Loading ...

Play interactive tourEdit tour

Windows Analysis Report payment.html

Overview

General Information

Sample Name:payment.html
Analysis ID:536937
MD5:9b0a0397c0d85b35f5e651eb3dc0760d
SHA1:7efacb5fd898e6ab14c55864a142d2e49414c198
SHA256:a822a0ad8bdf6afe197ae4eb4d375f988e30224c4af13e04110e6dcdcd77c836
Infos:

Most interesting Screenshot:

Detection

HTMLPhisher
Score:88
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected HtmlPhish6
Yara detected HtmlPhish44
Yara detected obfuscated html page
HTML document with suspicious title
Phishing site detected (based on various OCR indicators)
HTML document with suspicious name
Phishing site detected (based on logo template match)
None HTTPS page querying sensitive user data (password, username or email)
No HTML title found
HTML body contains low number of good links
Suspicious form URL found
IP address seen in connection with other malware

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 5136 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "C:\Users\user\Desktop\payment.html MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 2620 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1516,5333486012102189739,1151610584919525887,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1936 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
payment.htmlJoeSecurity_ObshtmlYara detected obfuscated html pageJoe Security
    payment.htmlJoeSecurity_HtmlPhish_44Yara detected HtmlPhish_44Joe Security
      payment.htmlJoeSecurity_HtmlPhish_6Yara detected HtmlPhish_6Joe Security

        Sigma Overview

        No Sigma rule has matched

        Jbx Signature Overview

        Click to jump to signature section

        Show All Signature Results

        AV Detection:

        barindex
        Multi AV Scanner detection for submitted fileShow sources
        Source: payment.htmlVirustotal: Detection: 12%Perma Link
        Source: payment.htmlMetadefender: Detection: 11%Perma Link
        Source: payment.htmlReversingLabs: Detection: 27%

        Phishing:

        barindex
        Yara detected HtmlPhish6Show sources
        Source: Yara matchFile source: payment.html, type: SAMPLE
        Source: Yara matchFile source: 56225.0.pages.csv, type: HTML
        Yara detected HtmlPhish44Show sources
        Source: Yara matchFile source: payment.html, type: SAMPLE
        Yara detected obfuscated html pageShow sources
        Source: Yara matchFile source: payment.html, type: SAMPLE
        Phishing site detected (based on various OCR indicators)Show sources
        Source: ScreenshotsOCR Text: Sign in to view the document
        Source: ScreenshotsOCR Text: J Sign InX + t- X G) File I C:/Users/user/Desktop/payment.html Chrome is being controlled by automated test software, 0 Sign InX + t- e G) File I C:/Users/user/Desktop/payment.html Chrome is being controlled by automated test software, X Sign in to view the document E Yafioo!, Gmi msn'. Email Password ' 0 Sign InX + t- e G) File I C:/Users/user/Desktop/payment.html Chrome is being controlled by automated test software, X Sign in to view the document E Yafioo!, Gmi msn'. Email Password ' 0 Sign InX + t- e G) File I C:/Users/user/Desktop/payment.html Chrome is being controlled by automated test software, X Sign in to view the document E Yafioo!, Gmi msn'. Email Password 0 Sign InX + t- e G) File I C:/Users/user/Desktop/payment.html Chrome is being controlled by automated test software, X Sign in to view the document E Yafioo!, Gmi msn'. Email Password 0 Sign InX + t- e G) File I C:/Users/user/Desktop/payment.html Chrome is being controlled by automated test software, X Sign in to view the document E Yafioo!, Gmi msn'. Email Password 0 Sign InX + t- e G) File I C:/Users/user/Desktop/payment.html Chrome is being controlled by automated test software, X Sign in to view the document E Yafioo!, Gmi msn'. Email Password 0 Sign InX + t- e G) File I C:/Users/user/Desktop/payment.html Chrome is being controlled by automated test software, X Sign in to view the document E Yafioo!, Gmi msn'. Email Password ' 0 Sign InX + t- e G) File I C:/Users/user/Desktop/payment.html Chrome is being controlled by automated test software, X Sign in to view the document E Yafioo!, Gmi msn'. Email Password 0 Sign InX + t- e G) File I C:/Users/user/Desktop/payment.html Chrome is being controlled by automated test software, X Sign in to view the document E Yafioo!, Gmi msn'. Email Password 0 Sign InX + t- e G) File I C:/Users/user/Desktop/payment.html Chrome is being controlled by automated test software, X Sign in to view the document E Yafioo!, Gmi msn'. Email Password 0 Sign InX + t- e G) File I C:/Users/user/Desktop/payment.html Chrome is being controlled by automated test software, X Sign in to view the document E Yafioo!, Gmi msn'. Email Password 0 Sign InX + t- e G) File I C:/Users/user/Desktop/payment.html Chrome is being controlled by automated test software, X Sign in to view the document E Yafioo!, Gmi msn'. Email Password ' 0 Sign InX + t- e G) File I C:/Users/user/Desktop/payment.html Chrome is being controlled by automated test software, X Sign in to view the document E Yafioo!, Gmi msn'. Email Password 0 Sign InX + t- e G) File I C:/Users/user/Desktop/payment.html Chrome is being controlled by automated test software, X Sign in to view the document E Yafioo!, Gmi msn'. Email Password ' 0 Sign InX + t- e G) File I C:/Users/user/Desktop/payment.html Chrome is being controlled by automated test software, X Sign in to view the document E Yafioo!, Gmi msn'. Ema
        Phishing site detected (based on logo template match)Show sources
        Source: file:///C:/Users/user/Desktop/payment.htmlMatcher: Template: gmail matched
        Source: file:///C:/Users/user/Desktop/payment.htmlHTTP Parser: Has password / email / username input fields
        Source: file:///C:/Users/user/Desktop/payment.htmlHTTP Parser: Has password / email / username input fields
        Source: file:///C:/Users/user/Desktop/payment.htmlHTTP Parser: HTML title missing
        Source: file:///C:/Users/user/Desktop/payment.htmlHTTP Parser: HTML title missing
        Source: file:///C:/Users/user/Desktop/payment.htmlHTTP Parser: Number of links: 0
        Source: file:///C:/Users/user/Desktop/payment.htmlHTTP Parser: Number of links: 0
        Source: file:///C:/Users/user/Desktop/payment.htmlHTTP Parser: Form action: http://lynchweb-lynchp.rhcloud.com/cgi-cdn/vredhat252438fsgds73X8vV7jMX2MLEsIM9ddw117952feM3434323Sjp3ijUOUFKd/Scan001.pdf.php
        Source: file:///C:/Users/user/Desktop/payment.htmlHTTP Parser: Form action: http://lynchweb-lynchp.rhcloud.com/cgi-cdn/vredhat252438fsgds73X8vV7jMX2MLEsIM9ddw117952feM3434323Sjp3ijUOUFKd/Scan001.pdf.php
        Source: file:///C:/Users/user/Desktop/payment.htmlHTTP Parser: No <meta name="author".. found
        Source: file:///C:/Users/user/Desktop/payment.htmlHTTP Parser: No <meta name="author".. found
        Source: file:///C:/Users/user/Desktop/payment.htmlHTTP Parser: No <meta name="copyright".. found
        Source: file:///C:/Users/user/Desktop/payment.htmlHTTP Parser: No <meta name="copyright".. found
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Local\Temp\5136_1946431328\LICENSE.txtJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdicJump to behavior
        Source: Joe Sandbox ViewIP Address: 74.120.188.204 74.120.188.204
        Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
        Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
        Source: Ruleset Data.1.drString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
        Source: Filtering Rules.1.dr, Ruleset Data.1.drString found in binary or memory: www.facebook.com/ajax/ads/ equals www.facebook.com (Facebook)
        Source: Filtering Rules.1.drString found in binary or memory: www.facebook.com0 equals www.facebook.com (Facebook)
        Source: angular.js.1.drString found in binary or memory: http://angularjs.org
        Source: angular.js.1.drString found in binary or memory: http://errors.angularjs.org/1.6.4-local
        Source: data_1.2.drString found in binary or memory: http://img2.wikia.nocookie.net/__cb20130328014649/logopedia/images/9/92/MSN_logo.svg
        Source: data_1.2.drString found in binary or memory: http://img2.wikia.nocookie.net/__cb20130328014649/logopedia/images/9/92/MSN_logo.svgD
        Source: pnacl_public_x86_64_pnacl_sz_nexe.1.drString found in binary or memory: http://llvm.org/):
        Source: Current Session.1.drString found in binary or memory: http://lynchweb-lynchp.rhcloud.com/cgi-cdn/vredhat252438fsgds73X8vV7jMX2MLEsIM9ddw117952feM3434323Sj
        Source: mirroring_hangouts.js.1.drString found in binary or memory: http://tools.ietf.org/html/rfc1950
        Source: data_1.2.drString found in binary or memory: http://www.adweek.com/files/imagecache/node-blog/blogs/yahoo-original.jpg
        Source: mirroring_hangouts.js.1.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
        Source: mirroring_hangouts.js.1.drString found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions
        Source: mirroring_hangouts.js.1.drString found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
        Source: data_1.2.drString found in binary or memory: http://www.userlogos.org/files/logos/sjdvda/gmail4.png
        Source: manifest.json1.1.dr, 9ad3fd36-cbcb-461a-a86b-733c060a6abb.tmp.2.dr, 169e1276-da5a-4afe-bc84-6b0e657ad3d7.tmp.2.drString found in binary or memory: https://accounts.google.com
        Source: craw_window.js.1.drString found in binary or memory: https://accounts.google.com/MergeSession
        Source: manifest.json1.1.dr, 9ad3fd36-cbcb-461a-a86b-733c060a6abb.tmp.2.dr, 169e1276-da5a-4afe-bc84-6b0e657ad3d7.tmp.2.drString found in binary or memory: https://apis.google.com
        Source: mirroring_common.js.1.drString found in binary or memory: https://apis.google.com/js/client.js
        Source: mirroring_common.js.1.drString found in binary or memory: https://castedumessaging-pa.googleapis.com/v1
        Source: pnacl_public_x86_64_libcrt_platform_a.1.drString found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-clang.git
        Source: pnacl_public_x86_64_libcrt_platform_a.1.drString found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-llvm.git
        Source: 9ad3fd36-cbcb-461a-a86b-733c060a6abb.tmp.2.dr, 169e1276-da5a-4afe-bc84-6b0e657ad3d7.tmp.2.drString found in binary or memory: https://clients2.google.com
        Source: mirroring_hangouts.js.1.drString found in binary or memory: https://clients2.google.com/cr/report
        Source: manifest.json.1.dr, manifest.json1.1.dr, manifest.json2.1.drString found in binary or memory: https://clients2.google.com/service/update2/crx
        Source: 9ad3fd36-cbcb-461a-a86b-733c060a6abb.tmp.2.dr, 169e1276-da5a-4afe-bc84-6b0e657ad3d7.tmp.2.drString found in binary or memory: https://clients2.googleusercontent.com
        Source: mirroring_hangouts.js.1.drString found in binary or memory: https://clients6.google.com
        Source: pnacl_public_x86_64_ld_nexe.1.drString found in binary or memory: https://code.google.com/p/nativeclient/issues/entry
        Source: pnacl_public_x86_64_ld_nexe.1.drString found in binary or memory: https://code.google.com/p/nativeclient/issues/entry%s:
        Source: manifest.json1.1.drString found in binary or memory: https://content.googleapis.com
        Source: common.js.1.dr, mirroring_cast_streaming.js.1.drString found in binary or memory: https://crash.corp.google.com/samples?reportid=&q=
        Source: LICENSE.txt.1.drString found in binary or memory: https://creativecommons.org/.
        Source: LICENSE.txt.1.drString found in binary or memory: https://creativecommons.org/compatiblelicenses
        Source: mirroring_hangouts.js.1.drString found in binary or memory: https://creativecommons.org/publicdomain/zero/1.0/.
        Source: 83088c99-21ba-445e-abc7-c7e29dffefa7.tmp.2.dr, 9ad3fd36-cbcb-461a-a86b-733c060a6abb.tmp.2.dr, 169e1276-da5a-4afe-bc84-6b0e657ad3d7.tmp.2.drString found in binary or memory: https://dns.google
        Source: mirroring_common.js.1.drString found in binary or memory: https://docs.google.com
        Source: LICENSE.txt.1.drString found in binary or memory: https://easylist.to/)
        Source: manifest.json1.1.drString found in binary or memory: https://feedback.googleusercontent.com
        Source: 9ad3fd36-cbcb-461a-a86b-733c060a6abb.tmp.2.dr, 169e1276-da5a-4afe-bc84-6b0e657ad3d7.tmp.2.drString found in binary or memory: https://fonts.googleapis.com
        Source: manifest.json1.1.drString found in binary or memory: https://fonts.googleapis.com;
        Source: 9ad3fd36-cbcb-461a-a86b-733c060a6abb.tmp.2.dr, 169e1276-da5a-4afe-bc84-6b0e657ad3d7.tmp.2.drString found in binary or memory: https://fonts.gstatic.com
        Source: manifest.json1.1.drString found in binary or memory: https://fonts.gstatic.com;
        Source: angular.js.1.dr, material_css_min.css.1.drString found in binary or memory: https://github.com/angular/material
        Source: LICENSE.txt.1.drString found in binary or memory: https://github.com/easylist)
        Source: craw_background.js.1.dr, craw_window.js.1.drString found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
        Source: mirroring_hangouts.js.1.drString found in binary or memory: https://github.com/madler/zlib/blob/master/zlib.h
        Source: mirroring_hangouts.js.1.drString found in binary or memory: https://hangouts.clients6.google.com
        Source: manifest.json1.1.drString found in binary or memory: https://hangouts.google.com/
        Source: mirroring_hangouts.js.1.drString found in binary or memory: https://hangouts.google.com/hangouts/_/logpref
        Source: mirroring_common.js.1.drString found in binary or memory: https://meet.google.com
        Source: mirroring_hangouts.js.1.drString found in binary or memory: https://meetings.clients6.google.com
        Source: mirroring_common.js.1.drString found in binary or memory: https://networktraversal.googleapis.com/v1alpha
        Source: 9ad3fd36-cbcb-461a-a86b-733c060a6abb.tmp.2.dr, 169e1276-da5a-4afe-bc84-6b0e657ad3d7.tmp.2.drString found in binary or memory: https://ogs.google.com
        Source: manifest.json2.1.dr, craw_window.js.1.drString found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
        Source: mirroring_hangouts.js.1.drString found in binary or memory: https://play.google.com/log?format=json&hasfast=true
        Source: mirroring_hangouts.js.1.drString found in binary or memory: https://preprod-hangouts-googleapis.sandbox.google.com
        Source: 169e1276-da5a-4afe-bc84-6b0e657ad3d7.tmp.2.drString found in binary or memory: https://r4---sn-5hne6nsk.gvt1.com
        Source: data_1.2.drString found in binary or memory: https://r4---sn-5hne6nsk.gvt1.com/edgedl/chrome/dict/en-us-9-0.bdic?cms_redirect=yes&mh=I2&mip=84.17
        Source: 169e1276-da5a-4afe-bc84-6b0e657ad3d7.tmp.2.drString found in binary or memory: https://redirector.gvt1.com
        Source: data_1.2.drString found in binary or memory: https://redirector.gvt1.com/edgedl/chrome/dict/en-us-9-0.bdic
        Source: manifest.json2.1.dr, craw_window.js.1.drString found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
        Source: 9ad3fd36-cbcb-461a-a86b-733c060a6abb.tmp.2.dr, 169e1276-da5a-4afe-bc84-6b0e657ad3d7.tmp.2.drString found in binary or memory: https://ssl.gstatic.com
        Source: messages.json19.1.dr, feedback.html.1.dr, messages.json28.1.dr, messages.json22.1.dr, messages.json10.1.dr, messages.json17.1.dr, messages.json29.1.dr, messages.json21.1.dr, messages.json48.1.dr, messages.json3.1.dr, messages.json60.1.dr, messages.json9.1.dr, messages.json62.1.dr, messages.json41.1.dr, messages.json20.1.dr, messages.json38.1.dr, messages.json24.1.dr, messages.json4.1.dr, messages.json8.1.dr, messages.json44.1.dr, messages.json1.1.dr, messages.json18.1.dr, messages.json39.1.dr, messages.json15.1.dr, messages.json33.1.dr, messages.json7.1.dr, messages.json23.1.dr, messages.json46.1.dr, messages.json50.1.dr, messages.json63.1.dr, messages.json6.1.dr, messages.json53.1.dr, messages.json65.1.dr, messages.json12.1.dr, messages.json32.1.dr, messages.json2.1.dr, messages.json59.1.dr, messages.json36.1.dr, messages.json58.1.dr, messages.json5.1.dr, messages.json43.1.dr, messages.json31.1.dr, messages.json0.1.dr, messages.json11.1.dr, messages.json16.1.dr, messages.json.1.dr, messages.json13.1.dr, messages.json14.1.drString found in binary or memory: https://support.google.com/chromecast/answer/2998456
        Source: messages.json19.1.dr, feedback.html.1.dr, messages.json28.1.dr, messages.json22.1.dr, messages.json10.1.dr, messages.json17.1.dr, messages.json29.1.dr, messages.json21.1.dr, messages.json48.1.dr, messages.json3.1.dr, messages.json60.1.dr, messages.json9.1.dr, messages.json62.1.dr, messages.json41.1.dr, messages.json20.1.dr, messages.json38.1.dr, messages.json24.1.dr, messages.json4.1.dr, messages.json8.1.dr, messages.json44.1.dr, messages.json1.1.dr, messages.json18.1.dr, messages.json39.1.dr, messages.json15.1.dr, messages.json33.1.dr, messages.json7.1.dr, messages.json23.1.dr, messages.json46.1.dr, messages.json50.1.dr, messages.json63.1.dr, messages.json6.1.dr, messages.json53.1.dr, messages.json65.1.dr, messages.json12.1.dr, messages.json32.1.dr, messages.json2.1.dr, messages.json59.1.dr, messages.json36.1.dr, messages.json58.1.dr, messages.json5.1.dr, messages.json43.1.dr, messages.json31.1.dr, messages.json0.1.dr, messages.json11.1.dr, messages.json16.1.dr, messages.json.1.dr, messages.json13.1.dr, messages.json14.1.drString found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
        Source: craw_background.js.1.dr, craw_window.js.1.drString found in binary or memory: https://www-googleapis-staging.sandbox.google.com
        Source: manifest.json1.1.dr, 9ad3fd36-cbcb-461a-a86b-733c060a6abb.tmp.2.dr, 169e1276-da5a-4afe-bc84-6b0e657ad3d7.tmp.2.drString found in binary or memory: https://www.google.com
        Source: manifest.json2.1.drString found in binary or memory: https://www.google.com/
        Source: craw_window.js.1.drString found in binary or memory: https://www.google.com/accounts/OAuthLogin?issueuberauth=1
        Source: craw_window.js.1.drString found in binary or memory: https://www.google.com/images/cleardot.gif
        Source: craw_window.js.1.drString found in binary or memory: https://www.google.com/images/dot2.gif
        Source: craw_window.js.1.drString found in binary or memory: https://www.google.com/images/x2.gif
        Source: craw_background.js.1.drString found in binary or memory: https://www.google.com/intl/en-US/chrome/blank.html
        Source: mirroring_hangouts.js.1.drString found in binary or memory: https://www.google.com/log?format=json&hasfast=true
        Source: feedback_script.js.1.drString found in binary or memory: https://www.google.com/tools/feedback
        Source: manifest.json1.1.drString found in binary or memory: https://www.google.com;
        Source: craw_background.js.1.dr, 9ad3fd36-cbcb-461a-a86b-733c060a6abb.tmp.2.dr, craw_window.js.1.dr, 169e1276-da5a-4afe-bc84-6b0e657ad3d7.tmp.2.drString found in binary or memory: https://www.googleapis.com
        Source: manifest.json2.1.drString found in binary or memory: https://www.googleapis.com/
        Source: manifest.json1.1.drString found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
        Source: manifest.json1.1.drString found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
        Source: manifest.json2.1.drString found in binary or memory: https://www.googleapis.com/auth/chromewebstore
        Source: manifest.json2.1.drString found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
        Source: manifest.json1.1.drString found in binary or memory: https://www.googleapis.com/auth/clouddevices
        Source: manifest.json1.1.drString found in binary or memory: https://www.googleapis.com/auth/hangouts
        Source: manifest.json1.1.drString found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
        Source: manifest.json1.1.drString found in binary or memory: https://www.googleapis.com/auth/meetings
        Source: manifest.json1.1.drString found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
        Source: manifest.json2.1.drString found in binary or memory: https://www.googleapis.com/auth/sierra
        Source: manifest.json2.1.drString found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
        Source: manifest.json1.1.drString found in binary or memory: https://www.googleapis.com/auth/userinfo.email
        Source: mirroring_common.js.1.drString found in binary or memory: https://www.googleapis.com/calendar/v3
        Source: mirroring_common.js.1.drString found in binary or memory: https://www.googleapis.com/hangouts/v1
        Source: 9ad3fd36-cbcb-461a-a86b-733c060a6abb.tmp.2.dr, 169e1276-da5a-4afe-bc84-6b0e657ad3d7.tmp.2.drString found in binary or memory: https://www.gstatic.com
        Source: common.js.1.drString found in binary or memory: https://www.gstatic.com/hangouts_echo_detector/release/%
        Source: manifest.json1.1.drString found in binary or memory: https://www.gstatic.com;
        Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: unknownDNS traffic detected: queries for: clients2.google.com
        Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /files/logos/sjdvda/gmail4.png HTTP/1.1Host: www.userlogos.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /files/imagecache/node-blog/blogs/yahoo-original.jpg HTTP/1.1Host: www.adweek.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /__cb20130328014649/logopedia/images/9/92/MSN_logo.svg HTTP/1.1Host: img2.wikia.nocookie.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /files/imagecache/node-blog/blogs/yahoo-original.jpg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: www.adweek.com
        Source: global trafficHTTP traffic detected: GET /files/logos/sjdvda/gmail4.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: www.userlogos.org
        Source: global trafficHTTP traffic detected: GET /__cb20130328014649/logopedia/images/9/92/MSN_logo.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: img2.wikia.nocookie.net

        System Summary:

        barindex
        HTML document with suspicious titleShow sources
        Source: file:///C:/Users/user/Desktop/payment.htmlTab title: Sign In
        HTML document with suspicious nameShow sources
        Source: Name includes: payment.htmlInitial sample: payment
        Source: payment.htmlVirustotal: Detection: 12%
        Source: payment.htmlMetadefender: Detection: 11%
        Source: payment.htmlReversingLabs: Detection: 27%
        Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "C:\Users\user\Desktop\payment.html
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1516,5333486012102189739,1151610584919525887,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1936 /prefetch:8
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1516,5333486012102189739,1151610584919525887,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1936 /prefetch:8Jump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-61B23FD3-1410.pmaJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Local\Temp\bbe06e19-82a0-42a1-926d-ee82a666be04.tmpJump to behavior
        Source: classification engineClassification label: mal88.phis.winHTML@33/260@12/11
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries