Windows Analysis Report https://s.id/Iz3C6

Overview

General Information

Sample URL: https://s.id/Iz3C6
Analysis ID: 517911
Infos:

Most interesting Screenshot:

Detection

HTMLPhisher
Score: 88
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Phishing site detected (based on shot template match)
Yara detected HtmlPhish10
Antivirus detection for URL or domain
Yara detected HtmlPhish7
Phishing site detected (based on various OCR indicators)
Phishing site detected (based on image similarity)
No HTML title found
HTML body contains low number of good links

Classification

AV Detection:

barindex
Antivirus / Scanner detection for submitted sample
Source: https://s.id/Iz3C6 SlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering
Antivirus detection for URL or domain
Source: https://emiland.com/htmpx/unitedhealthcare.asp/ SlashNext: Label: Fake Login Page type: Phishing & Social Engineering
Source: https://emiland.com/htmpx/unitedhealthcare.asp/M Avira URL Cloud: Label: phishing
Source: https://emiland.com/htmpx/unitedhealthcare.asp/css/hover.css Avira URL Cloud: Label: phishing
Source: https://emiland.com/htmpx/unitedhealthcare.asp/images/office3651.png Avira URL Cloud: Label: phishing
Source: https://emiland.com/htmpx/unitedhealthcare.asp/Share Avira URL Cloud: Label: phishing
Source: https://emiland.com/htmpx/unitedhealthcare.asp/2 Avira URL Cloud: Label: phishing
Source: https://emiland.com/htmpx/unitedhealthcare.asp/images/adobe.jpg Avira URL Cloud: Label: phishing
Source: https://emiland.com/htmpx/unitedhealthcare.asp/images/gmail.png Avira URL Cloud: Label: phishing
Source: https://emiland.com/htmpx/unitedhealthcare.asp Avira URL Cloud: Label: phishing
Source: https://emiland.com/htmpx/unitedhealthcare.asp/images/outlook1.png Avira URL Cloud: Label: phishing
Source: https://emiland.com/htmpx/unitedhealthcare.asp/images/other1.png Avira URL Cloud: Label: phishing
Source: https://emiland.com/htmpx/unitedhealthcare.asp/images/outlook1.pngG Avira URL Cloud: Label: phishing

Phishing:

barindex
Phishing site detected (based on shot template match)
Source: https://emiland.com/htmpx/unitedhealthcare.asp/ Matcher: Template: office matched
Yara detected HtmlPhish10
Source: Yara match File source: 36770.0.pages.csv, type: HTML
Source: Yara match File source: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3, type: DROPPED
Yara detected HtmlPhish7
Source: Yara match File source: 36770.0.pages.csv, type: HTML
Source: Yara match File source: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3, type: DROPPED
Phishing site detected (based on various OCR indicators)
Source: Screenshots OCR Text: dL Adobe Document Cloud To read the document, please enter with the valid email credentials that this file was sent to. Sign in with Outlook k Sign in with Office365 Sign in with Other Mail Select your email provider to view Document CopyRight 2020 Adobe.
Source: Screenshots OCR Text: Downloading proxy script,,. O Type here to search E 0 Share Point OnlineX + t- e emiland.com/htmpWunitedhealthcare.asp/ Chrome is being controlled by automated test software, dL Adobe Document Cloud To read the document, please enter with the valid email credentials that this file was sent to. Sign in with Outlook k Sign in with Office365 Sign in with Other Mail Select your email provider to view Document CopyRight 2020 Adobe. Share Point OnlineX + t- e emiland.com/htmpWunitedhealthcare.asp/ Chrome is being controlled by automated test software, dL Adobe Document Cloud To read the document, please enter with the valid email credentials that this file was sent to. Sign in with Outlook k Sign in with Office365 Sign in with Other Mail Select your email provider to view Document CopyRight 2020 Adobe. Share Point OnlineX + t- e emiland.com/htmpWunitedhealthcare.asp/ Chrome is being controlled by automated test software, dL Adobe Document Cloud To read the document, please enter with the valid email credentials that this file was sent to. Sign in with Outlook k Sign in with Office365 Sign in with Other Mail Select your email provider to view Document CopyRight 2020 Adobe. Share Point OnlineX + t- e emiland.com/htmpWunitedhealthcare.asp/ Chrome is being controlled by automated test software, dL Adobe Document Cloud To read the document, please enter with the valid email credentials that this file was sent to. Sign in with Outlook k Sign in with Office365 Sign in with Other Mail Select your email provider to view Document CopyRight 2020 Adobe. Share Point OnlineX + t- e emiland.com/htmpWunitedhealthcare.asp/ Chrome is being controlled by automated test software, dL Adobe Document Cloud To read the document, please enter with the valid email credentials that this file was sent to. Sign in with Outlook k Sign in with Office365 Sign in with Other Mail Select your email provider to view Document CopyRight 2020 Adobe. Share Point OnlineX + t- e emiland.com/htmpWunitedhealthcare.asp/ Chrome is being controlled by automated test software, dL Adobe Document Cloud To read the document, please enter with the valid email credentials that this file was sent to. Sign in with Outlook k Sign in with Office365 Sign in with Other Mail Select your email provider to view Document CopyRight 2020 Adobe. Share Point OnlineX + t- e emiland.com/htmpWunitedhealthcare.asp/ Chrome is being controlled by automated test software, dL Adobe Document Cloud To read the document, please enter with the valid email credentials that this file was sent to. Sign in with Outlook k Sign in with Office365 Sign in with Other Mail Select your email provider to view Document CopyRight 2020 Adobe. Share Point OnlineX + t- e emiland.com/htmpWunitedhealthcare.asp/ Chrome is being controlled by automated test software, dL Adobe Document Cloud To read the document, please enter wi
Phishing site detected (based on image similarity)
Source: https://emiland.com/htmpx/unitedhealthcare.asp/ Matcher: Found strong image similarity, brand: Microsoft image: 36770.0.img.2.gfk.csv C3FC46C5799C76F9107504028F39190F
Source: https://emiland.com/htmpx/unitedhealthcare.asp/ Matcher: Found strong image similarity, brand: Microsoft image: 36770.0.img.3.gfk.csv FE22440D79FFA34950F512EF4A718B2A
No HTML title found
Source: https://emiland.com/htmpx/unitedhealthcare.asp/ HTTP Parser: HTML title missing
Source: https://emiland.com/htmpx/unitedhealthcare.asp/ HTTP Parser: HTML title missing
HTML body contains low number of good links
Source: https://emiland.com/htmpx/unitedhealthcare.asp/ HTTP Parser: Number of links: 0
Source: https://emiland.com/htmpx/unitedhealthcare.asp/ HTTP Parser: Number of links: 0
Source: https://emiland.com/htmpx/unitedhealthcare.asp/ HTTP Parser: No <meta name="author".. found
Source: https://emiland.com/htmpx/unitedhealthcare.asp/ HTTP Parser: No <meta name="author".. found
Source: https://emiland.com/htmpx/unitedhealthcare.asp/ HTTP Parser: No <meta name="copyright".. found
Source: https://emiland.com/htmpx/unitedhealthcare.asp/ HTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Jump to behavior
Source: unknown HTTPS traffic detected: 79.133.42.192:443 -> 192.168.2.3:49797 version: TLS 1.2
Source: unknown HTTPS traffic detected: 79.133.42.192:443 -> 192.168.2.3:49798 version: TLS 1.2
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49771 -> 443
Source: angular.js.0.dr String found in binary or memory: http://angularjs.org
Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.dr String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: angular.js.0.dr String found in binary or memory: http://errors.angularjs.org/1.6.4-local
Source: pnacl_public_x86_64_pnacl_sz_nexe.0.dr String found in binary or memory: http://llvm.org/):
Source: mirroring_hangouts.js.0.dr String found in binary or memory: http://tools.ietf.org/html/rfc1950
Source: mirroring_hangouts.js.0.dr String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: mirroring_hangouts.js.0.dr String found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions
Source: mirroring_hangouts.js.0.dr String found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
Source: Reporting and NEL.2.dr String found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=VVIJJnVzHhrMw0jRx1MSuW7Cbcq9MDI5GtpLlXm5gxabNnISIeaZ1nNcUn3
Source: Reporting and NEL.2.dr String found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=sZ1igptl%2BGpS%2FC%2BPHwNDI8vmBK%2FvRJa00DAZdUiNAFOaBYms0PZ
Source: manifest.json1.0.dr, a0297f39-71a9-4fbf-94a4-5720abbe23d0.tmp.2.dr, d153b32c-5671-4cdf-bb27-cff0abe2fd1e.tmp.2.dr String found in binary or memory: https://accounts.google.com
Source: craw_window.js.0.dr String found in binary or memory: https://accounts.google.com/MergeSession
Source: a0297f39-71a9-4fbf-94a4-5720abbe23d0.tmp.2.dr String found in binary or memory: https://ajax.googleapis.com
Source: data_3.2.dr, data_1.2.dr String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: data_2.2.dr String found in binary or memory: https://api.w.org/
Source: manifest.json1.0.dr, a0297f39-71a9-4fbf-94a4-5720abbe23d0.tmp.2.dr, d153b32c-5671-4cdf-bb27-cff0abe2fd1e.tmp.2.dr String found in binary or memory: https://apis.google.com
Source: mirroring_common.js.0.dr String found in binary or memory: https://apis.google.com/js/client.js
Source: mirroring_common.js.0.dr String found in binary or memory: https://castedumessaging-pa.googleapis.com/v1
Source: data_3.2.dr, data_1.2.dr String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Source: data_1.2.dr String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.jsy
Source: pnacl_public_x86_64_libcrt_platform_a.0.dr String found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-clang.git
Source: pnacl_public_x86_64_libcrt_platform_a.0.dr String found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-llvm.git
Source: a0297f39-71a9-4fbf-94a4-5720abbe23d0.tmp.2.dr, d153b32c-5671-4cdf-bb27-cff0abe2fd1e.tmp.2.dr String found in binary or memory: https://clients2.google.com
Source: mirroring_hangouts.js.0.dr, mirroring_cast_streaming.js.0.dr String found in binary or memory: https://clients2.google.com/cr/report
Source: manifest.json1.0.dr, manifest.json.0.dr String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: a0297f39-71a9-4fbf-94a4-5720abbe23d0.tmp.2.dr, d153b32c-5671-4cdf-bb27-cff0abe2fd1e.tmp.2.dr String found in binary or memory: https://clients2.googleusercontent.com
Source: mirroring_hangouts.js.0.dr String found in binary or memory: https://clients6.google.com
Source: pnacl_public_x86_64_ld_nexe.0.dr String found in binary or memory: https://code.google.com/p/nativeclient/issues/entry
Source: pnacl_public_x86_64_ld_nexe.0.dr String found in binary or memory: https://code.google.com/p/nativeclient/issues/entry%s:
Source: data_3.2.dr, data_1.2.dr String found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.js
Source: data_1.2.dr String found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.js&
Source: data_3.2.dr, data_1.2.dr String found in binary or memory: https://code.jquery.com/jquery-3.2.1.slim.min.js
Source: data_1.2.dr String found in binary or memory: https://code.jquery.com/jquery-3.2.1.slim.min.js/
Source: data_3.2.dr String found in binary or memory: https://code.jquery.com/jquery-3.3.1.js
Source: a0297f39-71a9-4fbf-94a4-5720abbe23d0.tmp.2.dr String found in binary or memory: https://content-autofill.googleapis.com
Source: data_1.2.dr String found in binary or memory: https://content-autofill.googleapis.com/v1/pages/Chc2LjEuMTcxNS4xNDQyL2VuIChHR0xMKRIfCebn6O3lueVfEgk
Source: manifest.json1.0.dr String found in binary or memory: https://content.googleapis.com
Source: mirroring_cast_streaming.js.0.dr, common.js.0.dr String found in binary or memory: https://crash.corp.google.com/samples?reportid=&q=
Source: mirroring_hangouts.js.0.dr String found in binary or memory: https://creativecommons.org/publicdomain/zero/1.0/.
Source: data_3.2.dr String found in binary or memory: https://csp.withgoogle.com/csp/hosted-libraries-pushers
Source: data_3.2.dr String found in binary or memory: https://csp.withgoogle.com/csp/hosted-libraries-pushersCross-Origin-Resource-Policy:
Source: Reporting and NEL.2.dr String found in binary or memory: https://csp.withgoogle.com/csp/report-to/IdentityListAccountsHttp/external
Source: data_3.2.dr, Reporting and NEL.2.dr String found in binary or memory: https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk
Source: data_3.2.dr, Reporting and NEL.2.dr String found in binary or memory: https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers
Source: 1baadb3a-d633-4f49-b5c3-f72bcb086cea.tmp.2.dr, 89fc1a87-2b71-459e-b401-82797fb694ce.tmp.2.dr, a0297f39-71a9-4fbf-94a4-5720abbe23d0.tmp.2.dr, d153b32c-5671-4cdf-bb27-cff0abe2fd1e.tmp.2.dr String found in binary or memory: https://dns.google
Source: mirroring_common.js.0.dr String found in binary or memory: https://docs.google.com
Source: data_1.2.dr, Favicons.0.dr String found in binary or memory: https://emiland.com/favicon.ico
Source: data_1.2.dr String found in binary or memory: https://emiland.com/favicon.icoChIKBw2DqFs9GgAKBw3OQUx6GgA==
Source: data_1.2.dr, Favicons.0.dr String found in binary or memory: https://emiland.com/htmpx/unitedhealthcare.asp
Source: data_2.2.dr String found in binary or memory: https://emiland.com/htmpx/unitedhealthcare.asp/
Source: History Provider Cache.0.dr, Favicons.0.dr String found in binary or memory: https://emiland.com/htmpx/unitedhealthcare.asp/2
Source: data_1.2.dr String found in binary or memory: https://emiland.com/htmpx/unitedhealthcare.asp/M
Source: History.0.dr String found in binary or memory: https://emiland.com/htmpx/unitedhealthcare.asp/Share
Source: data_1.2.dr String found in binary or memory: https://emiland.com/htmpx/unitedhealthcare.asp/css/hover.css
Source: data_1.2.dr String found in binary or memory: https://emiland.com/htmpx/unitedhealthcare.asp/images/8.jpg
Source: data_1.2.dr String found in binary or memory: https://emiland.com/htmpx/unitedhealthcare.asp/images/adobe.jpg
Source: data_1.2.dr String found in binary or memory: https://emiland.com/htmpx/unitedhealthcare.asp/images/gmail.png
Source: data_1.2.dr String found in binary or memory: https://emiland.com/htmpx/unitedhealthcare.asp/images/office3651.png
Source: data_1.2.dr String found in binary or memory: https://emiland.com/htmpx/unitedhealthcare.asp/images/other1.png
Source: data_1.2.dr String found in binary or memory: https://emiland.com/htmpx/unitedhealthcare.asp/images/outlook1.png
Source: data_1.2.dr String found in binary or memory: https://emiland.com/htmpx/unitedhealthcare.asp/images/outlook1.pngG
Source: History Provider Cache.0.dr String found in binary or memory: https://emiland.com/htmpx/unitedhealthcare.asp2
Source: data_1.2.dr String found in binary or memory: https://emiland.com/htmpx/unitedhealthcare.aspD
Source: History.0.dr String found in binary or memory: https://emiland.com/htmpx/unitedhealthcare.aspShare
Source: data_2.2.dr String found in binary or memory: https://emiland.com/wp-includes/images/w-logo-blue-white-bg.png
Source: data_2.2.dr String found in binary or memory: https://emiland.com/wp-json/
Source: manifest.json1.0.dr String found in binary or memory: https://feedback.googleusercontent.com
Source: a0297f39-71a9-4fbf-94a4-5720abbe23d0.tmp.2.dr, d153b32c-5671-4cdf-bb27-cff0abe2fd1e.tmp.2.dr String found in binary or memory: https://fonts.googleapis.com
Source: data_3.2.dr, data_1.2.dr String found in binary or memory: https://fonts.googleapis.com/css?family=Yellowtail&display=swap
Source: manifest.json1.0.dr String found in binary or memory: https://fonts.googleapis.com;
Source: data_3.2.dr, a0297f39-71a9-4fbf-94a4-5720abbe23d0.tmp.2.dr, d153b32c-5671-4cdf-bb27-cff0abe2fd1e.tmp.2.dr String found in binary or memory: https://fonts.gstatic.com
Source: data_1.2.dr String found in binary or memory: https://fonts.gstatic.com/s/yellowtail/v11/OZpGg_pnoDtINPfRIlLohlvHwQ.woff2)
Source: manifest.json1.0.dr String found in binary or memory: https://fonts.gstatic.com;
Source: material_css_min.css.0.dr String found in binary or memory: https://github.com/angular/material
Source: craw_window.js.0.dr, craw_background.js.0.dr String found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
Source: mirroring_hangouts.js.0.dr String found in binary or memory: https://github.com/madler/zlib/blob/master/zlib.h
Source: mirroring_hangouts.js.0.dr String found in binary or memory: https://hangouts.clients6.google.com
Source: manifest.json1.0.dr String found in binary or memory: https://hangouts.google.com/
Source: mirroring_hangouts.js.0.dr String found in binary or memory: https://hangouts.google.com/hangouts/_/logpref
Source: data_3.2.dr String found in binary or memory: https://ka-f.fontawesome.com
Source: data_1.2.dr String found in binary or memory: https://ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=585b051251
Source: data_1.2.dr String found in binary or memory: https://ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=585b051251kf
Source: data_1.2.dr String found in binary or memory: https://ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=585b051251
Source: data_3.2.dr String found in binary or memory: https://kit.fontawesome.com
Source: data_3.2.dr, data_1.2.dr String found in binary or memory: https://kit.fontawesome.com/585b051251.js
Source: data_3.2.dr String found in binary or memory: https://login.microsoftonline.com/common/login
Source: data_3.2.dr, data_1.2.dr String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
Source: data_3.2.dr, data_1.2.dr String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Source: mirroring_common.js.0.dr String found in binary or memory: https://meet.google.com
Source: mirroring_hangouts.js.0.dr String found in binary or memory: https://meetings.clients6.google.com
Source: mirroring_common.js.0.dr String found in binary or memory: https://networktraversal.googleapis.com/v1alpha
Source: a0297f39-71a9-4fbf-94a4-5720abbe23d0.tmp.2.dr, d153b32c-5671-4cdf-bb27-cff0abe2fd1e.tmp.2.dr String found in binary or memory: https://ogs.google.com
Source: craw_window.js.0.dr, manifest.json0.0.dr String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: a0297f39-71a9-4fbf-94a4-5720abbe23d0.tmp.2.dr, d153b32c-5671-4cdf-bb27-cff0abe2fd1e.tmp.2.dr String found in binary or memory: https://play.google.com
Source: mirroring_hangouts.js.0.dr String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: mirroring_hangouts.js.0.dr String found in binary or memory: https://preprod-hangouts-googleapis.sandbox.google.com
Source: a0297f39-71a9-4fbf-94a4-5720abbe23d0.tmp.2.dr String found in binary or memory: https://r5---sn-4g5e6nsk.gvt1.com
Source: data_1.2.dr String found in binary or memory: https://r5---sn-4g5e6nsk.gvt1.com/edgedl/chrome/dict/en-us-9-0.bdic?cms_redirect=yes&mh=I2&mip=84.17
Source: a0297f39-71a9-4fbf-94a4-5720abbe23d0.tmp.2.dr String found in binary or memory: https://redirector.gvt1.com
Source: data_1.2.dr String found in binary or memory: https://redirector.gvt1.com/edgedl/chrome/dict/en-us-9-0.bdic
Source: data_1.2.dr, History.0.dr String found in binary or memory: https://s.id/Iz3C6
Source: History Provider Cache.0.dr String found in binary or memory: https://s.id/Iz3C62
Source: Favicons.0.dr String found in binary or memory: https://s.id/Iz3C63
Source: History.0.dr String found in binary or memory: https://s.id/Iz3C6Share
Source: craw_window.js.0.dr, manifest.json0.0.dr String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: a0297f39-71a9-4fbf-94a4-5720abbe23d0.tmp.2.dr, d153b32c-5671-4cdf-bb27-cff0abe2fd1e.tmp.2.dr String found in binary or memory: https://ssl.gstatic.com
Source: messages.json15.0.dr, feedback.html.0.dr String found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json15.0.dr, feedback.html.0.dr String found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: Current Session.0.dr, a0297f39-71a9-4fbf-94a4-5720abbe23d0.tmp.2.dr String found in binary or memory: https://tamilrockers9.com
Source: Favicons.0.dr, data_2.2.dr String found in binary or memory: https://tamilrockers9.com/vpy/xsm.htm
Source: History Provider Cache.0.dr String found in binary or memory: https://tamilrockers9.com/vpy/xsm.htm2
Source: data_2.2.dr String found in binary or memory: https://tamilrockers9.com/vpy/xsm.htmReferrer-Policy:
Source: History.0.dr String found in binary or memory: https://tamilrockers9.com/vpy/xsm.htmShare
Source: craw_window.js.0.dr, craw_background.js.0.dr String found in binary or memory: https://www-googleapis-staging.sandbox.google.com
Source: manifest.json1.0.dr, a0297f39-71a9-4fbf-94a4-5720abbe23d0.tmp.2.dr, d153b32c-5671-4cdf-bb27-cff0abe2fd1e.tmp.2.dr String found in binary or memory: https://www.google.com
Source: manifest.json0.0.dr String found in binary or memory: https://www.google.com/
Source: craw_window.js.0.dr String found in binary or memory: https://www.google.com/accounts/OAuthLogin?issueuberauth=1
Source: craw_window.js.0.dr String found in binary or memory: https://www.google.com/images/cleardot.gif
Source: craw_window.js.0.dr String found in binary or memory: https://www.google.com/images/dot2.gif
Source: craw_window.js.0.dr String found in binary or memory: https://www.google.com/images/x2.gif
Source: craw_background.js.0.dr String found in binary or memory: https://www.google.com/intl/en-US/chrome/blank.html
Source: mirroring_hangouts.js.0.dr String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: feedback_script.js.0.dr String found in binary or memory: https://www.google.com/tools/feedback
Source: manifest.json1.0.dr String found in binary or memory: https://www.google.com;
Source: craw_window.js.0.dr, craw_background.js.0.dr, a0297f39-71a9-4fbf-94a4-5720abbe23d0.tmp.2.dr, d153b32c-5671-4cdf-bb27-cff0abe2fd1e.tmp.2.dr String found in binary or memory: https://www.googleapis.com
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/
Source: manifest.json1.0.dr String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json1.0.dr String found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json1.0.dr String found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json1.0.dr String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json1.0.dr String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json1.0.dr String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json1.0.dr String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json1.0.dr String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: mirroring_common.js.0.dr String found in binary or memory: https://www.googleapis.com/calendar/v3
Source: mirroring_common.js.0.dr String found in binary or memory: https://www.googleapis.com/hangouts/v1
Source: a0297f39-71a9-4fbf-94a4-5720abbe23d0.tmp.2.dr, d153b32c-5671-4cdf-bb27-cff0abe2fd1e.tmp.2.dr String found in binary or memory: https://www.gstatic.com
Source: common.js.0.dr String found in binary or memory: https://www.gstatic.com/hangouts_echo_detector/release/%
Source: manifest.json1.0.dr String found in binary or memory: https://www.gstatic.com;
Source: unknown HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: unknown DNS traffic detected: queries for: s.id
Source: global traffic HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /Iz3C6 HTTP/1.1Host: s.idConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /vpy/xsm.htm HTTP/1.1Host: tamilrockers9.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /htmpx/unitedhealthcare.asp HTTP/1.1Host: emiland.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://tamilrockers9.com/vpy/xsm.htmAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /htmpx/unitedhealthcare.asp/ HTTP/1.1Host: emiland.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://tamilrockers9.com/vpy/xsm.htmAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /bootstrap/4.0.0/css/bootstrap.min.css HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-aliveOrigin: https://emiland.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://emiland.com/htmpx/unitedhealthcare.asp/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /htmpx/unitedhealthcare.asp/css/hover.css HTTP/1.1Host: emiland.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://emiland.com/htmpx/unitedhealthcare.asp/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-aliveOrigin: https://emiland.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://emiland.com/htmpx/unitedhealthcare.asp/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveOrigin: https://emiland.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://emiland.com/htmpx/unitedhealthcare.asp/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /htmpx/unitedhealthcare.asp/images/adobe.jpg HTTP/1.1Host: emiland.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://emiland.com/htmpx/unitedhealthcare.asp/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /htmpx/unitedhealthcare.asp/images/outlook1.png HTTP/1.1Host: emiland.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://emiland.com/htmpx/unitedhealthcare.asp/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /htmpx/unitedhealthcare.asp/images/office3651.png HTTP/1.1Host: emiland.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://emiland.com/htmpx/unitedhealthcare.asp/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /htmpx/unitedhealthcare.asp/images/other1.png HTTP/1.1Host: emiland.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://emiland.com/htmpx/unitedhealthcare.asp/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /htmpx/unitedhealthcare.asp/images/gmail.png HTTP/1.1Host: emiland.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://emiland.com/htmpx/unitedhealthcare.asp/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /htmpx/unitedhealthcare.asp/images/8.jpg HTTP/1.1Host: emiland.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://emiland.com/htmpx/unitedhealthcare.asp/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: emiland.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://emiland.com/htmpx/unitedhealthcare.asp/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /wp-includes/images/w-logo-blue-white-bg.png HTTP/1.1Host: emiland.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://emiland.com/htmpx/unitedhealthcare.asp/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qtrans_front_language=en
Source: global traffic HTTP traffic detected: GET /htmpx/unitedhealthcare.asp/images/outlook1.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: emiland.com
Source: global traffic HTTP traffic detected: GET /htmpx/unitedhealthcare.asp/images/office3651.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: emiland.com
Source: global traffic HTTP traffic detected: GET /htmpx/unitedhealthcare.asp/images/other1.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: emiland.com
Source: global traffic HTTP traffic detected: GET /htmpx/unitedhealthcare.asp/images/gmail.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: emiland.com
Source: global traffic HTTP traffic detected: GET /htmpx/unitedhealthcare.asp/images/adobe.jpg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: emiland.com
Source: global traffic HTTP traffic detected: GET /crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: unknown HTTPS traffic detected: 79.133.42.192:443 -> 192.168.2.3:49797 version: TLS 1.2
Source: unknown HTTPS traffic detected: 79.133.42.192:443 -> 192.168.2.3:49798 version: TLS 1.2
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "https://s.id/Iz3C6
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1548,8791539974300921910,13509635868977157649,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1920 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1548,8791539974300921910,13509635868977157649,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1920 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: https://s.id/Iz3C6 Joe Sandbox Cloud Basic: Detection: clean Score: 0 Perma Link
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-6189DB09-18B4.pma Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Temp\7edb5144-1590-47bf-9bfb-63e41187274c.tmp Jump to behavior
Source: classification engine Classification label: mal88.phis.win@33/253@12/12
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 517911 URL: https://s.id/Iz3C6 Startdate: 08/11/2021 Architecture: WINDOWS Score: 88 23 emiland.com 2->23 35 Antivirus detection for URL or domain 2->35 37 Antivirus / Scanner detection for submitted sample 2->37 39 Phishing site detected (based on shot template match) 2->39 41 4 other signatures 2->41 7 chrome.exe 15 398 2->7         started        signatures3 process4 dnsIp5 25 192.168.2.1 unknown unknown 7->25 27 239.255.255.250 unknown Reserved 7->27 15 C:\...\pnacl_public_x86_64_pnacl_sz_nexe, ELF 7->15 dropped 17 C:\...\pnacl_public_x86_64_pnacl_llc_nexe, ELF 7->17 dropped 19 C:\Users\user\...\pnacl_public_x86_64_ld_nexe, ELF 7->19 dropped 11 chrome.exe 29 7->11         started        file6 process7 dnsIp8 29 emiland.com 79.133.42.192, 443, 49764, 49765 AT-FIRSTCOLOAustriaAT Germany 11->29 31 tamilrockers9.com 107.189.2.191, 443, 49760, 49770 PONYNETUS United States 11->31 33 13 other IPs or domains 11->33 21 C:\Users\user\AppData\Localbehaviorgraphoogle\...\data_3, data 11->21 dropped file9
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
172.217.168.45
 accounts.google.com United States
15169 GOOGLEUS false
142.250.203.97
 googlehosted.l.googleusercontent.com United States
15169 GOOGLEUS false
172.217.168.3
 gstaticadssl.l.google.com United States
15169 GOOGLEUS false
45.126.59.196
 s.id Indonesia
132647 IDNIC-PANDI-AS-IDPengelolaNamaDomainInternetIndonesia false
79.133.42.192
 emiland.com Germany
203833 AT-FIRSTCOLOAustriaAT true
107.189.2.191
 tamilrockers9.com United States
53667 PONYNETUS false
104.18.11.207
 maxcdn.bootstrapcdn.com United States
13335 CLOUDFLARENETUS false
239.255.255.250
 unknown Reserved
unknown unknown false
142.250.185.174
 clients.l.google.com United States
15169 GOOGLEUS false
104.16.19.94
 cdnjs.cloudflare.com United States
13335 CLOUDFLARENETUS false

Private
IP
192.168.2.1
127.0.0.1

Contacted Domains

Name IP Active
gstaticadssl.l.google.com 172.217.168.3 true
s.id 45.126.59.196 true
accounts.google.com 172.217.168.45 true
emiland.com 79.133.42.192 true
cdnjs.cloudflare.com 104.16.19.94 true
maxcdn.bootstrapcdn.com 104.18.11.207 true
clients.l.google.com 142.250.185.174 true
tamilrockers9.com 107.189.2.191 true
googlehosted.l.googleusercontent.com 142.250.203.97 true
clients2.googleusercontent.com unknown unknown
clients2.google.com unknown unknown
ka-f.fontawesome.com unknown unknown
code.jquery.com unknown unknown
kit.fontawesome.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://emiland.com/htmpx/unitedhealthcare.asp/css/hover.css true
  • Avira URL Cloud: phishing
 unknown
https://emiland.com/htmpx/unitedhealthcare.asp/images/office3651.png true
  • Avira URL Cloud: phishing
 unknown
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js false
    		high
    https://emiland.com/wp-includes/images/w-logo-blue-white-bg.png false
    • Avira URL Cloud: safe
    		 unknown
    https://s.id/Iz3C6 false
      		high
      https://emiland.com/htmpx/unitedhealthcare.asp/images/adobe.jpg true
      • Avira URL Cloud: phishing
      		 unknown
      https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 false
        		high
        https://emiland.com/htmpx/unitedhealthcare.asp/images/gmail.png true
        • Avira URL Cloud: phishing
        		 unknown
        https://emiland.com/htmpx/unitedhealthcare.asp false
        • Avira URL Cloud: phishing
        		 unknown
        https://clients2.googleusercontent.com/crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx false
          		high
          https://emiland.com/htmpx/unitedhealthcare.asp/ true
          • SlashNext: Fake Login Page type: Phishing & Social Engineering
          		 unknown
          https://emiland.com/htmpx/unitedhealthcare.asp/images/outlook1.png true
          • Avira URL Cloud: phishing
          		 unknown
          https://emiland.com/htmpx/unitedhealthcare.asp/images/other1.png true
          • Avira URL Cloud: phishing
          		 unknown
          https://tamilrockers9.com/vpy/xsm.htm false
          • Avira URL Cloud: safe
          		 unknown
          https://emiland.com/htmpx/unitedhealthcare.asp/ true
          • SlashNext: Fake Login Page type: Phishing & Social Engineering
          		 unknown
          https://emiland.com/favicon.ico false
          • Avira URL Cloud: safe
          		 unknown
          https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard false
            		high
            https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css false
              		high
              https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js false
                		high