Edit tour

Windows Analysis Report
https://city-of-goodyear.webnode.page/

Overview

General Information

Sample URL:	https://city-of-goodyear.webnode.page/
Analysis ID:	827270
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Found iframes

No HTML title found

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5072 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 3644 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1800 --field-trial-handle=1828,i,5289083931397767848,663811606326013960,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 6300 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "https://city-of-goodyear.webnode.page/ MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

cleanup

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8

Source: classification engine

Classification label: mal48.win@39/147@39/26

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1800 --field-trial-handle=1828,i,5289083931397767848,663811606326013960,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "https://city-of-goodyear.webnode.page/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1800 --field-trial-handle=1828,i,5289083931397767848,663811606326013960,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\GoogleUpdater

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Accept
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Accept

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\GoogleUpdater

Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
1 Drive-by Compromise	Windows Management Instrumentation	Path Interception	1 Process Injection	2 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	5 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	6 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	4 Ingress Tool Transfer	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://city-of-goodyear.webnode.page/	0%	Virustotal		Browse
https://city-of-goodyear.webnode.page/	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label
https://aus.zaxi.site/signup.php?sub=berkahramadhan	100%	SlashNext	Fraudulent Website type: Phishing & Social Engineering
https://www.affforce.com/scripts/un981c6l?a_aid=46ef828a&a_bid=4fc4400d&chan=berkahramadhan&source=&aff_sub=berkahramadhan	100%	SlashNext	Fraudulent Website type: Phishing & Social Engineering
https://www.affforce.com/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7a8650280d4a3a7a	0%	Avira URL Cloud	safe
https://static.d.webnodev.com/files/3w/3wd/450/3wdysg.png	0%	Avira URL Cloud	safe
https://5fd3b12d34.cbaul-cdnwnd.com/5e7759d456e6f78cddb265412221ebce/200000003-ef8f8ef8fb/450/FB_IMG_1678891898716-0.webp?ph=5fd3b12d34	0%	Avira URL Cloud	safe
http://ais.zaxi.site/signup.php?sub=berkahramadhan	0%	Avira URL Cloud	safe
https://www.affforce.com/cdn-cgi/challenge-platform/h/b/img/7a8650280d4a3a7a/1678899642325/cWjmpcrI3T_VbWm	0%	Avira URL Cloud	safe
https://static.d.webnodev.com/files/3b/3b6/3b6ska.png	0%	Avira URL Cloud	safe
https://static.d.webnodev.com/files/30/30y/450/30yuqr.png	0%	Avira URL Cloud	safe
https://www.affforce.com/cdn-cgi/challenge-platform/h/b/pat/7a8650280d4a3a7a/1678899642321/b0dc544eee75bef54b0fe4309a17a1c7cbb25686df576b19d19c673d39259303/o4zOv_ZGfEpeqHb	0%	Avira URL Cloud	safe
http://getbootstrap.com)	0%	Avira URL Cloud	safe
https://static.d.webnodev.com/files/30/30y/30yuqr.png	0%	Avira URL Cloud	safe
https://static.d.webnodev.com/files/0f/0fz/450/0fzrq5.png	0%	Avira URL Cloud	safe
https://city-of-goodyear.webnode.page/home/	0%	Avira URL Cloud	safe
https://motu.teamblue.services/messages/he-man_messages?tke=JTdCJTIyaGFzaCUyMiUzQSUyMjE2Nzg4OTk2NDAxMTJfbHgyM3lmaGNyY19uZndzN2NlJTIyJTJDJTIyZG9tYWluJTIyJTNBJTIyd2Vibm9kZS5jb20lMjIlMkMlMjJmaWVsZCUyMiUzQSUyMnBlcmZvcm1hbmNlJTIyJTJDJTIybW9kZSUyMiUzQSUyMnNldCUyMiUyQyUyMm1lc3NhZ2UlMjIlM0ElN0IlMjJ0aW1pbmdzJTIyJTNBJTdCJTIycGFnZUxvYWRUaW1lJTIyJTNBOTQ2NyUyQyUyMmNvbm5lY3RUaW1lJTIyJTNBMjI1JTJDJTIycmVuZGVyVGltZSUyMiUzQTkwNTUlN0QlMkMlMjJyZXNvdXJjZXMlMjIlM0ElN0IlMjJudW1iZXIlMjIlM0E0NyUyQyUyMnNpemUlMjIlM0E0MiU3RCUyQyUyMnBhZ2UlMjIlM0ElMjJ3d3cud2Vibm9kZS5jb20vJTIyJTJDJTIydXNlcl9hZ2VudCUyMiUzQSUyMk1vemlsbGEvNS4wJTIwJTI4V2luZG93cyUyME5UJTIwMTAuMCUzQiUyMFdpbjY0JTNCJTIweDY0JTI5JTIwQXBwbGVXZWJLaXQvNTM3LjM2JTIwJTI4S0hUTUwlMkMlMjBsaWtlJTIwR2Vja28lMjklMjBDaHJvbWUvMTA0LjAuMC4wJTIwU2FmYXJpLzUzNy4zNiUyMiU3RCU3RA==	0%	Avira URL Cloud	safe
https://goo.gle/js-api-loading	0%	Avira URL Cloud	safe
https://www.affforce.com/favicon.ico	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
cdn.leadinfo.net	18.165.183.77	true	false	unknown
accounts.google.com	142.250.180.173	true	false	high
events.webnode.com	217.16.182.246	true	false	high
aus.zaxi.site	194.163.41.83	true	false	unknown
www.googletagservices.com	142.251.209.34	true	false	high
d1rv23qj5kas56.cloudfront.net	18.165.185.167	true	false	high
d1di2lzuh97fh2.cloudfront.net	18.165.185.6	true	false	high
c.seznam.cz	77.75.77.234	true	false	high
maxcdn.bootstrapcdn.com	104.18.11.207	true	false	high
ais.zaxi.site	194.163.41.83	true	false	unknown
46-105-201-240.any.cdn.anycast.me	46.105.201.240	true	false	unknown
www.affforce.com	104.22.4.152	true	false	unknown
5fd3b12d34.cbaul-cdnwnd.com	18.165.183.78	true	false	unknown
googleads.g.doubleclick.net	142.250.184.98	true	false	high
motu.teamblue.services	81.88.57.79	true	false	unknown
web-1102.webnode.be	85.132.152.214	true	false	high
s4.histats.com	149.56.240.132	true	false	high
www.webnode.com	82.208.18.34	true	false	high
challenges.cloudflare.com	104.18.7.185	true	false	high
www.google.com	142.251.209.36	true	false	high
collector.leadinfo.net	54.171.252.131	true	false	unknown
api.leadinfo.com	63.32.51.97	true	false	unknown
clients.l.google.com	142.250.184.78	true	false	high
city-of-goodyear.webnode.page	85.132.152.214	true	false	unknown
clients2.google.com	unknown	unknown	false	high
s10.histats.com	unknown	unknown	false	high
use.typekit.net	unknown	unknown	false	high
p.typekit.net	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.affforce.com/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7a8650280d4a3a7a	false	Avira URL Cloud: safe	unknown
https://d1di2lzuh97fh2.cloudfront.net/files/0d/0ds/0dscwu.css?ph=5fd3b12d34	false		high
https://d1rv23qj5kas56.cloudfront.net/fonts/graphik-commercial/graphik-400.woff2	false		high
https://www.affforce.com/cdn-cgi/challenge-platform/h/b/img/7a8650280d4a3a7a/1678899642325/cWjmpcrI3T_VbWm	false	Avira URL Cloud: safe	unknown
http://ais.zaxi.site/signup.php?sub=berkahramadhan	false	Avira URL Cloud: safe	unknown
https://d1rv23qj5kas56.cloudfront.net/img/portal-2015/lp/lp-hp-cbt-article-domain-en.webp	false		high
https://5fd3b12d34.cbaul-cdnwnd.com/5e7759d456e6f78cddb265412221ebce/200000003-ef8f8ef8fb/450/FB_IMG_1678891898716-0.webp?ph=5fd3b12d34	false	Avira URL Cloud: safe	unknown
https://d1rv23qj5kas56.cloudfront.net/img/portal-2015/lp/lp-hp-cbt-header-01-bck-en.webp	false		high
https://city-of-goodyear.webnode.page/contact/	false		unknown
https://web-1102.webnode.be/widgets/googlemaps/?z=15&a=12+Pike+St%2C+New+York%2C+NY%C2%A010002&s=LcwxCsAgDEbhu2QuQlfP0U0cHH6LkGpJ0kHEu9dC5-_xwqCMZI_g6DfIk0mqWsxxqaCNwLhQ7ccT7YJJd7kwL1XrDFHyYZB-l2Sl1RXuNOOMLw..&g=40.7136736%2C-73.9927513	false		high
https://d1di2lzuh97fh2.cloudfront.net/files/1j/1j3/1j3767.ico?ph=5fd3b12d34	false		high
https://d1di2lzuh97fh2.cloudfront.net/files/05/05z/700/05zusj.webp?ph=5fd3b12d34	false		high
https://d1rv23qj5kas56.cloudfront.net/img/portal-2015/lp/lp-hp-cbt-article-email-en.webp	false		high
https://events.webnode.com/projects/-/events/PROD?api_key=-&data=eyJ1c2VyIjp7InUiOjAsInAiOjQ2MzkzODIzLCJsYyI6IklEIiwidCI6IjEifSwiYWN0aW9uIjp7ImlkZW50aWZpZXIiOiJjb29raWViYXJfc2hvdyIsIm5hbWUiOiJDb29raWViYXIgd2FzIHNob3duIiwiY2F0ZWdvcnkiOiJwcm9qZWN0IiwicGxhdGZvcm0iOiJXTkQyIiwidmVyc2lvbiI6IjItMTUyN18yLTE1MjcifSwiYnJvd3NlciI6eyJ1cmwiOiJodHRwczovL2NpdHktb2YtZ29vZHllYXIud2Vibm9kZS5wYWdlLyIsInVhIjoiV2hhdHNBcHAvMi4yMy40Ljc5IEEiLCJyZWZlcmVyX3VybCI6IiIsInJlc29sdXRpb24iOiIxMjgweDEwMjQiLCJpcCI6IjE4MC4yNDEuMjQxLjEzOSJ9LCJkYXRhIjp7Ik1WQ1R5cGUiOiJ3bmQuZmUuQ29va2llQmFyIiwiTVZDSWQiOiJDb29raWVCYXIifX0%3D&modified=1678899562372&jsonp=trackerJSONPCallback1678899562372_0	false		high
https://city-of-goodyear.webnode.page/	false		unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/7a865086eabd91e7/1678899647277/6cb0a292e25f99043c0253583eb2113a8958050d5a18f5e53dd903e8bf5c8dfa/OELvlTzKgzTYQl2	false		high
https://d1di2lzuh97fh2.cloudfront.net/files/1f/1fq/1fqpjm.woff2	false		high
https://d1di2lzuh97fh2.cloudfront.net/files/0g/0gk/0gkx0v.svg?ph=5fd3b12d34&border=535353&outline=282828&color=222222	false		high
https://d1di2lzuh97fh2.cloudfront.net/files/1s/1sj/1sjpdo.svg?ph=5fd3b12d34&border=535353&outline=282828&color=222222	false		high
https://aus.zaxi.site/signup.php?sub=berkahramadhan	true	SlashNext: Fraudulent Website type: Phishing & Social Engineering	unknown
https://d1rv23qj5kas56.cloudfront.net/img/portal-2015/lp/lp-hp-cbt-article-support-en.webp	false		high
https://www.affforce.com/cdn-cgi/challenge-platform/h/b/pat/7a8650280d4a3a7a/1678899642321/b0dc544eee75bef54b0fe4309a17a1c7cbb25686df576b19d19c673d39259303/o4zOv_ZGfEpeqHb	false	Avira URL Cloud: safe	unknown
https://d1rv23qj5kas56.cloudfront.net/img/portal-2015/lp/lp-hp-cbt-feature-save-money.webp	false		high
https://d1rv23qj5kas56.cloudfront.net/img/portal-2015/lp/video-hp-3-1-en.webp	false		high
https://d1di2lzuh97fh2.cloudfront.net/files/0r/0ru/0ru7eq.svg?ph=5fd3b12d34&border=535353&outline=282828&color=222222	false		high
https://d1di2lzuh97fh2.cloudfront.net/files/0s/0s0/0s00wf.css?ph=5fd3b12d34	false		high
https://d1di2lzuh97fh2.cloudfront.net/files/20/20r/450/20rasu.png?ph=5fd3b12d34	false		high
https://d1di2lzuh97fh2.cloudfront.net/files/21/21d/21dfiv.css?ph=5fd3b12d34	false		high
https://d1rv23qj5kas56.cloudfront.net/img/portal-2015/lp/lp-hp-cbt-article-trust-website-en.webp	false		high
https://web-1102.webnode.be/widgets/googlemaps/?z=15&a=12+Pike+St%2C+New+York%2C+NY%C2%A010002&s=LcwxCsAgDEbhu2QuQlfP0U0cHH6LkGpJ0kHEu9dC5-_xwqCMZI_g6DfIk0mqWsxxqaCNwLhQ7ccT7YJJd7kwL1XrDFHyYZB-l2Sl1RXuNOOMLw..&g=40.7136736%2C-73.9927513	false		high
https://events.webnode.com/projects/-/events/PROD?api_key=-&data=eyJ1c2VyIjp7InUiOjAsInAiOjQ2MzkzODIzLCJsYyI6IklEIiwidCI6IjEifSwiYWN0aW9uIjp7ImlkZW50aWZpZXIiOiJjb29raWViYXJfc2hvdyIsIm5hbWUiOiJDb29raWViYXIgd2FzIHNob3duIiwiY2F0ZWdvcnkiOiJwcm9qZWN0IiwicGxhdGZvcm0iOiJXTkQyIiwidmVyc2lvbiI6IjItMTUyN18yLTE1MjcifSwiYnJvd3NlciI6eyJ1cmwiOiJodHRwczovL2NpdHktb2YtZ29vZHllYXIud2Vibm9kZS5wYWdlLyIsInVhIjoiV2hhdHNBcHAvMi4yMy40Ljc5IEEiLCJyZWZlcmVyX3VybCI6IiIsInJlc29sdXRpb24iOiIxMjgweDEwMjQiLCJpcCI6IjE4MC4yNDEuMjQxLjEzOSJ9LCJkYXRhIjp7Ik1WQ1R5cGUiOiJ3bmQuZmUuQ29va2llQmFyIiwiTVZDSWQiOiJDb29raWVCYXIifX0%3D&modified=1678899560658&jsonp=trackerJSONPCallback1678899560658_0	false		high
https://d1di2lzuh97fh2.cloudfront.net/files/2m/2mg/2mgouv.css?ph=5fd3b12d34	false		high
https://city-of-goodyear.webnode.page/home/	false	Avira URL Cloud: safe	unknown
https://d1rv23qj5kas56.cloudfront.net/js/obfs/texts.en.1452.js	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/img/7a865086eabd91e7/1678899647277/SNy5lFg9xxStjXL	false		high
https://d1rv23qj5kas56.cloudfront.net/fonts/graphik-commercial/graphik-600.woff2	false		high
https://c.seznam.cz/js/rc.js	false		high
https://motu.teamblue.services/messages/he-man_messages?tke=JTdCJTIyaGFzaCUyMiUzQSUyMjE2Nzg4OTk2NDAxMTJfbHgyM3lmaGNyY19uZndzN2NlJTIyJTJDJTIyZG9tYWluJTIyJTNBJTIyd2Vibm9kZS5jb20lMjIlMkMlMjJmaWVsZCUyMiUzQSUyMnBlcmZvcm1hbmNlJTIyJTJDJTIybW9kZSUyMiUzQSUyMnNldCUyMiUyQyUyMm1lc3NhZ2UlMjIlM0ElN0IlMjJ0aW1pbmdzJTIyJTNBJTdCJTIycGFnZUxvYWRUaW1lJTIyJTNBOTQ2NyUyQyUyMmNvbm5lY3RUaW1lJTIyJTNBMjI1JTJDJTIycmVuZGVyVGltZSUyMiUzQTkwNTUlN0QlMkMlMjJyZXNvdXJjZXMlMjIlM0ElN0IlMjJudW1iZXIlMjIlM0E0NyUyQyUyMnNpemUlMjIlM0E0MiU3RCUyQyUyMnBhZ2UlMjIlM0ElMjJ3d3cud2Vibm9kZS5jb20vJTIyJTJDJTIydXNlcl9hZ2VudCUyMiUzQSUyMk1vemlsbGEvNS4wJTIwJTI4V2luZG93cyUyME5UJTIwMTAuMCUzQiUyMFdpbjY0JTNCJTIweDY0JTI5JTIwQXBwbGVXZWJLaXQvNTM3LjM2JTIwJTI4S0hUTUwlMkMlMjBsaWtlJTIwR2Vja28lMjklMjBDaHJvbWUvMTA0LjAuMC4wJTIwU2FmYXJpLzUzNy4zNiUyMiU3RCU3RA==	false	Avira URL Cloud: safe	unknown
https://www.affforce.com/favicon.ico	false	Avira URL Cloud: safe	unknown
https://d1rv23qj5kas56.cloudfront.net/img/portal-2015/icons/cookie.svg	false		high
https://d1rv23qj5kas56.cloudfront.net/img/portal-2015/lp/lp-hp-cbt-article-easy-steps-en.webp	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://player.vimeo.com/api/player.js	chromecache_257.1.dr	false		high
https://static.d.webnodev.com/files/3w/3wd/450/3wdysg.png	chromecache_318.1.dr	false	Avira URL Cloud: safe	unknown
https://stats.g.doubleclick.net/g/collect	chromecache_335.1.dr	false		high
https://use.typekit.net/af/1be3c2/00000000000000007735e606/30/a?primer=f592e0a4b9356877842506ce34430	chromecache_278.1.dr	false		high
https://github.com/zloirock/core-js	chromecache_237.1.dr, chromecache_332.1.dr	false		high
http://g.co/dev/maps-no-account	chromecache_283.1.dr	false		high
https://use.typekit.net/af/40d372/00000000000000007735e607/30/d?primer=f592e0a4b9356877842506ce34430	chromecache_278.1.dr	false		high
https://use.typekit.net/af/4de20a/00000000000000007735e604/30/d?primer=f592e0a4b9356877842506ce34430	chromecache_278.1.dr	false		high
https://static.d.webnodev.com/files/3b/3b6/3b6ska.png	chromecache_318.1.dr	false	Avira URL Cloud: safe	unknown
https://ampcid.google.com/v1/publisher:getClientId	chromecache_226.1.dr	false		high
https://static.d.webnodev.com/files/30/30y/450/30yuqr.png	chromecache_318.1.dr	false	Avira URL Cloud: safe	unknown
https://use.typekit.net/af/8738d8/00000000000000007735e611/30/d?primer=f592e0a4b9356877842506ce34430	chromecache_278.1.dr	false		high
https://use.typekit.net/af/58acf5/00000000000000007735e622/30/d?primer=f592e0a4b9356877842506ce34430	chromecache_278.1.dr	false		high
https://lh6.ggpht.com/	chromecache_283.1.dr	false		high
https://use.typekit.net/af/7283cd/00000000000000007735e608/30/d?primer=f592e0a4b9356877842506ce34430	chromecache_278.1.dr	false		high
https://use.typekit.net/af/79862c/00000000000000007735e60e/30/d?primer=f592e0a4b9356877842506ce34430	chromecache_278.1.dr	false		high
http://getbootstrap.com)	chromecache_267.1.dr, chromecache_314.1.dr	false	Avira URL Cloud: safe	low
https://goo.gle/js-api-loading	chromecache_283.1.dr	false	Avira URL Cloud: safe	unknown
https://modernizr.com/download/?-csspointerevents-flexbox-flexboxlegacy-flexboxtweener-flexwrap-setc	chromecache_325.1.dr	false		high
https://static.d.webnodev.com/files/30/30y/30yuqr.png	chromecache_318.1.dr	false	Avira URL Cloud: safe	unknown
https://stats.g.doubleclick.net/j/collect	chromecache_226.1.dr	false		high
https://use.typekit.net/af/4de20a/00000000000000007735e604/30/a?primer=f592e0a4b9356877842506ce34430	chromecache_278.1.dr	false		high
https://developers.google.com/maps/documentation/javascript/styling#cloud_tooling	chromecache_283.1.dr	false		high
https://use.typekit.net/af/3322cc/00000000000000007735e616/30/d?primer=f592e0a4b9356877842506ce34430	chromecache_278.1.dr	false		high
https://static.d.webnodev.com/files/0f/0fz/450/0fzrq5.png	chromecache_318.1.dr	false	Avira URL Cloud: safe	unknown
https://support.google.com/fusiontables/answer/9185417).	chromecache_283.1.dr	false		high
https://use.typekit.net/af/7283cd/00000000000000007735e608/30/a?primer=f592e0a4b9356877842506ce34430	chromecache_278.1.dr	false		high
https://www.google.com/maps	chromecache_283.1.dr	false		high
https://use.typekit.net/af/1be3c2/00000000000000007735e606/30/l?primer=f592e0a4b9356877842506ce34430	chromecache_278.1.dr	false		high
https://lh5.ggpht.com/	chromecache_283.1.dr	false		high
https://use.typekit.net/af/154cda/00000000000000007735e601/30/l?primer=f592e0a4b9356877842506ce34430	chromecache_278.1.dr	false		high
https://use.typekit.net/af/1da05b/0000000000000000000132df/27/d?primer=f592e0a4b9356877842506ce34430	chromecache_278.1.dr	false		high
https://use.typekit.net/af/efe4a5/00000000000000007735e609/30/a?primer=f592e0a4b9356877842506ce34430	chromecache_278.1.dr	false		high
http://www.webnode.com/license/	chromecache_268.1.dr	false		high
https://jquery.com/	chromecache_318.1.dr	false		high
https://use.typekit.net/af/08312f/000000000000000077359dee/30/a?primer=f592e0a4b9356877842506ce34430	chromecache_278.1.dr	false		high
http://typekit.com/eulas/000000000000000077359de4	chromecache_278.1.dr	false		high
https://use.typekit.net/af/23e139/00000000000000007735e605/30/d?primer=f592e0a4b9356877842506ce34430	chromecache_278.1.dr	false		high
https://use.typekit.net/af/8738d8/00000000000000007735e611/30/a?primer=f592e0a4b9356877842506ce34430	chromecache_278.1.dr	false		high
https://github.com/twbs/bootstrap/blob/master/LICENSE)	chromecache_267.1.dr, chromecache_314.1.dr	false		high
https://stats.g.doubleclick.net/g/collect?v=2&	chromecache_335.1.dr	false		high
https://use.typekit.net/af/8f4e31/0000000000000000000132e3/27/d?primer=f592e0a4b9356877842506ce34430	chromecache_278.1.dr	false		high
https://use.typekit.net/af/79862c/00000000000000007735e60e/30/a?primer=f592e0a4b9356877842506ce34430	chromecache_278.1.dr	false		high
https://use.typekit.net/af/efe4a5/00000000000000007735e609/30/d?primer=f592e0a4b9356877842506ce34430	chromecache_278.1.dr	false		high
https://use.typekit.net/af/257c86/000000000000000077359df6/30/l?primer=f592e0a4b9356877842506ce34430	chromecache_278.1.dr	false		high
https://sizzlejs.com/	chromecache_318.1.dr	false		high
https://use.typekit.net/af/40d372/00000000000000007735e607/30/a?primer=f592e0a4b9356877842506ce34430	chromecache_278.1.dr	false		high
https://use.typekit.net/af/144da4/00000000000000007735e619/30/l?primer=f592e0a4b9356877842506ce34430	chromecache_278.1.dr	false		high
https://khms1.google.com/kh?v=943	chromecache_283.1.dr	false		high
https://www.cloudflare.com/privacypolicy/	chromecache_208.1.dr	false		high
https://googleads.g.doubleclick.net/	chromecache_317.1.dr, chromecache_321.1.dr	false		high
https://use.typekit.net/af/40d372/00000000000000007735e607/30/l?primer=f592e0a4b9356877842506ce34430	chromecache_278.1.dr	false		high
https://developers.google.com/maps/documentation/javascript/error-messages#unsupported-browsers	chromecache_283.1.dr	false		high
https://use.typekit.net/af/23e139/00000000000000007735e605/30/a?primer=f592e0a4b9356877842506ce34430	chromecache_278.1.dr	false		high
https://use.typekit.net/af/037411/000000000000000077359df7/30/d?primer=f592e0a4b9356877842506ce34430	chromecache_278.1.dr	false		high
https://use.typekit.net/af/2555e1/00000000000000007735e603/30/l?primer=f592e0a4b9356877842506ce34430	chromecache_278.1.dr	false		high
https://use.typekit.net/af/7283cd/00000000000000007735e608/30/l?primer=f592e0a4b9356877842506ce34430	chromecache_278.1.dr	false		high
https://khms1.google.com/kh?v=151	chromecache_283.1.dr	false		high
https://photoswipe.com	chromecache_318.1.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
85.132.152.214	web-1102.webnode.be	Czech Republic	203018	PAMICOCZ	false
104.22.4.152	www.affforce.com	United States	13335	CLOUDFLARENETUS	false
149.56.240.132	s4.histats.com	Canada	16276	OVHFR	false
18.165.183.78	5fd3b12d34.cbaul-cdnwnd.com	United States	3	MIT-GATEWAYSUS	false
18.165.183.77	cdn.leadinfo.net	United States	3	MIT-GATEWAYSUS	false
63.32.51.97	api.leadinfo.com	United States	16509	AMAZON-02US	false
142.251.209.36	www.google.com	United States	15169	GOOGLEUS	false
81.88.57.79	motu.teamblue.services	Italy	39729	REGISTER-ASIT	false
82.208.18.34	www.webnode.com	Czech Republic	15685	CASABLANCA-ASInternetCollocationProviderCZ	false
194.163.41.83	aus.zaxi.site	Germany	6659	NEXINTO-DE	false
142.250.184.98	googleads.g.doubleclick.net	United States	15169	GOOGLEUS	false
77.75.77.234	c.seznam.cz	Czech Republic	43037	SEZNAM-CZ	false
142.250.184.78	clients.l.google.com	United States	15169	GOOGLEUS	false
18.165.185.167	d1rv23qj5kas56.cloudfront.net	United States	3	MIT-GATEWAYSUS	false
104.18.7.185	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
216.58.209.34	unknown	United States	15169	GOOGLEUS	false
217.16.182.246	events.webnode.com	Czech Republic	43541	VSHOSTINGCZ	false
104.18.11.207	maxcdn.bootstrapcdn.com	United States	13335	CLOUDFLARENETUS	false
54.171.252.131	collector.leadinfo.net	United States	16509	AMAZON-02US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.180.173	accounts.google.com	United States	15169	GOOGLEUS	false
18.165.185.204	unknown	United States	3	MIT-GATEWAYSUS	false
46.105.201.240	46-105-201-240.any.cdn.anycast.me	France	16276	OVHFR	false

Private

IP
192.168.2.1
192.168.2.23
127.0.0.1

General Information

Joe Sandbox Version:	37.0.0 Beryl
Analysis ID:	827270
Start date and time:	2023-03-15 17:58:13 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 6m 58s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://city-of-goodyear.webnode.page/
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	5
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@39/147@39/26
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Browse: https://city-of-goodyear.webnode.page/home/ Browse: https://city-of-goodyear.webnode.page/about/ Browse: https://city-of-goodyear.webnode.page/services/ Browse: https://city-of-goodyear.webnode.page/contact/ Browse: https://aus.zaxi.site/signup.php?sub=berkahramadhan Browse: https://www.webnode.com/?utm_source=text&utm_medium=footer&utm_campaign=free2&utm_content=wnd2

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 142.251.209.35, 34.104.35.123, 142.250.180.163, 23.10.249.43, 23.10.249.9, 23.10.249.32, 23.10.249.18, 142.250.180.170, 142.251.209.10, 142.251.209.42, 142.250.184.74, 142.250.184.106, 142.250.180.138, 142.250.184.99, 142.250.184.67, 142.251.209.46, 142.250.184.72, 142.250.180.162, 216.239.32.36, 216.239.34.36
Excluded domains from analysis (whitelisted): content-autofill.googleapis.com, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, pagead2.googlesyndication.com, a1874.dscg1.akamai.net, region1.google-analytics.com, p.typekit.net-stls-v3.edgesuite.net, maps.googleapis.com, edgedl.me.gvt1.com, use-stls.adobe.com.edgesuite.net, www.googletagmanager.com, update.googleapis.com, maps.gstatic.com, a1988.dscg1.akamai.net, www.google-analytics.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtWriteVirtualMemory calls found.

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	53
Entropy (8bit):	4.689815737418786
Encrypted:	false
SSDEEP:	3:h51zTCdcvTEdh:ZzTCdcvAH
MD5:	80D07F9420395443E9F231E5BE5D4E1B
SHA1:	BC9B5A37426FCB8F8438B7E5D5E8F43F3C767C92
SHA-256:	9886BAC6B97E6A80BBE81F38410F9C17754194267734CE1FAF8D66828FF0BCBF
SHA-512:	2435EA298FAD98E9DA32B0408CD7CB37D633129EB9070F8D204A2CAB5D970A535B7C8D516F220E28A37F30A0ECB4F4817FFA85545F21EBE558D8464BA1EB4A9F
Malicious:	false
Reputation:	low
URL:	https://events.webnode.com/projects/-/events/PROD?api_key=-&data=eyJ1c2VyIjp7InUiOjAsInAiOjQ2MzkzODIzLCJsYyI6IklEIiwidCI6IjEifSwiYWN0aW9uIjp7ImlkZW50aWZpZXIiOiJjb29raWViYXJfc2hvdyIsIm5hbWUiOiJDb29raWViYXIgd2FzIHNob3duIiwiY2F0ZWdvcnkiOiJwcm9qZWN0IiwicGxhdGZvcm0iOiJXTkQyIiwidmVyc2lvbiI6IjItMTUyN18yLTE1MjcifSwiYnJvd3NlciI6eyJ1cmwiOiJodHRwczovL2NpdHktb2YtZ29vZHllYXIud2Vibm9kZS5wYWdlLyIsInVhIjoiV2hhdHNBcHAvMi4yMy40Ljc5IEEiLCJyZWZlcmVyX3VybCI6IiIsInJlc29sdXRpb24iOiIxMjgweDEwMjQiLCJpcCI6IjE4MC4yNDEuMjQxLjEzOSJ9LCJkYXRhIjp7Ik1WQ1R5cGUiOiJ3bmQuZmUuQ29va2llQmFyIiwiTVZDSWQiOiJDb29raWVCYXIifX0%3D&modified=1678899560658&jsonp=trackerJSONPCallback1678899560658_0
Preview:	trackerJSONPCallback1678899560658_0({"created":true})

Source: https://aus.zaxi.site/signup.php?sub=berkahramadhan	SlashNext: Label: Fraudulent Website type: Phishing & Social Engineering
Source: https://www.affforce.com/scripts/un981c6l?a_aid=46ef828a&a_bid=4fc4400d&chan=berkahramadhan&source=&aff_sub=berkahramadhan	SlashNext: Label: Fraudulent Website type: Phishing & Social Engineering

Source: https://city-of-goodyear.webnode.page/contact/	HTTP Parser: Iframe src: https://web-1102.webnode.be/widgets/googlemaps/?z=15&a=12+Pike+St%2C+New+York%2C+NY%C2%A010002&s=LcwxCsAgDEbhu2QuQlfP0U0cHH6LkGpJ0kHEu9dC5-_xwqCMZI_g6DfIk0mqWsxxqaCNwLhQ7ccT7YJJd7kwL1XrDFHyYZB-l2Sl1RXuNOOMLw..&g=40.7136736%2C-73.9927513
Source: https://city-of-goodyear.webnode.page/contact/	HTTP Parser: Iframe src: https://web-1102.webnode.be/widgets/googlemaps/?z=15&a=12+Pike+St%2C+New+York%2C+NY%C2%A010002&s=LcwxCsAgDEbhu2QuQlfP0U0cHH6LkGpJ0kHEu9dC5-_xwqCMZI_g6DfIk0mqWsxxqaCNwLhQ7ccT7YJJd7kwL1XrDFHyYZB-l2Sl1RXuNOOMLw..&g=40.7136736%2C-73.9927513

Source: https://city-of-goodyear.webnode.page/contact/	HTTP Parser: HTML title missing
Source: https://city-of-goodyear.webnode.page/contact/	HTTP Parser: HTML title missing

Source: https://city-of-goodyear.webnode.page/contact/	HTTP Parser: No <meta name="author".. found
Source: https://city-of-goodyear.webnode.page/contact/	HTTP Parser: No <meta name="author".. found

Source: https://city-of-goodyear.webnode.page/contact/	HTTP Parser: No <meta name="copyright".. found
Source: https://city-of-goodyear.webnode.page/contact/	HTTP Parser: No <meta name="copyright".. found

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKConnection: Keep-AliveKeep-Alive: timeout=5, max=100x-powered-by: Niagahostercontent-type: text/html; charset=UTF-8content-length: 2576content-encoding: gzipvary: Accept-Encoding,User-Agentdate: Wed, 15 Mar 2023 17:00:24 GMTserver: LiteSpeedstrict-transport-security: max-age=31536000; includeSubDomains; preloadx-xss-protection: 1; mode=blockx-content-type-options: nosniffData Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 58 eb 6f db 38 12 ff 1e 20 ff c3 54 0b c7 f2 45 96 6c f9 91 87 2d 17 79 38 49 9b e6 ed 3c 8b 22 a0 24 4a 62 2c 91 0a 49 d9 71 d2 fc ef 0b 4a b6 e3 76 9b dd bd 5b 1c 70 1f ce 46 1c 71 38 9c f9 cd 70 38 33 54 37 92 49 dc 5b 5e ea 46 18 f9 bd e5 25 00 e8 0a 8f 93 54 82 9c a4 18 1c d0 24 7e 92 d6 03 1a a1 82 ae 41 0f 22 22 24 e3 13 33 cd 44 74 21 91 c4 3a cd e2 d8 00 f5 5b e9 c0 98 50 9f 8d 4d e4 fb fd 11 a6 f2 0b 11 12 53 cc f5 72 ca 52 a1 d8 cb 06 04 19 f5 24 61 54 c7 8a a5 02 2f 7f 25 f4 b5 d2 81 ae 55 60 28 80 42 37 c1 12 41 24 65 5a c5 8f 19 19 39 da 0e a3 12 53 59 1d 4c 52 ac 81 57 8c 9c c2 04 65 69 07 bc 08 71 81 a5 93 c9 a0 ba ae 29 cb 25 91 31 ee 9d 63 9f 70 ec 49 42 43 b8 20 21 85 cb b4 6b 15 53 cb 4b cb 4b 85 aa 99 c0 72 ad 93 f1 d8 51 9a c5 a6 65 8d c7 63 13 05 41 c0 b8 87 4d 8f 25 53 94 c2 ca e8 c6 7a dd 6b c7 1f d1 3d 22 be d3 6c e3 60 dd 5e 47 2b e8 de 55 c3 c0 6b 36 6b 35 7f c5 8b 10 75 5c cc 87 28 e2 28 41 7e 84 e8 8a 60 19 f7 b0 b3 82 82 e0 5e 64 ee 4f d3 e5 45 ab cb 1c 07 1c 8b a8 6c 15 50 63 42 87 c0 71 ec 68 42 4e 62 2c 22 8c a5 06 11 c7 81 a3 59 84 7a 71 e6 63 cb 13 c2 ca a7 4d 4f 88 dc 0f 7f ba cc 4a d0 93 e7 53 d3 65 4c 0a c9 51 aa 06 ca d4 80 51 59 45 63 2c 58 82 ad a6 d9 30 6b b9 e8 45 b2 99 10 fa 0f b5 cc 09 56 c3 6c 98 cd 5c c5 9c f6 df 96 5f 95 11 fe d1 8a e5 a5 6e 2e bd b7 bc e4 32 7f 02 2f 29 f2 7d 42 c3 aa 64 e9 26 ac d5 d2 a7 ce 8c e2 32 29 59 b2 09 0d 45 7c 5d 5e 32 3d 4c 25 e6 d8 87 97 94 09 a2 8e c0 26 04 e4 09 fb 9d 7c 71 ab 56 ea c4 38 90 c5 53 82 78 48 68 21 b6 6a d7 94 8c 29 a9 e0 a9 da 2d 45 73 19 f7 31 df 84 7a fa 04 82 c5 c4 87 df 76 b7 d5 b7 33 26 be 8c 36 a1 95 b3 a9 63 50 45 31 09 e9 26 14 30 3a 11 26 61 24 37 a1 b1 be 00 7a 13 6c 35 ca f7 50 90 67 3c 1d bb c8 1b 86 9c 65 d4 af 7a 2c 66 7c 13 78 e8 22 dd 6e 34 0c 78 fb a9 99 cd 66 a5 58 1b a0 84 c4 93 4d d8 e2 04 c5 06 1c e0 78 84 25 f1 90 01 02 51 51 15 98 93 a0 00 25 22 e4 b3 71 61 c0 ec ef b7 d6 9e fa 2a a7 75 ad 99 bb 95 e7 8b 14 a0 cf 32 08 e8 61 cc 5c 14 57 e0 45 cd 93 40 57 99 8b 05 6f 74 c7 71 40 cb a8 8f 03 42 b1 af e5 8c 00 32 e2 6c 0c 14 8f a1 cf 39 e3 ba 56 a4 2d 20 02 16 78 3b cb 4b af 4a ec 08 71 b8 8f 90 88 54 4a fc a0 75 0a 0a 65 db c8 1b 9e c6 18 09 95 2b df 20 15 3a 0a 00 66 cc 3c a4 c8 a6 0a 43 58 75 40 fb 4d 09 98 4d 0b 2c 07 24 c1 2c 93 fa cf 02 e0 7d 11 39 06 78 35 a0 55 cb 41 76 14 ca 29 37 a3 0a a9 4a 2b e1 af 60 91 b9 6f 16 e4 2a d3 3e 38 4e 61 e4 bb da 0b 07 e4 3c b9 fa 3f 28 8e 19 f2 7f a1 72 d1 51 7a 25 5f 62 59 e0 13 81 dc 18 0b 50 a1 25 52 e4 61 60 14 52 14 62 c0 4f 1e 4e a5 1
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKConnection: Keep-AliveKeep-Alive: timeout=5, max=100cache-control: public, max-age=604800expires: Wed, 22 Mar 2023 17:00:28 GMTcontent-type: text/csslast-modified: Sat, 29 Jan 2022 20:59:24 GMTaccept-ranges: bytescontent-encoding: gzipvary: Accept-Encoding,User-Agentcontent-length: 930date: Wed, 15 Mar 2023 17:00:28 GMTserver: LiteSpeedx-powered-by: Niagahosterstrict-transport-security: max-age=31536000; includeSubDomains; preloadx-xss-protection: 1; mode=blockx-content-type-options: nosniffData Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 56 db 8e a3 38 10 7d 9e 7c 85 a5 68 35 dd 5a 1c 01 b9 8e 23 45 7b 91 fa 79 a5 fd 02 83 4d b0 da b8 2c 6c 3a 64 56 f9 f7 95 0d 84 5b 3a ab 9d 5d 78 81 aa 53 a7 5c a7 7c 4b 80 5d ff 5a a0 f6 49 68 fa 7e 2e a1 52 8c a0 e5 db de bd c7 bb 33 03 65 71 46 0b 21 af 04 7d fd a3 04 56 a5 f6 e7 3f a9 32 5f 03 64 a8 32 d8 f0 52 64 c7 c5 6d 41 51 cf 99 82 84 92 2c a3 dd 9e a6 bb 9e cd f2 da 62 c6 53 28 a9 15 a0 08 52 a0 b8 8f 25 39 7c f0 32 40 0b 4a 32 48 2b 33 e0 9a 05 55 8a f1 52 8a 26 12 64 80 2a d9 c2 bf 68 ca 98 50 67 2c 79 66 09 8a 43 5d 3b cc 2a 8f 02 94 47 03 4e 5f 96 11 df 39 41 f1 ae 05 29 fa 91 d0 12 a7 95 b1 50 a0 47 fa e0 a6 2c b4 8c e3 b8 2f 2a 81 92 f1 f2 ee 0b 0f ee 3d 4e a4 40 cb 2c cb 86 69 2c 9c cf 92 cf 24 43 cb 4d 7c f8 ed f7 5f 8f ce 34 1f 15 9d e3 27 bc 1d b0 11 74 06 bf e4 9c da 07 78 f7 7b 92 e2 d4 35 e2 73 bf 6f 4f e0 fe d1 0a 34 57 27 1a a0 e1 5f 0b 18 db 3c e9 73 4d d7 eb 3d 4d f6 7e 68 09 d4 38 05 65 a9 50 3e ea 4b 41 cb b3 50 38 01 6b a1 20 28 de ba 96 75 cd 26 28 da 36 2d b4 34 19 49 fa 20 cb 9b 7f 7c 16 8f c6 c6 96 42 73 76 b2 09 b0 eb c9 96 44 d9 1c 43 86 ed 55 f3 17 60 ec f5 df f1 dd 79 4e 96 05 68 66 cb 7b 5b 06 60 a7 b8 bb 6d 80 cb 39 65 53 dc dd 96 0f 47 d7 cc 43 0b 9a a0 48 d7 c8 80 14 0c 2d 99 7f 9a 96 c3 a5 a4 7a 10 c2 84 d1 92 5e 09 4a 24 a4 ef cd 9c eb 7c 97 5c 58 8e 8d a6 29 77 eb d4 45 8e 01 7e 5d ba be 66 12 2e 04 71 29 85 36 c2 8c 41 bd 3f 17 8c 71 e5 c7 a1 e9 99 63 57 c3 68 4e 34 4d 26 28 44 28 6c 97 ee dc 15 85 ba f6 fd 6e 9b 3e 2e fe 61 e1 1d a4 9f 2e 23 6e 7c e1 c9 bb b0 b8 95 af a4 4c 54 86 a0 f5 08 53 c0 f7 a7 80 a7 c1 f7 04 35 36 39 65 4e 0c a1 0c b7 0e 86 f0 46 d7 28 76 c3 c6 3b 5d a3 f2 9c d0 97 c3 3e 38 ec 82 c3 3e 08 57 9b cd eb 6c 18 ff 95 e6 c7 19 6e 8b 55 01 1f 82 63 29 8c 9d b5 ee be 3e c7 02 77 7b f2 63 ef f8 f4 79 7b 3b 36 e6 cf 27 d0 c4 3f ee ea c4 f9 49 6f 37 1d f2 69 83 37 73 be 7f e4 79 32 0d c7 da ad 6c 5e 15 89 a2 42 7e 2e e3 ba 3d 98 fa 30 6c 85 1d ed 70 83 73 2c 5a b7 a3 99 4b 13 eb 1a 8d 44 f7 61 17 2e ce b9 25 68 1f 86 4d 1a ce 04 f5 27 27 a2 2b b7 2d 88 14 d4 20 d7 45 30 9b 13 14 c5 87 21 55 de b2 4c cc 93 9d 65 5a a2 df a4 f0 6e 33 5f e4 ed d1 8d a3 f1 fa 6e ac db f0 a7 c1 65 c2 71 ec Data Ascii: V8}\|h5Z#E{yM,l:dV[:]xS\\|K]ZIh~.R3eqF!}V?2_d2RdmAQ,bS(R%9\|2@J2H+3UR&dhPg,yfC];GN_9A)
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKdate: Wed, 15 Mar 2023 16:55:10 GMTetag: "-375139978"last-modified: Thu, 16 Apr 2020 10:44:16 GMTx-request-id: 508953460content-type: text/javascriptcontent-length: 4547content-encoding: gzipvary: Accept-Encodingx-cdn-pop: sbgx-cdn-pop-ip: 137.74.120.0/27x-cacheable: Matched cacheaccept-ranges: bytesx-iplb-request-id: 5411342B:C2FE_2E69C9F0:0050_6411F9AE_9163:140BAx-iplb-instance: 42475Data Raw: 1f 8b 08 00 00 00 00 00 00 00 9d 1a 0d 7b da 36 f3 af 10 6d 2f b5 6b d5 c1 4d da 77 83 28 59 3e db 74 69 b2 25 64 5f 8c f9 71 8c 00 27 20 53 5b 90 d0 e0 ff fe de 49 b2 31 e0 bc db b3 3e 7d 82 74 3a 9d 4e ba d3 7d c9 56 7f 2a 42 19 c5 c2 b2 9f 67 41 52 13 8c 4c 45 8f f7 23 c1 7b 84 4a 56 0c 4b fb 39 Data Ascii: {6m/kMw(Y>ti%d_q' S[I1>}t:N}V*BgARLE#{JVK9

Source: chromecache_257.1.dr	String found in binary or memory: VideoLoaderManager:{mvcID:"VideoLoaderManager",className:"wnd-video-background",orientationClassName:{landscape:"orientation-landscape",portrait:"orientation-portrait"},videoApi:{youtube:"https://www.youtube.com/iframe_api",vimeo:"https://player.vimeo.com/api/player.js"}},UploadManager:{supportedImagesMime:"image/png image/jpeg image/gif image/svg+xml image/webp image/avif".split(" "),supportedFaviconMime:["image/x-icon"],supportedExifMime:["image/jpeg"],supportedImportExt:[".csv",".xml",".txt"], equals www.youtube.com (Youtube)
Source: chromecache_257.1.dr	String found in binary or memory: VideoUrlParser:{youtube:{url:"//www.youtube.com/embed/",thumbnail:"https://img.youtube.com/vi/"},vimeo:{url:"//player.vimeo.com/video/",thumbnail:"https://vimeo.com/api/v2/video/"}},EditHtmlFormModel:{DataType:"content_items"},AddContentManager:{priority:0,minDistance:10,defaultDistance:15,maxDistance:15,maxInnerDistance:35,zIndex:39,stripeOffset:20,horizontalBoxOffset:-35,fadeInTime:150,fadeOutTime:150,innerFadeInTime:150,innerFadeOutTime:150,maxAnimatedStripes:2,hoverOffset:15},AddSectionManager:{maxDistance:35, equals www.youtube.com (Youtube)
Source: chromecache_335.1.dr	String found in binary or memory: b,"vert.pix");break;case "PERCENT":Ay(d.verticalThresholds,b,"vert.pct")}zv("sdl","init",!1)?zv("sdl","pending",!1)\|\|J(function(){return By()}):(xv("sdl","init",!0),xv("sdl","pending",!0),J(function(){By();if(Cy()){var e=Dy();qc(z,"scroll",e);qc(z,"resize",e)}else xv("sdl","init",!1)}));return b}Hy.M="internal.enableAutoEventOnScroll";var cc=fa(["data-gtm-yt-inspected-"]),Iy=["www.youtube.com","www.youtube-nocookie.com"],Jy,Ky=!1; equals www.youtube.com (Youtube)
Source: chromecache_317.1.dr	String found in binary or memory: function Hy(a,b){var c=this;return b}Hy.M="internal.enableAutoEventOnScroll";var cc=fa(["data-gtm-yt-inspected-"]),Iy=["www.youtube.com","www.youtube-nocookie.com"],Jy,Ky=!1; equals www.youtube.com (Youtube)
Source: chromecache_317.1.dr	String found in binary or memory: g})};return{store:function(g,h){var l=f(g);l?l.button=h:e.push({form:g,button:h})},get:function(g){var h=f(g);return h?h.button:null}}}function d(e,f,g,h,l){var n=zv("fsl",g?"nv.mwt":"mwt",0),p;p=g?zv("fsl","nv.ids",[]):zv("fsl","ids",[]);if(!p.length)return!0;var q=vv(e,"gtm.formSubmit",p),r=e.action;r&&r.tagName&&(r=e.cloneNode(!1).action);q["gtm.elementUrl"]=r;Q(121);"https://www.facebook.com/tr/"===r&&Q(122);if(U(79)&&"https://www.facebook.com/tr/"===r)return!0;l&&(q["gtm.formSubmitElement"]= equals www.facebook.com (Facebook)
Source: chromecache_335.1.dr	String found in binary or memory: l=!!a.get("fixMissingApi");if(!(d\|\|e\|\|f\|\|g.length\|\|h.length))return;var n={Ff:d,Df:e,Ef:f,lg:g,mg:h,gd:l,Wa:b},p=z.YT,q=function(){Qy(n)};if(p)return p.ready&&p.ready(q),b;var r=z.onYouTubeIframeAPIReady;z.onYouTubeIframeAPIReady=function(){r&&r();q()};J(function(){for(var u=I.getElementsByTagName("script"),t=u.length,v=0;v<t;v++){var w=u[v].getAttribute("src");if(Ty(w,"iframe_api")\|\|Ty(w,"player_api"))return b}for(var y=I.getElementsByTagName("iframe"),x=y.length,A=0;A<x;A++)if(!Ky&&Ry(y[A],n.gd))return mc("https://www.youtube.com/iframe_api"), equals www.youtube.com (Youtube)

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Wed, 15 Mar 2023 17:00:23 GMTserver: LiteSpeedx-powered-by: Niagahosterstrict-transport-security: max-age=31536000; includeSubDomains; preloadx-xss-protection: 1; mode=blockx-content-type-options: nosniffvary: User-Agentalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 15 Mar 2023 17:00:31 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originPermissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Frame-Options: SAMEORIGINCache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMTSet-Cookie: __cf_bm=ybNc1aRKwnc0FH1q405ULjfNIc4EhqkyOG_Q2w50Ztg-1678899631-0-AcRXg8xya3NyCYm0xRxrPHQ41fx6jsnfTmDT+V5+xIJctyV7AugiQxMSlgPIca5zYk0h2+/Rp6bUqFmTX2ktNe0=; path=/; expires=Wed, 15-Mar-23 17:30:31 GMT; domain=.affforce.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 7a8650280d4a3a7a-FRA
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: Keep-AliveKeep-Alive: timeout=5, max=100x-powered-by: Niagahostercontent-type: text/html; charset=UTF-8content-length: 6744content-encoding: gzipvary: Accept-Encoding,User-Agentdate: Wed, 15 Mar 2023 17:00:30 GMTserver: LiteSpeedstrict-transport-security: max-age=31536000; includeSubDomains; preloadx-xss-protection: 1; mode=blockx-content-type-options: nosniffData Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 3c ed 72 e3 36 92 bf ed a7 e8 55 f6 56 76 95 44 d9 33 99 4d 62 5b be 55 3c 4a 46 7b 1e db 25 db 99 9b 4a a5 52 10 d9 12 31 43 02 5c 00 94 ac 6c f2 40 f7 1a f7 64 57 dd 00 29 ea c3 8e 27 5b 57 97 ab 4a 26 65 89 24 d0 e8 ef 2f 40 3c fb d3 eb eb 8b bb f7 37 43 78 73 f7 f6 f2 7c ff 2c 75 79 46 1f 28 92 f3 7d 08 ff 9d e5 e8 04 a4 ce 15 5d fc 47 29 e7 fd d6 85 56 0e 95 eb de 2d 0b 6c 41 ec af fa 2d 87 0f ae 47 20 4e e3 54 18 8b ae 5f ba 69 f7 cb 16 9c ef ef 6d 03 f9 cf ee fd a0 7b a1 f3 42 38 39 c9 9a 70 46 c3 3e 26 33 6c d5 d3 94 c8 b1 df 9a 4b 5c 14 da b8 c6 c8 85 4c 5c da 4f 70 2e 63 ec f2 45 07 a4 92 4e 8a ac 6b 63 91 61 ff b8 75 be bf bf 77 e6 a4 cb f0 fc 9d 70 71 0a 6f f5 5c a2 05 a1 12 b8 fb 0e 6e d1 d0 d5 ad 33 28 72 b8 56 99 54 78 d6 f3 e3 d7 d7 4f d0 c6 46 16 4e 6a d5 40 c1 c3 cc 57 30 dd 1c ac 87 69 3d cc 69 99 65 90 26 a0 19 36 4c b5 81 a9 c1 2d f2 3e e2 72 a1 4d 62 9b e4 ad 60 87 d9 9d 1d b7 c0 df e3 65 f8 41 a7 46 a1 7a e6 c7 d3 aa 1d c6 2f d5 0b cf 97 4c aa 8f 60 30 eb b7 64 4c 64 b9 65 81 fd 96 cc c5 0c 7b 85 9a b5 20 35 38 ed b7 7a 53 31 a7 01 11 dd 3b df 5f a9 06 cf e7 31 6d 92 ad 3d e9 f5 a6 5a 39 1b cd b4 9e 65 28 0a 69 a3 58 e7 bd d8 da 7f 9f 8a 5c 66 cb fe 58 4f b4 d3 27 9f 1f 1d 75 5e 1d 1d 75 be 38 3a 6a 33 06 6d eb 96 19 da 14 d1 b5 3d 1e 6d 56 a8 d8 da f6 79 85 aa 47 a7 5a 2a 17 0f 71 a2 a2 89 d6 ce 3a 23 0a ba a0 d5 08 85 ae 58 a0 d5 39 f6 3e 8f 5e 46 47 04 65 ed 76 94 4b 15 c5 d6 b6 3c f5 ab b5 5b 9f b8 56 7d a3 f7 32 7a 19 bd e2 85 ea 7b 4f ae b2 b7 be 50 4f aa 38 2b 13 64 08 b9 9e ef 9e 17 24 54 71 e6 31 6c 85 b4 d1 4f e2 41 46 56 3a ec 39 cc 8b 4c 38 b4 bd f9 cb 1e 03 7b 2e f0 fd bd 33 af f4 60 4d dc 00 ff 41 3c 6c 8a 98 ee f5 32 39 b1 bd 0f ff 28 d1 2c 7b c7 d1 f1 71 f4 32 5c 31 27 3e d8 d6 f9 59 cf 03 3c 7f 04 f4 73 f9 fc 61 93 cd eb c0 6b 0d dd b5 46 9c a8 0f 36 8a 33 5d 26 d3 4c 18 dc c0 3f d7 09 1a 25 7f 32 bd 17 d1 17 d1 f1 ea ba 5a a7 c9 a7 0f 62 2e fc 1a 8f d3 56 8b f6 83 25 be be ec e6 98 48 41 7c 91 68 9f 07 70 7f ef ec 4f dd ee f7 72 0a 99 83 d1 10 be fa 81 34 68 27 75 da da 28 70 91 e8 22 87 fc ca a6 72 de 7b 19 7d 11 bd 58 5d 6f 73 0d 9e 09 d2 a0 2d b4 4a 7a 24 de f0 7d a7 7c ff f4 3d aa 44 4e 7f e8 76 cf f7 cf 7a 3e aa 9c 4d 74 b2 3c df df 3f 4b e4 1c e2 4c 58 db 6f 29 31 9f 08 03 fe a3 2b d5 1c 8d c5 ea d2 3a e1 64 dc 75 ba 68 35 c4 da 98 4d ee 52 48 85 a6 f1 7c d7 b8 00 8f d0 d8 39 b6 9e 33 29 9d d3 2a c8 c4 5f b4 36 80 38 3d 9b 51 cc 4a 84 13 e1 82 10 c9 32 51 d8 fa b6 30 33 74 fd 56 14 e6 d4 8f 1f 5f 7a a5 b5 85 50 d5 92 e4 78 bb 13 61 98 b7 85 50

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image, VP8 encoding, 700x466, Scaling: [none]x[none], YUV color, decoders should clamp
Category:	downloaded
Size (bytes):	27060
Entropy (8bit):	7.99303423453241
Encrypted:	true
SSDEEP:	384:net0SbZWfr+K8uGjqYh91iekCvpV01h/MFM2mwT3cbIohni0VdZkdMzknArafwFM:erMfrVm1h91iqHVmO3cJniydZkdMoM+l
MD5:	68F29D69A635125232BA958CA0EA3069
SHA1:	AF8898BB028BE0E4E9FC883CC0DFE617B7E4828E
SHA-256:	6074453E788E822CF7D6300815EB00A1FC57F5352C7491DF7FFE75BBDF79F613
SHA-512:	A4EE113BD07B880AAC3118644F6E41DD44337E86281BAF5E9A84552CF99DB5624972B194D694E8B01A77CA1A24B347F40480F69954A0EB2FF4AB9E79B09E379C
Malicious:	false
Reputation:	low
URL:	https://d1di2lzuh97fh2.cloudfront.net/files/05/05z/700/05zusj.webp?ph=5fd3b12d34
Preview:	RIFF.i..WEBPVP8 .i...9.......>.B.J...+.Q.....em.....}..?.y.1..6.l.i.."....X`_...")....P.'......M.\.m.}....R>..M....k....'.!...j.o.g...'...@...#...3.o7.hpT.-.. ...x...K0F"...=..u2..L.h..=.li.N..<...Ii.>..I.e...u8MT=......R.A.......~S$.........[..F..mc./].4.2.>..."(..w".n...Oh.l.cr.1#...%.....i...%I:....}..n.L.`..0..f.;.&.g].Tu...(pq...wK....t.}....6..&....[...........c...T.%...>.'pm..Z..<.b.........Ou.......B....k/..G..........I:..bH.1..P...e.Yzq/...ui..5.7.8....s.m<.u.5e....Q..K"%...h.G.>....o.h..$.N.N.....C......B+..V y.].om..y\...u$B.....9}P>....?.....QL...cz.]S.NsPQ.....P..w.4.6;....(.n...t.u\|..... .whP\.....,..S.;..q...t*..m.x.SrWO).....5OQ.M^._S?...J0E5.<;......t....:.w..d.<...H.v./?...T..O2V.t...a.'XF............jQRU,..F@..x1..U..;......=+.....,..H....tx.K..hWm.....`^.F.4..l.{.)f.0_H=...N..D....B..B......_.\]...j#`V...6..w..4.i.R..p0..Kc.F.....CX.<.}.<.....FV9H....~\/...%.%!.........!.3..$.ns...z.{.R\.....W{..%..T.]$....k\|q.z.

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 44800, version 1.0
Category:	downloaded
Size (bytes):	44800
Entropy (8bit):	7.995165130165582
Encrypted:	true
SSDEEP:	768:LBZWdggj/TIz4iYsgPHUBAtn7paDGflgH23lnfRP9rHQJSo2GS:W7/Ts4mW0En9UWl3fRFZN
MD5:	5C6EBD76D8E76B609584AF9C20AEE4F9
SHA1:	73DA07E69695C4C6AF6CEA5DD3EA627132117241
SHA-256:	A658B2BE7323C57D4BD5C4197B657E1F5360D1B950131DC377EFEC1D5111FFD0
SHA-512:	56B569CBE8962835DA543B2A191D873AFAC07DB81D4C830F5159621CC1ADDCF6434BFCF77BAB47CE7CDCA57F2374D0B5D4D07C11227B93F3C329BE1653E6941E
Malicious:	false
Reputation:	low
URL:	https://fonts.gstatic.com/s/opensans/v29/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Preview:	wOF2..............&@.............................b. ..P?HVAR.x.`?STAT.$'....+...\|.../V........z....0....6.$..8. ..~. ...[..Q.l...t..P\.L.q.F.r;.BPm.`....f...?+9.CA7@.....I&E..,j#...B..........`..v(i...a.h.}..A?..=..C.z..h8.5g..e...R.~.......wW?)..p.1].Ac}....o..Tw..2.3>.k..g...r..]U...?..&.Qw.-A$.O.+.O-...!R....\..~~2..T..d.X...+.U...K.:...T...4..{w.....L...#.`.%.D....G.m.o.W...TL.B.....O........?.6..uw/.f.@.J$...."U01s.8...?..;.s..+d4.].$m..*BJ..eeg...2.q.i......?.....I..y..%/.[.5..:.=....<....(!.Vt&w..J...T.....K} 7.^:.VQjB.Q.j ....L;..=..{....U..._....>g..........p.l..........#...=...D.P.D.I.T.5..I`.Q@..pj5N.p....a....../`..J.'..l.,...2..9.z2.N.;.z.`........!Rs....,.,ix..zfc....&+..w.:.....:.j..o.....;...#i.#X.)v..9...U..~J..+....p.7.......A...\.:\....c&.~.n.L.y....m.+z.b..I.i.m....0.}X.$a...i......3..%.E......U....P..+.v...h.>.. ....!.......b...t....<A.G..Cu32......e.....KU.(.p.u...".D.Z#uB. ._\|..gj..".{.y.....d.....&..\T~.:W;.v0.K...

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://city-of-goodyear.webnode.page/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 199

Chrome Cache Entry: 200

Chrome Cache Entry: 201

Chrome Cache Entry: 202

Chrome Cache Entry: 203

Chrome Cache Entry: 204

Chrome Cache Entry: 205

Chrome Cache Entry: 206

Chrome Cache Entry: 207

Chrome Cache Entry: 208

Chrome Cache Entry: 209

Chrome Cache Entry: 210

Chrome Cache Entry: 211

Chrome Cache Entry: 212

Chrome Cache Entry: 213

Chrome Cache Entry: 214

Chrome Cache Entry: 215

Chrome Cache Entry: 216

Chrome Cache Entry: 217

Chrome Cache Entry: 218

Chrome Cache Entry: 219

Chrome Cache Entry: 220

Chrome Cache Entry: 221

Chrome Cache Entry: 222

Chrome Cache Entry: 223

Chrome Cache Entry: 224

Chrome Cache Entry: 225

Chrome Cache Entry: 226

Windows Analysis Report
https://city-of-goodyear.webnode.page/