://www.youtube.com/videoplayback"),c,"fake"):new Hy(new Pw("http://www.youtube.com/videoplayback"),c,new Pv(0,0),new Pv(0,0),0,NaN)}}; equals www.youtube.com (Youtube)
Source: base[1].js.6.dr	String found in binary or memory: this.V("highrepfallback");else if(a.u){var d=this.B?this.B.B.F:null;if(iua(a)&&d&&d.isLocked())var e="FORMAT_UNAVAILABLE";else if(!this.u.I&&"auth"===a.errorCode&&"429"===a.details.rc){e="TOO_MANY_REQUESTS";var f="6"}this.V("playererror",a.errorCode,e,g.CB(a.details),f)}else d=/^pp/.test(this.videoData.clientPlaybackNonce),kU(this,a.errorCode,a.details),d&&"manifest.net.connect"===a.errorCode&&(d="https://www.youtube.com/generate_204?cpn="+this.videoData.clientPlaybackNonce+"&t="+(0,g.N)(),(new xT(d, equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: somervoice.somervillema.gov

Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmp	String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmp	String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c0
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmp	String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c?
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmp	String found in binary or memory: http://cps.letsencrypt.org
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmp	String found in binary or memory: http://cps.letsencrypt.org0
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmp	String found in binary or memory: http://cps.letsencrypt.org=
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmp	String found in binary or memory: http://cps.root-x1.letsencrypt.org
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmp	String found in binary or memory: http://cps.root-x1.letsencrypt.org0
Source: wget.exe, 00000002.00000003.236805735.000000000100C000.00000004.00000001.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl
Source: wget.exe, 00000002.00000003.236805735.000000000100C000.00000004.00000001.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmp, wget.exe, 00000002.00000003.236805735.000000000100C000.00000004.00000001.sdmp	String found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmp	String found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl0
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmp	String found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl=
Source: wget.exe, 00000002.00000003.236805735.000000000100C000.00000004.00000001.sdmp	String found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crlh
Source: font-awesome.min[1].css.6.dr	String found in binary or memory: http://fontawesome.io
Source: font-awesome.min[1].css.6.dr	String found in binary or memory: http://fontawesome.io/license
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmp	String found in binary or memory: http://r3.i.lencr.org/
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmp	String found in binary or memory: http://r3.i.lencr.org/0&
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmp	String found in binary or memory: http://r3.o.lencr.org0
Source: 2327.2.dr	String found in binary or memory: http://somervillema.gov
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmp, 2327.2.dr	String found in binary or memory: http://www.bangthetable.com/
Source: 2327.2.dr	String found in binary or memory: http://www.mozilla.org/en-US/firefox/new/
Source: wget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.dr	String found in binary or memory: http://www.somervillebydesign.com
Source: wget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.dr	String found in binary or memory: http://www.somervision2040.com
Source: base[1].js.6.dr	String found in binary or memory: http://www.youtube.com/videoplayback
Source: base[1].js.6.dr	String found in binary or memory: http://youtube.com/drm/2012/10/10
Source: base[1].js.6.dr	String found in binary or memory: http://youtube.com/streaming/metadata/segment/102015
Source: base[1].js.6.dr	String found in binary or memory: http://youtube.com/streaming/otf/durations/112015
Source: base[1].js.6.dr	String found in binary or memory: http://youtube.com/yt/2012/10/10
Source: js[1].js.6.dr	String found in binary or memory: https://ade.googlesyndication.com/ddm/activity
Source: base[1].js.6.dr	String found in binary or memory: https://admin.youtube.com
Source: js[1].js.6.dr	String found in binary or memory: https://adservice.google.com/ddm/regclk
Source: js[1].js.6.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk
Source: analytics[1].js.6.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: js[1].js.6.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: 2327.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.6.1/css/font-awesome.min.css
Source: base[1].js.6.dr	String found in binary or memory: https://docs.google.com/get_video_info
Source: 2327.2.dr	String found in binary or memory: https://ehq-production-us-california.imgix.net/b811435cc596009e6a357d66f662c1fff094b1f4/image_stores
Source: js[1].js.6.dr	String found in binary or memory: https://github.com/krux/postscribe/blob/master/LICENSE.
Source: wget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.dr	String found in binary or memory: https://i.ytimg.com/vi/5GRcO6cLNs8/hqdefault.jpg
Source: wget.exe, 00000002.00000002.237274437.0000000001048000.00000004.00000001.sdmp, 2327.2.dr	String found in binary or memory: https://i.ytimg.com/vi/Fn7Ou04BHvQ/hqdefault.jpg
Source: wget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.dr	String found in binary or memory: https://i.ytimg.com/vi/KTb4H2DQcdc/hqdefault.jpg
Source: wget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.dr	String found in binary or memory: https://i.ytimg.com/vi/VFxvnJ7wwwU/hqdefault.jpg
Source: wget.exe, 00000002.00000002.237274437.0000000001048000.00000004.00000001.sdmp, 2327.2.dr	String found in binary or memory: https://i.ytimg.com/vi/cuSif0I20vE/hqdefault.jpg
Source: wget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.dr	String found in binary or memory: https://i.ytimg.com/vi/kaxh4pCyFss/hqdefault.jpg
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmp, wget.exe, 00000002.00000003.236786957.0000000001048000.00000004.00000001.sdmp, 2327.2.dr	String found in binary or memory: https://i.ytimg.com/vi/wtuxe7VPD3U/hqdefault.jpg
Source: js[1].js.6.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: js[1].js.6.dr	String found in binary or memory: https://pagead2.googlesyndication.com/
Source: base[1].js.6.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/osd.js
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmp, 2327.2.dr	String found in binary or memory: https://s3-ap-southeast-2.amazonaws.com/ehq-static-assets/gt-simplified-us.js
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmp	String found in binary or memory: https://s3-us-west-1.amazonaws.co
Source: 2327.2.dr	String found in binary or memory: https://s3-us-west-1.amazonaws.com/ehq-production-us-california/8cfcc1570c81e97a242433b94052e3e65b3c
Source: 2327.2.dr	String found in binary or memory: https://somervoice.somervillema.gov/novel-coronavirus-resources-for-businesses/widgets/16897/videos/
Source: analytics[1].js.6.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: base[1].js.6.dr	String found in binary or memory: https://support.google.com/youtube/?p=missing_quality
Source: base[1].js.6.dr	String found in binary or memory: https://support.google.com/youtube/?p=noaudio
Source: base[1].js.6.dr	String found in binary or memory: https://support.google.com/youtube/?p=report_playback
Source: base[1].js.6.dr	String found in binary or memory: https://support.google.com/youtube/answer/6276924
Source: base[1].js.6.dr	String found in binary or memory: https://viacon.corp.google.com
Source: js[1].js.6.dr	String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: analytics[1].js.6.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: analytics[1].js.6.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: js[1].js.6.dr	String found in binary or memory: https://www.google.com
Source: 2327.2.dr	String found in binary or memory: https://www.google.com/chrome
Source: js[1].js.6.dr	String found in binary or memory: https://www.google.com/travel/flights/click/conversion/
Source: base[1].js.6.dr	String found in binary or memory: https://www.googleapis.com/certificateprovisioning/v1/devicecertificates/create?key=AIzaSyB-5OLKTx2i
Source: js[1].js.6.dr	String found in binary or memory: https://www.googletagmanager.com/debug/bootstrap
Source: analytics[1].js.6.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmp, 2327.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-13225056-7
Source: js[1].js.6.dr	String found in binary or memory: https://www.googletraveladservices.com/travel/clk/pagead/conversion/
Source: wget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.dr	String found in binary or memory: https://www.somervillema.gov/events
Source: wget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.dr, {E57A1C95-6806-11EB-90E5-ECF4BB570DC9}.dat.5.dr	String found in binary or memory: https://www.youtube.com/embed/wtuxe7VPD3U?feature=oembed
Source: base[1].js.6.dr	String found in binary or memory: https://www.youtube.com/generate_204?cpn=
Source: wget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.dr	String found in binary or memory: https://www.youtube.com/watch?v=5GRcO6cLNs8
Source: wget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.dr	String found in binary or memory: https://www.youtube.com/watch?v=KTb4H2DQcdc
Source: wget.exe, 00000002.00000002.237274437.0000000001048000.00000004.00000001.sdmp, 2327.2.dr	String found in binary or memory: https://www.youtube.com/watch?v=cuSif0I20vE
Source: wtuxe7VPD3U[1].htm.6.dr	String found in binary or memory: https://www.youtube.com/watch?v=wtuxe7VPD3U
Source: base[1].js.6.dr	String found in binary or memory: https://youtu.be/
Source: wget.exe, 00000002.00000002.237274437.0000000001048000.00000004.00000001.sdmp, 2327.2.dr	String found in binary or memory: https://youtu.be/Fn7Ou04BHvQ
Source: wget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.dr	String found in binary or memory: https://youtu.be/VFxvnJ7wwwU
Source: wget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.dr	String found in binary or memory: https://youtu.be/kaxh4pCyFss
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmp, wget.exe, 00000002.00000003.236786957.0000000001048000.00000004.00000001.sdmp, 2327.2.dr	String found in binary or memory: https://youtu.be/wtuxe7VPD3U
Source: base[1].js.6.dr	String found in binary or memory: https://youtube.com/api/drm/fps?ek=uninitialized
Source: base[1].js.6.dr	String found in binary or memory: https://youtubei.googleapis.com/youtubei/
Source: base[1].js.6.dr	String found in binary or memory: https://yurt.corp.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719

Source: unknown	HTTPS traffic detected: 54.177.210.138:443 -> 192.168.2.5:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.5:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.5:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.23.66:443 -> 192.168.2.5:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.23.66:443 -> 192.168.2.5:49763 version: TLS 1.2

System Summary:

Source: classification engine

Classification label: mal48.win@7/21@13/3

Source: C:\Windows\SysWOW64\cmd.exe

File created: C:\Users\user\Desktop\cmdline.out

Jump to behavior

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4580:120:WilError_01

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF945E8E7F0625E9E8.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\SysWOW64\wget.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Windows\SysWOW64\wget.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior

Source: unknown	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://somervoice.somervillema.gov/novel-coronavirus-resources-for-businesses/widgets/16897/videos/2327' > cmdline.out 2>&1
Source: unknown	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://somervoice.somervillema.gov/novel-coronavirus-resources-for-businesses/widgets/16897/videos/2327'
Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' C:\Users\user\Desktop\download\2327.html
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5988 CREDAT:17410 /prefetch:2
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://somervoice.somervillema.gov/novel-coronavirus-resources-for-businesses/widgets/16897/videos/2327'	Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5988 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Hooking and other Techniques for Hiding and Protection:

Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior

HIPS / PFW / Operating System Protection Evasion:

Source: wget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.dr

Binary or memory string: Courtney Breese, Program Manager, Massachusetts Office of Public Collaboration

Language, Device and Operating System Detection:

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\SysWOW64\wget.exe

Queries volume information: C:\Users\user\Desktop\download VolumeInformation

Jump to behavior

Source: C:\Windows\SysWOW64\wget.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.217.23.66	unknown	United States	15169	GOOGLEUS	false
54.177.210.138	unknown	United States	16509	AMAZON-02US	false
104.16.18.94	unknown	United States	13335	CLOUDFLARENETUS	false

Contacted Domains

Name	IP	Active
pagead46.l.doubleclick.net	172.217.23.66	true
or-nlb-v00-b47a3d3821d0abbe.elb.us-west-1.amazonaws.com	54.177.210.138	true
cdnjs.cloudflare.com	104.16.18.94	true
i.ytimg.com	172.217.22.246	true
photos-ugc.l.googleusercontent.com	172.217.23.33	true
d2gu4vothxmtom.cloudfront.net	143.204.15.131	true
yt3.ggpht.com	unknown	unknown
googleads.g.doubleclick.net	unknown	unknown
somervoice.somervillema.gov	unknown	unknown
www.youtube.com	unknown	unknown
static.doubleclick.net	unknown	unknown

Compliance:

Uses new MSVCR Dlls

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 54.177.210.138:443 -> 192.168.2.5:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.5:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.5:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.23.66:443 -> 192.168.2.5:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.23.66:443 -> 192.168.2.5:49763 version: TLS 1.2

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Source: Traffic	Snort IDS: 466 ICMP L3retriever Ping 192.168.2.5: -> 143.204.15.131:
Source: Traffic	Snort IDS: 466 ICMP L3retriever Ping 192.168.2.5: -> 216.58.207.170:
Source: Traffic	Snort IDS: 466 ICMP L3retriever Ping 192.168.2.5: -> 216.58.207.174:
Source: Traffic	Snort IDS: 466 ICMP L3retriever Ping 192.168.2.5: -> 143.204.15.81:
Source: Traffic	Snort IDS: 466 ICMP L3retriever Ping 192.168.2.5: -> 104.16.18.94:

Source: wtuxe7VPD3U[1].htm.6.dr	String found in binary or memory: <link rel="canonical" href="https://www.youtube.com/watch?v=wtuxe7VPD3U"> equals www.youtube.com (Youtube)
Source: base[1].js.6.dr	String found in binary or memory: (g.Ym(b,"www.youtube.com"),c=b.toString()):c=Nw(c);b=new Pw(c);b.set("cmo=pf","1");d&&b.set("cmo=td","a1.googlevideo.com");return b}; equals www.youtube.com (Youtube)
Source: {E57A1C95-6806-11EB-90E5-ECF4BB570DC9}.dat.5.dr	String found in binary or memory: 8https://www.youtube.com/embed/wtuxe7VPD3U?feature=oembed equals www.youtube.com (Youtube)
Source: wget.exe, 00000002.00000002.237274437.0000000001048000.00000004.00000001.sdmp, 2327.2.dr	String found in binary or memory: <a data-ariahandle="project_video_li" data-childId="1442" class="video-thumbnail-link" href="https://somervoice.somervillema.gov/novel-coronavirus-resources-for-businesses/widgets/16897/videos/1442"><img alt="3.23 SBA's Economic Disaster Relief Loan w/ Dan Martiniello of SBA Boston" data-url="https://www.youtube.com/watch?v=cuSif0I20vE" class="video-thumbnail wide" id="video_image_thumb_1442" style="cursor:pointer; padding: 7px; border: 1px solid #ccc; margin-bottom:10px; width: 140px; height: 96px;" src="https://i.ytimg.com/vi/cuSif0I20vE/hqdefault.jpg" /></a> equals www.youtube.com (Youtube)
Source: wget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.dr	String found in binary or memory: <a data-ariahandle="project_video_li" data-childId="1443" class="video-thumbnail-link" href="https://somervoice.somervillema.gov/novel-coronavirus-resources-for-businesses/widgets/16897/videos/1443"><img alt="3.25 Considerations for Restaurants w/Rethink Restaurants" data-url="https://www.youtube.com/watch?v=5GRcO6cLNs8" class="video-thumbnail wide" id="video_image_thumb_1443" style="cursor:pointer; padding: 7px; border: 1px solid #ccc; margin-bottom:10px; width: 140px; height: 96px;" src="https://i.ytimg.com/vi/5GRcO6cLNs8/hqdefault.jpg" /></a> equals www.youtube.com (Youtube)
Source: wget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.dr	String found in binary or memory: <a data-ariahandle="project_video_li" data-childId="1745" class="video-thumbnail-link" href="https://somervoice.somervillema.gov/novel-coronavirus-resources-for-businesses/widgets/16897/videos/1745"><img alt="De-Escalation Techniques for Businesses" data-url="https://www.youtube.com/watch?v=KTb4H2DQcdc" class="video-thumbnail wide" id="video_image_thumb_1745" style="cursor:pointer; padding: 7px; border: 1px solid #ccc; margin-bottom:10px; width: 140px; height: 96px;" src="https://i.ytimg.com/vi/KTb4H2DQcdc/hqdefault.jpg" /></a> equals www.youtube.com (Youtube)
Source: wget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.dr	String found in binary or memory: <iframe title="Mayor's Business Town Hall 2.2.2021" width="427" height="240" src="https://www.youtube.com/embed/wtuxe7VPD3U?feature=oembed" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe> equals www.youtube.com (Youtube)
Source: wtuxe7VPD3U[1].htm.6.dr	String found in binary or memory: <noscript><div class="player-unavailable"><h1 class="message">An error occurred.</h1><div class="submessage"><a href="https://www.youtube.com/watch?v=wtuxe7VPD3U" target="_blank">Try watching this video on www.youtube.com</a>, or enable JavaScript if it is disabled in your browser.</div></div></noscript></body></html> equals www.youtube.com (Youtube)
Source: base[1].js.6.dr	String found in binary or memory: b),this.U=!1,this.videoData.Y("html5_playready_enable_non_persist_license")&&(this.F.pst="0"));b=BH(this.B)?lta(c.initData).replace("skd://","https://"):this.B.C;this.videoData.Y("enable_shadow_yttv_channels")&&(b=new g.Wm(b),document.location.origin&&document.location.origin.includes("green")?g.Ym(b,"web-green-qa.youtube.com"):g.Ym(b,"www.youtube.com"),b=b.toString());this.baseUrl=b;this.fairplayKeyId=Qd(this.baseUrl,"ek")\|\|"";if(b=Qd(this.baseUrl,"cpi")\|\|"")this.cryptoPeriodIndex=Number(b);this.ga= equals www.youtube.com (Youtube)
Source: base[1].js.6.dr	String found in binary or memory: g.FO.prototype.B=function(a){var b=this;Bpa(this);var c=a.ly,d=this.api.S();"GENERIC_WITHOUT_LINK"!==c\|\|d.I?"TOO_MANY_REQUESTS"===c?(d=this.api.getVideoData(),this.Gc(IO(this,"TOO_MANY_REQUESTS_WITH_LINK",d.Ml(),void 0,void 0,void 0,!1))):"HTML5_NO_AVAILABLE_FORMATS_FALLBACK"!==c\|\|d.I?this.Gc(g.GO(a.errorMessage)):this.Gc(IO(this,"HTML5_NO_AVAILABLE_FORMATS_FALLBACK_WITH_LINK_SHORT","//www.youtube.com/supported_browsers")):(a=d.hostLanguage,c="//support.google.com/youtube/?p=player_error1",a&&(c= equals www.youtube.com (Youtube)
Source: base[1].js.6.dr	String found in binary or memory: g.ND=function(a){a=CD(a.U);return"www.youtube-nocookie.com"===a?"www.youtube.com":a}; equals www.youtube.com (Youtube)
Source: base[1].js.6.dr	String found in binary or memory: g.dE=function(a){var b=g.OD(a);!a.Y("yt_embeds_disable_new_error_lozenge_url")&&Kha.includes(b)&&(b="www.youtube.com");return a.protocol+"://"+b}; equals www.youtube.com (Youtube)
Source: base[1].js.6.dr	String found in binary or memory: g.k.clone=function(){var a=new bn;a.C=this.C;this.u&&(a.u=this.u.clone(),a.B=this.B);return a};var jn="://secure-...imrworldwide.com/ ://cdn.imrworldwide.com/ ://aksecure.imrworldwide.com/ ://[^.]*.moatads.com ://youtube[0-9]+.moatpixel.com ://pm.adsafeprotected.com/youtube ://pm.test-adsafeprotected.com/youtube ://e[0-9]+.yt.srs.doubleverify.com www.google.com/pagead/xsul www.youtube.com/pagead/slav".split(" "),Pda=/\bocr\b/;var Qda=/(?:\[\|%5B)([a-zA-Z0-9_]+)(?:\]\|%5D)/g;var JD={hY:"LIVING_ROOM_APP_MODE_UNSPECIFIED",eY:"LIVING_ROOM_APP_MODE_MAIN",dY:"LIVING_ROOM_APP_MODE_KIDS",fY:"LIVING_ROOM_APP_MODE_MUSIC",gY:"LIVING_ROOM_APP_MODE_UNPLUGGED",cY:"LIVING_ROOM_APP_MODE_GAMING"},Vxa={C0:"PLAYBACK_TYPE_UNKNOWN",w0:"PLAYBACK_TYPE_APPLICATION",v0:"PLAYBACK_TYPE_ADS",A0:"PLAYBACK_TYPE_REMOTE",B0:"PLAYBACK_TYPE_SECONDARY_CAMERA",z0:"PLAYBACK_TYPE_PREROLL_INTERSTITIAL",y0:"PLAYBACK_TYPE_POSTROLL_INTERSTITIAL",x0:"PLAYBACK_TYPE_MIDROLL_INTERSTITIAL"};mn.prototype.set=function(a,b){b=void 0===b?!0:b;0<=a&&52>a&&0===a%1&&this.u[a]!=b&&(this.u[a]=b,this.B=-1)}; equals www.youtube.com (Youtube)
Source: base[1].js.6.dr	String found in binary or memory: g.k.getVideoUrl=function(a,b,c,d,e){b={list:b};c&&(e?b.time_continue=c:b.t=c);c=g.OD(this);d&&"www.youtube.com"===c?d="https://youtu.be/"+a:g.HD(this)?(d="https://"+c+"/fire",b.v=a):(d=this.protocol+"://"+c+"/watch",b.v=a,gr&&(a=Zp())&&(b.ebc=a));return g.Kd(d,b)}; equals www.youtube.com (Youtube)
Source: base[1].js.6.dr	String found in binary or memory: kL.prototype.replace=function(a,b){for(var c=g.q(a),d=c.next();!d.done;d=c.next())delete this.u[d.value.encryptedTokenJarContents];zla(this,b)};lL.prototype.Gr=function(a){var b,c,d=null===(b=a.responseContext)\|\|void 0===b?void 0:b.locationPlayabilityToken;void 0!==d&&(this.locationPlayabilityToken=d,this.u=void 0,"TVHTML5"===(null===(c=a.responseContext)\|\|void 0===c?void 0:c.clientName)?(this.localStorage=Ala(this))&&this.localStorage.set("yt-location-playability-token",d,15552E3):g.Dq("YT_CL",JSON.stringify({x4:d}),15552E3,void 0,!0))};var Dla={bluetooth:"CONN_DISCO",cellular:"CONN_CELLULAR_UNKNOWN",ethernet:"CONN_WIFI",none:"CONN_NONE",wifi:"CONN_WIFI",wimax:"CONN_CELLULAR_4G",other:"CONN_UNKNOWN",unknown:"CONN_UNKNOWN","slow-2g":"CONN_CELLULAR_2G","2g":"CONN_CELLULAR_2G","3g":"CONN_CELLULAR_3G","4g":"CONN_CELLULAR_4G"};var oL;g.u(nL,Qq);nL.prototype.gu=function(a,b){var c=Qq.prototype.gu.call(this,a,b);return Object.assign(Object.assign({},c),this.u)};var Tla=/[&\?]action_proxy=1/,Sla=/[&\?]token=([\w-])/,Ula=/[&\?]video_id=([\w-])/,Vla=/[&\?]index=([\d-])/,Wla=/[&\?]m_pos_ms=([\d-])/,Zla=/[&\?]vvt=([\w-])/,$la=/[&\?]mt=([\d-])/,Nla="ca_type dt el flash u_tz u_his u_h u_w u_ah u_aw u_cd u_nplug u_nmime frm u_java bc bih biw brdim vis wgl".split(" "),Xla="www.youtube-nocookie.com youtube-nocookie.com www.youtube-nocookie.com:443 youtube.googleapis.com www.youtubeedu.com www.youtubeeducation.com video.google.com redirector.gvt1.com".split(" "), equals www.youtube.com (Youtube)
Source: base[1].js.6.dr	String found in binary or memory: l,"Trusted Ad Domain URL");this.ka=R(!1,a.privembed);this.protocol=0===this.dc.indexOf("http:")?"http":"https";this.U=Iw((b?b.customBaseYoutubeUrl:a.BASE_YT_URL)\|\|"")\|\|Iw(this.dc)\|\|this.protocol+"://www.youtube.com/";l=b?b.eventLabel:a.el;h="detailpage";"adunit"===l?h=this.B?"embedded":"detailpage":"embedded"===l\|\|this.C?h=gD(h,l,Iha):l&&(h="embedded");this.da=h;Fp();l=null;h=b?b.playerStyle:a.ps;var m=g.fb(mD,h);!h\|\|m&&!this.C\|\|(l=h);this.playerStyle=l;this.K=(this.I=g.fb(mD,this.playerStyle))&& equals www.youtube.com (Youtube)
Source: base[1].js.6.dr	String found in binary or memory: new Set;this.deviceHasDisplay=b?!b.deviceIsAudioOnly:R(!0,a.deviceHasDisplay);this.Vc=hD(this.Vc,a.ismb);t=a;g.eB(this.experiments,"html5_qoe_intercept")?t=g.eB(this.experiments,"html5_qoe_intercept"):this.Gj?(t=t.vss_host\|\|"s.youtube.com",this.Y("www_for_videostats")&&"s.youtube.com"===t&&(t=CD(this.U)\|\|"www.youtube.com")):t="video.google.com";this.Uh=t;DD(this,a,!0);this.N=new UC;g.E(this,this.N);t=b?b.innertubeApiKey:iD("",a.innertube_api_key);r=b?b.innertubeApiVersion:iD("",a.innertube_api_version); equals www.youtube.com (Youtube)
Source: base[1].js.6.dr	String found in binary or memory: oha=function(a,b){if(!a.u["0"]){var c=new nB("0","fakesb",void 0,new iB(0,0,0,void 0,void 0,"auto"),null,null,1);a.u["0"]=b?new fA(new Pw("http://www.youtube.com/videoplayback"),c,"fake"):new Hy(new Pw("http://www.youtube.com/videoplayback"),c,new Pv(0,0),new Pv(0,0),0,NaN)}}; equals www.youtube.com (Youtube)
Source: base[1].js.6.dr	String found in binary or memory: this.V("highrepfallback");else if(a.u){var d=this.B?this.B.B.F:null;if(iua(a)&&d&&d.isLocked())var e="FORMAT_UNAVAILABLE";else if(!this.u.I&&"auth"===a.errorCode&&"429"===a.details.rc){e="TOO_MANY_REQUESTS";var f="6"}this.V("playererror",a.errorCode,e,g.CB(a.details),f)}else d=/^pp/.test(this.videoData.clientPlaybackNonce),kU(this,a.errorCode,a.details),d&&"manifest.net.connect"===a.errorCode&&(d="https://www.youtube.com/generate_204?cpn="+this.videoData.clientPlaybackNonce+"&t="+(0,g.N)(),(new xT(d, equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: somervoice.somervillema.gov

Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmp	String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmp	String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c0
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmp	String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c?
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmp	String found in binary or memory: http://cps.letsencrypt.org
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmp	String found in binary or memory: http://cps.letsencrypt.org0
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmp	String found in binary or memory: http://cps.letsencrypt.org=
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmp	String found in binary or memory: http://cps.root-x1.letsencrypt.org
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmp	String found in binary or memory: http://cps.root-x1.letsencrypt.org0
Source: wget.exe, 00000002.00000003.236805735.000000000100C000.00000004.00000001.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl
Source: wget.exe, 00000002.00000003.236805735.000000000100C000.00000004.00000001.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmp, wget.exe, 00000002.00000003.236805735.000000000100C000.00000004.00000001.sdmp	String found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmp	String found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl0
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmp	String found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl=
Source: wget.exe, 00000002.00000003.236805735.000000000100C000.00000004.00000001.sdmp	String found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crlh
Source: font-awesome.min[1].css.6.dr	String found in binary or memory: http://fontawesome.io
Source: font-awesome.min[1].css.6.dr	String found in binary or memory: http://fontawesome.io/license
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmp	String found in binary or memory: http://r3.i.lencr.org/
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmp	String found in binary or memory: http://r3.i.lencr.org/0&
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmp	String found in binary or memory: http://r3.o.lencr.org0
Source: 2327.2.dr	String found in binary or memory: http://somervillema.gov
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmp, 2327.2.dr	String found in binary or memory: http://www.bangthetable.com/
Source: 2327.2.dr	String found in binary or memory: http://www.mozilla.org/en-US/firefox/new/
Source: wget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.dr	String found in binary or memory: http://www.somervillebydesign.com
Source: wget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.dr	String found in binary or memory: http://www.somervision2040.com
Source: base[1].js.6.dr	String found in binary or memory: http://www.youtube.com/videoplayback
Source: base[1].js.6.dr	String found in binary or memory: http://youtube.com/drm/2012/10/10
Source: base[1].js.6.dr	String found in binary or memory: http://youtube.com/streaming/metadata/segment/102015
Source: base[1].js.6.dr	String found in binary or memory: http://youtube.com/streaming/otf/durations/112015
Source: base[1].js.6.dr	String found in binary or memory: http://youtube.com/yt/2012/10/10
Source: js[1].js.6.dr	String found in binary or memory: https://ade.googlesyndication.com/ddm/activity
Source: base[1].js.6.dr	String found in binary or memory: https://admin.youtube.com
Source: js[1].js.6.dr	String found in binary or memory: https://adservice.google.com/ddm/regclk
Source: js[1].js.6.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk
Source: analytics[1].js.6.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: js[1].js.6.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: 2327.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.6.1/css/font-awesome.min.css
Source: base[1].js.6.dr	String found in binary or memory: https://docs.google.com/get_video_info
Source: 2327.2.dr	String found in binary or memory: https://ehq-production-us-california.imgix.net/b811435cc596009e6a357d66f662c1fff094b1f4/image_stores
Source: js[1].js.6.dr	String found in binary or memory: https://github.com/krux/postscribe/blob/master/LICENSE.
Source: wget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.dr	String found in binary or memory: https://i.ytimg.com/vi/5GRcO6cLNs8/hqdefault.jpg
Source: wget.exe, 00000002.00000002.237274437.0000000001048000.00000004.00000001.sdmp, 2327.2.dr	String found in binary or memory: https://i.ytimg.com/vi/Fn7Ou04BHvQ/hqdefault.jpg
Source: wget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.dr	String found in binary or memory: https://i.ytimg.com/vi/KTb4H2DQcdc/hqdefault.jpg
Source: wget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.dr	String found in binary or memory: https://i.ytimg.com/vi/VFxvnJ7wwwU/hqdefault.jpg
Source: wget.exe, 00000002.00000002.237274437.0000000001048000.00000004.00000001.sdmp, 2327.2.dr	String found in binary or memory: https://i.ytimg.com/vi/cuSif0I20vE/hqdefault.jpg
Source: wget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.dr	String found in binary or memory: https://i.ytimg.com/vi/kaxh4pCyFss/hqdefault.jpg
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmp, wget.exe, 00000002.00000003.236786957.0000000001048000.00000004.00000001.sdmp, 2327.2.dr	String found in binary or memory: https://i.ytimg.com/vi/wtuxe7VPD3U/hqdefault.jpg
Source: js[1].js.6.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: js[1].js.6.dr	String found in binary or memory: https://pagead2.googlesyndication.com/
Source: base[1].js.6.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/osd.js
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmp, 2327.2.dr	String found in binary or memory: https://s3-ap-southeast-2.amazonaws.com/ehq-static-assets/gt-simplified-us.js
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmp	String found in binary or memory: https://s3-us-west-1.amazonaws.co
Source: 2327.2.dr	String found in binary or memory: https://s3-us-west-1.amazonaws.com/ehq-production-us-california/8cfcc1570c81e97a242433b94052e3e65b3c
Source: 2327.2.dr	String found in binary or memory: https://somervoice.somervillema.gov/novel-coronavirus-resources-for-businesses/widgets/16897/videos/
Source: analytics[1].js.6.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: base[1].js.6.dr	String found in binary or memory: https://support.google.com/youtube/?p=missing_quality
Source: base[1].js.6.dr	String found in binary or memory: https://support.google.com/youtube/?p=noaudio
Source: base[1].js.6.dr	String found in binary or memory: https://support.google.com/youtube/?p=report_playback
Source: base[1].js.6.dr	String found in binary or memory: https://support.google.com/youtube/answer/6276924
Source: base[1].js.6.dr	String found in binary or memory: https://viacon.corp.google.com
Source: js[1].js.6.dr	String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: analytics[1].js.6.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: analytics[1].js.6.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: js[1].js.6.dr	String found in binary or memory: https://www.google.com
Source: 2327.2.dr	String found in binary or memory: https://www.google.com/chrome
Source: js[1].js.6.dr	String found in binary or memory: https://www.google.com/travel/flights/click/conversion/
Source: base[1].js.6.dr	String found in binary or memory: https://www.googleapis.com/certificateprovisioning/v1/devicecertificates/create?key=AIzaSyB-5OLKTx2i
Source: js[1].js.6.dr	String found in binary or memory: https://www.googletagmanager.com/debug/bootstrap
Source: analytics[1].js.6.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmp, 2327.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-13225056-7
Source: js[1].js.6.dr	String found in binary or memory: https://www.googletraveladservices.com/travel/clk/pagead/conversion/
Source: wget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.dr	String found in binary or memory: https://www.somervillema.gov/events
Source: wget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.dr, {E57A1C95-6806-11EB-90E5-ECF4BB570DC9}.dat.5.dr	String found in binary or memory: https://www.youtube.com/embed/wtuxe7VPD3U?feature=oembed
Source: base[1].js.6.dr	String found in binary or memory: https://www.youtube.com/generate_204?cpn=
Source: wget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.dr	String found in binary or memory: https://www.youtube.com/watch?v=5GRcO6cLNs8
Source: wget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.dr	String found in binary or memory: https://www.youtube.com/watch?v=KTb4H2DQcdc
Source: wget.exe, 00000002.00000002.237274437.0000000001048000.00000004.00000001.sdmp, 2327.2.dr	String found in binary or memory: https://www.youtube.com/watch?v=cuSif0I20vE
Source: wtuxe7VPD3U[1].htm.6.dr	String found in binary or memory: https://www.youtube.com/watch?v=wtuxe7VPD3U
Source: base[1].js.6.dr	String found in binary or memory: https://youtu.be/
Source: wget.exe, 00000002.00000002.237274437.0000000001048000.00000004.00000001.sdmp, 2327.2.dr	String found in binary or memory: https://youtu.be/Fn7Ou04BHvQ
Source: wget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.dr	String found in binary or memory: https://youtu.be/VFxvnJ7wwwU
Source: wget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.dr	String found in binary or memory: https://youtu.be/kaxh4pCyFss
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmp, wget.exe, 00000002.00000003.236786957.0000000001048000.00000004.00000001.sdmp, 2327.2.dr	String found in binary or memory: https://youtu.be/wtuxe7VPD3U
Source: base[1].js.6.dr	String found in binary or memory: https://youtube.com/api/drm/fps?ek=uninitialized
Source: base[1].js.6.dr	String found in binary or memory: https://youtubei.googleapis.com/youtubei/
Source: base[1].js.6.dr	String found in binary or memory: https://yurt.corp.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719

Source: unknown	HTTPS traffic detected: 54.177.210.138:443 -> 192.168.2.5:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.5:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.5:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.23.66:443 -> 192.168.2.5:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.23.66:443 -> 192.168.2.5:49763 version: TLS 1.2

System Summary:

Source: classification engine

Classification label: mal48.win@7/21@13/3

Source: C:\Windows\SysWOW64\cmd.exe

File created: C:\Users\user\Desktop\cmdline.out

Jump to behavior

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4580:120:WilError_01

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF945E8E7F0625E9E8.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\SysWOW64\wget.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Windows\SysWOW64\wget.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior

Source: unknown	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://somervoice.somervillema.gov/novel-coronavirus-resources-for-businesses/widgets/16897/videos/2327' > cmdline.out 2>&1
Source: unknown	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://somervoice.somervillema.gov/novel-coronavirus-resources-for-businesses/widgets/16897/videos/2327'
Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' C:\Users\user\Desktop\download\2327.html
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5988 CREDAT:17410 /prefetch:2
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://somervoice.somervillema.gov/novel-coronavirus-resources-for-businesses/widgets/16897/videos/2327'	Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5988 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Hooking and other Techniques for Hiding and Protection:

Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior

HIPS / PFW / Operating System Protection Evasion:

Source: wget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.dr

Binary or memory string: Courtney Breese, Program Manager, Massachusetts Office of Public Collaboration

Language, Device and Operating System Detection:

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\SysWOW64\wget.exe

Queries volume information: C:\Users\user\Desktop\download VolumeInformation

Jump to behavior

Source: C:\Windows\SysWOW64\wget.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

ID:	349157
Product:	CloudBasic
Start time:	15:06:24
Start date:	05.02.2021
Cookbook:	urldownload.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\DURNCK2N\www.youtube[1].xml	ASCII text, with no line terminators	770DA68A4DE2539B5002B44767396AF9	E3A118B288CF426DE3027EFCE38AE7241560EC4C	908FB85A6D01001B303E1030664D87BA5D193B56CA17FB2116D8696196D4DA4A
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E57A1C93-6806-11EB-90E5-ECF4BB570DC9}.dat	Microsoft Word Document	C938466E82959BF226BE2BA87AAF736E	0CFF088B55A6EC5AFBE25BB6F23B7571D87B3586	1B0B9FCB81DDBFC9D1E8C9F8D7593A9FD40170A996EB067DE498475A82A683AF
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E57A1C95-6806-11EB-90E5-ECF4BB570DC9}.dat	Microsoft Word Document	D97F04B41C604A9740D8C7DEAC570D39	264EA7674BC23FF86A67E45B676B61D4B5A78AD6	47B5748C2C4252C140F611F91BB3191ACC5FEB5FD936B21C41A4B4C932AD2673
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\KFOkCnqEu92Fr1Mu51xIIzQ[1].woff	Web Open Font Format, TrueType, length 21528, version 1.1	9680D5A0C32D2FD084E07BBC4C8B2923	8020B21E3DB55FF7A02100FAEBD92C2305E7156E	2CFE69657C55133DAC6EA017B4452EFFF2131422ABD9E90500A072DF7CA5A9C8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\KFOmCnqEu92Fr1Mu4mxM[1].woff	Web Open Font Format, TrueType, length 19824, version 1.1	BAFB105BAEB22D965C70FE52BA6B49D9	934014CC9BBE5883542BE756B3146C05844B254F	1570F866BF6EAE82041E407280894A86AD2B8B275E01908AE156914DC693A4ED
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\www-embed-player[1].js	ASCII text, with very long lines	83891D3BDC2580542A5E8EA80319DDF4	8CCC6DCFAA3ED9E50AC1DC4E6F3154AF6F485A23	9E7C514CB8307B6155F4172E355ECC822B8B41484C4B4F227B066CE2A0375580
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\www-player[1].css	ASCII text, with very long lines, with no line terminators	9CBA01AF120AA5B7997C053E42C6B53B	95688132A444ADA064A1544649A98AB69DE44ACF	23D321BC61FB66783A98FA49AC1D6E18CA4E1CCBF4177D7983DB1DAFBC57BE22
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\ad_status[1].js	ASCII text	1FA71744DB23D0F8DF9CCE6719DEFCB7	E4BE9B7136697942A036F97CF26EBAF703AD2067	EED0DC1FDB5D97ED188AE16FD5E1024A5BB744AF47340346BE2146300A6C54B9
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\font-awesome.min[1].css	ASCII text, with very long lines	89916FA773CE96569604016EF25CAB50	6F794D3B074C0275E3213AF5611A67817979E207	B5D7707EA8FC00AAE40BF500AC7498D7F32F6B1BBFF7B4FDE976A40345EB5F9D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\js[1].js	ASCII text, with very long lines	266F19351DBEDB764BCCE628C5C3D106	03DF2213F3E09241C85F8B1B283586454AEB2CC3	EE072DAD39A9FB932711DB264D8EE3A15B8FB8B04CCCE7293BA35EF89A1337CA
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\base[1].js	ASCII text, with very long lines	51F9BFFE25EA3744AD0C1DA159EBACC3	4976DEFC0111939E42341CFCEA9FAFAA3CCADAAA	2E2F083236148C0530C60F772060FA6E3BE4200D1968AD9038CD51DCD48E8A5E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\fetch-polyfill[1].js	Pascal source, ASCII text, with very long lines	04E3CC8A9641B3F9F9C9370F4E9B5BDD	9602A891F583094BB04FD407B253ABCAFFB8C8D0	DE6C4FFA2BD9FD283610E28D0DB2EC48607AAB39D213A51AEF248673A0A7E980
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\KFOjCnqEu92Fr1Mu51S7ACc6CsI[1].woff	Web Open Font Format, TrueType, length 21564, version 1.1	FFCC050B2D92D4B14A4FCB527EE0BCC8	DE3033F27DB6BBDA89A0E6F16EC51E8C877739AB	C8912EBD82B4DF2EB87E37B1F66432FA2186182E08BB8A533BA4C2DF6CE67FBA
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff	Web Open Font Format, TrueType, length 20012, version 1.1	DE8B7431B74642E830AF4D4F4B513EC9	F549F1FE8A0B86EF3FBDCB8D508440AFF84C385C	3BFE46BB1CA35B205306C5EC664E99E4A816F48A417B6B42E77A1F43F0BC4E7A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\analytics[1].js	ASCII text, with very long lines	53EE95B384D866E8692BB1AEF923B763	A82812B87B667D32A8E51514C578A5175EDD94B4	E441C3E2771625BA05630AB464275136A82C99650EE2145CA5AA9853BEDEB01B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\wtuxe7VPD3U[1].htm	HTML document, ASCII text, with very long lines	5438C2496A7A9ADCA89808E501CD652E	A3C75F818415D36365E9E27F567C0DAD700E5F52	7965B07B1D625D8AFE62781C68691D08FA1678474279C951D00CF8DF998652EA
C:\Users\user\AppData\Local\Temp\~DF945E8E7F0625E9E8.TMP	data	71A74E90E309C91710F49A6F4582862F	43EC38C98AE7F1A852EEEEB094771D48D2617215	F3950D2F81BA7D91C7B6D43B98F1BD7E96228CBE73AC79125917B78D2D1EFECF
C:\Users\user\AppData\Local\Temp\~DFA17A083F6A4A7026.TMP	data	E31D22F64BAA17C9D73309218BCE29ED	23774B9B6F9DD1E10E05A9B5A1DEEF80BAD19658	85DF6C80DA28B185B256C887329A48D8B063537F26CC348DB1E803B91AD0B244
C:\Users\user\Desktop\cmdline.out	ASCII text, with CRLF line terminators	AD92A78AE4A2A6D637654650CD756167	978EBE2B58DFA3551A1C963D701B44154092EA93	9358FDAC43E8017A809573536E44CBC26CAB4B848E5AADD6EC6227E31904457D
C:\Users\user\Desktop\download\.wget-hsts	ASCII text, with CRLF line terminators	F1F9F3AEFB2A41A2179A6D15844A6B72	7E24449947EA6826EF6F5FBB8E8C95E99A86CA5B	FBF6A88139E77DCA14227B7B38C85E45B8374CF777BB3B8E7AA7A941F23FA3C4
C:\Users\user\Desktop\download\2327	HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators	F2F1E74AAAFA78664323227DADD94089	E5973248182FE41A2F7DA9E01DCCDB4DE546F014	A8D20DAE71CAA41D107710D49150ACFD636633A64FAF1F38BF41EACD2136A540

Analysis Report https://somervoice.somervillema.gov/novel-coronavirus-resources-for-businesses/widgets/16897/videos/2327

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance:

Networking:

System Summary:

Hooking and other Techniques for Hiding and Protection:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains