Windows Analysis Report https://www.gov.uk/government/publications/guidance-for-contacts-of-people-with-possible-or-confirmed-coronavirus-covid-19-infection-who-do-not-live-with-the-person/guidance-for-contacts-of-people-with-possible-or-confirmed-coronavirus-covid-19-infection-who-do-not-live-with-the-person#exempt

Overview

General Information

Sample URL: https://www.gov.uk/government/publications/guidance-for-contacts-of-people-with-possible-or-confirmed-coronavirus-covid-19-infection-who-do-not-live-with-the-person/guidance-for-contacts-of-people-with-possible-or-confirmed-coronavirus-covid-19-infection-who-do-not-live-with-the-person#exempt
Analysis ID: 466598
Infos:

Most interesting Screenshot:

Detection

Score: 21
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

Phishing site detected (based on logo template match)
Deletes files inside the Windows folder
No HTML title found

Classification

Phishing:

barindex
Phishing site detected (based on logo template match)
Source: https://www.gov.uk/help/cookies Matcher: Template: google matched
No HTML title found
Source: https://www.gov.uk/government/publications/guidance-for-contacts-of-people-with-possible-or-confirmed-coronavirus-covid-19-infection-who-do-not-live-with-the-person/guidance-for-contacts-of-people-with-possible-or-confirmed-coronavirus-covid-19-infection-who-do-not-live-with-the-person#exempt HTTP Parser: HTML title missing
Source: https://www.gov.uk/government/publications/guidance-for-contacts-of-people-with-possible-or-confirmed-coronavirus-covid-19-infection-who-do-not-live-with-the-person/guidance-for-contacts-of-people-with-possible-or-confirmed-coronavirus-covid-19-infection-who-do-not-live-with-the-person#exempt HTTP Parser: HTML title missing
Source: https://www.gov.uk/help/cookies HTTP Parser: HTML title missing
Source: https://www.gov.uk/help/cookies HTTP Parser: HTML title missing
Source: https://www.gov.uk/ HTTP Parser: HTML title missing
Source: https://www.gov.uk/ HTTP Parser: HTML title missing
Source: https://www.gov.uk/coronavirus HTTP Parser: HTML title missing
Source: https://www.gov.uk/government/publications/guidance-for-contacts-of-people-with-possible-or-confirmed-coronavirus-covid-19-infection-who-do-not-live-with-the-person HTTP Parser: HTML title missing
Source: https://www.gov.uk/government/organisations/public-health-england HTTP Parser: HTML title missing
Source: https://www.gov.uk/government/publications/guidance-for-contacts-of-people-with-possible-or-confirmed-coronavirus-covid-19-infection-who-do-not-live-with-the-person/guidance-for-contacts-of-people-with-possible-or-confirmed-coronavirus-covid-19-infection-who-do-not-live-with-the-person#exempt HTTP Parser: No <meta name="author".. found
Source: https://www.gov.uk/government/publications/guidance-for-contacts-of-people-with-possible-or-confirmed-coronavirus-covid-19-infection-who-do-not-live-with-the-person/guidance-for-contacts-of-people-with-possible-or-confirmed-coronavirus-covid-19-infection-who-do-not-live-with-the-person#exempt HTTP Parser: No <meta name="author".. found
Source: https://www.gov.uk/help/cookies HTTP Parser: No <meta name="author".. found
Source: https://www.gov.uk/help/cookies HTTP Parser: No <meta name="author".. found
Source: https://www.gov.uk/ HTTP Parser: No <meta name="author".. found
Source: https://www.gov.uk/ HTTP Parser: No <meta name="author".. found
Source: https://www.gov.uk/coronavirus HTTP Parser: No <meta name="author".. found
Source: https://www.gov.uk/government/publications/guidance-for-contacts-of-people-with-possible-or-confirmed-coronavirus-covid-19-infection-who-do-not-live-with-the-person HTTP Parser: No <meta name="author".. found
Source: https://www.gov.uk/government/organisations/public-health-england HTTP Parser: No <meta name="author".. found
Source: https://www.gov.uk/government/publications/guidance-for-contacts-of-people-with-possible-or-confirmed-coronavirus-covid-19-infection-who-do-not-live-with-the-person/guidance-for-contacts-of-people-with-possible-or-confirmed-coronavirus-covid-19-infection-who-do-not-live-with-the-person#exempt HTTP Parser: No <meta name="copyright".. found
Source: https://www.gov.uk/government/publications/guidance-for-contacts-of-people-with-possible-or-confirmed-coronavirus-covid-19-infection-who-do-not-live-with-the-person/guidance-for-contacts-of-people-with-possible-or-confirmed-coronavirus-covid-19-infection-who-do-not-live-with-the-person#exempt HTTP Parser: No <meta name="copyright".. found
Source: https://www.gov.uk/help/cookies HTTP Parser: No <meta name="copyright".. found
Source: https://www.gov.uk/help/cookies HTTP Parser: No <meta name="copyright".. found
Source: https://www.gov.uk/ HTTP Parser: No <meta name="copyright".. found
Source: https://www.gov.uk/ HTTP Parser: No <meta name="copyright".. found
Source: https://www.gov.uk/coronavirus HTTP Parser: No <meta name="copyright".. found
Source: https://www.gov.uk/government/publications/guidance-for-contacts-of-people-with-possible-or-confirmed-coronavirus-covid-19-infection-who-do-not-live-with-the-person HTTP Parser: No <meta name="copyright".. found
Source: https://www.gov.uk/government/organisations/public-health-england HTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Jump to behavior
Source: unknown HTTPS traffic detected: 151.101.0.144:443 -> 192.168.2.3:49732 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.0.144:443 -> 192.168.2.3:49809 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.0.144:443 -> 192.168.2.3:49808 version: TLS 1.2
Source: unknown DNS traffic detected: queries for: clients2.google.com
Source: unknown Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49771 -> 443
Source: Web Data.1.dr String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: manifest.json0.1.dr, d767b06e-7262-4302-be43-b10ed4ab9b13.tmp.3.dr, 12d01cda-77f6-4066-adcc-9f47669f5db0.tmp.3.dr, 7d87884f-567c-45e2-a832-ea5c4e84e9b5.tmp.3.dr String found in binary or memory: https://accounts.google.com
Source: manifest.json0.1.dr, d767b06e-7262-4302-be43-b10ed4ab9b13.tmp.3.dr, 12d01cda-77f6-4066-adcc-9f47669f5db0.tmp.3.dr, 7d87884f-567c-45e2-a832-ea5c4e84e9b5.tmp.3.dr String found in binary or memory: https://apis.google.com
Source: Web Data.1.dr String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: d767b06e-7262-4302-be43-b10ed4ab9b13.tmp.3.dr, 12d01cda-77f6-4066-adcc-9f47669f5db0.tmp.3.dr, 7d87884f-567c-45e2-a832-ea5c4e84e9b5.tmp.3.dr String found in binary or memory: https://clients2.google.com
Source: manifest.json0.1.dr String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: d767b06e-7262-4302-be43-b10ed4ab9b13.tmp.3.dr, 12d01cda-77f6-4066-adcc-9f47669f5db0.tmp.3.dr, 7d87884f-567c-45e2-a832-ea5c4e84e9b5.tmp.3.dr String found in binary or memory: https://clients2.googleusercontent.com
Source: 7d87884f-567c-45e2-a832-ea5c4e84e9b5.tmp.3.dr String found in binary or memory: https://content-autofill.googleapis.com
Source: manifest.json0.1.dr String found in binary or memory: https://content.googleapis.com
Source: Reporting and NEL.3.dr String found in binary or memory: https://csp.withgoogle.com/csp/report-to/IdentityListAccountsHttp/external
Source: ebcd7fa4-0da3-4758-bb4b-375d8b73ffeb.tmp.3.dr, 40ba44b9-d58e-403b-bd06-b65948ddc914.tmp.3.dr, d767b06e-7262-4302-be43-b10ed4ab9b13.tmp.3.dr, 12d01cda-77f6-4066-adcc-9f47669f5db0.tmp.3.dr, 33ae1c87-f4ea-48f8-addb-a4792888f475.tmp.3.dr, 7d87884f-567c-45e2-a832-ea5c4e84e9b5.tmp.3.dr, 6105b951-0a00-4a0c-a395-8f364a987908.tmp.3.dr String found in binary or memory: https://dns.google
Source: Web Data.1.dr, Web Data-journal.1.dr String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: Web Data.1.dr String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: Web Data-journal.1.dr String found in binary or memory: https://duckduckgo.com/chrome_newtabxO
Source: Web Data.1.dr, Web Data-journal.1.dr String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: manifest.json0.1.dr String found in binary or memory: https://feedback.googleusercontent.com
Source: d767b06e-7262-4302-be43-b10ed4ab9b13.tmp.3.dr, 12d01cda-77f6-4066-adcc-9f47669f5db0.tmp.3.dr String found in binary or memory: https://fonts.googleapis.com
Source: manifest.json0.1.dr String found in binary or memory: https://fonts.googleapis.com;
Source: d767b06e-7262-4302-be43-b10ed4ab9b13.tmp.3.dr, 12d01cda-77f6-4066-adcc-9f47669f5db0.tmp.3.dr, 7d87884f-567c-45e2-a832-ea5c4e84e9b5.tmp.3.dr String found in binary or memory: https://fonts.gstatic.com
Source: manifest.json0.1.dr String found in binary or memory: https://fonts.gstatic.com;
Source: manifest.json0.1.dr String found in binary or memory: https://hangouts.google.com/
Source: d767b06e-7262-4302-be43-b10ed4ab9b13.tmp.3.dr, 12d01cda-77f6-4066-adcc-9f47669f5db0.tmp.3.dr, 7d87884f-567c-45e2-a832-ea5c4e84e9b5.tmp.3.dr String found in binary or memory: https://ogs.google.com
Source: manifest.json.1.dr String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: d767b06e-7262-4302-be43-b10ed4ab9b13.tmp.3.dr, 12d01cda-77f6-4066-adcc-9f47669f5db0.tmp.3.dr, 7d87884f-567c-45e2-a832-ea5c4e84e9b5.tmp.3.dr String found in binary or memory: https://play.google.com
Source: 7d87884f-567c-45e2-a832-ea5c4e84e9b5.tmp.3.dr String found in binary or memory: https://r5---sn-4g5ednsd.gvt1.com
Source: 7d87884f-567c-45e2-a832-ea5c4e84e9b5.tmp.3.dr String found in binary or memory: https://redirector.gvt1.com
Source: manifest.json.1.dr String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: d767b06e-7262-4302-be43-b10ed4ab9b13.tmp.3.dr, 12d01cda-77f6-4066-adcc-9f47669f5db0.tmp.3.dr, 7d87884f-567c-45e2-a832-ea5c4e84e9b5.tmp.3.dr String found in binary or memory: https://ssl.gstatic.com
Source: messages.json83.1.dr String found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json83.1.dr String found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: manifest.json0.1.dr, d767b06e-7262-4302-be43-b10ed4ab9b13.tmp.3.dr, 12d01cda-77f6-4066-adcc-9f47669f5db0.tmp.3.dr, 7d87884f-567c-45e2-a832-ea5c4e84e9b5.tmp.3.dr String found in binary or memory: https://www.google.com
Source: manifest.json.1.dr String found in binary or memory: https://www.google.com/
Source: manifest.json0.1.dr String found in binary or memory: https://www.google.com;
Source: d767b06e-7262-4302-be43-b10ed4ab9b13.tmp.3.dr, 12d01cda-77f6-4066-adcc-9f47669f5db0.tmp.3.dr, 7d87884f-567c-45e2-a832-ea5c4e84e9b5.tmp.3.dr String found in binary or memory: https://www.googleapis.com
Source: manifest.json.1.dr String found in binary or memory: https://www.googleapis.com/
Source: manifest.json0.1.dr String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json0.1.dr String found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json.1.dr String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.1.dr String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json0.1.dr String found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json0.1.dr String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json0.1.dr String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json0.1.dr String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json0.1.dr String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json.1.dr String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.1.dr String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json0.1.dr String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: 7d87884f-567c-45e2-a832-ea5c4e84e9b5.tmp.3.dr String found in binary or memory: https://www.gov.uk
Source: 000003.log0.1.dr String found in binary or memory: https://www.gov.uk/
Source: 0e652be799556508_0.1.dr String found in binary or memory: https://www.gov.uk/(X
Source: af71836a8101eb20_0.1.dr String found in binary or memory: https://www.gov.uk/0
Source: 58dcc872f6f82664_0.1.dr String found in binary or memory: https://www.gov.uk/2
Source: History.1.dr String found in binary or memory: https://www.gov.uk/Welcome
Source: 0e652be799556508_0.1.dr String found in binary or memory: https://www.gov.uk/assets/collections/application-98a9893e6c5d7cd0f3c525c7fde55b44d95837c3183df318e2
Source: c0b345af007be2d4_0.1.dr String found in binary or memory: https://www.gov.uk/assets/frontend/application-07c7cc25b2b557a01e70552a87e265dc4894c9f80199154f59b6e
Source: 58dcc872f6f82664_0.1.dr String found in binary or memory: https://www.gov.uk/assets/government-frontend/application-a9d421a8f8a509c0401cdb0d613dd33251d4f2cda6
Source: 9072e92199569f35_0.1.dr, af71836a8101eb20_0.1.dr String found in binary or memory: https://www.gov.uk/assets/static/application-e6ea5792082a9492390a9c635dc6189c0e50030123bc36b4440b38a
Source: Favicons.1.dr String found in binary or memory: https://www.gov.uk/assets/static/favicon-8d811b8c3badbc0b0e2f6e25d3660a96cc0cca7993e6f32e98785f205fc
Source: 25dc75807f183917_0.1.dr String found in binary or memory: https://www.gov.uk/assets/static/govuk_publishing_components/vendor/lux/lux-measurer-2953485ff03af7b
Source: 8bec73f7a155285b_0.1.dr String found in binary or memory: https://www.gov.uk/assets/static/header-footer-only-d81fdcf7f18e7decb72d2de6302e85938f6b7198c4120d5e
Source: Current Session.1.dr String found in binary or memory: https://www.gov.uk/contact/govuk/email-survey-signup
Source: Current Session.1.dr String found in binary or memory: https://www.gov.uk/contact/govuk/problem_reports
Source: Favicons.1.dr, Current Session.1.dr String found in binary or memory: https://www.gov.uk/coronavirus
Source: Favicons.1.dr String found in binary or memory: https://www.gov.uk/coronavirus-taxon
Source: Favicons.1.dr String found in binary or memory: https://www.gov.uk/coronavirus-taxon/health-and-wellbeing
Source: Favicons.1.dr String found in binary or memory: https://www.gov.uk/coronavirus-taxon/health-and-wellbeing(
Source: History.1.dr String found in binary or memory: https://www.gov.uk/coronavirus-taxon/health-and-wellbeingCoronavirus
Source: Current Session.1.dr String found in binary or memory: https://www.gov.uk/coronavirus-taxon/health-and-wellbeingc
Source: History.1.dr String found in binary or memory: https://www.gov.uk/coronavirus-taxonCoronavirus
Source: Current Session.1.dr String found in binary or memory: https://www.gov.uk/coronavirus-taxon~
Source: Current Session.1.dr String found in binary or memory: https://www.gov.uk/coronavirus5Coronavirus
Source: History.1.dr String found in binary or memory: https://www.gov.uk/coronavirusCoronavirus
Source: Current Session.1.dr String found in binary or memory: https://www.gov.uk/government/organisations/public-health-england
Source: History.1.dr String found in binary or memory: https://www.gov.uk/government/organisations/public-health-englandPublic
Source: Current Session.1.dr String found in binary or memory: https://www.gov.uk/government/publications/guidance-for-contacts-of-people-with-possible-or-confirme
Source: Favicons.1.dr String found in binary or memory: https://www.gov.uk/help/cookies
Source: History Provider Cache.1.dr String found in binary or memory: https://www.gov.uk/help/cookies2
Source: History.1.dr String found in binary or memory: https://www.gov.uk/help/cookiesCookies
Source: Current Session.1.dr String found in binary or memory: https://www.gov.uk/help/cookiesk
Source: Current Session.1.dr String found in binary or memory: https://www.gov.uk/search
Source: Web Data.1.dr String found in binary or memory: https://www.gov.uk/search/all?keywords=
Source: Web Data.1.dr String found in binary or memory: https://www.gov.uk/search/opensearch.xml
Source: Web Data.1.dr String found in binary or memory: https://www.gov.uk/search/opensearch.xml/(Z
Source: Current Session.1.dr String found in binary or memory: https://www.gov.uk/t
Source: d767b06e-7262-4302-be43-b10ed4ab9b13.tmp.3.dr, 12d01cda-77f6-4066-adcc-9f47669f5db0.tmp.3.dr, 7d87884f-567c-45e2-a832-ea5c4e84e9b5.tmp.3.dr String found in binary or memory: https://www.gstatic.com
Source: manifest.json0.1.dr String found in binary or memory: https://www.gstatic.com;
Source: 9072e92199569f35_0.1.dr, 8bec73f7a155285b_0.1.dr String found in binary or memory: https://www.smartsurvey.co.uk/s/gov_uk?c=
Source: unknown HTTPS traffic detected: 151.101.0.144:443 -> 192.168.2.3:49732 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.0.144:443 -> 192.168.2.3:49809 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.0.144:443 -> 192.168.2.3:49808 version: TLS 1.2

System Summary:

barindex
Deletes files inside the Windows folder
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File deleted: C:\Windows\Fonts\timesi.ttf Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Temp\959f1986-1aa6-4893-8b34-2d38448eea60.tmp Jump to behavior
Source: classification engine Classification label: sus21.phis.win@52/240@8/9
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'https://www.gov.uk/government/publications/guidance-for-contacts-of-people-with-possible-or-confirmed-coronavirus-covid-19-infection-who-do-not-live-with-the-person/guidance-for-contacts-of-people-with-possible-or-confirmed-coronavirus-covid-19-infection-who-do-not-live-with-the-person#exempt'
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1632,13591179574770033270,10313266110045525433,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1712 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1632,13591179574770033270,10313266110045525433,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1712 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-611BEDCC-16D4.pma Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Automated click: Accept
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Automated click: Next
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 466598 URL: https://www.gov.uk/governme... Startdate: 17/08/2021 Architecture: WINDOWS Score: 21 13 www.gov.uk 2->13 15 www-gov-uk.map.fastly.net 2->15 17 2 other IPs or domains 2->17 31 Phishing site detected (based on logo template match) 2->31 7 chrome.exe 14 416 2->7         started        signatures3 process4 dnsIp5 19 192.168.2.1 unknown unknown 7->19 21 192.168.2.4 unknown unknown 7->21 23 2 other IPs or domains 7->23 10 chrome.exe 60 7->10         started        process6 dnsIp7 25 googlehosted.l.googleusercontent.com 142.250.181.225, 443, 49754 GOOGLEUS United States 10->25 27 clients.l.google.com 142.250.181.238, 443, 49714, 56581 GOOGLEUS United States 10->27 29 8 other IPs or domains 10->29
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
151.101.0.144
 www-gov-uk.map.fastly.net United States
54113 FASTLYUS false
142.250.181.238
 clients.l.google.com United States
15169 GOOGLEUS false
142.250.181.225
 googlehosted.l.googleusercontent.com United States
15169 GOOGLEUS false
239.255.255.250
 unknown Reserved
unknown unknown false
142.250.184.237
 accounts.google.com United States
15169 GOOGLEUS false

Private
IP
192.168.2.1
192.168.2.4
192.168.2.5
127.0.0.1

Contacted Domains

Name IP Active
accounts.google.com 142.250.184.237 true
www-gov-uk.map.fastly.net 151.101.0.144 true
clients.l.google.com 142.250.181.238 true
googlehosted.l.googleusercontent.com 142.250.181.225 true
clients2.googleusercontent.com unknown unknown
clients2.google.com unknown unknown
www.gov.uk unknown unknown
assets.publishing.service.gov.uk unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://www.gov.uk/government/organisations/public-health-england true
    		unknown
    https://www.gov.uk/government/publications/guidance-for-contacts-of-people-with-possible-or-confirmed-coronavirus-covid-19-infection-who-do-not-live-with-the-person/guidance-for-contacts-of-people-with-possible-or-confirmed-coronavirus-covid-19-infection-who-do-not-live-with-the-person#exempt true
      		unknown
      https://www.gov.uk/help/cookies true
        		unknown
        https://www.gov.uk/government/publications/guidance-for-contacts-of-people-with-possible-or-confirmed-coronavirus-covid-19-infection-who-do-not-live-with-the-person true
          		unknown
          https://www.gov.uk/coronavirus true
            		unknown
            https://www.gov.uk/ true
              		unknown