Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\Users\user\Downloads\513954456.dps_tax_gov_ua_176226535.rar (copy)
|
RAR archive data, v5
|
dropped
|
 |
|
|
C:\Users\user\AppData\Local\Temp\qesg00jw.bsa\dps_tax_gov_ua_0739220983\??????????? ????? ?????????? ?????????? ??????.zip
|
Zip archive data, at least v1.0 to extract, compression method=store
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\unarchiver.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 13:24:58 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 13:24:58 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 13:24:57 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 13:24:58 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 13:24:57 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\Downloads\513954456.dps_tax_gov_ua_176226535.rar.crdownload
|
RAR archive data, v5
|
dropped
|
||
|
C:\Users\user\Downloads\6e90ac44-d9c0-4cda-8141-962b8854ae7c.tmp
|
RAR archive data, v5
|
dropped
|
||
|
Chrome Cache Entry: 64
|
RAR archive data, v5
|
downloaded
|
There are 3 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
|
|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1928,i,16173882429876364777,7260947151097184909,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
|
|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://qaz.is/load/sbKAaA/3f17f87a-a234-409b-bbd0-744b84a6a8a2"
|
|
|
|
C:\Windows\SysWOW64\unarchiver.exe
|
"C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\513954456.dps_tax_gov_ua_176226535.rar"
|
||
|
C:\Windows\SysWOW64\7za.exe
|
"C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\qesg00jw.bsa" "C:\Users\user\Downloads\513954456.dps_tax_gov_ua_176226535.rar"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://qaz.is/load/sbKAaA/3f17f87a-a234-409b-bbd0-744b84a6a8a2
|
|||
|
https://qaz.is/load/sbKAaA/3f17f87a-a234-409b-bbd0-744b84a6a8a2
|
80.87.203.251
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
s-part-0017.t-0009.t-msedge.net
|
13.107.246.45
|
||
|
www.google.com
|
142.250.186.132
|
||
|
qaz.is
|
80.87.203.251
|
||
|
fp2e7a.wpc.phicdn.net
|
192.229.221.95
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
80.87.203.251
|
qaz.is
|
Russian Federation
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
142.250.186.132
|
www.google.com
|
United States
|
||
|
192.168.2.5
|
unknown
|
unknown
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
A40000
|
trusted library allocation
|
page read and write
|
||
|
36D1000
|
trusted library allocation
|
page read and write
|
||
|
58C000
|
heap
|
page read and write
|
||
|
650000
|
heap
|
page read and write
|
||
|
85C000
|
trusted library allocation
|
page execute and read and write
|
||
|
A50000
|
trusted library allocation
|
page execute and read and write
|
||
|
2742000
|
trusted library allocation
|
page read and write
|
||
|
2747000
|
trusted library allocation
|
page read and write
|
||
|
12F0000
|
heap
|
page read and write
|
||
|
271A000
|
trusted library allocation
|
page read and write
|
||
|
830000
|
trusted library allocation
|
page read and write
|
||
|
55E000
|
heap
|
page read and write
|
||
|
4F6000
|
stack
|
page read and write
|
||
|
2750000
|
trusted library allocation
|
page read and write
|
||
|
82F000
|
stack
|
page read and write
|
||
|
15F0000
|
heap
|
page read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
1180000
|
heap
|
page read and write
|
||
|
14C000
|
stack
|
page read and write
|
||
|
2DF0000
|
heap
|
page read and write
|
||
|
2730000
|
trusted library allocation
|
page read and write
|
||
|
113D000
|
stack
|
page read and write
|
||
|
273B000
|
trusted library allocation
|
page read and write
|
||
|
15EF000
|
stack
|
page read and write
|
||
|
8DE000
|
stack
|
page read and write
|
||
|
14EF000
|
stack
|
page read and write
|
||
|
2754000
|
trusted library allocation
|
page read and write
|
||
|
55B000
|
heap
|
page read and write
|
||
|
2700000
|
trusted library allocation
|
page read and write
|
||
|
2DB0000
|
heap
|
page read and write
|
||
|
84A000
|
trusted library allocation
|
page execute and read and write
|
||
|
A60000
|
heap
|
page read and write
|
||
|
4BAE000
|
stack
|
page read and write
|
||
|
1190000
|
heap
|
page read and write
|
||
|
492E000
|
stack
|
page read and write
|
||
|
47CF000
|
stack
|
page read and write
|
||
|
4A2D000
|
stack
|
page read and write
|
||
|
4FB000
|
stack
|
page read and write
|
||
|
4B6E000
|
stack
|
page read and write
|
||
|
B6E000
|
stack
|
page read and write
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
274A000
|
trusted library allocation
|
page read and write
|
||
|
2720000
|
trusted library allocation
|
page read and write
|
||
|
87A000
|
trusted library allocation
|
page execute and read and write
|
||
|
4DEF000
|
stack
|
page read and write
|
||
|
273F000
|
trusted library allocation
|
page read and write
|
||
|
270C000
|
trusted library allocation
|
page read and write
|
||
|
12AE000
|
stack
|
page read and write
|
||
|
85A000
|
trusted library allocation
|
page execute and read and write
|
||
|
4A6E000
|
stack
|
page read and write
|
||
|
576000
|
heap
|
page read and write
|
||
|
2725000
|
trusted library allocation
|
page read and write
|
||
|
872000
|
trusted library allocation
|
page execute and read and write
|
||
|
270A000
|
trusted library allocation
|
page read and write
|
||
|
1B0000
|
heap
|
page read and write
|
||
|
897000
|
trusted library allocation
|
page execute and read and write
|
||
|
4CEE000
|
stack
|
page read and write
|
||
|
852000
|
trusted library allocation
|
page execute and read and write
|
||
|
980000
|
heap
|
page execute and read and write
|
||
|
842000
|
trusted library allocation
|
page execute and read and write
|
||
|
12F7000
|
heap
|
page read and write
|
||
|
4CAE000
|
stack
|
page read and write
|
||
|
48CF000
|
stack
|
page read and write
|
||
|
26D1000
|
trusted library allocation
|
page read and write
|
||
|
850000
|
trusted library allocation
|
page read and write
|
||
|
103C000
|
stack
|
page read and write
|
||
|
2DE0000
|
heap
|
page read and write
|
||
|
4F9000
|
stack
|
page read and write
|
||
|
96E000
|
stack
|
page read and write
|
||
|
2DC0000
|
trusted library allocation
|
page read and write
|
||
|
12EE000
|
stack
|
page read and write
|
||
|
89B000
|
trusted library allocation
|
page execute and read and write
|
||
|
92E000
|
stack
|
page read and write
|
||
|
2DE5000
|
heap
|
page read and write
|
||
|
7EFD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
53E000
|
stack
|
page read and write
|
||
|
2733000
|
trusted library allocation
|
page read and write
|
||
|
2736000
|
trusted library allocation
|
page read and write
|
||
|
880000
|
heap
|
page read and write
|
There are 70 hidden memdumps, click here to show them.