download: | index.html |
Full analysis: | https://app.any.run/tasks/e776bab8-ec3f-4593-ae09-e79e0a4c3a8a |
Verdict: | Malicious activity |
Analysis date: | May 14, 2019, 23:28:08 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | text/html |
File info: | HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators |
MD5: | 04A18D08B0F9589D90398F9AFB30D2C1 |
SHA1: | 64E7B7BA3F3290F887EE115ADD9626F2FE5B30FA |
SHA256: | 7F938AD7686F85214A1256BFFE458FC27FC2D483136645EE777AD8331DD0C2C0 |
SSDEEP: | 6144:yh71ha/iOmxxb7gIZSAED6PU59emYikbVMIKy1NFoM72rdA7yJUpT+Qz9KmlTUtT:yjIIZSpCI+razmrO8zjuJyuobit1ctlo |
.aiml | | | Artificial Intelligence Markup Language (48.3) |
---|---|---|
.htm/html | | | HyperText Markup Language with DOCTYPE (41.6) |
.html | | | HyperText Markup Language (9.9) |
oathGuceConsentHost: | guce.yahoo.com |
---|---|
referrer: | unsafe-url |
themeColor: | #400090 |
formatDetection: | telephone=no |
Keywords: | yahoo, yahoo home page, yahoo homepage, yahoo search, yahoo mail, yahoo messenger, yahoo games, news, finance, sport, entertainment |
Description: | News, email and search are just the beginning. Discover more every day. Find your yodel. |
ContentType: | text/html; charset=utf-8 |
HTTPEquivXDnsPrefetchControl: | on |
Title: | Yahoo |
HTTPEquivXUACompatible: | IE=edge |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2932 | "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\index.html | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3332 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2932 CREDAT:79873 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 0 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3764 | "C:\Program Files\Google\Chrome\Application\chrome.exe" | C:\Program Files\Google\Chrome\Application\chrome.exe | explorer.exe | |
User: admin Company: Google Inc. Integrity Level: MEDIUM Description: Google Chrome Version: 73.0.3683.75 | ||||
2568 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=73.0.3683.75 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6ebb0f18,0x6ebb0f28,0x6ebb0f34 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: MEDIUM Description: Google Chrome Version: 73.0.3683.75 | ||||
3708 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=3776 --on-initialized-event-handle=308 --parent-handle=312 /prefetch:6 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: MEDIUM Description: Google Chrome Version: 73.0.3683.75 | ||||
3076 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=964,10304255533118857801,10437070051982360506,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAACAAwAAAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=6892600421241754498 --mojo-platform-channel-handle=952 --ignored=" --type=renderer " /prefetch:2 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: LOW Description: Google Chrome Version: 73.0.3683.75 | ||||
3748 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=964,10304255533118857801,10437070051982360506,131072 --enable-features=PasswordImport --service-pipe-token=6004339751121722582 --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=6004339751121722582 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1964 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 73.0.3683.75 | ||||
2280 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=964,10304255533118857801,10437070051982360506,131072 --enable-features=PasswordImport --service-pipe-token=15700209996845620265 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15700209996845620265 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2152 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 73.0.3683.75 | ||||
3920 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=964,10304255533118857801,10437070051982360506,131072 --enable-features=PasswordImport --service-pipe-token=9103254841311113991 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=9103254841311113991 --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2160 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 73.0.3683.75 | ||||
3624 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=964,10304255533118857801,10437070051982360506,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=229969103668460049 --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=229969103668460049 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2940 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: LOW Description: Google Chrome Version: 73.0.3683.75 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2932 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
2932 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
3332 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\custom.desktop.c5483352[1].css | text | |
MD5:C54833527C77F998CD45B57A5D2749EB | SHA256:4FB4DC82052CE4E6A5BB5DFEDF5E61208FF884008F00378E30D2848CA38FCA8B | |||
3332 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\Advance_rc4-rollup[1].eot | eot | |
MD5:0F70FD96D2A27B5C46F7C4DB002C05D3 | SHA256:7AA89D635FCDF4E98F4FD1FDD11F2CEAF6F6CA78866FE0FD28B90C91AB2D55AB | |||
3332 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\styles-ltr[1].css | text | |
MD5:1AD164954ADC1530309C2C4FA0E1FEA9 | SHA256:BF6470BE437AA10CC19F7E433F355ED8C962914A961780EAA6AD46EA59B97406 | |||
3332 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\advance_0.0.27[1].css | text | |
MD5:AC766AE0E54572F7B33065A9C36092B4 | SHA256:F6BECE6D99CEE47C17A5642296E46BCFD4DE5800AEC0223CBF59C439496CBB16 | |||
3332 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\yglyphs[2].eot | eot | |
MD5:430F2CB7F3B2B01E8A0FF27FD883F5A1 | SHA256:8C83E68BEA7A6FC8B2E696DD5F0107837375B8BF6B536645C03E05D95A28571F | |||
3332 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\font_rc4_0.0.91[1].css | text | |
MD5:C45EDC1345620CAABA9C35594F085196 | SHA256:8C9134E768A60DB1E0570E7709B960F18EBF4F1577E7B907DAEEFFF8BB5F35FD | |||
3332 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\advance_color_0.0.31[1].css | text | |
MD5:CFE3E11D7F399F8336C5007FD6CD514A | SHA256:0501A52941EAAA8E8C8D9E664E149FE7D02EB9E18A25AA8E3FE6FD192CC8CD97 | |||
3332 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\fp_sda_0.0.30[1].css | text | |
MD5:54CA7D8202A70AA8BB421ACD5569363A | SHA256:D4255CCDD8CD45F9450E989F6459502DD11349B776B765A7ABAD4FAC0FB96DBD |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2672 | firefox.exe | POST | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/ | US | der | 471 b | whitelisted |
2672 | firefox.exe | GET | 200 | 2.16.186.112:80 | http://detectportal.firefox.com/success.txt | unknown | text | 8 b | whitelisted |
3764 | chrome.exe | GET | 200 | 52.216.1.128:80 | http://security-update-site-1.6.s3.amazonaws.com/content.jar | US | java | 2.84 Kb | shared |
3764 | chrome.exe | GET | 200 | 74.125.173.138:80 | http://r5---sn-4g5ednsy.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvMjJlQUFXRC12Ny1ldUFnMXF3SDlXZDlFZw/7319.128.0.1_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx?cms_redirect=yes&mip=185.217.119.8&mm=28&mn=sn-4g5ednsy&ms=nvh&mt=1557876398&mv=m&pl=24&shardbypass=yes | US | crx | 842 Kb | whitelisted |
2672 | firefox.exe | POST | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/ | US | der | 471 b | whitelisted |
3764 | chrome.exe | GET | 302 | 172.217.16.174:80 | http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvMjJlQUFXRC12Ny1ldUFnMXF3SDlXZDlFZw/7319.128.0.1_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx | US | html | 504 b | whitelisted |
2672 | firefox.exe | POST | 200 | 172.217.16.163:80 | http://ocsp.pki.goog/GTSGIAG3 | US | der | 471 b | whitelisted |
2672 | firefox.exe | POST | 200 | 172.217.16.163:80 | http://ocsp.pki.goog/GTSGIAG3 | US | der | 471 b | whitelisted |
2672 | firefox.exe | GET | 200 | 52.216.169.147:80 | http://security-update-site-1.6.s3.amazonaws.com/content.jar | US | java | 2.84 Kb | shared |
2672 | firefox.exe | GET | 200 | 2.16.186.112:80 | http://detectportal.firefox.com/success.txt | unknown | text | 8 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2932 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3332 | iexplore.exe | 87.248.114.11:443 | s.yimg.com | Yahoo! UK Services Limited | GB | shared |
3332 | iexplore.exe | 152.195.39.122:443 | us.y.atwola.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2932 | iexplore.exe | 212.82.100.137:443 | search.yahoo.com | Yahoo! UK Services Limited | CH | shared |
3332 | iexplore.exe | 172.227.85.103:443 | sb.scorecardresearch.com | Akamai Technologies, Inc. | US | whitelisted |
3764 | chrome.exe | 216.58.210.3:443 | www.google.com.ua | Google Inc. | US | whitelisted |
3764 | chrome.exe | 172.217.18.13:443 | accounts.google.com | Google Inc. | US | whitelisted |
3764 | chrome.exe | 172.217.23.174:443 | clients1.google.com | Google Inc. | US | whitelisted |
3764 | chrome.exe | 172.217.22.36:443 | www.google.com | Google Inc. | US | whitelisted |
3764 | chrome.exe | 216.58.210.14:443 | apis.google.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
s.yimg.com |
| shared |
www.bing.com |
| whitelisted |
us.y.atwola.com |
| whitelisted |
sb.scorecardresearch.com |
| shared |
search.yahoo.com |
| whitelisted |
www.google.com.ua |
| whitelisted |
clientservices.googleapis.com |
| whitelisted |
accounts.google.com |
| shared |
clients1.google.com |
| whitelisted |
ssl.gstatic.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
3764 | chrome.exe | Potentially Bad Traffic | ET INFO JAR Size Under 30K Size - Potentially Hostile |
2672 | firefox.exe | Potentially Bad Traffic | ET INFO JAR Size Under 30K Size - Potentially Hostile |