download: | index.html |
Full analysis: | https://app.any.run/tasks/f3d16262-6bfe-421a-9434-2454f78eeabb |
Verdict: | Malicious activity |
Analysis date: | May 30, 2020, 13:16:08 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | text/html |
File info: | HTML document, UTF-8 Unicode text, with very long lines |
MD5: | 5DE7B609F844234AC826E32943653AB1 |
SHA1: | 894452F805FDC3B56B430B2F393DE0FCBD9A284E |
SHA256: | 5C6ACDC60D5B948FE9F97FDC00E1AFC869C9B15603636B4514971466D552E489 |
SSDEEP: | 3072:nRuLRV1zZutP4D5Atmrm+OGAcam13nEsnMU:nRuLRV1NutP4D5Atmrm+OSOsMU |
.html | | | HyperText Markup Language (100) |
---|
HTTPEquivXUACompatible: | IE=edge |
---|---|
viewport: | width=device-width, initial-scale=1 |
language: | en |
msapplicationTileColor: | #da532c |
themeColor: | #000000 |
Title: | Download Security Software for Windows, Mac, Android & iOS | Avira Antivirus |
Description: | Discover a range of award-winning security, privacy & performance tools for all devices. • Antivirus • VPN • System Speedup • Mobile & more. Download now |
Robots: | index, follow |
twitterCard: | summary |
twitterSite: | @avira |
twitterDescription: | Discover a range of award-winning security, privacy & performance tools for all devices. • Antivirus • VPN • System Speedup • Mobile & more. Download now |
googleSiteVerification: | usy0xmvNUkbiYpNrty6WLxEJWzTOqVCS7eS9b_WTZgU |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2788 | "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\index.html | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2756 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2788 CREDAT:144385 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | — | iexplore.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 0 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2184 | "C:\Program Files\Google\Chrome\Application\chrome.exe" | C:\Program Files\Google\Chrome\Application\chrome.exe | explorer.exe | |
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Exit code: 3221225547 Version: 75.0.3770.100 | ||||
2964 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=75.0.3770.100 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6e9ba9d0,0x6e9ba9e0,0x6e9ba9ec | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Exit code: 0 Version: 75.0.3770.100 | ||||
1404 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2192 --on-initialized-event-handle=324 --parent-handle=328 /prefetch:6 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Exit code: 0 Version: 75.0.3770.100 | ||||
2772 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1028,17486936783209749039,15884646417456746189,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=4358172052172811948 --mojo-platform-channel-handle=1020 --ignored=" --type=renderer " /prefetch:2 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 75.0.3770.100 | ||||
3640 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1028,17486936783209749039,15884646417456746189,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --service-request-channel-token=1979676241768878621 --mojo-platform-channel-handle=1560 /prefetch:8 | C:\Program Files\Google\Chrome\Application\chrome.exe | chrome.exe | |
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Exit code: 0 Version: 75.0.3770.100 | ||||
3692 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1028,17486936783209749039,15884646417456746189,131072 --enable-features=PasswordImport --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=2385484263096793482 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2284 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 75.0.3770.100 | ||||
2224 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1028,17486936783209749039,15884646417456746189,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=18268150617037350033 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=508 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 75.0.3770.100 | ||||
3096 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1028,17486936783209749039,15884646417456746189,131072 --enable-features=PasswordImport --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10221082676897464010 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2232 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 75.0.3770.100 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2788 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
2788 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DFE1B030670E7BE8BD.TMP | — | |
MD5:— | SHA256:— | |||
2788 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DF8BA9DAD3C4EE72E9.TMP | — | |
MD5:— | SHA256:— | |||
2788 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DFA17D62CACF39A703.TMP | — | |
MD5:— | SHA256:— | |||
2788 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{C2EC4FFB-A277-11EA-9F59-5254004A04AF}.dat | — | |
MD5:— | SHA256:— | |||
2788 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DFBB6E943DA0807022.TMP | — | |
MD5:— | SHA256:— | |||
2184 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-5ED25CB6-888.pma | — | |
MD5:— | SHA256:— | |||
2184 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\733a5e20-d46f-4449-aef9-3662bc5c6a1e.tmp | — | |
MD5:— | SHA256:— | |||
2184 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000028.dbtmp | — | |
MD5:— | SHA256:— | |||
2788 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{C90D1B4E-A277-11EA-9F59-5254004A04AF}.dat | binary | |
MD5:07A74623AFCBA6B02028BB73705901A8 | SHA256:A156C9C70F1014AD51D2CE7663350110F1225450A02FD88AE70435193A0A9846 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
— | — | GET | — | 72.21.91.29:80 | http://status.geotrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR3enuod9bxDxzpICGW%2B2sabjf17QQUkFj%2FsJx1qFFUd7Ht8qNDFjiebMUCEAhpwjriHwb%2BBA3oHNrcctU%3D | US | — | — | whitelisted |
3640 | chrome.exe | GET | 200 | 74.125.173.137:80 | http://r4---sn-4g5ednsy.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOTRmQUFXVHlhaGJaUTdMLWtCSkNJUl9ZQQ/1.0.0.5_nmmhkkegccagdldgiimedpiccmgmieda.crx?cms_redirect=yes&mh=QJ&mip=89.187.165.47&mm=28&mn=sn-4g5ednsy&ms=nvh&mt=1590844512&mv=m&mvi=3&pl=24&shardbypass=yes | US | crx | 293 Kb | whitelisted |
3640 | chrome.exe | GET | 302 | 172.217.22.14:80 | http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOTRmQUFXVHlhaGJaUTdMLWtCSkNJUl9ZQQ/1.0.0.5_nmmhkkegccagdldgiimedpiccmgmieda.crx | US | html | 519 b | whitelisted |
3640 | chrome.exe | GET | 302 | 172.217.22.14:80 | http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjY5QUFXTEQwc2RPVXhRY3picjhxblh1dw/7619.603.0.2_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx | US | html | 524 b | whitelisted |
— | — | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D | US | der | 471 b | whitelisted |
3640 | chrome.exe | GET | 200 | 74.125.110.103:80 | http://r2---sn-4g5ednsr.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjY5QUFXTEQwc2RPVXhRY3picjhxblh1dw/7619.603.0.2_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx?cms_redirect=yes&mh=Qx&mip=89.187.165.47&mm=28&mn=sn-4g5ednsr&ms=nvh&mt=1590844512&mv=m&mvi=1&pl=24&shardbypass=yes | US | crx | 816 Kb | whitelisted |
2788 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3640 | chrome.exe | 216.58.206.3:443 | clientservices.googleapis.com | Google Inc. | US | whitelisted |
2788 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3640 | chrome.exe | 172.217.18.99:443 | www.google.com.ua | Google Inc. | US | whitelisted |
3640 | chrome.exe | 172.217.18.10:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
3640 | chrome.exe | 216.58.210.13:443 | accounts.google.com | Google Inc. | US | whitelisted |
4 | System | 104.19.147.8:139 | script.crazyegg.com | Cloudflare Inc | US | shared |
4 | System | 104.19.148.8:445 | script.crazyegg.com | Cloudflare Inc | US | shared |
4 | System | 104.19.147.8:445 | script.crazyegg.com | Cloudflare Inc | US | shared |
3640 | chrome.exe | 172.217.22.3:443 | www.gstatic.com | Google Inc. | US | whitelisted |
3640 | chrome.exe | 172.217.22.14:80 | redirector.gvt1.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
d.la1-c2-dfw.salesforceliveagent.com |
| whitelisted |
s3.amazonaws.com |
| shared |
www.google-analytics.com |
| whitelisted |
www.glancecdn.net |
| whitelisted |
consent.cookiebot.com |
| whitelisted |
amplifypixel.outbrain.com |
| whitelisted |
script.crazyegg.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
clientservices.googleapis.com |
| whitelisted |