Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\Users\user\Downloads\2023.COMPLETE.TAX.ORGANIZER.pdf.zip (copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
 |
|
|
C:\Users\user\AppData\Local\Temp\unarchiver.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Downloads\2023.COMPLETE.TAX.ORGANIZER.pdf.zip.crdownload
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
Chrome Cache Entry: 112
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
downloaded
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
|
|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2348 --field-trial-handle=2252,i,13871954328584237351,9321467045505007009,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
|
|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://github.com/Edoumou/T-Grant/files/15404347/2023.COMPLETE.TAX.ORGANIZER.pdf.zip"
|
|
|
|
C:\Windows\SysWOW64\unarchiver.exe
|
"C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\2023.COMPLETE.TAX.ORGANIZER.pdf.zip"
|
||
|
C:\Windows\SysWOW64\7za.exe
|
"C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\rayjctaq.dmw" "C:\Users\user\Downloads\2023.COMPLETE.TAX.ORGANIZER.pdf.zip"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://github.com/Edoumou/T-Grant/files/15404347/2023.COMPLETE.TAX.ORGANIZER.pdf.zip
|
|
||
|
https://github.com/Edoumou/T-Grant/files/15404347/2023.COMPLETE.TAX.ORGANIZER.pdf.zip
|
140.82.121.3
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
github.com
|
140.82.121.3
|
||
|
www.google.com
|
142.250.185.68
|
||
|
objects.githubusercontent.com
|
185.199.111.133
|
||
|
fp2e7a.wpc.phicdn.net
|
192.229.221.95
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
142.250.185.68
|
www.google.com
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
140.82.121.3
|
github.com
|
United States
|
||
|
192.168.2.4
|
unknown
|
unknown
|
||
|
185.199.111.133
|
objects.githubusercontent.com
|
Netherlands
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1307000
|
heap
|
page read and write
|
||
|
8FD000
|
stack
|
page read and write
|
||
|
34A2000
|
trusted library allocation
|
page read and write
|
||
|
598E000
|
stack
|
page read and write
|
||
|
BF0000
|
trusted library allocation
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
4421000
|
trusted library allocation
|
page read and write
|
||
|
1732000
|
trusted library allocation
|
page execute and read and write
|
||
|
1240000
|
heap
|
page read and write
|
||
|
950000
|
heap
|
page read and write
|
||
|
17CE000
|
stack
|
page read and write
|
||
|
1235000
|
heap
|
page read and write
|
||
|
1230000
|
heap
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
57AD000
|
stack
|
page read and write
|
||
|
55D0000
|
trusted library allocation
|
page read and write
|
||
|
345C000
|
trusted library allocation
|
page read and write
|
||
|
960000
|
heap
|
page read and write
|
||
|
FB9000
|
stack
|
page read and write
|
||
|
3498000
|
trusted library allocation
|
page read and write
|
||
|
178B000
|
trusted library allocation
|
page execute and read and write
|
||
|
1762000
|
trusted library allocation
|
page execute and read and write
|
||
|
174C000
|
trusted library allocation
|
page execute and read and write
|
||
|
2750000
|
heap
|
page read and write
|
||
|
129E000
|
heap
|
page read and write
|
||
|
56AE000
|
stack
|
page read and write
|
||
|
1720000
|
trusted library allocation
|
page read and write
|
||
|
34B3000
|
trusted library allocation
|
page read and write
|
||
|
3479000
|
trusted library allocation
|
page read and write
|
||
|
1787000
|
trusted library allocation
|
page execute and read and write
|
||
|
174A000
|
trusted library allocation
|
page execute and read and write
|
||
|
34C9000
|
trusted library allocation
|
page read and write
|
||
|
34CC000
|
trusted library allocation
|
page read and write
|
||
|
34B8000
|
trusted library allocation
|
page read and write
|
||
|
3484000
|
trusted library allocation
|
page read and write
|
||
|
B8E000
|
stack
|
page read and write
|
||
|
55E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
34B0000
|
trusted library allocation
|
page read and write
|
||
|
EBC000
|
stack
|
page read and write
|
||
|
34BE000
|
trusted library allocation
|
page read and write
|
||
|
7F9C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1290000
|
heap
|
page read and write
|
||
|
DAE000
|
stack
|
page read and write
|
||
|
1742000
|
trusted library allocation
|
page execute and read and write
|
||
|
12CF000
|
heap
|
page read and write
|
||
|
BCE000
|
stack
|
page read and write
|
||
|
34A5000
|
trusted library allocation
|
page read and write
|
||
|
30DE000
|
stack
|
page read and write
|
||
|
5BCE000
|
stack
|
page read and write
|
||
|
34AD000
|
trusted library allocation
|
page read and write
|
||
|
16E0000
|
heap
|
page read and write
|
||
|
58EA000
|
stack
|
page read and write
|
||
|
2740000
|
heap
|
page read and write
|
||
|
57ED000
|
stack
|
page read and write
|
||
|
34BB000
|
trusted library allocation
|
page read and write
|
||
|
1220000
|
heap
|
page read and write
|
||
|
1740000
|
trusted library allocation
|
page read and write
|
||
|
988000
|
heap
|
page read and write
|
||
|
176A000
|
trusted library allocation
|
page execute and read and write
|
||
|
5ACE000
|
stack
|
page read and write
|
||
|
5A8E000
|
stack
|
page read and write
|
||
|
34C1000
|
trusted library allocation
|
page read and write
|
||
|
348C000
|
trusted library allocation
|
page read and write
|
||
|
FBB000
|
stack
|
page read and write
|
||
|
2752000
|
heap
|
page read and write
|
||
|
16D0000
|
heap
|
page execute and read and write
|
||
|
1780000
|
trusted library allocation
|
page read and write
|
||
|
1830000
|
heap
|
page read and write
|
||
|
5EC000
|
stack
|
page read and write
|
||
|
2745000
|
heap
|
page read and write
|
||
|
346C000
|
trusted library allocation
|
page read and write
|
||
|
181E000
|
stack
|
page read and write
|
||
|
EAF000
|
stack
|
page read and write
|
||
|
12F8000
|
heap
|
page read and write
|
||
|
FB6000
|
stack
|
page read and write
|
||
|
34CF000
|
trusted library allocation
|
page read and write
|
||
|
34C6000
|
trusted library allocation
|
page read and write
|
||
|
129B000
|
heap
|
page read and write
|
||
|
3468000
|
trusted library allocation
|
page read and write
|
||
|
3450000
|
trusted library allocation
|
page read and write
|
||
|
1770000
|
heap
|
page read and write
|
||
|
55BE000
|
stack
|
page read and write
|
||
|
345E000
|
trusted library allocation
|
page read and write
|
||
|
349B000
|
trusted library allocation
|
page read and write
|
||
|
173A000
|
trusted library allocation
|
page execute and read and write
|
||
|
3473000
|
trusted library allocation
|
page read and write
|
||
|
34AA000
|
trusted library allocation
|
page read and write
|
||
|
12B8000
|
heap
|
page read and write
|
||
|
3421000
|
trusted library allocation
|
page read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
1570000
|
heap
|
page read and write
|
There are 81 hidden memdumps, click here to show them.