Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\Users\user\Downloads\47f21400-ebff-4d18-8b1d-0c9c1a89d420.tmp
|
Web Open Font Format (Version 2), TrueType, length 28319, version 3.66
|
dropped
|
||
|
C:\Users\user\Downloads\SupremeLLTestSubWeb-Medium.woff2 (copy)
|
Web Open Font Format (Version 2), TrueType, length 28319, version 3.66
|
dropped
|
||
|
C:\Users\user\Downloads\SupremeLLTestSubWeb-Medium.woff2.crdownload
|
Web Open Font Format (Version 2), TrueType, length 28319, version 3.66
|
dropped
|
||
|
Chrome Cache Entry: 47
|
Web Open Font Format (Version 2), TrueType, length 28319, version 3.66
|
downloaded
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2360 --field-trial-handle=2168,i,15104771224958868918,13712037630410875883,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.paypalobjects.com/digitalassets/c/system-triggered-email/n/layout/fonts/SupremeLL/SupremeLLTestSubWeb-Medium.woff2"
|
||
|
C:\Windows\System32\OpenWith.exe
|
C:\Windows\system32\OpenWith.exe -Embedding
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://www.paypalobjects.com/digitalassets/c/system-triggered-email/n/layout/fonts/SupremeLL/SupremeLLTestSubWeb-Medium.woff2
|
|||
|
https://www.paypalobjects.com/digitalassets/c/system-triggered-email/n/layout/fonts/SupremeLL/SupremeLLTestSubWeb-Medium.woff2
|
151.101.195.1
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
paypal-dynamic-cdn.map.fastly.net
|
151.101.195.1
|
||
|
www.google.com
|
142.250.186.100
|
||
|
198.187.3.20.in-addr.arpa
|
unknown
|
||
|
www.paypalobjects.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
151.101.195.1
|
paypal-dynamic-cdn.map.fastly.net
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
192.168.2.23
|
unknown
|
unknown
|
||
|
142.250.186.100
|
www.google.com
|
United States
|
||
|
142.250.185.100
|
unknown
|
United States
|
||
|
192.168.2.4
|
unknown
|
unknown
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1F080FE000
|
stack
|
page read and write
|
||
|
1F0807E000
|
stack
|
page read and write
|
||
|
1B07BFF8000
|
heap
|
page read and write
|
||
|
1B07BFF0000
|
heap
|
page read and write
|
||
|
1B07C01E000
|
heap
|
page read and write
|
||
|
1B07BEE0000
|
heap
|
page read and write
|
||
|
1B07BFC0000
|
heap
|
page read and write
|
||
|
1B07C025000
|
heap
|
page read and write
|
||
|
1B07C01C000
|
heap
|
page read and write
|
||
|
1F07FFE000
|
stack
|
page read and write
|
||
|
1B07C025000
|
heap
|
page read and write
|
||
|
1B07C00C000
|
heap
|
page read and write
|
||
|
1B07DAC0000
|
heap
|
page read and write
|
||
|
1F07F7F000
|
stack
|
page read and write
|
||
|
1B07C025000
|
heap
|
page read and write
|
||
|
1B07C022000
|
heap
|
page read and write
|
||
|
1B07C011000
|
heap
|
page read and write
|
||
|
1B07C021000
|
heap
|
page read and write
|
||
|
1F07EFF000
|
stack
|
page read and write
|
||
|
1B07D8A0000
|
heap
|
page read and write
|
||
|
1B07D9B0000
|
heap
|
page read and write
|
||
|
1B07C025000
|
heap
|
page read and write
|
||
|
1B07D9B5000
|
heap
|
page read and write
|
||
|
1F07E7A000
|
stack
|
page read and write
|
There are 14 hidden memdumps, click here to show them.