Loading ...

Play interactive tourEdit tour

Analysis Report https://somervoice.somervillema.gov/novel-coronavirus-resources-for-businesses/widgets/16897/videos/2327

Overview

General Information

Sample URL:https://somervoice.somervillema.gov/novel-coronavirus-resources-for-businesses/widgets/16897/videos/2327
Analysis ID:349157

Most interesting Screenshot:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Queries the volume information (name, serial number etc) of a device

Classification

Startup

  • System is w10x64
  • cmd.exe (PID: 6080 cmdline: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://somervoice.somervillema.gov/novel-coronavirus-resources-for-businesses/widgets/16897/videos/2327' > cmdline.out 2>&1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
    • conhost.exe (PID: 4580 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • wget.exe (PID: 5924 cmdline: wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://somervoice.somervillema.gov/novel-coronavirus-resources-for-businesses/widgets/16897/videos/2327' MD5: 3DADB6E2ECE9C4B3E1E322E617658B60)
  • iexplore.exe (PID: 5988 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' C:\Users\user\Desktop\download\2327.html MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
    • iexplore.exe (PID: 2092 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5988 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

Compliance:

barindex
Uses new MSVCR DllsShow sources
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dllJump to behavior
Uses secure TLS version for HTTPS connectionsShow sources
Source: unknownHTTPS traffic detected: 54.177.210.138:443 -> 192.168.2.5:49719 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.5:49732 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.5:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.217.23.66:443 -> 192.168.2.5:49764 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.217.23.66:443 -> 192.168.2.5:49763 version: TLS 1.2

Networking:

barindex
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
Source: TrafficSnort IDS: 466 ICMP L3retriever Ping 192.168.2.5: -> 143.204.15.131:
Source: TrafficSnort IDS: 466 ICMP L3retriever Ping 192.168.2.5: -> 216.58.207.170:
Source: TrafficSnort IDS: 466 ICMP L3retriever Ping 192.168.2.5: -> 216.58.207.174:
Source: TrafficSnort IDS: 466 ICMP L3retriever Ping 192.168.2.5: -> 143.204.15.81:
Source: TrafficSnort IDS: 466 ICMP L3retriever Ping 192.168.2.5: -> 104.16.18.94:
Source: wtuxe7VPD3U[1].htm.6.drString found in binary or memory: <link rel="canonical" href="https://www.youtube.com/watch?v=wtuxe7VPD3U"> equals www.youtube.com (Youtube)
Source: base[1].js.6.drString found in binary or memory: (g.Ym(b,"www.youtube.com"),c=b.toString()):c=Nw(c);b=new Pw(c);b.set("cmo=pf","1");d&&b.set("cmo=td","a1.googlevideo.com");return b}; equals www.youtube.com (Youtube)
Source: {E57A1C95-6806-11EB-90E5-ECF4BB570DC9}.dat.5.drString found in binary or memory: 8https://www.youtube.com/embed/wtuxe7VPD3U?feature=oembed equals www.youtube.com (Youtube)
Source: wget.exe, 00000002.00000002.237274437.0000000001048000.00000004.00000001.sdmp, 2327.2.drString found in binary or memory: <a data-ariahandle="project_video_li" data-childId="1442" class="video-thumbnail-link" href="https://somervoice.somervillema.gov/novel-coronavirus-resources-for-businesses/widgets/16897/videos/1442"><img alt="3.23 SBA&#39;s Economic Disaster Relief Loan w/ Dan Martiniello of SBA Boston" data-url="https://www.youtube.com/watch?v=cuSif0I20vE" class="video-thumbnail wide" id="video_image_thumb_1442" style="cursor:pointer; padding: 7px; border: 1px solid #ccc; margin-bottom:10px; width: 140px; height: 96px;" src="https://i.ytimg.com/vi/cuSif0I20vE/hqdefault.jpg" /></a> equals www.youtube.com (Youtube)
Source: wget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.drString found in binary or memory: <a data-ariahandle="project_video_li" data-childId="1443" class="video-thumbnail-link" href="https://somervoice.somervillema.gov/novel-coronavirus-resources-for-businesses/widgets/16897/videos/1443"><img alt="3.25 Considerations for Restaurants w/Rethink Restaurants" data-url="https://www.youtube.com/watch?v=5GRcO6cLNs8" class="video-thumbnail wide" id="video_image_thumb_1443" style="cursor:pointer; padding: 7px; border: 1px solid #ccc; margin-bottom:10px; width: 140px; height: 96px;" src="https://i.ytimg.com/vi/5GRcO6cLNs8/hqdefault.jpg" /></a> equals www.youtube.com (Youtube)
Source: wget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.drString found in binary or memory: <a data-ariahandle="project_video_li" data-childId="1745" class="video-thumbnail-link" href="https://somervoice.somervillema.gov/novel-coronavirus-resources-for-businesses/widgets/16897/videos/1745"><img alt="De-Escalation Techniques for Businesses" data-url="https://www.youtube.com/watch?v=KTb4H2DQcdc" class="video-thumbnail wide" id="video_image_thumb_1745" style="cursor:pointer; padding: 7px; border: 1px solid #ccc; margin-bottom:10px; width: 140px; height: 96px;" src="https://i.ytimg.com/vi/KTb4H2DQcdc/hqdefault.jpg" /></a> equals www.youtube.com (Youtube)
Source: wget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.drString found in binary or memory: <iframe title="Mayor's Business Town Hall 2.2.2021" width="427" height="240" src="https://www.youtube.com/embed/wtuxe7VPD3U?feature=oembed" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe> equals www.youtube.com (Youtube)
Source: wtuxe7VPD3U[1].htm.6.drString found in binary or memory: <noscript><div class="player-unavailable"><h1 class="message">An error occurred.</h1><div class="submessage"><a href="https://www.youtube.com/watch?v=wtuxe7VPD3U" target="_blank">Try watching this video on www.youtube.com</a>, or enable JavaScript if it is disabled in your browser.</div></div></noscript></body></html> equals www.youtube.com (Youtube)
Source: base[1].js.6.drString found in binary or memory: b),this.U=!1,this.videoData.Y("html5_playready_enable_non_persist_license")&&(this.F.pst="0"));b=BH(this.B)?lta(c.initData).replace("skd://","https://"):this.B.C;this.videoData.Y("enable_shadow_yttv_channels")&&(b=new g.Wm(b),document.location.origin&&document.location.origin.includes("green")?g.Ym(b,"web-green-qa.youtube.com"):g.Ym(b,"www.youtube.com"),b=b.toString());this.baseUrl=b;this.fairplayKeyId=Qd(this.baseUrl,"ek")||"";if(b=Qd(this.baseUrl,"cpi")||"")this.cryptoPeriodIndex=Number(b);this.ga= equals www.youtube.com (Youtube)
Source: base[1].js.6.drString found in binary or memory: g.FO.prototype.B=function(a){var b=this;Bpa(this);var c=a.ly,d=this.api.S();"GENERIC_WITHOUT_LINK"!==c||d.I?"TOO_MANY_REQUESTS"===c?(d=this.api.getVideoData(),this.Gc(IO(this,"TOO_MANY_REQUESTS_WITH_LINK",d.Ml(),void 0,void 0,void 0,!1))):"HTML5_NO_AVAILABLE_FORMATS_FALLBACK"!==c||d.I?this.Gc(g.GO(a.errorMessage)):this.Gc(IO(this,"HTML5_NO_AVAILABLE_FORMATS_FALLBACK_WITH_LINK_SHORT","//www.youtube.com/supported_browsers")):(a=d.hostLanguage,c="//support.google.com/youtube/?p=player_error1",a&&(c= equals www.youtube.com (Youtube)
Source: base[1].js.6.drString found in binary or memory: g.ND=function(a){a=CD(a.U);return"www.youtube-nocookie.com"===a?"www.youtube.com":a}; equals www.youtube.com (Youtube)
Source: base[1].js.6.drString found in binary or memory: g.dE=function(a){var b=g.OD(a);!a.Y("yt_embeds_disable_new_error_lozenge_url")&&Kha.includes(b)&&(b="www.youtube.com");return a.protocol+"://"+b}; equals www.youtube.com (Youtube)
Source: base[1].js.6.drString found in binary or memory: g.k.clone=function(){var a=new bn;a.C=this.C;this.u&&(a.u=this.u.clone(),a.B=this.B);return a};var jn="://secure-...imrworldwide.com/ ://cdn.imrworldwide.com/ ://aksecure.imrworldwide.com/ ://[^.]*.moatads.com ://youtube[0-9]+.moatpixel.com ://pm.adsafeprotected.com/youtube ://pm.test-adsafeprotected.com/youtube ://e[0-9]+.yt.srs.doubleverify.com www.google.com/pagead/xsul www.youtube.com/pagead/slav".split(" "),Pda=/\bocr\b/;var Qda=/(?:\[|%5B)([a-zA-Z0-9_]+)(?:\]|%5D)/g;var JD={hY:"LIVING_ROOM_APP_MODE_UNSPECIFIED",eY:"LIVING_ROOM_APP_MODE_MAIN",dY:"LIVING_ROOM_APP_MODE_KIDS",fY:"LIVING_ROOM_APP_MODE_MUSIC",gY:"LIVING_ROOM_APP_MODE_UNPLUGGED",cY:"LIVING_ROOM_APP_MODE_GAMING"},Vxa={C0:"PLAYBACK_TYPE_UNKNOWN",w0:"PLAYBACK_TYPE_APPLICATION",v0:"PLAYBACK_TYPE_ADS",A0:"PLAYBACK_TYPE_REMOTE",B0:"PLAYBACK_TYPE_SECONDARY_CAMERA",z0:"PLAYBACK_TYPE_PREROLL_INTERSTITIAL",y0:"PLAYBACK_TYPE_POSTROLL_INTERSTITIAL",x0:"PLAYBACK_TYPE_MIDROLL_INTERSTITIAL"};mn.prototype.set=function(a,b){b=void 0===b?!0:b;0<=a&&52>a&&0===a%1&&this.u[a]!=b&&(this.u[a]=b,this.B=-1)}; equals www.youtube.com (Youtube)
Source: base[1].js.6.drString found in binary or memory: g.k.getVideoUrl=function(a,b,c,d,e){b={list:b};c&&(e?b.time_continue=c:b.t=c);c=g.OD(this);d&&"www.youtube.com"===c?d="https://youtu.be/"+a:g.HD(this)?(d="https://"+c+"/fire",b.v=a):(d=this.protocol+"://"+c+"/watch",b.v=a,gr&&(a=Zp())&&(b.ebc=a));return g.Kd(d,b)}; equals www.youtube.com (Youtube)
Source: base[1].js.6.drString found in binary or memory: kL.prototype.replace=function(a,b){for(var c=g.q(a),d=c.next();!d.done;d=c.next())delete this.u[d.value.encryptedTokenJarContents];zla(this,b)};lL.prototype.Gr=function(a){var b,c,d=null===(b=a.responseContext)||void 0===b?void 0:b.locationPlayabilityToken;void 0!==d&&(this.locationPlayabilityToken=d,this.u=void 0,"TVHTML5"===(null===(c=a.responseContext)||void 0===c?void 0:c.clientName)?(this.localStorage=Ala(this))&&this.localStorage.set("yt-location-playability-token",d,15552E3):g.Dq("YT_CL",JSON.stringify({x4:d}),15552E3,void 0,!0))};var Dla={bluetooth:"CONN_DISCO",cellular:"CONN_CELLULAR_UNKNOWN",ethernet:"CONN_WIFI",none:"CONN_NONE",wifi:"CONN_WIFI",wimax:"CONN_CELLULAR_4G",other:"CONN_UNKNOWN",unknown:"CONN_UNKNOWN","slow-2g":"CONN_CELLULAR_2G","2g":"CONN_CELLULAR_2G","3g":"CONN_CELLULAR_3G","4g":"CONN_CELLULAR_4G"};var oL;g.u(nL,Qq);nL.prototype.gu=function(a,b){var c=Qq.prototype.gu.call(this,a,b);return Object.assign(Object.assign({},c),this.u)};var Tla=/[&\?]action_proxy=1/,Sla=/[&\?]token=([\w-]*)/,Ula=/[&\?]video_id=([\w-]*)/,Vla=/[&\?]index=([\d-]*)/,Wla=/[&\?]m_pos_ms=([\d-]*)/,Zla=/[&\?]vvt=([\w-]*)/,$la=/[&\?]mt=([\d-]*)/,Nla="ca_type dt el flash u_tz u_his u_h u_w u_ah u_aw u_cd u_nplug u_nmime frm u_java bc bih biw brdim vis wgl".split(" "),Xla="www.youtube-nocookie.com youtube-nocookie.com www.youtube-nocookie.com:443 youtube.googleapis.com www.youtubeedu.com www.youtubeeducation.com video.google.com redirector.gvt1.com".split(" "), equals www.youtube.com (Youtube)
Source: base[1].js.6.drString found in binary or memory: l,"Trusted Ad Domain URL");this.ka=R(!1,a.privembed);this.protocol=0===this.dc.indexOf("http:")?"http":"https";this.U=Iw((b?b.customBaseYoutubeUrl:a.BASE_YT_URL)||"")||Iw(this.dc)||this.protocol+"://www.youtube.com/";l=b?b.eventLabel:a.el;h="detailpage";"adunit"===l?h=this.B?"embedded":"detailpage":"embedded"===l||this.C?h=gD(h,l,Iha):l&&(h="embedded");this.da=h;Fp();l=null;h=b?b.playerStyle:a.ps;var m=g.fb(mD,h);!h||m&&!this.C||(l=h);this.playerStyle=l;this.K=(this.I=g.fb(mD,this.playerStyle))&& equals www.youtube.com (Youtube)
Source: base[1].js.6.drString found in binary or memory: new Set;this.deviceHasDisplay=b?!b.deviceIsAudioOnly:R(!0,a.deviceHasDisplay);this.Vc=hD(this.Vc,a.ismb);t=a;g.eB(this.experiments,"html5_qoe_intercept")?t=g.eB(this.experiments,"html5_qoe_intercept"):this.Gj?(t=t.vss_host||"s.youtube.com",this.Y("www_for_videostats")&&"s.youtube.com"===t&&(t=CD(this.U)||"www.youtube.com")):t="video.google.com";this.Uh=t;DD(this,a,!0);this.N=new UC;g.E(this,this.N);t=b?b.innertubeApiKey:iD("",a.innertube_api_key);r=b?b.innertubeApiVersion:iD("",a.innertube_api_version); equals www.youtube.com (Youtube)
Source: base[1].js.6.drString found in binary or memory: oha=function(a,b){if(!a.u["0"]){var c=new nB("0","fakesb",void 0,new iB(0,0,0,void 0,void 0,"auto"),null,null,1);a.u["0"]=b?new fA(new Pw("http://www.youtube.com/videoplayback"),c,"fake"):new Hy(new Pw("http://www.youtube.com/videoplayback"),c,new Pv(0,0),new Pv(0,0),0,NaN)}}; equals www.youtube.com (Youtube)
Source: base[1].js.6.drString found in binary or memory: this.V("highrepfallback");else if(a.u){var d=this.B?this.B.B.F:null;if(iua(a)&&d&&d.isLocked())var e="FORMAT_UNAVAILABLE";else if(!this.u.I&&"auth"===a.errorCode&&"429"===a.details.rc){e="TOO_MANY_REQUESTS";var f="6"}this.V("playererror",a.errorCode,e,g.CB(a.details),f)}else d=/^pp/.test(this.videoData.clientPlaybackNonce),kU(this,a.errorCode,a.details),d&&"manifest.net.connect"===a.errorCode&&(d="https://www.youtube.com/generate_204?cpn="+this.videoData.clientPlaybackNonce+"&t="+(0,g.N)(),(new xT(d, equals www.youtube.com (Youtube)
Source: unknownDNS traffic detected: queries for: somervoice.somervillema.gov
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmpString found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmpString found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c0
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmpString found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c?
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmpString found in binary or memory: http://cps.letsencrypt.org
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmpString found in binary or memory: http://cps.letsencrypt.org0
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmpString found in binary or memory: http://cps.letsencrypt.org=
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmpString found in binary or memory: http://cps.root-x1.letsencrypt.org
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmpString found in binary or memory: http://cps.root-x1.letsencrypt.org0
Source: wget.exe, 00000002.00000003.236805735.000000000100C000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl
Source: wget.exe, 00000002.00000003.236805735.000000000100C000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmp, wget.exe, 00000002.00000003.236805735.000000000100C000.00000004.00000001.sdmpString found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmpString found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl0
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmpString found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl=
Source: wget.exe, 00000002.00000003.236805735.000000000100C000.00000004.00000001.sdmpString found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crlh
Source: font-awesome.min[1].css.6.drString found in binary or memory: http://fontawesome.io
Source: font-awesome.min[1].css.6.drString found in binary or memory: http://fontawesome.io/license
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmpString found in binary or memory: http://r3.i.lencr.org/
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmpString found in binary or memory: http://r3.i.lencr.org/0&
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmpString found in binary or memory: http://r3.o.lencr.org0
Source: 2327.2.drString found in binary or memory: http://somervillema.gov
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmp, 2327.2.drString found in binary or memory: http://www.bangthetable.com/
Source: 2327.2.drString found in binary or memory: http://www.mozilla.org/en-US/firefox/new/
Source: wget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.drString found in binary or memory: http://www.somervillebydesign.com
Source: wget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.drString found in binary or memory: http://www.somervision2040.com
Source: base[1].js.6.drString found in binary or memory: http://www.youtube.com/videoplayback
Source: base[1].js.6.drString found in binary or memory: http://youtube.com/drm/2012/10/10
Source: base[1].js.6.drString found in binary or memory: http://youtube.com/streaming/metadata/segment/102015
Source: base[1].js.6.drString found in binary or memory: http://youtube.com/streaming/otf/durations/112015
Source: base[1].js.6.drString found in binary or memory: http://youtube.com/yt/2012/10/10
Source: js[1].js.6.drString found in binary or memory: https://ade.googlesyndication.com/ddm/activity
Source: base[1].js.6.drString found in binary or memory: https://admin.youtube.com
Source: js[1].js.6.drString found in binary or memory: https://adservice.google.com/ddm/regclk
Source: js[1].js.6.drString found in binary or memory: https://adservice.google.com/pagead/regclk
Source: analytics[1].js.6.drString found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: js[1].js.6.drString found in binary or memory: https://cct.google/taggy/agent.js
Source: 2327.2.drString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.6.1/css/font-awesome.min.css
Source: base[1].js.6.drString found in binary or memory: https://docs.google.com/get_video_info
Source: 2327.2.drString found in binary or memory: https://ehq-production-us-california.imgix.net/b811435cc596009e6a357d66f662c1fff094b1f4/image_stores
Source: js[1].js.6.drString found in binary or memory: https://github.com/krux/postscribe/blob/master/LICENSE.
Source: wget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.drString found in binary or memory: https://i.ytimg.com/vi/5GRcO6cLNs8/hqdefault.jpg
Source: wget.exe, 00000002.00000002.237274437.0000000001048000.00000004.00000001.sdmp, 2327.2.drString found in binary or memory: https://i.ytimg.com/vi/Fn7Ou04BHvQ/hqdefault.jpg
Source: wget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.drString found in binary or memory: https://i.ytimg.com/vi/KTb4H2DQcdc/hqdefault.jpg
Source: wget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.drString found in binary or memory: https://i.ytimg.com/vi/VFxvnJ7wwwU/hqdefault.jpg
Source: wget.exe, 00000002.00000002.237274437.0000000001048000.00000004.00000001.sdmp, 2327.2.drString found in binary or memory: https://i.ytimg.com/vi/cuSif0I20vE/hqdefault.jpg
Source: wget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.drString found in binary or memory: https://i.ytimg.com/vi/kaxh4pCyFss/hqdefault.jpg
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmp, wget.exe, 00000002.00000003.236786957.0000000001048000.00000004.00000001.sdmp, 2327.2.drString found in binary or memory: https://i.ytimg.com/vi/wtuxe7VPD3U/hqdefault.jpg
Source: js[1].js.6.drString found in binary or memory: https://pagead2.googlesyndication.com
Source: js[1].js.6.drString found in binary or memory: https://pagead2.googlesyndication.com/
Source: base[1].js.6.drString found in binary or memory: https://pagead2.googlesyndication.com/pagead/osd.js
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmp, 2327.2.drString found in binary or memory: https://s3-ap-southeast-2.amazonaws.com/ehq-static-assets/gt-simplified-us.js
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmpString found in binary or memory: https://s3-us-west-1.amazonaws.co
Source: 2327.2.drString found in binary or memory: https://s3-us-west-1.amazonaws.com/ehq-production-us-california/8cfcc1570c81e97a242433b94052e3e65b3c
Source: 2327.2.drString found in binary or memory: https://somervoice.somervillema.gov/novel-coronavirus-resources-for-businesses/widgets/16897/videos/
Source: analytics[1].js.6.drString found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: base[1].js.6.drString found in binary or memory: https://support.google.com/youtube/?p=missing_quality
Source: base[1].js.6.drString found in binary or memory: https://support.google.com/youtube/?p=noaudio
Source: base[1].js.6.drString found in binary or memory: https://support.google.com/youtube/?p=report_playback
Source: base[1].js.6.drString found in binary or memory: https://support.google.com/youtube/answer/6276924
Source: base[1].js.6.drString found in binary or memory: https://viacon.corp.google.com
Source: js[1].js.6.drString found in binary or memory: https://www.google-analytics.com/analytics.js
Source: analytics[1].js.6.drString found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: analytics[1].js.6.drString found in binary or memory: https://www.google.%/ads/ga-audiences
Source: js[1].js.6.drString found in binary or memory: https://www.google.com
Source: 2327.2.drString found in binary or memory: https://www.google.com/chrome
Source: js[1].js.6.drString found in binary or memory: https://www.google.com/travel/flights/click/conversion/
Source: base[1].js.6.drString found in binary or memory: https://www.googleapis.com/certificateprovisioning/v1/devicecertificates/create?key=AIzaSyB-5OLKTx2i
Source: js[1].js.6.drString found in binary or memory: https://www.googletagmanager.com/debug/bootstrap
Source: analytics[1].js.6.drString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmp, 2327.2.drString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-13225056-7
Source: js[1].js.6.drString found in binary or memory: https://www.googletraveladservices.com/travel/clk/pagead/conversion/
Source: wget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.drString found in binary or memory: https://www.somervillema.gov/events
Source: wget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.dr, {E57A1C95-6806-11EB-90E5-ECF4BB570DC9}.dat.5.drString found in binary or memory: https://www.youtube.com/embed/wtuxe7VPD3U?feature=oembed
Source: base[1].js.6.drString found in binary or memory: https://www.youtube.com/generate_204?cpn=
Source: wget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.drString found in binary or memory: https://www.youtube.com/watch?v=5GRcO6cLNs8
Source: wget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.drString found in binary or memory: https://www.youtube.com/watch?v=KTb4H2DQcdc
Source: wget.exe, 00000002.00000002.237274437.0000000001048000.00000004.00000001.sdmp, 2327.2.drString found in binary or memory: https://www.youtube.com/watch?v=cuSif0I20vE
Source: wtuxe7VPD3U[1].htm.6.drString found in binary or memory: https://www.youtube.com/watch?v=wtuxe7VPD3U
Source: base[1].js.6.drString found in binary or memory: https://youtu.be/
Source: wget.exe, 00000002.00000002.237274437.0000000001048000.00000004.00000001.sdmp, 2327.2.drString found in binary or memory: https://youtu.be/Fn7Ou04BHvQ
Source: wget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.drString found in binary or memory: https://youtu.be/VFxvnJ7wwwU
Source: wget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.drString found in binary or memory: https://youtu.be/kaxh4pCyFss
Source: wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmp, wget.exe, 00000002.00000003.236786957.0000000001048000.00000004.00000001.sdmp, 2327.2.drString found in binary or memory: https://youtu.be/wtuxe7VPD3U
Source: base[1].js.6.drString found in binary or memory: https://youtube.com/api/drm/fps?ek=uninitialized
Source: base[1].js.6.drString found in binary or memory: https://youtubei.googleapis.com/youtubei/
Source: base[1].js.6.drString found in binary or memory: https://yurt.corp.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownHTTPS traffic detected: 54.177.210.138:443 -> 192.168.2.5:49719 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.5:49732 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.5:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.217.23.66:443 -> 192.168.2.5:49764 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.217.23.66:443 -> 192.168.2.5:49763 version: TLS 1.2
Source: classification engineClassification label: mal48.win@7/21@13/3
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\Desktop\cmdline.outJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4580:120:WilError_01
Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Temp\~DF945E8E7F0625E9E8.TMPJump to behavior
Source: C:\Program Files\internet explorer\iexplore.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Windows\SysWOW64\wget.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Windows\SysWOW64\wget.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\SysWOW64\wget.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://somervoice.somervillema.gov/novel-coronavirus-resources-for-businesses/widgets/16897/videos/2327' > cmdline.out 2>&1
Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://somervoice.somervillema.gov/novel-coronavirus-resources-for-businesses/widgets/16897/videos/2327'
Source: unknownProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' C:\Users\user\Desktop\download\2327.html
Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5988 CREDAT:17410 /prefetch:2
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://somervoice.somervillema.gov/novel-coronavirus-resources-for-businesses/widgets/16897/videos/2327' Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5988 CREDAT:17410 /prefetch:2Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: wget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.drBinary or memory string: Courtney Breese, Program Manager, Massachusetts Office of Public Collaboration
Source: C:\Windows\SysWOW64\wget.exeQueries volume information: C:\Users\user\Desktop\download VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\wget.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath InterceptionProcess Injection2Masquerading1OS Credential DumpingProcess Discovery1Remote ServicesData from Local SystemExfiltration Over Other Network MediumEncrypted Channel2Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsProcess Injection2LSASS MemoryFile and Directory Discovery1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Application Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerSystem Information Discovery12SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationApplication Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSRemote System Discovery1Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://somervoice.somervillema.gov/novel-coronavirus-resources-for-businesses/widgets/16897/videos/23270%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://r3.i.lencr.org/0%Avira URL Cloudsafe
http://www.somervision2040.com0%Avira URL Cloudsafe
http://r3.o.lencr.org00%URL Reputationsafe
http://r3.o.lencr.org00%URL Reputationsafe
http://r3.o.lencr.org00%URL Reputationsafe
http://cps.root-x1.letsencrypt.org00%URL Reputationsafe
http://cps.root-x1.letsencrypt.org00%URL Reputationsafe
http://cps.root-x1.letsencrypt.org00%URL Reputationsafe
http://r3.i.lencr.org/0&0%Avira URL Cloudsafe
http://cps.letsencrypt.org00%URL Reputationsafe
http://cps.letsencrypt.org00%URL Reputationsafe
http://cps.letsencrypt.org00%URL Reputationsafe
http://cps.letsencrypt.org=0%Avira URL Cloudsafe
https://cct.google/taggy/agent.js0%URL Reputationsafe
https://cct.google/taggy/agent.js0%URL Reputationsafe
https://cct.google/taggy/agent.js0%URL Reputationsafe
https://www.google.%/ads/ga-audiences0%URL Reputationsafe
https://www.google.%/ads/ga-audiences0%URL Reputationsafe
https://www.google.%/ads/ga-audiences0%URL Reputationsafe
https://s3-us-west-1.amazonaws.co0%Avira URL Cloudsafe
http://www.somervillebydesign.com0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
pagead46.l.doubleclick.net
172.217.23.66
truefalse
    high
    or-nlb-v00-b47a3d3821d0abbe.elb.us-west-1.amazonaws.com
    54.177.210.138
    truefalse
      high
      cdnjs.cloudflare.com
      104.16.18.94
      truefalse
        high
        i.ytimg.com
        172.217.22.246
        truefalse
          high
          photos-ugc.l.googleusercontent.com
          172.217.23.33
          truefalse
            high
            d2gu4vothxmtom.cloudfront.net
            143.204.15.131
            truefalse
              high
              yt3.ggpht.com
              unknown
              unknownfalse
                high
                googleads.g.doubleclick.net
                unknown
                unknownfalse
                  high
                  somervoice.somervillema.gov
                  unknown
                  unknownfalse
                    high
                    www.youtube.com
                    unknown
                    unknownfalse
                      high
                      static.doubleclick.net
                      unknown
                      unknownfalse
                        high

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        https://youtu.be/Fn7Ou04BHvQwget.exe, 00000002.00000002.237274437.0000000001048000.00000004.00000001.sdmp, 2327.2.drfalse
                          high
                          https://www.youtube.com/watch?v=5GRcO6cLNs8wget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.drfalse
                            high
                            http://fontawesome.iofont-awesome.min[1].css.6.drfalse
                              high
                              https://i.ytimg.com/vi/cuSif0I20vE/hqdefault.jpgwget.exe, 00000002.00000002.237274437.0000000001048000.00000004.00000001.sdmp, 2327.2.drfalse
                                high
                                https://youtu.be/wtuxe7VPD3Uwget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmp, wget.exe, 00000002.00000003.236786957.0000000001048000.00000004.00000001.sdmp, 2327.2.drfalse
                                  high
                                  https://i.ytimg.com/vi/VFxvnJ7wwwU/hqdefault.jpgwget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.drfalse
                                    high
                                    https://s3-us-west-1.amazonaws.com/ehq-production-us-california/8cfcc1570c81e97a242433b94052e3e65b3c2327.2.drfalse
                                      high
                                      https://ehq-production-us-california.imgix.net/b811435cc596009e6a357d66f662c1fff094b1f4/image_stores2327.2.drfalse
                                        high
                                        http://youtube.com/streaming/otf/durations/112015base[1].js.6.drfalse
                                          high
                                          https://somervoice.somervillema.gov/novel-coronavirus-resources-for-businesses/widgets/16897/videos/2327.2.drfalse
                                            high
                                            https://www.somervillema.gov/eventswget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.drfalse
                                              high
                                              http://cps.letsencrypt.orgwget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmpfalse
                                                high
                                                http://youtube.com/streaming/metadata/segment/102015base[1].js.6.drfalse
                                                  high
                                                  https://youtu.be/base[1].js.6.drfalse
                                                    high
                                                    http://r3.i.lencr.org/wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://somervillema.gov2327.2.drfalse
                                                      high
                                                      https://admin.youtube.combase[1].js.6.drfalse
                                                        high
                                                        http://www.somervision2040.comwget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.drfalse
                                                        • Avira URL Cloud: safe
                                                        unknown
                                                        https://i.ytimg.com/vi/5GRcO6cLNs8/hqdefault.jpgwget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.drfalse
                                                          high
                                                          http://r3.o.lencr.org0wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmpfalse
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          unknown
                                                          https://github.com/krux/postscribe/blob/master/LICENSE.js[1].js.6.drfalse
                                                            high
                                                            https://www.youtube.com/watch?v=KTb4H2DQcdcwget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.drfalse
                                                              high
                                                              https://stats.g.doubleclick.net/j/collectanalytics[1].js.6.drfalse
                                                                high
                                                                https://www.youtube.com/watch?v=cuSif0I20vEwget.exe, 00000002.00000002.237274437.0000000001048000.00000004.00000001.sdmp, 2327.2.drfalse
                                                                  high
                                                                  https://youtu.be/kaxh4pCyFsswget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.drfalse
                                                                    high
                                                                    http://cps.root-x1.letsencrypt.org0wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    unknown
                                                                    http://r3.i.lencr.org/0&wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    unknown
                                                                    https://i.ytimg.com/vi/kaxh4pCyFss/hqdefault.jpgwget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.drfalse
                                                                      high
                                                                      https://www.youtube.com/generate_204?cpn=base[1].js.6.drfalse
                                                                        high
                                                                        https://youtube.com/api/drm/fps?ek=uninitializedbase[1].js.6.drfalse
                                                                          high
                                                                          http://cps.letsencrypt.org0wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          unknown
                                                                          https://www.googletraveladservices.com/travel/clk/pagead/conversion/js[1].js.6.drfalse
                                                                            high
                                                                            http://www.bangthetable.com/wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmp, 2327.2.drfalse
                                                                              high
                                                                              https://www.youtube.com/embed/wtuxe7VPD3U?feature=oembedwget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.dr, {E57A1C95-6806-11EB-90E5-ECF4BB570DC9}.dat.5.drfalse
                                                                                high
                                                                                http://cps.letsencrypt.org=wget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                low
                                                                                http://youtube.com/yt/2012/10/10base[1].js.6.drfalse
                                                                                  high
                                                                                  https://cct.google/taggy/agent.jsjs[1].js.6.drfalse
                                                                                  • URL Reputation: safe
                                                                                  • URL Reputation: safe
                                                                                  • URL Reputation: safe
                                                                                  unknown
                                                                                  http://fontawesome.io/licensefont-awesome.min[1].css.6.drfalse
                                                                                    high
                                                                                    https://i.ytimg.com/vi/KTb4H2DQcdc/hqdefault.jpgwget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.drfalse
                                                                                      high
                                                                                      https://i.ytimg.com/vi/wtuxe7VPD3U/hqdefault.jpgwget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmp, wget.exe, 00000002.00000003.236786957.0000000001048000.00000004.00000001.sdmp, 2327.2.drfalse
                                                                                        high
                                                                                        https://s3-ap-southeast-2.amazonaws.com/ehq-static-assets/gt-simplified-us.jswget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmp, 2327.2.drfalse
                                                                                          high
                                                                                          https://www.youtube.com/watch?v=wtuxe7VPD3Uwtuxe7VPD3U[1].htm.6.drfalse
                                                                                            high
                                                                                            https://www.google.%/ads/ga-audiencesanalytics[1].js.6.drfalse
                                                                                            • URL Reputation: safe
                                                                                            • URL Reputation: safe
                                                                                            • URL Reputation: safe
                                                                                            low
                                                                                            https://s3-us-west-1.amazonaws.cowget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            unknown
                                                                                            http://www.youtube.com/videoplaybackbase[1].js.6.drfalse
                                                                                              high
                                                                                              http://www.somervillebydesign.comwget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.drfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              unknown
                                                                                              https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.6.1/css/font-awesome.min.css2327.2.drfalse
                                                                                                high
                                                                                                http://youtube.com/drm/2012/10/10base[1].js.6.drfalse
                                                                                                  high
                                                                                                  https://i.ytimg.com/vi/Fn7Ou04BHvQ/hqdefault.jpgwget.exe, 00000002.00000002.237274437.0000000001048000.00000004.00000001.sdmp, 2327.2.drfalse
                                                                                                    high
                                                                                                    http://cps.root-x1.letsencrypt.orgwget.exe, 00000002.00000003.236829486.0000000001049000.00000004.00000001.sdmpfalse
                                                                                                      high
                                                                                                      https://youtu.be/VFxvnJ7wwwUwget.exe, 00000002.00000003.236779922.0000000001040000.00000004.00000001.sdmp, 2327.2.drfalse
                                                                                                        high

                                                                                                        Contacted IPs

                                                                                                        • No. of IPs < 25%
                                                                                                        • 25% < No. of IPs < 50%
                                                                                                        • 50% < No. of IPs < 75%
                                                                                                        • 75% < No. of IPs

                                                                                                        Public

                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                        172.217.23.66
                                                                                                        unknownUnited States
                                                                                                        15169GOOGLEUSfalse
                                                                                                        54.177.210.138
                                                                                                        unknownUnited States
                                                                                                        16509AMAZON-02USfalse
                                                                                                        104.16.18.94
                                                                                                        unknownUnited States
                                                                                                        13335CLOUDFLARENETUSfalse

                                                                                                        General Information

                                                                                                        Joe Sandbox Version:31.0.0 Emerald
                                                                                                        Analysis ID:349157
                                                                                                        Start date:05.02.2021
                                                                                                        Start time:15:06:24
                                                                                                        Joe Sandbox Product:CloudBasic
                                                                                                        Overall analysis duration:0h 4m 43s
                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                        Report type:full
                                                                                                        Cookbook file name:urldownload.jbs
                                                                                                        Sample URL:https://somervoice.somervillema.gov/novel-coronavirus-resources-for-businesses/widgets/16897/videos/2327
                                                                                                        Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                        Number of analysed new started processes analysed:26
                                                                                                        Number of new started drivers analysed:0
                                                                                                        Number of existing processes analysed:0
                                                                                                        Number of existing drivers analysed:0
                                                                                                        Number of injected processes analysed:0
                                                                                                        Technologies:
                                                                                                        • HCA enabled
                                                                                                        • EGA enabled
                                                                                                        • HDC enabled
                                                                                                        • AMSI enabled
                                                                                                        Analysis Mode:default
                                                                                                        Analysis stop reason:Timeout
                                                                                                        Detection:MAL
                                                                                                        Classification:mal48.win@7/21@13/3
                                                                                                        EGA Information:Failed
                                                                                                        HDC Information:Failed
                                                                                                        HCA Information:
                                                                                                        • Successful, ratio: 100%
                                                                                                        • Number of executed functions: 0
                                                                                                        • Number of non-executed functions: 0
                                                                                                        Cookbook Comments:
                                                                                                        • Adjust boot time
                                                                                                        • Enable AMSI
                                                                                                        Warnings:
                                                                                                        Show All
                                                                                                        • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                        • Excluded IPs from analysis (whitelisted): 104.43.193.48, 40.88.32.150, 13.88.21.125, 88.221.62.148, 23.210.248.85, 51.104.144.132, 92.122.213.247, 92.122.213.194, 216.58.207.170, 152.199.19.161, 20.54.26.129, 51.103.5.159, 216.58.207.174, 51.104.139.180, 172.217.20.238, 172.217.23.46, 172.217.23.78, 172.217.22.206, 172.217.22.238, 216.58.207.142, 84.53.167.113, 172.217.23.40, 142.250.74.206, 216.58.207.134, 172.217.23.67, 216.58.207.164
                                                                                                        • Excluded domains from analysis (whitelisted): gstaticadssl.l.google.com, arc.msn.com.nsatc.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, wns.notify.windows.com.akadns.net, e15275.g.akamaiedge.net, arc.msn.com, vip1-par02p.wns.notify.trafficmanager.net, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, skypedataprdcoleus15.cloudapp.net, go.microsoft.com, emea1.wns.notify.trafficmanager.net, wildcard.weather.microsoft.com.edgekey.net, www.googletagmanager.com, www.google.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, www.google-analytics.com, fonts.googleapis.com, client.wns.windows.com, fs.microsoft.com, www-google-analytics.l.google.com, ie9comview.vo.msecnd.net, fonts.gstatic.com, www-googletagmanager.l.google.com, ris-prod.trafficmanager.net, tile-service.weather.microsoft.com, e1723.g.akamaiedge.net, static-doubleclick-net.l.google.com, skypedataprdcolcus15.cloudapp.net, ris.api.iris.microsoft.com, youtube-ui.l.google.com, www3.l.google.com, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, translate.google.com, skypedataprdcolwus15.cloudapp.net, cs9.wpc.v0cdn.net
                                                                                                        • Execution Graph export aborted for target wget.exe, PID 5924 because there are no executed function
                                                                                                        • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                        • VT rate limit hit for: https://somervoice.somervillema.gov/novel-coronavirus-resources-for-businesses/widgets/16897/videos/2327

                                                                                                        Simulations

                                                                                                        Behavior and APIs

                                                                                                        No simulations

                                                                                                        Joe Sandbox View / Context

                                                                                                        IPs

                                                                                                        No context

                                                                                                        Domains

                                                                                                        No context

                                                                                                        ASN

                                                                                                        No context

                                                                                                        JA3 Fingerprints

                                                                                                        No context

                                                                                                        Dropped Files

                                                                                                        No context

                                                                                                        Created / dropped Files

                                                                                                        C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\DURNCK2N\www.youtube[1].xml
                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):52
                                                                                                        Entropy (8bit):2.469670487371862
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:D90aK1r0aK1r0aK1r0aKb:JFK1rFK1rFK1rFKb
                                                                                                        MD5:770DA68A4DE2539B5002B44767396AF9
                                                                                                        SHA1:E3A118B288CF426DE3027EFCE38AE7241560EC4C
                                                                                                        SHA-256:908FB85A6D01001B303E1030664D87BA5D193B56CA17FB2116D8696196D4DA4A
                                                                                                        SHA-512:B4AA2726B958DDA17F5D1E5A2EB109825D9CDBDBA1E1CFDDBE55BA94D5B6ED5EE7DBB0F15538099C44F0CC80DB2AF445EA4F60D11FE767943FFF99AA495D8922
                                                                                                        Malicious:false
                                                                                                        Reputation:low
                                                                                                        Preview: <root></root><root></root><root></root><root></root>
                                                                                                        C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E57A1C93-6806-11EB-90E5-ECF4BB570DC9}.dat
                                                                                                        Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                        File Type:Microsoft Word Document
                                                                                                        Category:dropped
                                                                                                        Size (bytes):24152
                                                                                                        Entropy (8bit):1.7558522957006941
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:48:Iw4Gcpr07GwpL2G/ap8rrGIpcKsGvnZpvKqGvHZp9KkGoGVuiqpvK1oGo4qVuRuL:rMZ0VZ02r9WAt6fCu7t6+uRuKWkupu6
                                                                                                        MD5:C938466E82959BF226BE2BA87AAF736E
                                                                                                        SHA1:0CFF088B55A6EC5AFBE25BB6F23B7571D87B3586
                                                                                                        SHA-256:1B0B9FCB81DDBFC9D1E8C9F8D7593A9FD40170A996EB067DE498475A82A683AF
                                                                                                        SHA-512:E2911D724C184AC20D2EE25C2FE6990CD8D5E264ED8F3A8CCBE9BD5374CB19529B229415CF70BD88D48AF01B000C9F95E342CAE1FAFF55FA650300BBFC9245EC
                                                                                                        Malicious:false
                                                                                                        Reputation:low
                                                                                                        Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                        C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E57A1C95-6806-11EB-90E5-ECF4BB570DC9}.dat
                                                                                                        Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                        File Type:Microsoft Word Document
                                                                                                        Category:dropped
                                                                                                        Size (bytes):28818
                                                                                                        Entropy (8bit):2.132515440757445
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:192:rOZ1Qp6H+kHjgjHj2H3NWH0MHu2HDnxyBr:raqEHfHGH6H3kHhHVzx0
                                                                                                        MD5:D97F04B41C604A9740D8C7DEAC570D39
                                                                                                        SHA1:264EA7674BC23FF86A67E45B676B61D4B5A78AD6
                                                                                                        SHA-256:47B5748C2C4252C140F611F91BB3191ACC5FEB5FD936B21C41A4B4C932AD2673
                                                                                                        SHA-512:426ECB1A66FA8B20299D588E46D59F4BD04B2ECD7615ED0E2FEE68997931826E055DD3D51B75125146154608A8D58FB3982EE2FC165D524A9C72DFBC4F381943
                                                                                                        Malicious:false
                                                                                                        Reputation:low
                                                                                                        Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\KFOkCnqEu92Fr1Mu51xIIzQ[1].woff
                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                        File Type:Web Open Font Format, TrueType, length 21528, version 1.1
                                                                                                        Category:downloaded
                                                                                                        Size (bytes):21528
                                                                                                        Entropy (8bit):7.973887568128485
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:384:uy/NCb8EbjU+Fos6gaUFZ3qR474EAqAG3w/Qpt/uxMsucMgwtDw031F:7/4zb7o6XqR4+3QptcuLg0w031F
                                                                                                        MD5:9680D5A0C32D2FD084E07BBC4C8B2923
                                                                                                        SHA1:8020B21E3DB55FF7A02100FAEBD92C2305E7156E
                                                                                                        SHA-256:2CFE69657C55133DAC6EA017B4452EFFF2131422ABD9E90500A072DF7CA5A9C8
                                                                                                        SHA-512:E19A498866F69F3D8136A65A5AB4E92CC047170673ED00B506E325165A84216267B9FEF1E5CFD66458E85ED820C12E9C345CEC9BEE4DE48E1C2E2B1A784F179F
                                                                                                        Malicious:false
                                                                                                        Reputation:low
                                                                                                        IE Cache URL:https://fonts.gstatic.com/s/roboto/v18/KFOkCnqEu92Fr1Mu51xIIzQ.woff
                                                                                                        Preview: wOFF......T.................................GDEF.......G...d....GPOS...............hGSUB............7b..OS/2.......R...`tq#gcmap...........L....cvt .......R...R..-.fpgm.......4....s...gasp...<............glyf...H..@...o..Na.hdmx..M....g........head..Mp...6...6...ehhea..M...."...$...{hmtx..M....k.....1<.loca..P8........6...maxp..R.... ... ....name..R4..........:.post..S........ .a.dprep..S$.......D..].x...1..P......PB..U.=l.@..B)..w.......Y.e.u.m.C.s...x.h.~R....R.....2.x.....[....#N..m.m.m.mfm....SP..NuM..9]..=.U..!...[........w...|......^p....H......;...)..........;..EoDo....E.E.D...`.0.GG.aA.H.V.Mx\xA....../..d3.Eb_.J...R.^v........\^ob.}.z..k.x).v$f$..O)+.2..*....y}6`C6b.6cs...l...........!.........<..|.|..|..|..|.|....o....I%.4.L.SI.&C.6..!`...{...c..\.J.(.2.C....V.A..?.M<nG......v..m.;..R.C..aj.H...=..{.>.:.....}i_Y......:....o.&k..KY.2..6k....i]..{,.p}../.....VO3.o].fJ....R-TZ..;...RN..&V...C...3.?.......&..z.s&.D....r,.I...t.R..a$k..Mm..Y.U...+b.%kQ..
                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\KFOmCnqEu92Fr1Mu4mxM[1].woff
                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                        File Type:Web Open Font Format, TrueType, length 19824, version 1.1
                                                                                                        Category:downloaded
                                                                                                        Size (bytes):19824
                                                                                                        Entropy (8bit):7.970306766642997
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:384:ozNCb8EbW9Wg166uwroOp/taiap3K6MC4fsPPuzt+7NCXzS65XZELt:K4zbWcDVwt230hfs+x+Bb65X2
                                                                                                        MD5:BAFB105BAEB22D965C70FE52BA6B49D9
                                                                                                        SHA1:934014CC9BBE5883542BE756B3146C05844B254F
                                                                                                        SHA-256:1570F866BF6EAE82041E407280894A86AD2B8B275E01908AE156914DC693A4ED
                                                                                                        SHA-512:85A91773B0283E3B2400C773527542228478CC1B9E8AD8EA62435D705E98702A40BEDF26CB5B0900DD8FECC79F802B8C1839184E787D9416886DBC73DFF22A64
                                                                                                        Malicious:false
                                                                                                        Reputation:low
                                                                                                        IE Cache URL:https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxM.woff
                                                                                                        Preview: wOFF......Mp.......P........................GDEF.......G...d....GPOS...............hGSUB............7b..OS/2.......R...`tq#.cmap...........L....cvt .......T...T+...fpgm.......5....w.`.gasp...@............glyf...L..:+..j.....hdmx..Fx...g........head..F....6...6.j.zhhea..G........$....hmtx..G8...]......Vlloca..I.........?.#.maxp..Kt... ... ....name..K........t.U9.post..Ld....... .m.dprep..Lx.......I.f..x...1..P......PB..U.=l.@..B)..w.......Y.e.u.m.C.s...x.h.~R....R.....2.x.....[....#N..m.m.m.mfm....SP..NuM..9]..=.U..!...[........w...|......^p....H......;...)..........;..EoDo....E.E.D...`.0.GG.aA.H.V.Mx\xA....../..d3.Eb_.J...R.^v........\^ob.}.z..k.x).v$f$..O)+.2..*....y}6`C6b.6cs...l...........!.........<..|.|..|..|..|.|....o....I%.4.L.SI.&C.6..!`...{...c..\.J.(.2.C....V.A..?.M<nG......v..m.;..R.C..aj.H...=..{.>.:.....}i_Y......:....o.&k..KY.2..6k....i]..{,.p}../.....VO3.o].fJ....R-TZ..;...RN..&V...C...3.?.......&..z.s&.D....r,.I...t.R..a$k..Mm..Y.U...+b.%kQ..
                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\www-embed-player[1].js
                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                        File Type:ASCII text, with very long lines
                                                                                                        Category:downloaded
                                                                                                        Size (bytes):160750
                                                                                                        Entropy (8bit):5.575543050017186
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3072:UFSDCrQaZgYk9HLtT0NIvLT4uX2JtRi2/:HSZE9HLtT0N942Jtx/
                                                                                                        MD5:83891D3BDC2580542A5E8EA80319DDF4
                                                                                                        SHA1:8CCC6DCFAA3ED9E50AC1DC4E6F3154AF6F485A23
                                                                                                        SHA-256:9E7C514CB8307B6155F4172E355ECC822B8B41484C4B4F227B066CE2A0375580
                                                                                                        SHA-512:E8B944C7F077D7CA7CD4A8653450099A8EBED700661E3341160AF2587981DBEEF752BC0FA111D36E5015AB0640083267B647868837FAD6BC19ADDF5F64B90F7C
                                                                                                        Malicious:false
                                                                                                        Reputation:low
                                                                                                        IE Cache URL:https://www.youtube.com/s/player/4bc55fd6/www-embed-player.vflset/www-embed-player.js
                                                                                                        Preview: (function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var m;function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}.var ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ca(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}.var ea=ca(this);function t(a,b){if(b)a:{for(var c=ea,d=a.split("."),e=0;e<d.length-1;e++){var f=d[e];if(!(f in c))break a;c=c[f]}d=d[d.length-1];e=c[d];f=b(e);f!=e&&null!=f&&ba(c,d,{configurable:!0,writable:!0,value:f})}}.t("Symbol",function(a){function b(e){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c("jscomp_symbol_"+(e||"")+"_"+d++,
                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\www-player[1].css
                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                        File Type:ASCII text, with very long lines, with no line terminators
                                                                                                        Category:downloaded
                                                                                                        Size (bytes):347347
                                                                                                        Entropy (8bit):5.242800843137371
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:1536:gzu9IdYR9WDQI0irpHrp3/fn8MZv8M5q4ay95G0VXkMAXOP5kRrDJciM/By2N+CQ:gzu99F3zTg2yV1uD
                                                                                                        MD5:9CBA01AF120AA5B7997C053E42C6B53B
                                                                                                        SHA1:95688132A444ADA064A1544649A98AB69DE44ACF
                                                                                                        SHA-256:23D321BC61FB66783A98FA49AC1D6E18CA4E1CCBF4177D7983DB1DAFBC57BE22
                                                                                                        SHA-512:FD3CF5B2CD7CF3A37118087504DDF12C9AAF6611AD8742C3AD987E537C1F3BD8C9FCA4690570EF0DBBB0F5530C3EE00AD78F40517F3411D18A0FB1991D67E374
                                                                                                        Malicious:false
                                                                                                        Reputation:low
                                                                                                        IE Cache URL:https://www.youtube.com/s/player/4bc55fd6/www-player.css
                                                                                                        Preview: .html5-video-player{position:relative;width:100%;height:100%;overflow:hidden;z-index:0;outline:0;font-family:"YouTube Noto",Roboto,Arial,Helvetica,sans-serif;color:#eee;text-align:left;direction:ltr;font-size:11px;line-height:1.3;-webkit-font-smoothing:antialiased;-webkit-tap-highlight-color:rgba(0,0,0,0);touch-action:manipulation;-ms-high-contrast-adjust:none}.html5-video-player:not(.ytp-transparent),.html5-video-player.unstarted-mode,.html5-video-player.ad-showing,.html5-video-player.ended-mode,.html5-video-player.ytp-fullscreen{background-color:#000}.ytp-big-mode{font-size:17px}.ytp-autohide{cursor:none}.html5-video-player a{color:inherit;text-decoration:none;-moz-transition:color .1s cubic-bezier(0.0,0.0,0.2,1);-webkit-transition:color .1s cubic-bezier(0.0,0.0,0.2,1);transition:color .1s cubic-bezier(0.0,0.0,0.2,1);outline:0}.html5-video-player a:hover{color:#fff;-moz-transition:color .1s cubic-bezier(0.4,0.0,1,1);-webkit-transition:color .1s cubic-bezier(0.4,0.0,1,1);transition:co
                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\ad_status[1].js
                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                        File Type:ASCII text
                                                                                                        Category:downloaded
                                                                                                        Size (bytes):29
                                                                                                        Entropy (8bit):4.142295219190901
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:lZOwFQvn:lQw6n
                                                                                                        MD5:1FA71744DB23D0F8DF9CCE6719DEFCB7
                                                                                                        SHA1:E4BE9B7136697942A036F97CF26EBAF703AD2067
                                                                                                        SHA-256:EED0DC1FDB5D97ED188AE16FD5E1024A5BB744AF47340346BE2146300A6C54B9
                                                                                                        SHA-512:17FA262901B608368EB4B70910DA67E1F11B9CFB2C9DC81844F55BEE1DB3EC11F704D81AB20F2DDA973378F9C0DF56EAAD8111F34B92E4161A4D194BA902F82F
                                                                                                        Malicious:false
                                                                                                        Reputation:low
                                                                                                        IE Cache URL:https://static.doubleclick.net/instream/ad_status.js
                                                                                                        Preview: window.google_ad_status = 1;.
                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\font-awesome.min[1].css
                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                        File Type:ASCII text, with very long lines
                                                                                                        Category:downloaded
                                                                                                        Size (bytes):28759
                                                                                                        Entropy (8bit):4.756560965670852
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:384:2u5yWeTUKW+KlkJ5de2UYmydfwYUas8l8yQ/8dw3G:Zlr+Klk3YlKfwYUf8l8yQ/e5
                                                                                                        MD5:89916FA773CE96569604016EF25CAB50
                                                                                                        SHA1:6F794D3B074C0275E3213AF5611A67817979E207
                                                                                                        SHA-256:B5D7707EA8FC00AAE40BF500AC7498D7F32F6B1BBFF7B4FDE976A40345EB5F9D
                                                                                                        SHA-512:4C40813D30F90DBF7B9E5B09FE018106FF492D7835EF661C1ADAE5FC71CCE31F56FBE3CF284A47B3AD68815778C76A264E0493D5D207A32D87798599CDC6731F
                                                                                                        Malicious:false
                                                                                                        Reputation:low
                                                                                                        IE Cache URL:https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.6.1/css/font-awesome.min.css
                                                                                                        Preview: /*!. * Font Awesome 4.6.1 by @davegandy - http://fontawesome.io - @fontawesome. * License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License). */@font-face{font-family:'FontAwesome';src:url('../fonts/fontawesome-webfont.eot?v=4.6.1');src:url('../fonts/fontawesome-webfont.eot?#iefix&v=4.6.1') format('embedded-opentype'),url('../fonts/fontawesome-webfont.woff2?v=4.6.1') format('woff2'),url('../fonts/fontawesome-webfont.woff?v=4.6.1') format('woff'),url('../fonts/fontawesome-webfont.ttf?v=4.6.1') format('truetype'),url('../fonts/fontawesome-webfont.svg?v=4.6.1#fontawesomeregular') format('svg');font-weight:normal;font-style:normal}.fa{display:inline-block;font:normal normal normal 14px/1 FontAwesome;font-size:inherit;text-rendering:auto;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.fa-lg{font-size:1.33333333em;line-height:.75em;vertical-align:-15%}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-fw{width:1.
                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\js[1].js
                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                        File Type:ASCII text, with very long lines
                                                                                                        Category:downloaded
                                                                                                        Size (bytes):99052
                                                                                                        Entropy (8bit):5.524436666588082
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:1536:JOpsXGpm9O700z6fcJYo/+dEiWizqOUQoz+cxlEmvmh+AwAjL1z9ggKPe3PwMAfs:JOpsXQsO70qYg+siUiKenFjkj+
                                                                                                        MD5:266F19351DBEDB764BCCE628C5C3D106
                                                                                                        SHA1:03DF2213F3E09241C85F8B1B283586454AEB2CC3
                                                                                                        SHA-256:EE072DAD39A9FB932711DB264D8EE3A15B8FB8B04CCCE7293BA35EF89A1337CA
                                                                                                        SHA-512:05D111645D21E91241DA26B2264D3D82BBBFE0EAAB3A84E01C5DAAB6D4A8AAD2368B44D8E0E3D30BE67E514FA48555C10BFBA1CC530C29AEEE6B5DE02EDBDE1C
                                                                                                        Malicious:false
                                                                                                        Reputation:low
                                                                                                        IE Cache URL:https://www.googletagmanager.com/gtag/js?id=UA-13225056-7
                                                                                                        Preview: .// Copyright 2012 Google Inc. All rights reserved..(function(){..var data = {."resource": {. "version":"1",. . "macros":[{. "function":"__e". },{. "function":"__cid". }],. "tags":[{. "function":"__rep",. "once_per_event":true,. "vtp_containerId":["macro",1],. "tag_id":1. }],. "predicates":[{. "function":"_eq",. "arg0":["macro",0],. "arg1":"gtm.js". }],. "rules":[. [["if",0],["add",0]]].},."runtime":[].....};./*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var aa,ba=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}},ca=function(a){var b="undefined"!=typeof Symbol&&Symbol.iterator&&a[Symbol.iterator];return b?b.call(a):{next:ba(a)}},ha="function"==typeof Object.create?Object.create:function(a){var b=function(){};b.prototype=a;return new b},ja;.if("function"==typeof Object.setPrototypeOf)ja=Object.setPrototypeOf;else{var ka;a:{var la={a:!0},ma={};t
                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\base[1].js
                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                        File Type:ASCII text, with very long lines
                                                                                                        Category:downloaded
                                                                                                        Size (bytes):1569985
                                                                                                        Entropy (8bit):5.585596091283248
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:12288:NhwjbmeWGR10wMSB0joXCadTa+hJNMdvzk6P:NmjbmeWGR1//B0joyadTaUwbx
                                                                                                        MD5:51F9BFFE25EA3744AD0C1DA159EBACC3
                                                                                                        SHA1:4976DEFC0111939E42341CFCEA9FAFAA3CCADAAA
                                                                                                        SHA-256:2E2F083236148C0530C60F772060FA6E3BE4200D1968AD9038CD51DCD48E8A5E
                                                                                                        SHA-512:81B9C7198AC0CC0BA0C83FAE51C640F07107AA5E4C545C499877EF17A884B185A10DC6C4C290F28316D5EE33A2B132CA7D3D42810658E681A211C02C7B387682
                                                                                                        Malicious:false
                                                                                                        Reputation:low
                                                                                                        IE Cache URL:https://www.youtube.com/s/player/4bc55fd6/player_ias.vflset/en_US/base.js
                                                                                                        Preview: var _yt_player={};(function(g){var window=this;/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var ba,da,maa,ha,ia,la,pa,qa,ra,w,sa,ta,naa,taa,ua,va,uaa,wa,xa,ya,Aa,Ba,Ca,Ga,Ea,Ja,Ka,xaa,yaa,Ta,Ua,Va,zaa,Aaa,Wa,Baa,Ya,Za,Caa,Daa,ab,ib,Eaa,pb,qb,Faa,wb,sb,Gaa,tb,Haa,Iaa,Jaa,Eb,Gb,Ib,Lb,Nb,Ob,Rb,Xb,Zb,bc,cc,gc,ic,jc,Maa,kc,lc,mc,vc,wc,yc,Dc,Jc,Kc,Oc,Mc,Qaa,Taa,Uaa,Vaa,Uc,Vc,Xc,Wc,Zc,bd,Waa,Xaa,ad,Yaa,hd,id,jd,kd,nd,pd,qd,$aa,rd,sd,wd,xd,Cd,Dd,Ed,Fd,Gd,Hd,Jd,Ld,Od,Qd,Rd,Sd,bba,Td,Ud,Vd,Wd,Zd,$d,ge,ie,le,pe,qe,ve,we,ze,xe,Be,Ee,De,Ce,gba,ne,Se,Qe,Re,Ue,Te,me,Ve,We,iba,$e,bf,Ze,df,ef,hf,jf,kf,lf,.mf,nf,jba,uf,qf,Gf,kba,Kf,Mf,Rf,Sf,Tf,Uf,Vf,Xf,Wf,Yf,Zf,nba,pba,qba,sba,dg,eg,fg,hg,ig,jg,lg,kg,uba,tba,ng,og,vba,pg,wba,qg,xba,rg,tg,vg,Cg,Dg,Gg,yba,Jg,Ig,Kg,zba,Sg,Aba,Tg,Vg,Wg,Xg,Yg,Zg,Bba,$g,ah,bh,ch,dh,eh,fh,Cba,gh,hh,ih,Dba,Eba,jh,lh,kh,nh,oh,rh,ph,Gba,qh,sh,Iba,Hba,Jba,yh,Kba,Ah,Bh,Ch,zh,Dh,Lba,Eh,Mba,Nba,Hh,Pba,Ih,Jh,Kh,Qba,Mh,Oh,Rh,Uh,Wh,Th,Sh,Xh,Rba,Yh,
                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\fetch-polyfill[1].js
                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                        File Type:Pascal source, ASCII text, with very long lines
                                                                                                        Category:downloaded
                                                                                                        Size (bytes):8543
                                                                                                        Entropy (8bit):5.238064281324506
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:192:oQHdiEslZc0rsNYNU5mSJHqI03aej6tZoaMLQO/x5/P80+HcW:ocHslLsP5muHqI0Jj6tZcUO/x5+V
                                                                                                        MD5:04E3CC8A9641B3F9F9C9370F4E9B5BDD
                                                                                                        SHA1:9602A891F583094BB04FD407B253ABCAFFB8C8D0
                                                                                                        SHA-256:DE6C4FFA2BD9FD283610E28D0DB2EC48607AAB39D213A51AEF248673A0A7E980
                                                                                                        SHA-512:58942BCC0F39D620A475B65C1AEB4F18872F68F22C89DEC076906A0DB8BC2B7CCA9357710A7824A0FA7404FF73F41013AECA34609CAACD2187414F7BD0D490D6
                                                                                                        Malicious:false
                                                                                                        Reputation:low
                                                                                                        IE Cache URL:https://www.youtube.com/yts/jsbin/fetch-polyfill-vfl6MZH8P/fetch-polyfill.js
                                                                                                        Preview: /*.. Copyright (c) 2014-2016 GitHub, Inc... Permission is hereby granted, free of charge, to any person obtaining. a copy of this software and associated documentation files (the. "Software"), to deal in the Software without restriction, including. without limitation the rights to use, copy, modify, merge, publish,. distribute, sublicense, and/or sell copies of the Software, and to. permit persons to whom the Software is furnished to do so, subject to. the following conditions:.. The above copyright notice and this permission notice shall be. included in all copies or substantial portions of the Software... THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,. EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF. MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND. NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE. LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION. OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF
                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\KFOjCnqEu92Fr1Mu51S7ACc6CsI[1].woff
                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                        File Type:Web Open Font Format, TrueType, length 21564, version 1.1
                                                                                                        Category:downloaded
                                                                                                        Size (bytes):21564
                                                                                                        Entropy (8bit):7.9688026243536
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:384:bc6bX9TFqgFUvxQi0W1jHYHwnSthN/yiJsMw52R5oBAvhPFx466gfwu5:bcCV4aUlxHSw8ZyixnFP3N6U5
                                                                                                        MD5:FFCC050B2D92D4B14A4FCB527EE0BCC8
                                                                                                        SHA1:DE3033F27DB6BBDA89A0E6F16EC51E8C877739AB
                                                                                                        SHA-256:C8912EBD82B4DF2EB87E37B1F66432FA2186182E08BB8A533BA4C2DF6CE67FBA
                                                                                                        SHA-512:7D517BB33DE3D088B8EE4EC9250AB1645CF76B35B25F57C004BF82B5A9A30C15252C865765EFFD4679A68ACDF6EFB89E4B0319283914880935D8D1AC823FE652
                                                                                                        Malicious:false
                                                                                                        Reputation:low
                                                                                                        IE Cache URL:https://fonts.gstatic.com/s/roboto/v18/KFOjCnqEu92Fr1Mu51S7ACc6CsI.woff
                                                                                                        Preview: wOFF......T<................................GDEF.......G...d....GPOS................GSUB............7b..OS/2.......Q...`t.#ycmap...4.......L....cvt .......\...\1..Mfpgm...@...2......$.gasp...t............glyf......@...p.N..Hhdmx..M(...f........head..M....6...6...vhhea..M...."...$....hmtx..M....k......3.loca..PX........G.*"maxp..R4... ... ....name..RT........!.>gpost..S0....... .a.dprep..SH.......X9..x...1..P......PB..U.=l.@..B)..w.......Y.e.u.m.C.s...x.h.~R....R.....2.x...pfK.G...1.c>..`9..m<+;..m.x...bg.M.T...O............l...XU.../{.[_..W....c.._..72.. ." z.+..F.......&.&...`e..T].....K=..K2S....q..d...xf.$~i..$?.d..dU.....@R-/LMO-J6...[]..Z..O.C_."If..d....fS....$d.G>eL`....Tf1.......9.c>..`1.TR..x./d-........q.........7....{...v.....!.....1.QG=.4.D3-..F;=..1'.'q.rw...9..e!.....Q....f......qV.n.h.V.Z]..B..C.[B...V.......v...o.w.{...w..zRO.i=..._.....-.m....].=...[...(1.(.#.....O0/.0?..04rL.G.9.....i6..l..|.(o.....|$,..{|&|....YJ...x.e8B.#..t;R8.{+....\=.....
                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff
                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                        File Type:Web Open Font Format, TrueType, length 20012, version 1.1
                                                                                                        Category:downloaded
                                                                                                        Size (bytes):20012
                                                                                                        Entropy (8bit):7.966842359681559
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:384:Yc6bX9TagDCXKqs4+W5XVgaflKHjsGdZtlh3K/qzWz/scZpuB:YcCVaeCaF4ea9KHYQZtlh3Kgy4B
                                                                                                        MD5:DE8B7431B74642E830AF4D4F4B513EC9
                                                                                                        SHA1:F549F1FE8A0B86EF3FBDCB8D508440AFF84C385C
                                                                                                        SHA-256:3BFE46BB1CA35B205306C5EC664E99E4A816F48A417B6B42E77A1F43F0BC4E7A
                                                                                                        SHA-512:57D3D4DE3816307ED954B796C13BFA34AF22A46A2FEA310DF90E966301350AE8ADAC62BCD2ABF7D7768E6BDCBB3DFC5069378A728436173D07ABFA483C1025AC
                                                                                                        Malicious:false
                                                                                                        Reputation:low
                                                                                                        IE Cache URL:https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc-.woff
                                                                                                        Preview: wOFF......N,................................GDEF.......G...d....GPOS................GSUB............7b..OS/2.......R...`t.#.cmap...4.......L....cvt .......\...\1..Kfpgm...@...2......$.gasp...t............glyf......:...j.'..hdmx..G,...f........head..G....6...6...rhhea..G........$....hmtx..G....a......MOloca..JP........\v@zmaxp..L,... ... ....name..LL..........:.post..M(....... .m.dprep..M<.......S...)x...1..P......PB..U.=l.@..B)..w.......Y.e.u.m.C.s...x.h.~R....R.....2.x...pfK.G...1.c>..`9..m<+;..m.x...bg.M.T...O............l...XU.../{.[_..W....c.._..72.. ." z.+..F.......&.&...`e..T].....K=..K2S....q..d...xf.$~i..$?.d..dU.....@R-/LMO-J6...[]..Z..O.C_."If..d....fS....$d.G>eL`....Tf1.......9.c>..`1.TR..x./d-........q.........7....{...v.....!.....1.QG=.4.D3-..F;=..1'.'q.rw...9..e!.....Q....f......qV.n.h.V.Z]..B..C.[B...V.......v...o.w.{...w..zRO.i=..._.....-.m....].=...[...(1.(.#.....O0/.0?..04rL.G.9.....i6..l..|.(o.....|$,..{|&|....YJ...x.e8B.#..t;R8.{+....\=.....
                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\analytics[1].js
                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                        File Type:ASCII text, with very long lines
                                                                                                        Category:downloaded
                                                                                                        Size (bytes):47051
                                                                                                        Entropy (8bit):5.516264124030958
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:768:ryOveCSBZfsnt5XqY/yPndFTkoWY3SoavqVy2rlebYUDTJC6g0stZm:ryJNDfs5hYdFTwY3SorSg0su
                                                                                                        MD5:53EE95B384D866E8692BB1AEF923B763
                                                                                                        SHA1:A82812B87B667D32A8E51514C578A5175EDD94B4
                                                                                                        SHA-256:E441C3E2771625BA05630AB464275136A82C99650EE2145CA5AA9853BEDEB01B
                                                                                                        SHA-512:C1F98A09A102BB1E87BFDF825A725B0E2CC1DBEDB613D1BD9E8FD9D8FD8B145104D5F4CACA44D96DB14AC20F2F51B4C653278BFC87556E7F00E48A5FA6231FAD
                                                                                                        Malicious:false
                                                                                                        Reputation:low
                                                                                                        IE Cache URL:https://www.google-analytics.com/analytics.js
                                                                                                        Preview: (function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var l=this||self,m=function(a,b){a=a.split(".");var c=l;a[0]in c||"undefined"==typeof c.execScript||c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length||void 0===b?c=c[d]&&c[d]!==Object.prototype[d]?c[d]:c[d]={}:c[d]=b};var q=function(a,b){for(var c in b)b.hasOwnProperty(c)&&(a[c]=b[c])},r=function(a){for(var b in a)if(a.hasOwnProperty(b))return!0;return!1};var t=/^(?:(?:https?|mailto|ftp):|[^:/?#]*(?:[/?#]|$))/i;var u=window,v=document,w=function(a,b){v.addEventListener?v.addEventListener(a,b,!1):v.attachEvent&&v.attachEvent("on"+a,b)};var x={},y=function(){x.TAGGING=x.TAGGING||[];x.TAGGING[1]=!0};var z=/:[0-9]+$/,A=function(a,b,c){a=a.split("&");for(var d=0;d<a.length;d++){var e=a[d].split("=");if(decodeURIComponent(e[0]).replace(/\+/g," ")===b)return b=e.slice(1).join("="),c?b:decodeURIComponent(b).replace(/\+/g," ")}},D=function(a,b){b&&(b=String(b).toLowerCase());if("p
                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\wtuxe7VPD3U[1].htm
                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                        File Type:HTML document, ASCII text, with very long lines
                                                                                                        Category:downloaded
                                                                                                        Size (bytes):50374
                                                                                                        Entropy (8bit):5.898870077721632
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:768:d7aCaR6oVfOmN4D6p1NIKoH0v+my3KPuvs15E/dnUVJVY6iyrrmo:eNVc6z1tRbr1
                                                                                                        MD5:5438C2496A7A9ADCA89808E501CD652E
                                                                                                        SHA1:A3C75F818415D36365E9E27F567C0DAD700E5F52
                                                                                                        SHA-256:7965B07B1D625D8AFE62781C68691D08FA1678474279C951D00CF8DF998652EA
                                                                                                        SHA-512:839F90D83DD80FA78FB5CC5D89815CB3EB0562713E558E22AC7E825E533FF3884DCF6D8F5291A212620DD9DBB0A040DD1DC204D6E16CDA0EABCDDD3A21909746
                                                                                                        Malicious:false
                                                                                                        Reputation:low
                                                                                                        IE Cache URL:https://www.youtube.com/embed/wtuxe7VPD3U?feature=oembed
                                                                                                        Preview: <!DOCTYPE html> <html lang="en" dir="ltr" data-cast-api-enabled="true">.<head><meta name="viewport" content="width=device-width, initial-scale=1"><style name="www-roboto" >@font-face{font-family:'Roboto';font-style:italic;font-weight:500;src:url(//fonts.gstatic.com/s/roboto/v18/KFOjCnqEu92Fr1Mu51S7ACc6CsI.woff)format('woff');}@font-face{font-family:'Roboto';font-style:italic;font-weight:400;src:url(//fonts.gstatic.com/s/roboto/v18/KFOkCnqEu92Fr1Mu51xIIzQ.woff)format('woff');}@font-face{font-family:'Roboto';font-style:normal;font-weight:400;src:url(//fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxM.woff)format('woff');}@font-face{font-family:'Roboto';font-style:normal;font-weight:500;src:url(//fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc-.woff)format('woff');}</style><script name="www-roboto" >if (document.fonts && document.fonts.load) {document.fonts.load("400 10pt Roboto", "");document.fonts.load("500 10pt Roboto", "");}</script> <link rel="stylesheet" href="/s/player/4
                                                                                                        C:\Users\user\AppData\Local\Temp\~DF945E8E7F0625E9E8.TMP
                                                                                                        Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):12965
                                                                                                        Entropy (8bit):0.41873979718625315
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:12:c9lCg5/9lCgeK9l26an9l26an9l8fRVi9l8fRVS9lTqVv5jWn1AWn/z5ujWU+T:c9lLh9lLh9lIn9lIn9lo09loE9lWN8b1
                                                                                                        MD5:71A74E90E309C91710F49A6F4582862F
                                                                                                        SHA1:43EC38C98AE7F1A852EEEEB094771D48D2617215
                                                                                                        SHA-256:F3950D2F81BA7D91C7B6D43B98F1BD7E96228CBE73AC79125917B78D2D1EFECF
                                                                                                        SHA-512:81B24A57DC6A0CCBC860B7134027FE20F1D312C7E50467EA817C23CD47CB920F915283FF16B1DDD37EDE3CF869A6A97CDD6E11A18B7E900994A2BCFDC9370B18
                                                                                                        Malicious:false
                                                                                                        Reputation:low
                                                                                                        Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                        C:\Users\user\AppData\Local\Temp\~DFA17A083F6A4A7026.TMP
                                                                                                        Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):37471
                                                                                                        Entropy (8bit):0.811720869166821
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:96:kBqoxKAHzHySHRSHzHoHuHkH1HeHJuiJPPTQ:kBqoxKAHzH3HUHzHoHuHkH1HeHJh
                                                                                                        MD5:E31D22F64BAA17C9D73309218BCE29ED
                                                                                                        SHA1:23774B9B6F9DD1E10E05A9B5A1DEEF80BAD19658
                                                                                                        SHA-256:85DF6C80DA28B185B256C887329A48D8B063537F26CC348DB1E803B91AD0B244
                                                                                                        SHA-512:C08B62EA27699DFB8A08D402AF8936B2660BBC22412498A88B0048CDB1CE65EA39A0500FB27FECC70B2A8C1841CD8F62753E8DACFAC411E1400AE7602316D8F3
                                                                                                        Malicious:false
                                                                                                        Reputation:low
                                                                                                        Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                        C:\Users\user\Desktop\cmdline.out
                                                                                                        Process:C:\Windows\SysWOW64\wget.exe
                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                        Category:modified
                                                                                                        Size (bytes):629
                                                                                                        Entropy (8bit):5.060514363988684
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:12:HVuMUeHrCVSKYJfblfCglT1De5RhKkk1DbV3JRbKsSD0AiV3JRbKsSOa:1ZUmb9JfhfCYxePgJ1NPbVAQPbVS
                                                                                                        MD5:AD92A78AE4A2A6D637654650CD756167
                                                                                                        SHA1:978EBE2B58DFA3551A1C963D701B44154092EA93
                                                                                                        SHA-256:9358FDAC43E8017A809573536E44CBC26CAB4B848E5AADD6EC6227E31904457D
                                                                                                        SHA-512:64336607057312FF83ADB3DE813EEB9ED432BBF0D2C07D65AD4CF468E0CE7E4E6703B88EBC9507FC4733FB930B657628B62FB4CCAD5760B5C24B178E455B11D5
                                                                                                        Malicious:false
                                                                                                        Reputation:low
                                                                                                        Preview: --2021-02-05 15:07:16-- https://somervoice.somervillema.gov/novel-coronavirus-resources-for-businesses/widgets/16897/videos/2327..Resolving somervoice.somervillema.gov (somervoice.somervillema.gov)... 54.177.210.138..Connecting to somervoice.somervillema.gov (somervoice.somervillema.gov)|54.177.210.138|:443... connected...HTTP request sent, awaiting response... 200 OK..Length: unspecified [text/html]..Saving to: 'C:/Users/user/Desktop/download/2327'.... 0K .......... .......... ......... 1.78M=0.02s....2021-02-05 15:07:18 (1.78 MB/s) - 'C:/Users/user/Desktop/download/2327' saved [30490]....
                                                                                                        C:\Users\user\Desktop\download\.wget-hsts
                                                                                                        Process:C:\Windows\SysWOW64\wget.exe
                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):186
                                                                                                        Entropy (8bit):5.145345546398632
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:SY2FyFARLlbwFAM9CxnOLVFzDwIVhyyJxWQ5RdkA8dyTWlx1YonBov:SYeRLlbA0noH9VhyyJQQ5oA8UaiCBy
                                                                                                        MD5:F1F9F3AEFB2A41A2179A6D15844A6B72
                                                                                                        SHA1:7E24449947EA6826EF6F5FBB8E8C95E99A86CA5B
                                                                                                        SHA-256:FBF6A88139E77DCA14227B7B38C85E45B8374CF777BB3B8E7AA7A941F23FA3C4
                                                                                                        SHA-512:257033A9CADAAAF6700D012D737869F6CE2641D768A0D38897B841F1B4E201E595526A843C7B5AD6770413A9C9B2C28CEC03B35E492567F683C1858157D6E130
                                                                                                        Malicious:false
                                                                                                        Reputation:low
                                                                                                        Preview: # HSTS 1.0 Known Hosts database for GNU Wget...# Edit at your own risk...# <hostname>.<port>.<incl. subdomains>.<created>.<max-age>..somervoice.somervillema.gov.0.1.1612566438.31536000..
                                                                                                        C:\Users\user\Desktop\download\2327
                                                                                                        Process:C:\Windows\SysWOW64\wget.exe
                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):30490
                                                                                                        Entropy (8bit):5.332276673228413
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:768:nN/HvB0lKJmjbMMVelA69pqLQkgoHNo95OWrb:nlOlKJmjbMte8sLQkgONo95OWrb
                                                                                                        MD5:F2F1E74AAAFA78664323227DADD94089
                                                                                                        SHA1:E5973248182FE41A2F7DA9E01DCCDB4DE546F014
                                                                                                        SHA-256:A8D20DAE71CAA41D107710D49150ACFD636633A64FAF1F38BF41EACD2136A540
                                                                                                        SHA-512:FDC9041518C841F6DA80169DB2F851427F641C9096F8B348D7BECE343C1A92ED04B93C72068E9BDFCD5214BEB5163A63904A0E5658550E73D4C8D712C9287880
                                                                                                        Malicious:false
                                                                                                        Reputation:low
                                                                                                        Preview: <!DOCTYPE html>.<html lang='en-US' xml:lang='en-US'>.<head>.<meta content='IE=edge' http-equiv='X-UA-Compatible'>.<meta content='text/html; charset=utf-8' http-equiv='Content-type'>.<meta content='width=device-width' name='viewport'>.<link href='https://s3-us-west-1.amazonaws.com/ehq-production-us-california/8cfcc1570c81e97a242433b94052e3e65b3cb2c7/image_stores/favicons/000/002/489/original/SomerVoice_Favicon.png?1568919813' rel='icon' type='image/ico'>..<meta name="csrf-param" content="authenticity_token" />.<meta name="csrf-token" content="rt1Jznfq0uCCm+nf5MsfZ3MQ/aC2xV1TIkl7Ffzd4U8sTRx3lPTB5e146UjBVuAkpxdGtyWpgi0wVdaVkd42eA==" />...<title>.Novel Coronavirus Resources for Businesses. | SomerVoice.</title>.<span data-reporting-params='{&quot;authenticity_token&quot;:&quot;cMq9flDYpHpTwfnU+EJvX3Qol0Qp6z/4oRpm4+xTFnfyWujHs8a3fzwi+UPd35AcoC8sU7qH4IazBstjgVDBQA==&quot;,&quot;referrer&quot;:null,&quot;type&quot;:&quot;InformedVisit&quot;,&quot;logger&quot;:{&quot;page_id&quot;:&quot;5265&q

                                                                                                        Static File Info

                                                                                                        No static file info

                                                                                                        Network Behavior

                                                                                                        Snort IDS Alerts

                                                                                                        TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                        02/05/21-15:07:26.634075ICMP466ICMP L3retriever Ping192.168.2.5143.204.15.131
                                                                                                        02/05/21-15:07:26.634075ICMP384ICMP PING192.168.2.5143.204.15.131
                                                                                                        02/05/21-15:07:26.679233ICMP408ICMP Echo Reply143.204.15.131192.168.2.5
                                                                                                        02/05/21-15:07:49.094460ICMP466ICMP L3retriever Ping192.168.2.5216.58.207.170
                                                                                                        02/05/21-15:07:49.094460ICMP384ICMP PING192.168.2.5216.58.207.170
                                                                                                        02/05/21-15:07:49.136350ICMP408ICMP Echo Reply216.58.207.170192.168.2.5
                                                                                                        02/05/21-15:08:11.527840ICMP466ICMP L3retriever Ping192.168.2.5216.58.207.174
                                                                                                        02/05/21-15:08:11.527840ICMP384ICMP PING192.168.2.5216.58.207.174
                                                                                                        02/05/21-15:08:11.569121ICMP408ICMP Echo Reply216.58.207.174192.168.2.5
                                                                                                        02/05/21-15:08:33.833431ICMP466ICMP L3retriever Ping192.168.2.5143.204.15.81
                                                                                                        02/05/21-15:08:33.833431ICMP384ICMP PING192.168.2.5143.204.15.81
                                                                                                        02/05/21-15:08:33.877435ICMP408ICMP Echo Reply143.204.15.81192.168.2.5
                                                                                                        02/05/21-15:08:56.206196ICMP466ICMP L3retriever Ping192.168.2.5104.16.18.94
                                                                                                        02/05/21-15:08:56.206196ICMP384ICMP PING192.168.2.5104.16.18.94
                                                                                                        02/05/21-15:08:56.250712ICMP408ICMP Echo Reply104.16.18.94192.168.2.5

                                                                                                        Network Port Distribution

                                                                                                        TCP Packets

                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                        Feb 5, 2021 15:07:17.234325886 CET49719443192.168.2.554.177.210.138
                                                                                                        Feb 5, 2021 15:07:17.433872938 CET4434971954.177.210.138192.168.2.5
                                                                                                        Feb 5, 2021 15:07:17.434001923 CET49719443192.168.2.554.177.210.138
                                                                                                        Feb 5, 2021 15:07:17.437586069 CET49719443192.168.2.554.177.210.138
                                                                                                        Feb 5, 2021 15:07:17.636428118 CET4434971954.177.210.138192.168.2.5
                                                                                                        Feb 5, 2021 15:07:17.643752098 CET4434971954.177.210.138192.168.2.5
                                                                                                        Feb 5, 2021 15:07:17.643841028 CET4434971954.177.210.138192.168.2.5
                                                                                                        Feb 5, 2021 15:07:17.643906116 CET4434971954.177.210.138192.168.2.5
                                                                                                        Feb 5, 2021 15:07:17.644006014 CET49719443192.168.2.554.177.210.138
                                                                                                        Feb 5, 2021 15:07:17.651972055 CET49719443192.168.2.554.177.210.138
                                                                                                        Feb 5, 2021 15:07:17.852556944 CET4434971954.177.210.138192.168.2.5
                                                                                                        Feb 5, 2021 15:07:17.855004072 CET49719443192.168.2.554.177.210.138
                                                                                                        Feb 5, 2021 15:07:18.095331907 CET4434971954.177.210.138192.168.2.5
                                                                                                        Feb 5, 2021 15:07:18.779860973 CET4434971954.177.210.138192.168.2.5
                                                                                                        Feb 5, 2021 15:07:18.779933929 CET4434971954.177.210.138192.168.2.5
                                                                                                        Feb 5, 2021 15:07:18.779982090 CET4434971954.177.210.138192.168.2.5
                                                                                                        Feb 5, 2021 15:07:18.780024052 CET4434971954.177.210.138192.168.2.5
                                                                                                        Feb 5, 2021 15:07:18.780023098 CET49719443192.168.2.554.177.210.138
                                                                                                        Feb 5, 2021 15:07:18.780066013 CET4434971954.177.210.138192.168.2.5
                                                                                                        Feb 5, 2021 15:07:18.780090094 CET49719443192.168.2.554.177.210.138
                                                                                                        Feb 5, 2021 15:07:18.780108929 CET4434971954.177.210.138192.168.2.5
                                                                                                        Feb 5, 2021 15:07:18.780148029 CET4434971954.177.210.138192.168.2.5
                                                                                                        Feb 5, 2021 15:07:18.780170918 CET49719443192.168.2.554.177.210.138
                                                                                                        Feb 5, 2021 15:07:18.780328989 CET4434971954.177.210.138192.168.2.5
                                                                                                        Feb 5, 2021 15:07:18.780375004 CET4434971954.177.210.138192.168.2.5
                                                                                                        Feb 5, 2021 15:07:18.780399084 CET49719443192.168.2.554.177.210.138
                                                                                                        Feb 5, 2021 15:07:18.780417919 CET4434971954.177.210.138192.168.2.5
                                                                                                        Feb 5, 2021 15:07:18.780463934 CET49719443192.168.2.554.177.210.138
                                                                                                        Feb 5, 2021 15:07:18.980484962 CET4434971954.177.210.138192.168.2.5
                                                                                                        Feb 5, 2021 15:07:18.980554104 CET4434971954.177.210.138192.168.2.5
                                                                                                        Feb 5, 2021 15:07:18.980590105 CET4434971954.177.210.138192.168.2.5
                                                                                                        Feb 5, 2021 15:07:18.980623007 CET4434971954.177.210.138192.168.2.5
                                                                                                        Feb 5, 2021 15:07:18.980654001 CET4434971954.177.210.138192.168.2.5
                                                                                                        Feb 5, 2021 15:07:18.980664015 CET49719443192.168.2.554.177.210.138
                                                                                                        Feb 5, 2021 15:07:18.980685949 CET4434971954.177.210.138192.168.2.5
                                                                                                        Feb 5, 2021 15:07:18.980699062 CET49719443192.168.2.554.177.210.138
                                                                                                        Feb 5, 2021 15:07:18.980716944 CET4434971954.177.210.138192.168.2.5
                                                                                                        Feb 5, 2021 15:07:18.980747938 CET4434971954.177.210.138192.168.2.5
                                                                                                        Feb 5, 2021 15:07:18.980752945 CET49719443192.168.2.554.177.210.138
                                                                                                        Feb 5, 2021 15:07:18.980781078 CET4434971954.177.210.138192.168.2.5
                                                                                                        Feb 5, 2021 15:07:18.980812073 CET49719443192.168.2.554.177.210.138
                                                                                                        Feb 5, 2021 15:07:18.980818033 CET4434971954.177.210.138192.168.2.5
                                                                                                        Feb 5, 2021 15:07:18.980850935 CET4434971954.177.210.138192.168.2.5
                                                                                                        Feb 5, 2021 15:07:18.980866909 CET49719443192.168.2.554.177.210.138
                                                                                                        Feb 5, 2021 15:07:18.980880022 CET4434971954.177.210.138192.168.2.5
                                                                                                        Feb 5, 2021 15:07:18.980911970 CET4434971954.177.210.138192.168.2.5
                                                                                                        Feb 5, 2021 15:07:18.980927944 CET49719443192.168.2.554.177.210.138
                                                                                                        Feb 5, 2021 15:07:18.980946064 CET4434971954.177.210.138192.168.2.5
                                                                                                        Feb 5, 2021 15:07:18.980971098 CET4434971954.177.210.138192.168.2.5
                                                                                                        Feb 5, 2021 15:07:18.981021881 CET49719443192.168.2.554.177.210.138
                                                                                                        Feb 5, 2021 15:07:19.052896023 CET49719443192.168.2.554.177.210.138
                                                                                                        Feb 5, 2021 15:07:19.511015892 CET49719443192.168.2.554.177.210.138
                                                                                                        Feb 5, 2021 15:07:47.969913960 CET49732443192.168.2.5104.16.18.94
                                                                                                        Feb 5, 2021 15:07:47.970504999 CET49733443192.168.2.5104.16.18.94
                                                                                                        Feb 5, 2021 15:07:48.015928984 CET44349732104.16.18.94192.168.2.5
                                                                                                        Feb 5, 2021 15:07:48.015958071 CET44349733104.16.18.94192.168.2.5
                                                                                                        Feb 5, 2021 15:07:48.016436100 CET49733443192.168.2.5104.16.18.94
                                                                                                        Feb 5, 2021 15:07:48.017091990 CET49732443192.168.2.5104.16.18.94
                                                                                                        Feb 5, 2021 15:07:48.025310993 CET49733443192.168.2.5104.16.18.94
                                                                                                        Feb 5, 2021 15:07:48.028707027 CET49732443192.168.2.5104.16.18.94
                                                                                                        Feb 5, 2021 15:07:48.069597006 CET44349733104.16.18.94192.168.2.5
                                                                                                        Feb 5, 2021 15:07:48.075431108 CET44349732104.16.18.94192.168.2.5
                                                                                                        Feb 5, 2021 15:07:48.075465918 CET44349732104.16.18.94192.168.2.5
                                                                                                        Feb 5, 2021 15:07:48.075481892 CET44349732104.16.18.94192.168.2.5
                                                                                                        Feb 5, 2021 15:07:48.075500011 CET44349733104.16.18.94192.168.2.5
                                                                                                        Feb 5, 2021 15:07:48.075515985 CET44349733104.16.18.94192.168.2.5
                                                                                                        Feb 5, 2021 15:07:48.075551033 CET49732443192.168.2.5104.16.18.94
                                                                                                        Feb 5, 2021 15:07:48.075584888 CET49733443192.168.2.5104.16.18.94
                                                                                                        Feb 5, 2021 15:07:48.078671932 CET49732443192.168.2.5104.16.18.94
                                                                                                        Feb 5, 2021 15:07:48.118846893 CET49732443192.168.2.5104.16.18.94
                                                                                                        Feb 5, 2021 15:07:48.118983984 CET49733443192.168.2.5104.16.18.94
                                                                                                        Feb 5, 2021 15:07:48.125889063 CET49733443192.168.2.5104.16.18.94
                                                                                                        Feb 5, 2021 15:07:48.127099037 CET49733443192.168.2.5104.16.18.94
                                                                                                        Feb 5, 2021 15:07:48.127728939 CET49732443192.168.2.5104.16.18.94
                                                                                                        Feb 5, 2021 15:07:48.163048983 CET44349732104.16.18.94192.168.2.5
                                                                                                        Feb 5, 2021 15:07:48.163070917 CET44349733104.16.18.94192.168.2.5
                                                                                                        Feb 5, 2021 15:07:48.163397074 CET44349733104.16.18.94192.168.2.5
                                                                                                        Feb 5, 2021 15:07:48.163758039 CET49733443192.168.2.5104.16.18.94
                                                                                                        Feb 5, 2021 15:07:48.163779974 CET44349733104.16.18.94192.168.2.5
                                                                                                        Feb 5, 2021 15:07:48.163921118 CET49733443192.168.2.5104.16.18.94
                                                                                                        Feb 5, 2021 15:07:48.164876938 CET44349732104.16.18.94192.168.2.5
                                                                                                        Feb 5, 2021 15:07:48.164891005 CET44349732104.16.18.94192.168.2.5
                                                                                                        Feb 5, 2021 15:07:48.165201902 CET49732443192.168.2.5104.16.18.94
                                                                                                        Feb 5, 2021 15:07:48.166642904 CET49733443192.168.2.5104.16.18.94
                                                                                                        Feb 5, 2021 15:07:48.168697119 CET49732443192.168.2.5104.16.18.94
                                                                                                        Feb 5, 2021 15:07:48.170252085 CET44349733104.16.18.94192.168.2.5
                                                                                                        Feb 5, 2021 15:07:48.171236038 CET44349733104.16.18.94192.168.2.5
                                                                                                        Feb 5, 2021 15:07:48.171724081 CET44349732104.16.18.94192.168.2.5
                                                                                                        Feb 5, 2021 15:07:48.171741962 CET44349732104.16.18.94192.168.2.5
                                                                                                        Feb 5, 2021 15:07:48.171878099 CET49732443192.168.2.5104.16.18.94
                                                                                                        Feb 5, 2021 15:07:48.172256947 CET44349733104.16.18.94192.168.2.5
                                                                                                        Feb 5, 2021 15:07:48.173785925 CET49733443192.168.2.5104.16.18.94
                                                                                                        Feb 5, 2021 15:07:48.253895044 CET44349732104.16.18.94192.168.2.5
                                                                                                        Feb 5, 2021 15:07:48.257519007 CET44349733104.16.18.94192.168.2.5
                                                                                                        Feb 5, 2021 15:07:48.296605110 CET44349733104.16.18.94192.168.2.5
                                                                                                        Feb 5, 2021 15:07:48.296655893 CET44349733104.16.18.94192.168.2.5
                                                                                                        Feb 5, 2021 15:07:48.296701908 CET49733443192.168.2.5104.16.18.94
                                                                                                        Feb 5, 2021 15:07:48.296726942 CET49733443192.168.2.5104.16.18.94
                                                                                                        Feb 5, 2021 15:07:48.296744108 CET44349733104.16.18.94192.168.2.5
                                                                                                        Feb 5, 2021 15:07:48.296782017 CET44349733104.16.18.94192.168.2.5
                                                                                                        Feb 5, 2021 15:07:48.296799898 CET49733443192.168.2.5104.16.18.94
                                                                                                        Feb 5, 2021 15:07:48.296845913 CET49733443192.168.2.5104.16.18.94
                                                                                                        Feb 5, 2021 15:07:48.296869040 CET44349733104.16.18.94192.168.2.5
                                                                                                        Feb 5, 2021 15:07:48.296906948 CET44349733104.16.18.94192.168.2.5
                                                                                                        Feb 5, 2021 15:07:48.296955109 CET44349733104.16.18.94192.168.2.5
                                                                                                        Feb 5, 2021 15:07:48.296968937 CET49733443192.168.2.5104.16.18.94
                                                                                                        Feb 5, 2021 15:07:48.296998978 CET44349733104.16.18.94192.168.2.5
                                                                                                        Feb 5, 2021 15:07:48.297036886 CET44349733104.16.18.94192.168.2.5
                                                                                                        Feb 5, 2021 15:07:48.297059059 CET49733443192.168.2.5104.16.18.94
                                                                                                        Feb 5, 2021 15:07:48.297085047 CET49733443192.168.2.5104.16.18.94
                                                                                                        Feb 5, 2021 15:07:48.297103882 CET44349733104.16.18.94192.168.2.5
                                                                                                        Feb 5, 2021 15:07:48.297130108 CET44349733104.16.18.94192.168.2.5
                                                                                                        Feb 5, 2021 15:07:48.297178984 CET49733443192.168.2.5104.16.18.94
                                                                                                        Feb 5, 2021 15:08:56.077220917 CET49756445192.168.2.5104.16.18.94
                                                                                                        Feb 5, 2021 15:08:56.251826048 CET49757139192.168.2.5104.16.18.94
                                                                                                        Feb 5, 2021 15:08:59.092816114 CET49756445192.168.2.5104.16.18.94
                                                                                                        Feb 5, 2021 15:08:59.264273882 CET49757139192.168.2.5104.16.18.94
                                                                                                        Feb 5, 2021 15:09:05.092622042 CET49756445192.168.2.5104.16.18.94
                                                                                                        Feb 5, 2021 15:09:05.264533043 CET49757139192.168.2.5104.16.18.94
                                                                                                        Feb 5, 2021 15:09:12.080233097 CET49733443192.168.2.5104.16.18.94
                                                                                                        Feb 5, 2021 15:09:12.081181049 CET49732443192.168.2.5104.16.18.94
                                                                                                        Feb 5, 2021 15:09:12.125504017 CET44349733104.16.18.94192.168.2.5
                                                                                                        Feb 5, 2021 15:09:12.125534058 CET44349732104.16.18.94192.168.2.5
                                                                                                        Feb 5, 2021 15:09:12.125663996 CET49733443192.168.2.5104.16.18.94
                                                                                                        Feb 5, 2021 15:09:12.125709057 CET49732443192.168.2.5104.16.18.94
                                                                                                        Feb 5, 2021 15:09:19.729492903 CET49763443192.168.2.5172.217.23.66
                                                                                                        Feb 5, 2021 15:09:19.729537010 CET49764443192.168.2.5172.217.23.66
                                                                                                        Feb 5, 2021 15:09:19.771125078 CET44349763172.217.23.66192.168.2.5
                                                                                                        Feb 5, 2021 15:09:19.771147013 CET44349764172.217.23.66192.168.2.5
                                                                                                        Feb 5, 2021 15:09:19.771322966 CET49764443192.168.2.5172.217.23.66
                                                                                                        Feb 5, 2021 15:09:19.771326065 CET49763443192.168.2.5172.217.23.66
                                                                                                        Feb 5, 2021 15:09:19.775544882 CET49764443192.168.2.5172.217.23.66
                                                                                                        Feb 5, 2021 15:09:19.775782108 CET49763443192.168.2.5172.217.23.66
                                                                                                        Feb 5, 2021 15:09:19.816976070 CET44349764172.217.23.66192.168.2.5
                                                                                                        Feb 5, 2021 15:09:19.817092896 CET44349763172.217.23.66192.168.2.5
                                                                                                        Feb 5, 2021 15:09:19.830347061 CET44349764172.217.23.66192.168.2.5
                                                                                                        Feb 5, 2021 15:09:19.830374002 CET44349764172.217.23.66192.168.2.5
                                                                                                        Feb 5, 2021 15:09:19.830389977 CET44349764172.217.23.66192.168.2.5
                                                                                                        Feb 5, 2021 15:09:19.830497980 CET49764443192.168.2.5172.217.23.66
                                                                                                        Feb 5, 2021 15:09:19.831082106 CET44349763172.217.23.66192.168.2.5
                                                                                                        Feb 5, 2021 15:09:19.831161022 CET44349763172.217.23.66192.168.2.5
                                                                                                        Feb 5, 2021 15:09:19.831177950 CET44349763172.217.23.66192.168.2.5
                                                                                                        Feb 5, 2021 15:09:19.831182957 CET49763443192.168.2.5172.217.23.66
                                                                                                        Feb 5, 2021 15:09:19.831231117 CET49763443192.168.2.5172.217.23.66
                                                                                                        Feb 5, 2021 15:09:19.831248045 CET49763443192.168.2.5172.217.23.66
                                                                                                        Feb 5, 2021 15:09:19.839754105 CET49764443192.168.2.5172.217.23.66
                                                                                                        Feb 5, 2021 15:09:19.845509052 CET49763443192.168.2.5172.217.23.66
                                                                                                        Feb 5, 2021 15:09:19.845949888 CET49764443192.168.2.5172.217.23.66
                                                                                                        Feb 5, 2021 15:09:19.846343040 CET49764443192.168.2.5172.217.23.66
                                                                                                        Feb 5, 2021 15:09:19.846482038 CET49763443192.168.2.5172.217.23.66
                                                                                                        Feb 5, 2021 15:09:19.883917093 CET44349764172.217.23.66192.168.2.5
                                                                                                        Feb 5, 2021 15:09:19.883950949 CET44349764172.217.23.66192.168.2.5
                                                                                                        Feb 5, 2021 15:09:19.884033918 CET49764443192.168.2.5172.217.23.66
                                                                                                        Feb 5, 2021 15:09:19.884119987 CET49764443192.168.2.5172.217.23.66
                                                                                                        Feb 5, 2021 15:09:19.890006065 CET44349763172.217.23.66192.168.2.5
                                                                                                        Feb 5, 2021 15:09:19.890013933 CET44349763172.217.23.66192.168.2.5
                                                                                                        Feb 5, 2021 15:09:19.890063047 CET44349764172.217.23.66192.168.2.5
                                                                                                        Feb 5, 2021 15:09:19.890221119 CET49763443192.168.2.5172.217.23.66
                                                                                                        Feb 5, 2021 15:09:19.890225887 CET49764443192.168.2.5172.217.23.66
                                                                                                        Feb 5, 2021 15:09:19.890919924 CET44349763172.217.23.66192.168.2.5
                                                                                                        Feb 5, 2021 15:09:19.891071081 CET49763443192.168.2.5172.217.23.66
                                                                                                        Feb 5, 2021 15:09:19.893409014 CET49764443192.168.2.5172.217.23.66
                                                                                                        Feb 5, 2021 15:09:19.894113064 CET49763443192.168.2.5172.217.23.66
                                                                                                        Feb 5, 2021 15:09:19.895982981 CET44349764172.217.23.66192.168.2.5
                                                                                                        Feb 5, 2021 15:09:19.923527956 CET44349764172.217.23.66192.168.2.5
                                                                                                        Feb 5, 2021 15:09:19.923563957 CET44349764172.217.23.66192.168.2.5
                                                                                                        Feb 5, 2021 15:09:19.923659086 CET49764443192.168.2.5172.217.23.66
                                                                                                        Feb 5, 2021 15:09:19.924293041 CET44349764172.217.23.66192.168.2.5
                                                                                                        Feb 5, 2021 15:09:19.924364090 CET49764443192.168.2.5172.217.23.66
                                                                                                        Feb 5, 2021 15:09:19.924406052 CET44349764172.217.23.66192.168.2.5
                                                                                                        Feb 5, 2021 15:09:19.924469948 CET49764443192.168.2.5172.217.23.66
                                                                                                        Feb 5, 2021 15:09:19.925640106 CET49764443192.168.2.5172.217.23.66
                                                                                                        Feb 5, 2021 15:09:19.940067053 CET44349764172.217.23.66192.168.2.5
                                                                                                        Feb 5, 2021 15:09:19.940253019 CET44349763172.217.23.66192.168.2.5
                                                                                                        Feb 5, 2021 15:09:19.967397928 CET44349764172.217.23.66192.168.2.5

                                                                                                        UDP Packets

                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                        Feb 5, 2021 15:07:11.764857054 CET6318353192.168.2.58.8.8.8
                                                                                                        Feb 5, 2021 15:07:11.811811924 CET53631838.8.8.8192.168.2.5
                                                                                                        Feb 5, 2021 15:07:12.898927927 CET6015153192.168.2.58.8.8.8
                                                                                                        Feb 5, 2021 15:07:12.950552940 CET53601518.8.8.8192.168.2.5
                                                                                                        Feb 5, 2021 15:07:13.766228914 CET5696953192.168.2.58.8.8.8
                                                                                                        Feb 5, 2021 15:07:13.821501970 CET53569698.8.8.8192.168.2.5
                                                                                                        Feb 5, 2021 15:07:15.069468975 CET5516153192.168.2.58.8.8.8
                                                                                                        Feb 5, 2021 15:07:15.124907970 CET53551618.8.8.8192.168.2.5
                                                                                                        Feb 5, 2021 15:07:15.927023888 CET5475753192.168.2.58.8.8.8
                                                                                                        Feb 5, 2021 15:07:15.973674059 CET53547578.8.8.8192.168.2.5
                                                                                                        Feb 5, 2021 15:07:17.141604900 CET4999253192.168.2.58.8.8.8
                                                                                                        Feb 5, 2021 15:07:17.226108074 CET53499928.8.8.8192.168.2.5
                                                                                                        Feb 5, 2021 15:07:21.032305002 CET6007553192.168.2.58.8.8.8
                                                                                                        Feb 5, 2021 15:07:21.091984987 CET53600758.8.8.8192.168.2.5
                                                                                                        Feb 5, 2021 15:07:22.374574900 CET5501653192.168.2.58.8.8.8
                                                                                                        Feb 5, 2021 15:07:22.446049929 CET53550168.8.8.8192.168.2.5
                                                                                                        Feb 5, 2021 15:07:26.574177980 CET6434553192.168.2.58.8.8.8
                                                                                                        Feb 5, 2021 15:07:26.632848978 CET53643458.8.8.8192.168.2.5
                                                                                                        Feb 5, 2021 15:07:31.823400021 CET5712853192.168.2.58.8.8.8
                                                                                                        Feb 5, 2021 15:07:31.885289907 CET53571288.8.8.8192.168.2.5
                                                                                                        Feb 5, 2021 15:07:40.430713892 CET5479153192.168.2.58.8.8.8
                                                                                                        Feb 5, 2021 15:07:40.477413893 CET53547918.8.8.8192.168.2.5
                                                                                                        Feb 5, 2021 15:07:43.970624924 CET5046353192.168.2.58.8.8.8
                                                                                                        Feb 5, 2021 15:07:44.030214071 CET53504638.8.8.8192.168.2.5
                                                                                                        Feb 5, 2021 15:07:47.870496988 CET5039453192.168.2.58.8.8.8
                                                                                                        Feb 5, 2021 15:07:47.898520947 CET5853053192.168.2.58.8.8.8
                                                                                                        Feb 5, 2021 15:07:47.936458111 CET53503948.8.8.8192.168.2.5
                                                                                                        Feb 5, 2021 15:07:47.950846910 CET53585308.8.8.8192.168.2.5
                                                                                                        Feb 5, 2021 15:07:49.026160002 CET5381353192.168.2.58.8.8.8
                                                                                                        Feb 5, 2021 15:07:49.084217072 CET53538138.8.8.8192.168.2.5
                                                                                                        Feb 5, 2021 15:07:51.063024998 CET6373253192.168.2.58.8.8.8
                                                                                                        Feb 5, 2021 15:07:51.120110989 CET53637328.8.8.8192.168.2.5
                                                                                                        Feb 5, 2021 15:07:52.040589094 CET5734453192.168.2.58.8.8.8
                                                                                                        Feb 5, 2021 15:07:52.073610067 CET6373253192.168.2.58.8.8.8
                                                                                                        Feb 5, 2021 15:07:52.089591980 CET53573448.8.8.8192.168.2.5
                                                                                                        Feb 5, 2021 15:07:52.122888088 CET53637328.8.8.8192.168.2.5
                                                                                                        Feb 5, 2021 15:07:53.055794001 CET5734453192.168.2.58.8.8.8
                                                                                                        Feb 5, 2021 15:07:53.073965073 CET6373253192.168.2.58.8.8.8
                                                                                                        Feb 5, 2021 15:07:53.102307081 CET53573448.8.8.8192.168.2.5
                                                                                                        Feb 5, 2021 15:07:53.125210047 CET53637328.8.8.8192.168.2.5
                                                                                                        Feb 5, 2021 15:07:54.056523085 CET5734453192.168.2.58.8.8.8
                                                                                                        Feb 5, 2021 15:07:54.104392052 CET53573448.8.8.8192.168.2.5
                                                                                                        Feb 5, 2021 15:07:55.072053909 CET6373253192.168.2.58.8.8.8
                                                                                                        Feb 5, 2021 15:07:55.120407104 CET53637328.8.8.8192.168.2.5
                                                                                                        Feb 5, 2021 15:07:56.072550058 CET5734453192.168.2.58.8.8.8
                                                                                                        Feb 5, 2021 15:07:56.123999119 CET53573448.8.8.8192.168.2.5
                                                                                                        Feb 5, 2021 15:07:57.659216881 CET5445053192.168.2.58.8.8.8
                                                                                                        Feb 5, 2021 15:07:57.722939968 CET53544508.8.8.8192.168.2.5
                                                                                                        Feb 5, 2021 15:07:59.087770939 CET6373253192.168.2.58.8.8.8
                                                                                                        Feb 5, 2021 15:07:59.143445969 CET53637328.8.8.8192.168.2.5
                                                                                                        Feb 5, 2021 15:08:00.072258949 CET5734453192.168.2.58.8.8.8
                                                                                                        Feb 5, 2021 15:08:00.129827023 CET53573448.8.8.8192.168.2.5
                                                                                                        Feb 5, 2021 15:08:01.758694887 CET5926153192.168.2.58.8.8.8
                                                                                                        Feb 5, 2021 15:08:01.808022976 CET53592618.8.8.8192.168.2.5
                                                                                                        Feb 5, 2021 15:08:03.219429016 CET5715153192.168.2.58.8.8.8
                                                                                                        Feb 5, 2021 15:08:03.266285896 CET53571518.8.8.8192.168.2.5
                                                                                                        Feb 5, 2021 15:08:07.014214039 CET5941353192.168.2.58.8.8.8
                                                                                                        Feb 5, 2021 15:08:07.080498934 CET53594138.8.8.8192.168.2.5
                                                                                                        Feb 5, 2021 15:08:07.742432117 CET6051653192.168.2.58.8.8.8
                                                                                                        Feb 5, 2021 15:08:07.801554918 CET53605168.8.8.8192.168.2.5
                                                                                                        Feb 5, 2021 15:08:10.302572966 CET5164953192.168.2.58.8.8.8
                                                                                                        Feb 5, 2021 15:08:10.369622946 CET53516498.8.8.8192.168.2.5
                                                                                                        Feb 5, 2021 15:08:11.465857983 CET6508653192.168.2.58.8.8.8
                                                                                                        Feb 5, 2021 15:08:11.525525093 CET53650868.8.8.8192.168.2.5
                                                                                                        Feb 5, 2021 15:08:32.599138975 CET5643253192.168.2.58.8.8.8
                                                                                                        Feb 5, 2021 15:08:32.661825895 CET53564328.8.8.8192.168.2.5
                                                                                                        Feb 5, 2021 15:08:33.773889065 CET5292953192.168.2.58.8.8.8
                                                                                                        Feb 5, 2021 15:08:33.831979990 CET53529298.8.8.8192.168.2.5
                                                                                                        Feb 5, 2021 15:08:42.363190889 CET6431753192.168.2.58.8.8.8
                                                                                                        Feb 5, 2021 15:08:42.414575100 CET53643178.8.8.8192.168.2.5
                                                                                                        Feb 5, 2021 15:08:54.905102015 CET6100453192.168.2.58.8.8.8
                                                                                                        Feb 5, 2021 15:08:54.951648951 CET53610048.8.8.8192.168.2.5
                                                                                                        Feb 5, 2021 15:08:54.961630106 CET5689553192.168.2.58.8.8.8
                                                                                                        Feb 5, 2021 15:08:55.031986952 CET53568958.8.8.8192.168.2.5
                                                                                                        Feb 5, 2021 15:08:56.079540014 CET6237253192.168.2.58.8.8.8
                                                                                                        Feb 5, 2021 15:08:56.128251076 CET53623728.8.8.8192.168.2.5
                                                                                                        Feb 5, 2021 15:09:04.572551012 CET6151553192.168.2.58.8.8.8
                                                                                                        Feb 5, 2021 15:09:04.633744001 CET53615158.8.8.8192.168.2.5
                                                                                                        Feb 5, 2021 15:09:17.297841072 CET5667553192.168.2.58.8.8.8
                                                                                                        Feb 5, 2021 15:09:17.367232084 CET53566758.8.8.8192.168.2.5
                                                                                                        Feb 5, 2021 15:09:17.704849958 CET5717253192.168.2.58.8.8.8
                                                                                                        Feb 5, 2021 15:09:17.751698017 CET53571728.8.8.8192.168.2.5
                                                                                                        Feb 5, 2021 15:09:19.678814888 CET5526753192.168.2.58.8.8.8
                                                                                                        Feb 5, 2021 15:09:19.725985050 CET53552678.8.8.8192.168.2.5
                                                                                                        Feb 5, 2021 15:09:19.806108952 CET5096953192.168.2.58.8.8.8
                                                                                                        Feb 5, 2021 15:09:19.818259954 CET6436253192.168.2.58.8.8.8
                                                                                                        Feb 5, 2021 15:09:19.872160912 CET53509698.8.8.8192.168.2.5
                                                                                                        Feb 5, 2021 15:09:19.876028061 CET53643628.8.8.8192.168.2.5
                                                                                                        Feb 5, 2021 15:09:21.981621027 CET5476653192.168.2.58.8.8.8
                                                                                                        Feb 5, 2021 15:09:22.033730984 CET53547668.8.8.8192.168.2.5
                                                                                                        Feb 5, 2021 15:09:22.591409922 CET6144653192.168.2.58.8.8.8
                                                                                                        Feb 5, 2021 15:09:22.596565962 CET5751553192.168.2.58.8.8.8
                                                                                                        Feb 5, 2021 15:09:22.657424927 CET53614468.8.8.8192.168.2.5
                                                                                                        Feb 5, 2021 15:09:22.664328098 CET53575158.8.8.8192.168.2.5

                                                                                                        ICMP Packets

                                                                                                        TimestampSource IPDest IPChecksumCodeType
                                                                                                        Feb 5, 2021 15:08:56.206196070 CET192.168.2.5104.16.18.944f58Echo
                                                                                                        Feb 5, 2021 15:08:56.250711918 CET104.16.18.94192.168.2.55758Echo Reply

                                                                                                        DNS Queries

                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                        Feb 5, 2021 15:07:17.141604900 CET192.168.2.58.8.8.80x8369Standard query (0)somervoice.somervillema.govA (IP address)IN (0x0001)
                                                                                                        Feb 5, 2021 15:07:22.374574900 CET192.168.2.58.8.8.80x5423Standard query (0)d2gu4vothxmtom.cloudfront.netA (IP address)IN (0x0001)
                                                                                                        Feb 5, 2021 15:07:26.574177980 CET192.168.2.58.8.8.80x3af7Standard query (0)d2gu4vothxmtom.cloudfront.netA (IP address)IN (0x0001)
                                                                                                        Feb 5, 2021 15:07:47.898520947 CET192.168.2.58.8.8.80x8443Standard query (0)cdnjs.cloudflare.comA (IP address)IN (0x0001)
                                                                                                        Feb 5, 2021 15:08:32.599138975 CET192.168.2.58.8.8.80xb0f6Standard query (0)d2gu4vothxmtom.cloudfront.netA (IP address)IN (0x0001)
                                                                                                        Feb 5, 2021 15:08:33.773889065 CET192.168.2.58.8.8.80x4fdbStandard query (0)d2gu4vothxmtom.cloudfront.netA (IP address)IN (0x0001)
                                                                                                        Feb 5, 2021 15:08:54.905102015 CET192.168.2.58.8.8.80xf486Standard query (0)cdnjs.cloudflare.comA (IP address)IN (0x0001)
                                                                                                        Feb 5, 2021 15:08:54.961630106 CET192.168.2.58.8.8.80x2789Standard query (0)www.youtube.comA (IP address)IN (0x0001)
                                                                                                        Feb 5, 2021 15:08:56.079540014 CET192.168.2.58.8.8.80xd144Standard query (0)cdnjs.cloudflare.comA (IP address)IN (0x0001)
                                                                                                        Feb 5, 2021 15:09:19.678814888 CET192.168.2.58.8.8.80x9e16Standard query (0)googleads.g.doubleclick.netA (IP address)IN (0x0001)
                                                                                                        Feb 5, 2021 15:09:19.806108952 CET192.168.2.58.8.8.80x29c2Standard query (0)static.doubleclick.netA (IP address)IN (0x0001)
                                                                                                        Feb 5, 2021 15:09:22.591409922 CET192.168.2.58.8.8.80x5acStandard query (0)i.ytimg.comA (IP address)IN (0x0001)
                                                                                                        Feb 5, 2021 15:09:22.596565962 CET192.168.2.58.8.8.80x141Standard query (0)yt3.ggpht.comA (IP address)IN (0x0001)

                                                                                                        DNS Answers

                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                        Feb 5, 2021 15:07:17.226108074 CET8.8.8.8192.168.2.50x8369No error (0)somervoice.somervillema.govplatform.us.engagementhq.comCNAME (Canonical name)IN (0x0001)
                                                                                                        Feb 5, 2021 15:07:17.226108074 CET8.8.8.8192.168.2.50x8369No error (0)platform.us.engagementhq.comor-nlb-v00-b47a3d3821d0abbe.elb.us-west-1.amazonaws.comCNAME (Canonical name)IN (0x0001)
                                                                                                        Feb 5, 2021 15:07:17.226108074 CET8.8.8.8192.168.2.50x8369No error (0)or-nlb-v00-b47a3d3821d0abbe.elb.us-west-1.amazonaws.com54.177.210.138A (IP address)IN (0x0001)
                                                                                                        Feb 5, 2021 15:07:22.446049929 CET8.8.8.8192.168.2.50x5423No error (0)d2gu4vothxmtom.cloudfront.net143.204.15.131A (IP address)IN (0x0001)
                                                                                                        Feb 5, 2021 15:07:22.446049929 CET8.8.8.8192.168.2.50x5423No error (0)d2gu4vothxmtom.cloudfront.net143.204.15.81A (IP address)IN (0x0001)
                                                                                                        Feb 5, 2021 15:07:22.446049929 CET8.8.8.8192.168.2.50x5423No error (0)d2gu4vothxmtom.cloudfront.net143.204.15.197A (IP address)IN (0x0001)
                                                                                                        Feb 5, 2021 15:07:22.446049929 CET8.8.8.8192.168.2.50x5423No error (0)d2gu4vothxmtom.cloudfront.net143.204.15.206A (IP address)IN (0x0001)
                                                                                                        Feb 5, 2021 15:07:26.632848978 CET8.8.8.8192.168.2.50x3af7No error (0)d2gu4vothxmtom.cloudfront.net143.204.15.131A (IP address)IN (0x0001)
                                                                                                        Feb 5, 2021 15:07:26.632848978 CET8.8.8.8192.168.2.50x3af7No error (0)d2gu4vothxmtom.cloudfront.net143.204.15.81A (IP address)IN (0x0001)
                                                                                                        Feb 5, 2021 15:07:26.632848978 CET8.8.8.8192.168.2.50x3af7No error (0)d2gu4vothxmtom.cloudfront.net143.204.15.197A (IP address)IN (0x0001)
                                                                                                        Feb 5, 2021 15:07:26.632848978 CET8.8.8.8192.168.2.50x3af7No error (0)d2gu4vothxmtom.cloudfront.net143.204.15.206A (IP address)IN (0x0001)
                                                                                                        Feb 5, 2021 15:07:47.950846910 CET8.8.8.8192.168.2.50x8443No error (0)cdnjs.cloudflare.com104.16.18.94A (IP address)IN (0x0001)
                                                                                                        Feb 5, 2021 15:07:47.950846910 CET8.8.8.8192.168.2.50x8443No error (0)cdnjs.cloudflare.com104.16.19.94A (IP address)IN (0x0001)
                                                                                                        Feb 5, 2021 15:08:32.661825895 CET8.8.8.8192.168.2.50xb0f6No error (0)d2gu4vothxmtom.cloudfront.net143.204.15.81A (IP address)IN (0x0001)
                                                                                                        Feb 5, 2021 15:08:32.661825895 CET8.8.8.8192.168.2.50xb0f6No error (0)d2gu4vothxmtom.cloudfront.net143.204.15.206A (IP address)IN (0x0001)
                                                                                                        Feb 5, 2021 15:08:32.661825895 CET8.8.8.8192.168.2.50xb0f6No error (0)d2gu4vothxmtom.cloudfront.net143.204.15.131A (IP address)IN (0x0001)
                                                                                                        Feb 5, 2021 15:08:32.661825895 CET8.8.8.8192.168.2.50xb0f6No error (0)d2gu4vothxmtom.cloudfront.net143.204.15.197A (IP address)IN (0x0001)
                                                                                                        Feb 5, 2021 15:08:33.831979990 CET8.8.8.8192.168.2.50x4fdbNo error (0)d2gu4vothxmtom.cloudfront.net143.204.15.81A (IP address)IN (0x0001)
                                                                                                        Feb 5, 2021 15:08:33.831979990 CET8.8.8.8192.168.2.50x4fdbNo error (0)d2gu4vothxmtom.cloudfront.net143.204.15.206A (IP address)IN (0x0001)
                                                                                                        Feb 5, 2021 15:08:33.831979990 CET8.8.8.8192.168.2.50x4fdbNo error (0)d2gu4vothxmtom.cloudfront.net143.204.15.131A (IP address)IN (0x0001)
                                                                                                        Feb 5, 2021 15:08:33.831979990 CET8.8.8.8192.168.2.50x4fdbNo error (0)d2gu4vothxmtom.cloudfront.net143.204.15.197A (IP address)IN (0x0001)
                                                                                                        Feb 5, 2021 15:08:54.951648951 CET8.8.8.8192.168.2.50xf486No error (0)cdnjs.cloudflare.com104.16.19.94A (IP address)IN (0x0001)
                                                                                                        Feb 5, 2021 15:08:54.951648951 CET8.8.8.8192.168.2.50xf486No error (0)cdnjs.cloudflare.com104.16.18.94A (IP address)IN (0x0001)
                                                                                                        Feb 5, 2021 15:08:55.031986952 CET8.8.8.8192.168.2.50x2789No error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)
                                                                                                        Feb 5, 2021 15:08:56.128251076 CET8.8.8.8192.168.2.50xd144No error (0)cdnjs.cloudflare.com104.16.18.94A (IP address)IN (0x0001)
                                                                                                        Feb 5, 2021 15:08:56.128251076 CET8.8.8.8192.168.2.50xd144No error (0)cdnjs.cloudflare.com104.16.19.94A (IP address)IN (0x0001)
                                                                                                        Feb 5, 2021 15:09:19.725985050 CET8.8.8.8192.168.2.50x9e16No error (0)googleads.g.doubleclick.netpagead46.l.doubleclick.netCNAME (Canonical name)IN (0x0001)
                                                                                                        Feb 5, 2021 15:09:19.725985050 CET8.8.8.8192.168.2.50x9e16No error (0)pagead46.l.doubleclick.net172.217.23.66A (IP address)IN (0x0001)
                                                                                                        Feb 5, 2021 15:09:19.872160912 CET8.8.8.8192.168.2.50x29c2No error (0)static.doubleclick.netstatic-doubleclick-net.l.google.comCNAME (Canonical name)IN (0x0001)
                                                                                                        Feb 5, 2021 15:09:22.657424927 CET8.8.8.8192.168.2.50x5acNo error (0)i.ytimg.com172.217.22.246A (IP address)IN (0x0001)
                                                                                                        Feb 5, 2021 15:09:22.664328098 CET8.8.8.8192.168.2.50x141No error (0)yt3.ggpht.comphotos-ugc.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)
                                                                                                        Feb 5, 2021 15:09:22.664328098 CET8.8.8.8192.168.2.50x141No error (0)photos-ugc.l.googleusercontent.com172.217.23.33A (IP address)IN (0x0001)

                                                                                                        HTTPS Packets

                                                                                                        TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                                                                                        Feb 5, 2021 15:07:17.643906116 CET54.177.210.138443192.168.2.549719CN=somervoice.somervillema.gov CN=R3, O=Let's Encrypt, C=USCN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.Wed Jan 20 04:15:50 CET 2021 Wed Oct 07 21:21:40 CEST 2020Tue Apr 20 05:15:50 CEST 2021 Wed Sep 29 21:21:40 CEST 2021771,49196-49200-159-52393-52392-52394-49195-49199-158-49188-49192-107-49187-49191-103-49162-49172-57-49161-49171-51-157-156-61-60-53-47-255,0-11-10-35-22-23-13,29-23-25-24,0-1-2807fca46d9d0cf63adf4e5e80e414bbe
                                                                                                        CN=R3, O=Let's Encrypt, C=USCN=DST Root CA X3, O=Digital Signature Trust Co.Wed Oct 07 21:21:40 CEST 2020Wed Sep 29 21:21:40 CEST 2021
                                                                                                        Feb 5, 2021 15:07:48.075481892 CET104.16.18.94443192.168.2.549732CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEWed Oct 21 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020Thu Oct 21 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2025771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                        CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Jan 27 13:48:08 CET 2020Wed Jan 01 00:59:59 CET 2025
                                                                                                        Feb 5, 2021 15:07:48.075515985 CET104.16.18.94443192.168.2.549733CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEWed Oct 21 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020Thu Oct 21 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2025771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                        CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Jan 27 13:48:08 CET 2020Wed Jan 01 00:59:59 CET 2025
                                                                                                        Feb 5, 2021 15:09:19.830374002 CET172.217.23.66443192.168.2.549764CN=*.g.doubleclick.net, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=USCN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2Tue Jan 05 13:07:00 CET 2021 Thu Jun 15 02:00:42 CEST 2017Tue Mar 30 14:06:59 CEST 2021 Wed Dec 15 01:00:42 CET 2021771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                        CN=GTS CA 1O1, O=Google Trust Services, C=USCN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2Thu Jun 15 02:00:42 CEST 2017Wed Dec 15 01:00:42 CET 2021
                                                                                                        Feb 5, 2021 15:09:19.831161022 CET172.217.23.66443192.168.2.549763CN=*.g.doubleclick.net, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=USCN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2Tue Jan 05 13:07:00 CET 2021 Thu Jun 15 02:00:42 CEST 2017Tue Mar 30 14:06:59 CEST 2021 Wed Dec 15 01:00:42 CET 2021771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                                                        CN=GTS CA 1O1, O=Google Trust Services, C=USCN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2Thu Jun 15 02:00:42 CEST 2017Wed Dec 15 01:00:42 CET 2021

                                                                                                        Code Manipulations

                                                                                                        Statistics

                                                                                                        CPU Usage

                                                                                                        Click to jump to process

                                                                                                        Memory Usage

                                                                                                        Click to jump to process

                                                                                                        High Level Behavior Distribution

                                                                                                        Click to dive into process behavior distribution

                                                                                                        Behavior

                                                                                                        Click to jump to process

                                                                                                        System Behavior

                                                                                                        General

                                                                                                        Start time:15:07:14
                                                                                                        Start date:05/02/2021
                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://somervoice.somervillema.gov/novel-coronavirus-resources-for-businesses/widgets/16897/videos/2327' > cmdline.out 2>&1
                                                                                                        Imagebase:0x150000
                                                                                                        File size:232960 bytes
                                                                                                        MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:low

                                                                                                        General

                                                                                                        Start time:15:07:15
                                                                                                        Start date:05/02/2021
                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                        Imagebase:0x7ff7ecfc0000
                                                                                                        File size:625664 bytes
                                                                                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:low

                                                                                                        General

                                                                                                        Start time:15:07:16
                                                                                                        Start date:05/02/2021
                                                                                                        Path:C:\Windows\SysWOW64\wget.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://somervoice.somervillema.gov/novel-coronavirus-resources-for-businesses/widgets/16897/videos/2327'
                                                                                                        Imagebase:0x400000
                                                                                                        File size:3895184 bytes
                                                                                                        MD5 hash:3DADB6E2ECE9C4B3E1E322E617658B60
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:low

                                                                                                        General

                                                                                                        Start time:15:07:20
                                                                                                        Start date:05/02/2021
                                                                                                        Path:C:\Program Files\internet explorer\iexplore.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:'C:\Program Files\Internet Explorer\iexplore.exe' C:\Users\user\Desktop\download\2327.html
                                                                                                        Imagebase:0x7ff7319a0000
                                                                                                        File size:823560 bytes
                                                                                                        MD5 hash:6465CB92B25A7BC1DF8E01D8AC5E7596
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:low

                                                                                                        General

                                                                                                        Start time:15:07:20
                                                                                                        Start date:05/02/2021
                                                                                                        Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5988 CREDAT:17410 /prefetch:2
                                                                                                        Imagebase:0xdb0000
                                                                                                        File size:822536 bytes
                                                                                                        MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:low

                                                                                                        Disassembly

                                                                                                        Code Analysis

                                                                                                        Reset < >