Loading ...

Play interactive tourEdit tour

Analysis Report https://www.foothillsvaccineclinic.com/covid-registration-form

Overview

General Information

Sample URL:https://www.foothillsvaccineclinic.com/covid-registration-form
Analysis ID:379346
Infos:

Most interesting Screenshot:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

No high impact signatures.

Classification

Startup

  • System is w10x64
  • iexplore.exe (PID: 5620 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
    • iexplore.exe (PID: 5556 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5620 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
    • iexplore.exe (PID: 6664 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5620 CREDAT:82966 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dllJump to behavior
Source: unknownHTTPS traffic detected: 35.246.6.109:443 -> 192.168.2.3:49714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.246.6.109:443 -> 192.168.2.3:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.130.109:443 -> 192.168.2.3:49719 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.130.109:443 -> 192.168.2.3:49718 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.202.131.150:443 -> 192.168.2.3:49724 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.202.131.150:443 -> 192.168.2.3:49725 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.246.6.109:443 -> 192.168.2.3:49727 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.246.6.109:443 -> 192.168.2.3:49726 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.230.61.179:443 -> 192.168.2.3:49728 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.230.61.179:443 -> 192.168.2.3:49729 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.17.70.188:443 -> 192.168.2.3:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.17.70.188:443 -> 192.168.2.3:49732 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.194.217:443 -> 192.168.2.3:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.194.217:443 -> 192.168.2.3:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.102.176.152:443 -> 192.168.2.3:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.102.176.152:443 -> 192.168.2.3:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 216.58.215.230:443 -> 192.168.2.3:49748 version: TLS 1.2
Source: unknownHTTPS traffic detected: 216.58.215.230:443 -> 192.168.2.3:49749 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.3:49752 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.3:49753 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.60.216.19:443 -> 192.168.2.3:49758 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.60.216.19:443 -> 192.168.2.3:49759 version: TLS 1.2
Source: unknownHTTPS traffic detected: 89.187.165.193:443 -> 192.168.2.3:49760 version: TLS 1.2
Source: unknownHTTPS traffic detected: 89.187.165.193:443 -> 192.168.2.3:49761 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.177.15.155:443 -> 192.168.2.3:49763 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.177.15.155:443 -> 192.168.2.3:49762 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.217.168.66:443 -> 192.168.2.3:49764 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.217.168.66:443 -> 192.168.2.3:49765 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.3:49767 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.3:49766 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.174.11.69:443 -> 192.168.2.3:49769 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.174.11.69:443 -> 192.168.2.3:49768 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.217.168.67:443 -> 192.168.2.3:49772 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.217.168.67:443 -> 192.168.2.3:49773 version: TLS 1.2
Source: unknownHTTPS traffic detected: 54.83.110.109:443 -> 192.168.2.3:49770 version: TLS 1.2
Source: unknownHTTPS traffic detected: 54.83.110.109:443 -> 192.168.2.3:49771 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.60.216.35:443 -> 192.168.2.3:49787 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.60.216.35:443 -> 192.168.2.3:49786 version: TLS 1.2
Source: unknownHTTPS traffic detected: 141.226.228.48:443 -> 192.168.2.3:49789 version: TLS 1.2
Source: unknownHTTPS traffic detected: 141.226.228.48:443 -> 192.168.2.3:49790 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.60.216.6:443 -> 192.168.2.3:49792 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.60.216.6:443 -> 192.168.2.3:49793 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.177.15.154:443 -> 192.168.2.3:49822 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.177.15.154:443 -> 192.168.2.3:49821 version: TLS 1.2
Source: unknownHTTPS traffic detected: 216.58.215.230:443 -> 192.168.2.3:49828 version: TLS 1.2
Source: unknownHTTPS traffic detected: 216.58.215.230:443 -> 192.168.2.3:49827 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.217.168.66:443 -> 192.168.2.3:49838 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.217.168.66:443 -> 192.168.2.3:49839 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.217.168.67:443 -> 192.168.2.3:49842 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.217.168.67:443 -> 192.168.2.3:49843 version: TLS 1.2
Source: chrome[1].htm.18.drString found in binary or memory: <link rel="preconnect" href="https://www.youtube.com" > equals www.youtube.com (Youtube)
Source: chrome[1].htm.18.drString found in binary or memory: <a href="https://www.facebook.com/googlechrome/" title="Facebook" target="_blank" rel="noopener nofollow" class=" chr-footer-social__link" ga-on="click" ga-event-category="chrome-footer-social" ga-event-action="clicked" ga-event-label="follow-us:facebook" data-g-event="chrome-footer-social" data-g-action="clicked" data-g-label="follow-us:facebook" > equals www.facebook.com (Facebook)
Source: chrome[1].htm.18.drString found in binary or memory: <a href="https://www.youtube.com/user/googlechrome" title="Youtube" target="_blank" rel="noopener nofollow" class=" chr-footer-social__link" ga-on="click" ga-event-category="chrome-footer-social" ga-event-action="clicked" ga-event-label="follow-us:youtube" data-g-event="chrome-footer-social" data-g-action="clicked" data-g-label="follow-us:youtube" > equals www.youtube.com (Youtube)
Source: chrome[1].htm.18.drString found in binary or memory: "https://www.facebook.com/googlechrome", equals www.facebook.com (Facebook)
Source: chrome[1].htm.18.drString found in binary or memory: "https://www.youtube.com/googlechrome", equals www.youtube.com (Youtube)
Source: gtm[1].js.2.drString found in binary or memory: "vtp_html":"\n\u003Cscript type=\"text\/gtmscript\"\u003E!function(b,e,f,g,a,c,d){b.fbq||(a=b.fbq=function(){a.callMethod?a.callMethod.apply(a,arguments):a.queue.push(arguments)},b._fbq||(b._fbq=a),a.push=a,a.loaded=!0,a.version=\"2.0\",a.queue=[],c=e.createElement(f),c.async=!0,c.src=g,d=e.getElementsByTagName(f)[0],d.parentNode.insertBefore(c,d))}(window,document,\"script\",\"\/\/connect.facebook.net\/en_US\/fbevents.js\");fbq(\"init\",\"1566517726971189\");fbq(\"track\",\"PageView\");\u003C\/script\u003E\n\u003Cnoscript\u003E\u003Cimg height=\"1\" width=\"1\" style=\"display:none\" src=\"https:\/\/www.facebook.com\/tr?id=1566517726971189\u0026amp;ev=PageView\u0026amp;noscript=1\"\u003E\u003C\/noscript\u003E\n", equals www.facebook.com (Facebook)
Source: identity[1].js.2.drString found in binary or memory: (function(a,b,c,d){var e={exports:{}};e.exports;(function(){var f=a.fbq;f.execStart=a.performance&&a.performance.now&&a.performance.now();if(!function(){var b=a.postMessage||function(){};if(!f){b({action:"FB_LOG",logType:"Facebook Pixel Error",logMessage:"Pixel code is not installed correctly on this page"},"*");"error"in console&&console.error("Facebook Pixel Error: Pixel code is not installed correctly on this page");return!1}return!0}())return;f.__fbeventsModules||(f.__fbeventsModules={},f.__fbeventsResolvedModules={},f.getFbeventsModules=function(a){f.__fbeventsResolvedModules[a]||(f.__fbeventsResolvedModules[a]=f.__fbeventsModules[a]());return f.__fbeventsResolvedModules[a]},f.fbIsModuleLoaded=function(a){return!!f.__fbeventsModules[a]},f.ensureModuleRegistered=function(b,a){f.fbIsModuleLoaded(b)||(f.__fbeventsModules[b]=a)});f.ensureModuleRegistered("signalsFBEventsGetIwlUrl",function(){return function(a,b,c,d){var e={exports:{}};e.exports;(function(){"use strict";var a=f.getFbeventsModules("signalsFBEventsGetTier");e.exports=function(b,c){c=a(c);c=c==null?"www.facebook.com":"www."+c+".facebook.com";return"https://"+c+"/signals/iwl.js?pixel_id="+b}})();return e.exports}(a,b,c,d)});f.ensureModuleRegistered("signalsFBEventsGetTier",function(){return function(f,b,c,d){var e={exports:{}};e.exports;(function(){"use strict";var a=/^https:\/\/www\.([A-Za-z0-9\.]+)\.facebook\.com\/tr\/?$/,b=["https://www.facebook.com/tr","https://www.facebook.com/tr/"];e.exports=function(c){if(b.indexOf(c)!==-1)return null;var d=a.exec(c);if(d==null)throw new Error("Malformed tier: "+c);return d[1]}})();return e.exports}(a,b,c,d)});f.ensureModuleRegistered("SignalsFBEvents.plugins.iwlbootstrapper",function(){return function(a,b,c,d){var e={exports:{}};e.exports;(function(){"use strict";var c=f.getFbeventsModules("SignalsFBEventsIWLBootStrapEvent"),d=f.getFbeventsModules("SignalsFBEventsLogging"),g=f.getFbeventsModules("SignalsFBEventsNetworkConfig"),h=f.getFbeventsModules("SignalsFBEventsPlugin"),i=f.getFbeventsModules("signalsFBEventsGetIwlUrl"),j=f.getFbeventsModules("signalsFBEventsGetTier"),k=d.logUserError,l=/^https:\/\/.*\.facebook\.com$/i,m="FACEBOOK_IWL_CONFIG_STORAGE_KEY",n=a.sessionStorage?a.sessionStorage:{getItem:function(a){return null},removeItem:function(a){},setItem:function(a,b){}};e.exports=new h(function(d,e){function h(c,d){var e=b.createElement("script");e.async=!0;e.onload=function(){if(!a.FacebookIWL||!a.FacebookIWL.init)return;var b=j(g.ENDPOINT);b!=null&&a.FacebookIWL.set&&a.FacebookIWL.set("tier",b);d()};a.FacebookIWLSessionEnd=function(){n.removeItem(m),a.close()};e.src=i(c,g.ENDPOINT);b.body&&b.body.appendChild(e)}var o=!1,p=function(a){return!!(e&&e.pixelsByID&&Object.prototype.hasOwnProperty.call(e.pixelsByID,a))};function q(){if(o)return;var b=n.getItem(m);if(!b)return;b=JSON.parse(b);var c=b.pixelID,d=b.graphToken,e=b.sessionStartTime;o=!0;h(c,function(){var b=p(c)?c:null;a.FacebookIWL.init(b,d,e)})}function r(b){if(o)return;h(b,func
Source: msapplication.xml0.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x5927674f,0x01d726aa</date><accdate>0x5927674f,0x01d726aa</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x5927674f,0x01d726aa</date><accdate>0x5929ca11,0x01d726aa</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x5930f0ab,0x01d726aa</date><accdate>0x5930f0ab,0x01d726aa</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x5930f0ab,0x01d726aa</date><accdate>0x59335302,0x01d726aa</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x5935b559,0x01d726aa</date><accdate>0x5935b559,0x01d726aa</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x5935b559,0x01d726aa</date><accdate>0x5935b559,0x01d726aa</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: gtm[1].js.18.drString found in binary or memory: F=W("YT"),E=function(){e(C)};J(t.vtp_gtmOnSuccess);if(F)F.ready&&F.ready(E);else{var H=W("onYouTubeIframeAPIReady");nn("onYouTubeIframeAPIReady",function(){H&&H();E()});J(function(){for(var M=W("document"),N=M.getElementsByTagName("script"),Q=N.length,ka=0;ka<Q;ka++){var S=N[ka].getAttribute("src");if(b(S,"iframe_api")||b(S,"player_api"))return}for(var K=M.getElementsByTagName("iframe"),T=K.length,U=0;U<T;U++)if(!u&&c(K[U],C.af)){O("https://www.youtube.com/iframe_api");u=!0;break}})}}else J(t.vtp_gtmOnSuccess)} equals www.youtube.com (Youtube)
Source: main.v2.min[1].js.18.drString found in binary or memory: function Nf(a){return new Promise(function(b){var c=document.createElement("script");c.src="https://www.youtube.com/iframe_api";var d=document.getElementsByTagName("script")[0];d.parentNode.insertBefore(c,d);window.onYouTubeIframeAPIReady=function(){a.c=Of(a,a.l,a.g,b)}})}f.Ib=function(a){if(!this.h)return!1;if(27===a.keyCode||"Escape"===a.key||"Esc"===a.key)return this.close(),!0};var Pf={Accordion:hc,AccordionGroup:ic,AnchorArrow:jc,AnimatedSvg:lc,AnimatedTabs:oc,AnimationTrigger:rc,Carousel:tc,Collapsible:xc,ContentSwitcherTab:yc,ContentToggle:Zc,CookieBanner:dd,EnvironmentDetect:jd,ExpandableField:kd,Footer:nd,Form:Ad,HaTSManager:Nd,Header:Yd,HeroSwitcher:ie,Jumplinks:ke,LazyLoader:me,Modal:Y,PanelSwitcher:ue,Popup:we,RedirectByEnv:xe,ReplaySubanimations:ye,Scrollable:ze,SearchBar:De,Slider:Oe,Survey:gf,Tabs:jf,ThemeImages:lf,ThemeToggle:sf,TrackedSection:vf,TranslateShowcase:zf, equals www.youtube.com (Youtube)
Source: gtm[1].js.2.drString found in binary or memory: function pp(a,b){}function qp(a,b,c){};var rp=!!n.MutationObserver,sp=void 0,tp=function(a){if(!sp){var b=function(){var c=K.body;if(c)if(rp)(new MutationObserver(function(){for(var e=0;e<sp.length;e++)M(sp[e])})).observe(c,{childList:!0,subtree:!0});else{var d=!1;fg(c,"DOMNodeInserted",function(){d||(d=!0,M(function(){d=!1;for(var e=0;e<sp.length;e++)M(sp[e])}))})}};sp=[];K.body?b():M(b)}sp.push(a)};var vp=["www.youtube.com","www.youtube-nocookie.com"],wp,xp=!1,yp=0; equals www.youtube.com (Youtube)
Source: gtm[1].js.18.drString found in binary or memory: var q=["www.youtube.com","www.youtube-nocookie.com"],p={UNSTARTED:-1,ENDED:0,PLAYING:1,PAUSED:2,BUFFERING:3,CUED:5},r,u=!1;(function(t){Z.__ytl=t;Z.__ytl.h="ytl";Z.__ytl.i=!0;Z.__ytl.priorityOverride=0})(function(t){t.vtp_triggerStartOption?n(t):ei(function(){n(t)})})}(); equals www.youtube.com (Youtube)
Source: unknownDNS traffic detected: queries for: www.foothillsvaccineclinic.com
Source: internet-explorer[1].htm.2.drString found in binary or memory: http://dev.wix.com/
Source: santa-components.prod[1].js.2.drString found in binary or memory: http://feross.org
Source: bolt-main-prod-old[1].js.2.drString found in binary or memory: http://img.youtube.com/vi/CakiQCH5ZY0/mqdefault.jpg
Source: bolt-main-prod-old[1].js.2.drString found in binary or memory: http://img.youtube.com/vi/CakiQCH5ZY0/mqdefault.jpg&quot;
Source: internet-explorer[1].htm.2.drString found in binary or memory: http://investors.wix.com/
Source: modernizr[1].js.18.drString found in binary or memory: http://modernizr.com/download/#-fontface-backgroundsize-borderimage-borderradius-boxshadow-flexbox-f
Source: bolt-custom-elements.min[1].js.2.drString found in binary or memory: http://polymer.github.io/AUTHORS.txt
Source: bolt-custom-elements.min[1].js.2.drString found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
Source: bolt-custom-elements.min[1].js.2.drString found in binary or memory: http://polymer.github.io/LICENSE.txt
Source: bolt-custom-elements.min[1].js.2.drString found in binary or memory: http://polymer.github.io/PATENTS.txt
Source: minified[1].js.2.drString found in binary or memory: http://rock.mit-license.org
Source: chrome[1].htm.18.drString found in binary or memory: http://schema.org
Source: animation.gsap.min[1].js.18.drString found in binary or memory: http://scrollmagic.io
Source: bolt-main-prod-old[1].js.2.drString found in binary or memory: http://static.wixstatic.com/media/139571a1212e4d3d8074041626ba3ed6.jpg
Source: bolt-main-prod-old[1].js.2.drString found in binary or memory: http://static.wixstatic.com/media/139571a1212e4d3d8074041626ba3ed6.jpg&quot;
Source: bolt-main-prod-old[1].js.2.drString found in binary or memory: http://static.wixstatic.com/media/bc001baa4397444f809fa5f147c28a9e.jpg
Source: bolt-main-prod-old[1].js.2.drString found in binary or memory: http://static.wixstatic.com/media/bc001baa4397444f809fa5f147c28a9e.jpg&quot;
Source: bolt-main-prod-old[1].js.2.drString found in binary or memory: http://static.wixstatic.com/media/d967ba93f0314c78924edc8a8c8cfa15.jpg
Source: bolt-main-prod-old[1].js.2.drString found in binary or memory: http://static.wixstatic.com/media/d967ba93f0314c78924edc8a8c8cfa15.jpg&quot;
Source: internet-explorer[1].htm.2.dr, helvetica[1].css.2.drString found in binary or memory: http://webfonts.fonts.com
Source: msapplication.xml.1.drString found in binary or memory: http://www.amazon.com/
Source: autotrack[1].js.18.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: msapplication.xml1.1.drString found in binary or memory: http://www.goog