Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\Users\user\Downloads\55a9d7862d5de5084903c7ae3adf5dff.zip (copy)
|
Zip archive data, at least v22.6 to extract, compression method=[0xffffa685]
|
dropped
|
 |
|
|
C:\Users\user\Downloads\55a9d7862d5de5084903c7ae3adf5dff.zip.crdownload
|
Zip archive data, at least v22.6 to extract, compression method=[0xffffa685]
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 08:09:43 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 08:09:43 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 08:09:43 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 08:09:43 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 08:09:42 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
Chrome Cache Entry: 58
|
ASCII text, with very long lines (3746)
|
downloaded
|
||
|
Chrome Cache Entry: 59
|
Zip archive data, at least v22.6 to extract, compression method=[0xffffa685]
|
downloaded
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
|
|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1980,i,10027575918938416306,16167855775297127617,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
|
|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.coolcatalogue.eu/np/cool2024/hu/files/content-page/55a9d7862d5de5084903c7ae3adf5dff.zip"
|
|
|
|
C:\Windows\System32\rundll32.exe
|
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6}
-Embedding
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.coolcatalogue.eu/np/cool2024/hu/files/content-page/55a9d7862d5de5084903c7ae3adf5dff.zip
|
|
||
|
http://www.coolcatalogue.eu/np/cool2024/hu/files/content-page/55a9d7862d5de5084903c7ae3adf5dff.zip
|
95.131.50.86
|
|
|
|
https://cool-catalogue.eu/np/cool2024/hu/files/content-page/55a9d7862d5de5084903c7ae3adf5dff.zip
|
95.131.50.86
|
|
|
|
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
|
142.250.184.228
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
cool-catalogue.eu
|
95.131.50.86
|
|
|
|
coolcatalogue.eu
|
95.131.50.86
|
|
|
|
google.com
|
142.250.184.206
|
||
|
www.google.com
|
142.250.184.228
|
||
|
www.coolcatalogue.eu
|
unknown
|
||
|
cool-catalogue.eunp
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.168.2.16
|
unknown
|
unknown
|
|
|
|
95.131.50.86
|
cool-catalogue.eu
|
Hungary
|
|
|
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
192.168.2.23
|
unknown
|
unknown
|
||
|
142.250.184.228
|
www.google.com
|
United States
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1613B2C0000
|
heap
|
page read and write
|
||
|
16139690000
|
heap
|
page read and write
|
||
|
E8D27F000
|
stack
|
page read and write
|
||
|
16139809000
|
heap
|
page read and write
|
||
|
16139770000
|
heap
|
page read and write
|
||
|
16139985000
|
heap
|
page read and write
|
||
|
16139800000
|
heap
|
page read and write
|
||
|
16139790000
|
heap
|
page read and write
|
||
|
E8CF2C000
|
stack
|
page read and write
|
||
|
E8D2FE000
|
stack
|
page read and write
|
||
|
16139980000
|
heap
|
page read and write
|
||
|
E8CFAE000
|
stack
|
page read and write
|
There are 2 hidden memdumps, click here to show them.