Windows Analysis Report http://akademiamomentum.al/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2

Overview

General Information

Sample URL: http://akademiamomentum.al/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Analysis ID: 512851
Infos:

Most interesting Screenshot:

Detection

Score: 0
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

No high impact signatures.

Classification

There are no high impact signatures.

Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Jump to behavior
Source: unknown DNS traffic detected: queries for: akademiamomentum.al
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKdate: Mon, 01 Nov 2021 12:37:27 GMTserver: Apachelast-modified: Thu, 14 Oct 2021 09:24:12 GMTaccept-ranges: bytesvary: Accept-Encodingcontent-encoding: gzipcontent-length: 5078content-type: application/javascriptData Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 5a 6b 77 da b8 d6 fe 7e 7e 85 e3 e9 0a 76 51 0c 24 6d 93 40 3d ac b6 49 7a 39 4d 93 26 9d ce cc 21 4c 97 c1 02 dc 18 9b da 72 02 27 70 7e fb fb 6c c9 37 6e 99 ae 79 bf 20 79 4b da da da da 77 51 7b ba a3 7d ff 9c f0 68 a6 9d 7b c3 c8 11 5c bb 3b b0 0e ac 7d 6d ae 19 7d 53 bb 98 f0 e0 c3 b5 76 16 26 81 eb 08 2f 0c 34 27 70 b5 50 8c 78 a4 f5 c3 40 44 5e 2f 11 61 14 63 fa f7 1f 84 c6 0a a3 61 cd f7 fa 3c 88 b9 f6 b4 f6 2f 1d 0b f9 c0 0b b8 ab db b6 98 4d 78 38 48 37 b4 c6 6a c3 f3 44 f0 dd 5d 63 1d 68 ef d4 4d 36 48 82 3e ed 6b 08 f3 41 4f 80 33 c6 9e 7d a1 b7 f4 6c a4 c0 ab 36 da dd 55 ad e5 8c dd b6 ea 1a 1d 5d 51 a7 77 0b 84 dc 7c 88 b8 48 a2 40 13 06 67 f7 5e e0 86 f7 e6 c2 6c ea 61 ef 3b c7 0e 39 da 71 e8 26 3e d0 aa d6 e2 d3 49 18 89 b8 bd fc 69 0b 23 e2 3f 12 2f e2 46 b6 97 99 21 6d 8a f4 74 f9 2e 46 4e 45 cc 82 95 83 65 43 1a 2f 91 58 7f 69 17 84 33 f0 62 10 46 c6 9d 13 69 91 5d fb cb b8 71 ab e6 8d 55 6e 6a 2c b0 23 d0 c6 fb 40 32 9f 77 ba 2c cc be 85 fa f6 ec 46 cb 7b 69 1f b4 bc 6a d5 7c f0 06 46 35 ec 78 dd 97 d5 00 bf 66 ba 2b 66 00 1e 48 78 58 c0 f7 1a 8b 8c ac 85 11 5b 83 c0 52 27 66 dc 5c c4 d9 0d 7e e5 51 0c 6a 6d 5d 8a 93 ce 02 0b f2 12 87 c4 c8 bc 6b f9 e1 10 57 1f ef ee 82 6b 07 56 dd aa eb 20 6e 69 d8 d0 3f 7c 3e 7f ff f6 ea d5 97 d3 66 26 a9 72 66 55 bb 3a fd fc db fb ab d3 13 30 3a df f5 77 27 0a bc 60 18 af 6c b2 84 25 13 f4 89 9f 0c bd 40 f3 43 c7 e5 ae 36 4e 7c e1 4d 7c ae 09 6f cc 63 e0 fc 7b 04 5e ac 79 41 2c 1c df 87 74 57 8d b8 2c bc 6d 5d 6f ea da bd 27 46 d8 60 88 7d 86 9a 83 eb bb e3 ba 59 d5 99 76 a7 b8 a3 e9 d5 55 86 99 66 4b dd eb c3 a2 10 85 84 44 81 c0 c2 ce c9 6a e5 2b 4f b8 9b 4c a0 73 4b e7 8f 3a bc 3b 9f 1b d4 40 91 d6 39 64 4d 92 78 04 b4 4c ec ee 0a eb 1e d0 dd dd 9d 78 45 29 d5 c0 d2 e1 f5 2a 2f f1 fb 4b e4 f4 39 21 10 4b 1d c3 34 cd 45 4e 3d e9 97 60 11 49 fa 85 d4 2d 4b a9 e5 65 14 4e 78 24 66 72 f8 01 c7 1a 78 c3 24 72 7a 3e 6f 82 62 1e 24 63 9e 7f 0d b9 68 e6 1a 90 ab 45 62 04 26 8b 16 2c 2e 8f 82 55 0a 6e f3 c5 a2 44 46 58 90 c1 3b a2 6b 6f 43 67 39 93 89 3f 33 c4 c8 8b 99 13 0d 41 45 20 62 73 b1 78 8c df 1b 59 6c 43 cd ee 42 cf d5 ea b6 6d af b2 cc 58 06 48 63 97 83 ae 38 4e b4 44 20 c4 61 c3 1d fa 3c 18 8a 91 5d 5f 30 fd b5 d3 bf 7d 13 8e 27 0e 59 2e 48 89 1b f6 25 e5 10 17 02 9e 87 2e 36 4d 60 9c 94 0e 41 76 83 50 68 6a d0 03 93 95 ac 7e 86 05 bb 8d 35 9a ad 2b 41 f4 98 c3 fa cc a5 fd 7d 5b 2a bb 17 78 82 4d a8 0f 6b c6 06 76 ed a6 63 dc c4 4f 3b 7b 37 f7 dd 2a 3a a6 d1 f9 df fc af 27 4f bb 6d db c4 a7 41 03 bf 74 9f b6 7f 49 3b 04 bc e9 d6 d8 ec 9f ae 1c b2 31 ac 5e e7 26 be 49 ce 4e cf ce 6e a6 af ea dd ea 7c e5 fb 49 6d d8 22 23 e9 41 47 b5 9c 6e bb 2c 25 4a a1 5e 45 91 33 b3 26 51 28 42 32 f8 56 4c de cb ea 43
Source: unknown Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49756
Source: global traffic HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /wp-content/uploads/2021/08/cropped-cropped-akademia-32x32.png HTTP/1.1Host: akademiamomentum.alConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: http://akademiamomentum.al/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1Host: akademiamomentum.alConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: akademiamomentum.alConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Referer: http://akademiamomentum.al/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: Favicons.1.dr, data_1.3.dr String found in binary or memory: http://akademiamomentum.al/favicon.ico
Source: Favicons.1.dr, History.1.dr, Current Session.1.dr String found in binary or memory: http://akademiamomentum.al/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Source: History.1.dr String found in binary or memory: http://akademiamomentum.al/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2/.Vm
Source: History Provider Cache.1.dr String found in binary or memory: http://akademiamomentum.al/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.22
Source: History Provider Cache.1.dr String found in binary or memory: http://akademiamomentum.al/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.22:
Source: 5f7e86d2-8685-4810-99d4-6c01c84c473a.tmp.3.dr, cf0024ee-b681-4126-a217-b992b5691636.tmp.3.dr String found in binary or memory: https://accounts.google.com
Source: craw_window.js.1.dr String found in binary or memory: https://accounts.google.com/MergeSession
Source: data_1.3.dr String found in binary or memory: https://akademiamomentum.al
Source: data_1.3.dr String found in binary or memory: https://akademiamomentum.al/wp-content/uploads/2021/08/cropped-cropped-akademia-32x32.png
Source: data_1.3.dr String found in binary or memory: https://akademiamomentum.al/wp-content/uploads/2021/08/cropped-cropped-akademia-32x32.pngcontent-len
Source: data_1.3.dr String found in binary or memory: https://akademiamomentum.al/wp-json/
Source: data_1.3.dr String found in binary or memory: https://akademiamomentum.al/wp-json/tribe/events/v1/
Source: data_1.3.dr String found in binary or memory: https://akademiamomentum.al/wp-json/tribe/events/v1/x-tec-api-origin:
Source: data_1.3.dr String found in binary or memory: https://akademiamomentum.alx-redirect-by:
Source: data_1.3.dr String found in binary or memory: https://api.w.org/
Source: 5f7e86d2-8685-4810-99d4-6c01c84c473a.tmp.3.dr, cf0024ee-b681-4126-a217-b992b5691636.tmp.3.dr String found in binary or memory: https://apis.google.com
Source: 5f7e86d2-8685-4810-99d4-6c01c84c473a.tmp.3.dr, cf0024ee-b681-4126-a217-b992b5691636.tmp.3.dr String found in binary or memory: https://clients2.google.com
Source: manifest.json0.1.dr String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 5f7e86d2-8685-4810-99d4-6c01c84c473a.tmp.3.dr, cf0024ee-b681-4126-a217-b992b5691636.tmp.3.dr String found in binary or memory: https://clients2.googleusercontent.com
Source: Reporting and NEL.3.dr String found in binary or memory: https://csp.withgoogle.com/csp/report-to/IdentityListAccountsHttp/external
Source: 5f7e86d2-8685-4810-99d4-6c01c84c473a.tmp.3.dr, 7a95c229-5b34-4590-9e9b-88f90ff32aec.tmp.3.dr, cf0024ee-b681-4126-a217-b992b5691636.tmp.3.dr String found in binary or memory: https://dns.google
Source: cf0024ee-b681-4126-a217-b992b5691636.tmp.3.dr String found in binary or memory: https://fonts.googleapis.com
Source: 5f7e86d2-8685-4810-99d4-6c01c84c473a.tmp.3.dr, cf0024ee-b681-4126-a217-b992b5691636.tmp.3.dr String found in binary or memory: https://fonts.gstatic.com
Source: craw_background.js.1.dr, craw_window.js.1.dr String found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
Source: 5f7e86d2-8685-4810-99d4-6c01c84c473a.tmp.3.dr, cf0024ee-b681-4126-a217-b992b5691636.tmp.3.dr String found in binary or memory: https://ogs.google.com
Source: manifest.json0.1.dr, craw_window.js.1.dr String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: 5f7e86d2-8685-4810-99d4-6c01c84c473a.tmp.3.dr, cf0024ee-b681-4126-a217-b992b5691636.tmp.3.dr String found in binary or memory: https://play.google.com
Source: 5f7e86d2-8685-4810-99d4-6c01c84c473a.tmp.3.dr String found in binary or memory: https://r4---sn-4g5ednsl.gvt1.com
Source: data_3.3.dr String found in binary or memory: https://r4---sn-4g5ednsl.gvt1.com/edgedl/chrome/dict/en-us-9-0.bdic?cms_redirect=yes&mh=I2&mip=84.17
Source: 5f7e86d2-8685-4810-99d4-6c01c84c473a.tmp.3.dr String found in binary or memory: https://redirector.gvt1.com
Source: data_1.3.dr String found in binary or memory: https://redirector.gvt1.com/edgedl/chrome/dict/en-us-9-0.bdic
Source: manifest.json0.1.dr, craw_window.js.1.dr String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: 5f7e86d2-8685-4810-99d4-6c01c84c473a.tmp.3.dr, cf0024ee-b681-4126-a217-b992b5691636.tmp.3.dr String found in binary or memory: https://ssl.gstatic.com
Source: craw_background.js.1.dr, craw_window.js.1.dr String found in binary or memory: https://www-googleapis-staging.sandbox.google.com
Source: 5f7e86d2-8685-4810-99d4-6c01c84c473a.tmp.3.dr, cf0024ee-b681-4126-a217-b992b5691636.tmp.3.dr String found in binary or memory: https://www.google.com
Source: manifest.json0.1.dr String found in binary or memory: https://www.google.com/
Source: craw_window.js.1.dr String found in binary or memory: https://www.google.com/accounts/OAuthLogin?issueuberauth=1
Source: craw_window.js.1.dr String found in binary or memory: https://www.google.com/images/cleardot.gif
Source: craw_window.js.1.dr String found in binary or memory: https://www.google.com/images/dot2.gif
Source: craw_window.js.1.dr String found in binary or memory: https://www.google.com/images/x2.gif
Source: craw_background.js.1.dr String found in binary or memory: https://www.google.com/intl/en-US/chrome/blank.html
Source: 5f7e86d2-8685-4810-99d4-6c01c84c473a.tmp.3.dr, craw_background.js.1.dr, cf0024ee-b681-4126-a217-b992b5691636.tmp.3.dr, craw_window.js.1.dr String found in binary or memory: https://www.googleapis.com
Source: manifest.json0.1.dr String found in binary or memory: https://www.googleapis.com/
Source: manifest.json0.1.dr String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json0.1.dr String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json0.1.dr String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json0.1.dr String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: 5f7e86d2-8685-4810-99d4-6c01c84c473a.tmp.3.dr, cf0024ee-b681-4126-a217-b992b5691636.tmp.3.dr String found in binary or memory: https://www.gstatic.com
Source: unknown HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Temp\e287845f-22fd-4ae2-a32c-e575bcfefe1e.tmp Jump to behavior
Source: classification engine Classification label: clean0.win@20/147@4/7
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'http://akademiamomentum.al/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2'
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1600,13778663275051469510,3618756389170368170,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1920 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1600,13778663275051469510,3618756389170368170,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1920 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: http://akademiamomentum.al/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 Joe Sandbox Cloud Basic: Detection: clean Score: 0 Perma Link
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-61805003-1878.pma Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 512851 URL: http://akademiamomentum.al/... Startdate: 01/11/2021 Architecture: WINDOWS Score: 0 5 chrome.exe 12 77 2->5         started        dnsIp3 11 192.168.2.1 unknown unknown 5->11 13 239.255.255.250 unknown Reserved 5->13 8 chrome.exe 11 5->8         started        process4 dnsIp5 15 akademiamomentum.al 198.54.115.56, 443, 49760, 49761 NAMECHEAP-NETUS United States 8->15 17 clients.l.google.com 142.250.203.110, 443, 49756, 49779 GOOGLEUS United States 8->17 19 5 other IPs or domains 8->19
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
172.217.168.45
 accounts.google.com United States
15169 GOOGLEUS false
198.54.115.56
 akademiamomentum.al United States
22612 NAMECHEAP-NETUS false
142.250.203.97
 googlehosted.l.googleusercontent.com United States
15169 GOOGLEUS false
239.255.255.250
 unknown Reserved
unknown unknown false
142.250.203.110
 clients.l.google.com United States
15169 GOOGLEUS false

Private
IP
192.168.2.1
127.0.0.1

Contacted Domains

Name IP Active
accounts.google.com 172.217.168.45 true
akademiamomentum.al 198.54.115.56 true
clients.l.google.com 142.250.203.110 true
googlehosted.l.googleusercontent.com 142.250.203.97 true
clients2.googleusercontent.com unknown unknown
clients2.google.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 false
    		high
    https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard false
      		high
      http://akademiamomentum.al/favicon.ico false
      • Avira URL Cloud: safe
      		 unknown
      https://clients2.googleusercontent.com/crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx false
        		high
        https://akademiamomentum.al/wp-content/uploads/2021/08/cropped-cropped-akademia-32x32.png false
        • Avira URL Cloud: safe
        		 unknown
        http://akademiamomentum.al/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 false
          		unknown
          http://akademiamomentum.al/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 false
            		unknown