Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1184_1756839512\_metadata\verified_contents.json
|
JSON data
|
dropped
|
||
|
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1184_1756839512\manifest.fingerprint
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1184_1756839512\manifest.json
|
JSON data
|
dropped
|
||
|
Chrome Cache Entry: 53
|
ASCII text, with very long lines (32030)
|
downloaded
|
||
|
Chrome Cache Entry: 54
|
ASCII text, with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 55
|
ASCII text, with very long lines (47992), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 56
|
troff or preprocessor input, ASCII text, with very long lines (372)
|
downloaded
|
||
|
Chrome Cache Entry: 57
|
HTML document, ASCII text, with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 58
|
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 7390
|
downloaded
|
||
|
Chrome Cache Entry: 59
|
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 2905
|
downloaded
|
||
|
Chrome Cache Entry: 60
|
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 250
|
dropped
|
||
|
Chrome Cache Entry: 61
|
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 2905
|
dropped
|
||
|
Chrome Cache Entry: 62
|
HTML document, ASCII text, with very long lines (611)
|
downloaded
|
||
|
Chrome Cache Entry: 63
|
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 250
|
downloaded
|
||
|
Chrome Cache Entry: 64
|
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 7390
|
dropped
|
There are 6 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2416 --field-trial-handle=2376,i,2643705326903378246,2969051248873506145,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://pub-a2527e0fc1774b399011ecd14755d452.r2.dev/0nlinedoc.html"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://pub-a2527e0fc1774b399011ecd14755d452.r2.dev/0nlinedoc.html
|
 |
||
|
https://pub-a2527e0fc1774b399011ecd14755d452.r2.dev/0nlinedoc.html
|
|
||
|
https://pub-a2527e0fc1774b399011ecd14755d452.r2.dev/0nlinedoc.html#
|
|
||
|
https://ammmei.org/wysaa/host2.4/a9c32bc.php
|
132.148.128.8
|
||
|
http://fontawesome.io
|
unknown
|
||
|
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css
|
104.17.24.14
|
||
|
https://www.cloudflare.com/favicon.ico
|
unknown
|
||
|
https://pub-a2527e0fc1774b399011ecd14755d452.r2.dev/favicon.ico
|
104.18.3.35
|
||
|
https://developers.cloudflare.com/r2/data-access/public-buckets/
|
unknown
|
||
|
https://code.jquery.com/jquery-3.1.1.min.js
|
151.101.2.137
|
||
|
https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js
|
104.17.24.14
|
||
|
https://ammmei.org/wysaa/host2.4/admin/js/sc.php
|
132.148.128.8
|
||
|
http://fontawesome.io/license
|
unknown
|
There are 2 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
pub-a2527e0fc1774b399011ecd14755d452.r2.dev
|
104.18.3.35
|
|
|
|
ammmei.org
|
132.148.128.8
|
||
|
part-0039.t-0009.t-msedge.net
|
13.107.213.67
|
||
|
part-0017.t-0009.t-msedge.net
|
13.107.246.45
|
||
|
code.jquery.com
|
151.101.2.137
|
||
|
cdnjs.cloudflare.com
|
104.17.24.14
|
||
|
www.google.com
|
172.217.18.4
|
||
|
fp2e7a.wpc.phicdn.net
|
192.229.221.95
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
104.18.3.35
|
pub-a2527e0fc1774b399011ecd14755d452.r2.dev
|
United States
|
|
|
|
104.17.24.14
|
cdnjs.cloudflare.com
|
United States
|
||
|
13.107.246.45
|
part-0017.t-0009.t-msedge.net
|
United States
|
||
|
172.217.18.4
|
www.google.com
|
United States
|
||
|
192.168.2.4
|
unknown
|
unknown
|
||
|
151.101.2.137
|
code.jquery.com
|
United States
|
||
|
13.107.213.67
|
part-0039.t-0009.t-msedge.net
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
132.148.128.8
|
ammmei.org
|
United States
|
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
https://pub-a2527e0fc1774b399011ecd14755d452.r2.dev/0nlinedoc.html
|
|
|
|
https://pub-a2527e0fc1774b399011ecd14755d452.r2.dev/0nlinedoc.html#
|
|
|
|
https://pub-a2527e0fc1774b399011ecd14755d452.r2.dev/0nlinedoc.html
|