Edit tour

Windows Analysis Report
http://www.coolcatalogue.eu/np/cool2024/hu/files/content-page/55a9d7862d5de5084903c7ae3adf5dff.zip

Overview

General Information

Sample URL:	http://www.coolcatalogue.eu/np/cool2024/hu/files/content-page/55a9d7862d5de5084903c7ae3adf5dff.zip
Analysis ID:	1523255
Infos:

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Suricata IDS alerts for network traffic

Yara detected ZipBomb

Downloads suspicious files via Chrome

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6312 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6976 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1980,i,10027575918938416306,16167855775297127617,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6644 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.coolcatalogue.eu/np/cool2024/hu/files/content-page/55a9d7862d5de5084903c7ae3adf5dff.zip" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

rundll32.exe (PID: 3364 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_59	JoeSecurity_ZipBomb	Yara detected ZipBomb	Joe Security
C:\Users\user\Downloads\55a9d7862d5de5084903c7ae3adf5dff.zip.crdownload	JoeSecurity_ZipBomb	Yara detected ZipBomb	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

ET MALWARE Possible Andromeda download with fake Zip header (1)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-01T11:10:08.226755+0200	2018575	1	A Network Trojan was detected	95.131.50.86	443	192.168.2.16	49717	TCP

ET MALWARE Possible Andromeda download with fake Zip header (2)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-01T11:10:08.226755+0200	2018576	1	A Network Trojan was detected	95.131.50.86	443	192.168.2.16	49717	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49719 version: TLS 1.2

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2018575 - Severity 1 - ET MALWARE Possible Andromeda download with fake Zip header (1) : 95.131.50.86:443 -> 192.168.2.16:49717
Source: Network traffic	Suricata IDS: 2018576 - Severity 1 - ET MALWARE Possible Andromeda download with fake Zip header (2) : 95.131.50.86:443 -> 192.168.2.16:49717

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=HStgZT61zEMDeuT&MD=2EwErSAk HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /np/cool2024/hu/files/content-page/55a9d7862d5de5084903c7ae3adf5dff.zip HTTP/1.1Host: cool-catalogue.euConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=HStgZT61zEMDeuT&MD=2EwErSAk HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /np/cool2024/hu/files/content-page/55a9d7862d5de5084903c7ae3adf5dff.zip HTTP/1.1Host: www.coolcatalogue.euConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.coolcatalogue.eu
Source: global traffic	DNS traffic detected: DNS query: cool-catalogue.eunp
Source: global traffic	DNS traffic detected: DNS query: google.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: cool-catalogue.eu

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49719 version: TLS 1.2

System Summary

Downloads suspicious files via Chrome

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File dump: C:\Users\user\Downloads\55a9d7862d5de5084903c7ae3adf5dff.zip (copy)

Jump to dropped file

Source: classification engine

Classification label: mal60.evad.win@25/12@24/5

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: C:\Windows\System32\rundll32.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1980,i,10027575918938416306,16167855775297127617,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.coolcatalogue.eu/np/cool2024/hu/files/content-page/55a9d7862d5de5084903c7ae3adf5dff.zip"
Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1980,i,10027575918938416306,16167855775297127617,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Windows\System32\rundll32.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Yara detected ZipBomb

Source: Yara match	File source: dropped/chromecache_59, type: DROPPED
Source: Yara match	File source: C:\Users\user\Downloads\55a9d7862d5de5084903c7ae3adf5dff.zip.crdownload, type: DROPPED

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Rundll32	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Process Injection	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
google.com	142.250.184.206	true	false	unknown
cool-catalogue.eu	95.131.50.86	true	true	unknown
www.google.com	142.250.184.228	true	false	unknown
coolcatalogue.eu	95.131.50.86	true	true	unknown
www.coolcatalogue.eu	unknown	unknown	false	unknown
cool-catalogue.eunp	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://www.coolcatalogue.eu/np/cool2024/hu/files/content-page/55a9d7862d5de5084903c7ae3adf5dff.zip	true		unknown
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	0%, Virustotal, Browse	unknown
https://cool-catalogue.eu/np/cool2024/hu/files/content-page/55a9d7862d5de5084903c7ae3adf5dff.zip	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.184.228	www.google.com	United States	15169	GOOGLEUS	false
95.131.50.86	cool-catalogue.eu	Hungary	12301	INVITECHHU	true

Private

IP
192.168.2.23
192.168.2.16

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1523255
Start date and time:	2024-10-01 11:09:10 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 31s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	http://www.coolcatalogue.eu/np/cool2024/hu/files/content-page/55a9d7862d5de5084903c7ae3adf5dff.zip
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	16
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal60.evad.win@25/12@24/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.99, 74.125.133.84, 142.250.186.174, 34.104.35.123, 172.217.18.3, 172.217.16.206
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 08:09:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9777605293666114
Encrypted:	false
SSDEEP:	48:8jd3TvyI4H/idAKZdA1FehwiZUklqehs5y+3:8NGI4jy
MD5:	8C552AE349D0CC45C0E43759392FC996
SHA1:	48C1C51A6D614261FC1B81FC3D297341382DDCF8
SHA-256:	33FC4841661C9E87B625B8A03A4ED6C6F36EA16FB8C6EA36BD65978DA023D69A
SHA-512:	DCB023B26383B4B51E8B01164EBBF23904226715723A0A769F2778770A80979420E36795FF8F9802090AE1D2C8AC09B4A9586BCF929BCD051089B3246D17EE9D
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....5.3.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IAY+I....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VAY5I....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VAY5I....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VAY5I..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VAY6I...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........}T.E.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 08:09:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	3.9937751319032713
Encrypted:	false
SSDEEP:	48:8gd3TvyI4H/idAKZdA1seh/iZUkAQkqehh5y+2:8UGIO9Qey
MD5:	AB3922947368C1D7B5E9AD9CCFE60C03
SHA1:	C5DBDFE6B766C1D1A15E4531C9ADD7321DCE498A
SHA-256:	40B83E08EFB4BC6EDF2C03D29C390A6D5A50001B91C3FD43FEC14679257E8DD7
SHA-512:	8323C3463A00CCF0496E5882490077B97C4723533BBBDD9E6094C15BDEAD794F8ADADCEAD68380D0DDF2BE54DF1CA7417AA25374B8631F8964E799A3FBB0A285
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....J.(.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IAY+I....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VAY5I....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VAY5I....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VAY5I..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VAY6I...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........}T.E.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.003926989118602
Encrypted:	false
SSDEEP:	48:8ad3TvyIAH/idAKZdA14meh7sFiZUkmgqeh7sf5y+BX:8OGIin3y
MD5:	D3863DEB9DF5D56E631E96C015052876
SHA1:	CF425ADE33CD7EE62306629EEA9A7DA908F5E3EF
SHA-256:	822AA789332E5C732848EF8E8AE3526E2BFEEEB063A2976F5C9344EDDAA0EACF
SHA-512:	7616EA467A38C682FAF218B1A51A94C869B54167E87957D4D76FE6261A507DB9195FF38B3B7FBF3187143BD7939631F77479EEAC49835990CC56B6086D4D167A
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IAY+I....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VAY5I....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VAY5I....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VAY5I..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........}T.E.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 08:09:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9905768173934075
Encrypted:	false
SSDEEP:	48:82Sd3TvyI4H/idAKZdA1TehDiZUkwqehl5y+R:82WGIl5y
MD5:	B30D7E7C242B25BD657C36555ED5B010
SHA1:	49EFDD4E938861EB6B7AA034E9FCE7837E975EEB
SHA-256:	97D3C75DF50141B43F50501B8816A5A98FBA5411041DAF156A176FA1D0F617EB
SHA-512:	E6677395A6024408FAB0AA964C728700513156C304EAF883C88A4F978FBD2A14A4413261EF665847420B5E8EB2B8212D9715ACF173A321CCEF4B7CF273AAEAE3
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....1.".....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IAY+I....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VAY5I....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VAY5I....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VAY5I..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VAY6I...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........}T.E.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 08:09:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9797142983392724
Encrypted:	false
SSDEEP:	48:85d3TvyI4H/idAKZdA1dehBiZUk1W1qehb5y+C:87GIV9ly
MD5:	1B5C13AB8B2F719E4F6E3DEBA4AE4DE0
SHA1:	B68DC47B4C57FB6AAE2BE2DED7E8B70368DB5768
SHA-256:	CBA7C19371DBDC4563653EDA9880537AC4AF18B1DC66EDE104A07402CF8CB56D
SHA-512:	B1E9DF588C06FDF6FA11799C7A0DEC4BE127A38EBCB1E73521894242C766A2A25ED8F848F637F363B1093BAE722DB874AFBFA996E16712657BD101A7676C555F
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....Q......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IAY+I....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VAY5I....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VAY5I....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VAY5I..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VAY6I...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........}T.E.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 08:09:42 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.990159824087372
Encrypted:	false
SSDEEP:	48:8/K+d3TvyI4H/idAKZdA1duTeehOuTbbiZUk5OjqehOuTbd5y+yT+:8/KaGIdTfTbxWOvTb3y7T
MD5:	9230ED277524C54AC9DE3F4094A6F8D7
SHA1:	48482763C1E239CA4818446C26211C76F0683A35
SHA-256:	27267A41AC1BA07025CEAC8D24F5B21E390B5EED420DF3AB4167EE998DD700AB
SHA-512:	C5A12AA6ABFF441212BFB5B601DB4DA779567266FD1DF1EC5FF823B815725A1C65B2773B8C50768E36CF3F78D7C627D8E2DB6F81BC787DA7099C6343CCC0D747
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,............N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IAY+I....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VAY5I....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VAY5I....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VAY5I..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VAY6I...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........}T.E.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\Downloads\55a9d7862d5de5084903c7ae3adf5dff.zip (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zip archive data, at least v22.6 to extract, compression method=[0xffffa685]
Category:	dropped
Size (bytes):	133611
Entropy (8bit):	7.960021636413181
Encrypted:	false
SSDEEP:	3072:KTNtt8NHkV9i2wITzGbhfooJ4hTFCNvoQz3+rXC80dRW0OzqnFa6:KTHeNE7U4zGbhfLJyFcvl3+TC80dRWze
MD5:	CFF2C29ADBF021D690ACF2586841C1CD
SHA1:	7F68C8159C5046843EE4B6B2A5AD048C91EB2DB6
SHA-256:	35299AE86DAAD35B36A710CAD99F60AD23A18666AEE1468A41136DB5B4E754CC
SHA-512:	83E23801BF24D73D5F63EB138F6B8B8257260A89E04F8E0AA5FF5EC2A8DCF80F8CEC2F4820A0E8FFC80CE1A8AE302CB48BC352D6F03ECBD58EF9213F343DED86
Malicious:	true
Reputation:	low
Preview:	PK................../.....Q.....N..&..n.S.....Q...%................/..~.....Y........Z........Z.:^...m..w.mA...f...H...#......./...............H...X............................e....%..............m........?..T...B...%W...H....%.........C%..q...).K.....x........d..(^............O...c..............................$.....................r..E..z................/...........

C:\Users\user\Downloads\55a9d7862d5de5084903c7ae3adf5dff.zip.crdownload

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zip archive data, at least v22.6 to extract, compression method=[0xffffa685]
Category:	dropped
Size (bytes):	133611
Entropy (8bit):	7.960021636413181
Encrypted:	false
SSDEEP:	3072:KTNtt8NHkV9i2wITzGbhfooJ4hTFCNvoQz3+rXC80dRW0OzqnFa6:KTHeNE7U4zGbhfLJyFcvl3+TC80dRWze
MD5:	CFF2C29ADBF021D690ACF2586841C1CD
SHA1:	7F68C8159C5046843EE4B6B2A5AD048C91EB2DB6
SHA-256:	35299AE86DAAD35B36A710CAD99F60AD23A18666AEE1468A41136DB5B4E754CC
SHA-512:	83E23801BF24D73D5F63EB138F6B8B8257260A89E04F8E0AA5FF5EC2A8DCF80F8CEC2F4820A0E8FFC80CE1A8AE302CB48BC352D6F03ECBD58EF9213F343DED86
Malicious:	true
Yara Hits:	Rule: JoeSecurity_ZipBomb, Description: Yara detected ZipBomb, Source: C:\Users\user\Downloads\55a9d7862d5de5084903c7ae3adf5dff.zip.crdownload, Author: Joe Security
Reputation:	low
Preview:	PK................../.....Q.....N..&..n.S.....Q...%................/..~.....Y........Z........Z.:^...m..w.mA...f...H...#......./...............H...X............................e....%..............m........?..T...B...%W...H....%.........C%..q...).K.....x........d..(^............O...c..............................$.....................r..E..z................/...........

Chrome Cache Entry: 58

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3746)
Category:	downloaded
Size (bytes):	3751
Entropy (8bit):	5.851433785290175
Encrypted:	false
SSDEEP:	96:HilizH6666nVdr7bmHHgbwf/q61TyoWdNO57dsRBqfD22X9dfQfffo:HQQH6666nfr273q61WOrsmD2+91
MD5:	CAEA04B5622F8B636924A5B00F164605
SHA1:	EFF5EFF815E3F49EE2B53BD7BCB803E24815E791
SHA-256:	86FEF94A1A33261C5566EC88EE5FB8A202A11496C2874B1C45157ADEB05E7740
SHA-512:	5AFAE1DDA3E1F5C091E2A334554C70A13ADCF723E67A46142841F5782F1627F7AC4074C7D36F86F2C7624C090BFB80AF9442F6996D821F2008E2E7A4F04E0997
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["nyt strands hints","college football rankings","megalopolis movie francis ford coppola","social security cola increase 2025","earth mini moon asteroid","st louis cardinals press conference","october ssi payment social security","winter arc challenge"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"google:entityinfo":"Cg0vZy8xMWZ3NTR2eTFmEhlNZWdhbG9wb2xpcyDigJQgMjAyNCBmaWxtMs8PZGF0YTppbWFnZS9qcGVnO2Jhc2U2NCwvOWovNEFBUVNrWkpSZ0FCQVFBQUFRQUJBQUQvMndDRUFBa0dCd2dIQmdrSUJ3Z0tDZ2tMRFJZUERRd01EUnNVRlJBV0lCMGlJaUFkSHg4a0tEUXNKQ1l4Sng4ZkxUMHRNVFUzT2pvNkl5cy9SRDg0UXpRNU9qY0JDZ29LRFF3TkdnOFBHamNsSHlVM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOLy9BQUJFSUFFQUFRQU1CSWdBQ0VRRURFUUgveEFBYkFBQURBUUVCQVFFQUFBQUFBQUFBQUFBREJRWUhCQUlCQVAvRUFEZ1FBQUlCQWdRREJBY0ZDUUFBQUFBQUFBRUNBd1FSQUFVU0lRWXhRU0pSWVhFVFFvR1JzY

Chrome Cache Entry: 59

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zip archive data, at least v22.6 to extract, compression method=[0xffffa685]
Category:	downloaded
Size (bytes):	133611
Entropy (8bit):	7.960021636413181
Encrypted:	false
SSDEEP:	3072:KTNtt8NHkV9i2wITzGbhfooJ4hTFCNvoQz3+rXC80dRW0OzqnFa6:KTHeNE7U4zGbhfLJyFcvl3+TC80dRWze
MD5:	CFF2C29ADBF021D690ACF2586841C1CD
SHA1:	7F68C8159C5046843EE4B6B2A5AD048C91EB2DB6
SHA-256:	35299AE86DAAD35B36A710CAD99F60AD23A18666AEE1468A41136DB5B4E754CC
SHA-512:	83E23801BF24D73D5F63EB138F6B8B8257260A89E04F8E0AA5FF5EC2A8DCF80F8CEC2F4820A0E8FFC80CE1A8AE302CB48BC352D6F03ECBD58EF9213F343DED86
Malicious:	false
Reputation:	low
URL:	https://cool-catalogue.eu/np/cool2024/hu/files/content-page/55a9d7862d5de5084903c7ae3adf5dff.zip
Preview:	PK................../.....Q.....N..&..n.S.....Q...%................/..~.....Y........Z........Z.:^...m..w.mA...f...H...#......./...............H...X............................e....%..............m........?..T...B...%W...H....%.........C%..q...).K.....x........d..(^............O...c..............................$.....................r..E..z................/...........

Static File Info

⊘No static file info

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-01T11:10:08.226755+0200	2018575	ET MALWARE Possible Andromeda download with fake Zip header (1)	1	95.131.50.86	443	192.168.2.16	49717	TCP
2024-10-01T11:10:08.226755+0200	2018576	ET MALWARE Possible Andromeda download with fake Zip header (2)	1	95.131.50.86	443	192.168.2.16	49717	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 1, 2024 11:09:42.627710104 CEST	49706	80	192.168.2.16	95.131.50.86
Oct 1, 2024 11:09:42.627985954 CEST	49707	80	192.168.2.16	95.131.50.86
Oct 1, 2024 11:09:42.632641077 CEST	80	49706	95.131.50.86	192.168.2.16
Oct 1, 2024 11:09:42.632731915 CEST	49706	80	192.168.2.16	95.131.50.86
Oct 1, 2024 11:09:42.632791042 CEST	80	49707	95.131.50.86	192.168.2.16
Oct 1, 2024 11:09:42.632848978 CEST	49707	80	192.168.2.16	95.131.50.86
Oct 1, 2024 11:09:42.632910013 CEST	49706	80	192.168.2.16	95.131.50.86
Oct 1, 2024 11:09:42.637643099 CEST	80	49706	95.131.50.86	192.168.2.16
Oct 1, 2024 11:09:42.942648888 CEST	49673	443	192.168.2.16	204.79.197.203
Oct 1, 2024 11:09:43.245623112 CEST	49673	443	192.168.2.16	204.79.197.203
Oct 1, 2024 11:09:43.279963017 CEST	80	49706	95.131.50.86	192.168.2.16
Oct 1, 2024 11:09:43.324620008 CEST	49706	80	192.168.2.16	95.131.50.86
Oct 1, 2024 11:09:43.850605965 CEST	49673	443	192.168.2.16	204.79.197.203
Oct 1, 2024 11:09:45.053597927 CEST	49673	443	192.168.2.16	204.79.197.203
Oct 1, 2024 11:09:45.696803093 CEST	49689	80	192.168.2.16	192.229.211.108
Oct 1, 2024 11:09:46.515677929 CEST	49711	443	192.168.2.16	142.250.184.228
Oct 1, 2024 11:09:46.515738964 CEST	443	49711	142.250.184.228	192.168.2.16
Oct 1, 2024 11:09:46.515913963 CEST	49711	443	192.168.2.16	142.250.184.228
Oct 1, 2024 11:09:46.516195059 CEST	49711	443	192.168.2.16	142.250.184.228
Oct 1, 2024 11:09:46.516206980 CEST	443	49711	142.250.184.228	192.168.2.16
Oct 1, 2024 11:09:47.158607006 CEST	443	49711	142.250.184.228	192.168.2.16
Oct 1, 2024 11:09:47.158937931 CEST	49711	443	192.168.2.16	142.250.184.228
Oct 1, 2024 11:09:47.158967972 CEST	443	49711	142.250.184.228	192.168.2.16
Oct 1, 2024 11:09:47.160022974 CEST	443	49711	142.250.184.228	192.168.2.16
Oct 1, 2024 11:09:47.160092115 CEST	49711	443	192.168.2.16	142.250.184.228
Oct 1, 2024 11:09:47.161570072 CEST	49711	443	192.168.2.16	142.250.184.228
Oct 1, 2024 11:09:47.161674976 CEST	443	49711	142.250.184.228	192.168.2.16
Oct 1, 2024 11:09:47.206561089 CEST	49711	443	192.168.2.16	142.250.184.228
Oct 1, 2024 11:09:47.206590891 CEST	443	49711	142.250.184.228	192.168.2.16
Oct 1, 2024 11:09:47.254576921 CEST	49711	443	192.168.2.16	142.250.184.228
Oct 1, 2024 11:09:47.462579966 CEST	49673	443	192.168.2.16	204.79.197.203
Oct 1, 2024 11:09:48.285478115 CEST	80	49706	95.131.50.86	192.168.2.16
Oct 1, 2024 11:09:48.285582066 CEST	49706	80	192.168.2.16	95.131.50.86
Oct 1, 2024 11:09:49.208048105 CEST	49713	443	192.168.2.16	184.28.90.27
Oct 1, 2024 11:09:49.208138943 CEST	443	49713	184.28.90.27	192.168.2.16
Oct 1, 2024 11:09:49.208239079 CEST	49713	443	192.168.2.16	184.28.90.27
Oct 1, 2024 11:09:49.209803104 CEST	49713	443	192.168.2.16	184.28.90.27
Oct 1, 2024 11:09:49.209839106 CEST	443	49713	184.28.90.27	192.168.2.16
Oct 1, 2024 11:09:49.420562029 CEST	49706	80	192.168.2.16	95.131.50.86
Oct 1, 2024 11:09:49.425407887 CEST	80	49706	95.131.50.86	192.168.2.16
Oct 1, 2024 11:09:49.848936081 CEST	443	49713	184.28.90.27	192.168.2.16
Oct 1, 2024 11:09:49.849034071 CEST	49713	443	192.168.2.16	184.28.90.27
Oct 1, 2024 11:09:49.852691889 CEST	49713	443	192.168.2.16	184.28.90.27
Oct 1, 2024 11:09:49.852708101 CEST	443	49713	184.28.90.27	192.168.2.16
Oct 1, 2024 11:09:49.852961063 CEST	443	49713	184.28.90.27	192.168.2.16
Oct 1, 2024 11:09:49.895539999 CEST	49713	443	192.168.2.16	184.28.90.27
Oct 1, 2024 11:09:49.943401098 CEST	443	49713	184.28.90.27	192.168.2.16
Oct 1, 2024 11:09:50.121067047 CEST	443	49713	184.28.90.27	192.168.2.16
Oct 1, 2024 11:09:50.121159077 CEST	443	49713	184.28.90.27	192.168.2.16
Oct 1, 2024 11:09:50.121270895 CEST	49713	443	192.168.2.16	184.28.90.27
Oct 1, 2024 11:09:50.121318102 CEST	49713	443	192.168.2.16	184.28.90.27
Oct 1, 2024 11:09:50.121318102 CEST	49713	443	192.168.2.16	184.28.90.27
Oct 1, 2024 11:09:50.121342897 CEST	443	49713	184.28.90.27	192.168.2.16
Oct 1, 2024 11:09:50.121355057 CEST	443	49713	184.28.90.27	192.168.2.16
Oct 1, 2024 11:09:50.164489985 CEST	49714	443	192.168.2.16	184.28.90.27
Oct 1, 2024 11:09:50.164520025 CEST	443	49714	184.28.90.27	192.168.2.16
Oct 1, 2024 11:09:50.164593935 CEST	49714	443	192.168.2.16	184.28.90.27
Oct 1, 2024 11:09:50.164979935 CEST	49714	443	192.168.2.16	184.28.90.27
Oct 1, 2024 11:09:50.164995909 CEST	443	49714	184.28.90.27	192.168.2.16
Oct 1, 2024 11:09:50.824398994 CEST	443	49714	184.28.90.27	192.168.2.16
Oct 1, 2024 11:09:50.824537992 CEST	49714	443	192.168.2.16	184.28.90.27
Oct 1, 2024 11:09:50.826307058 CEST	49714	443	192.168.2.16	184.28.90.27
Oct 1, 2024 11:09:50.826319933 CEST	443	49714	184.28.90.27	192.168.2.16
Oct 1, 2024 11:09:50.826585054 CEST	443	49714	184.28.90.27	192.168.2.16
Oct 1, 2024 11:09:50.828144073 CEST	49714	443	192.168.2.16	184.28.90.27
Oct 1, 2024 11:09:50.871432066 CEST	443	49714	184.28.90.27	192.168.2.16
Oct 1, 2024 11:09:51.112912893 CEST	49678	443	192.168.2.16	20.189.173.10
Oct 1, 2024 11:09:51.415568113 CEST	49678	443	192.168.2.16	20.189.173.10
Oct 1, 2024 11:09:51.415754080 CEST	443	49714	184.28.90.27	192.168.2.16
Oct 1, 2024 11:09:51.415832996 CEST	443	49714	184.28.90.27	192.168.2.16
Oct 1, 2024 11:09:51.417526007 CEST	49714	443	192.168.2.16	184.28.90.27
Oct 1, 2024 11:09:51.417596102 CEST	49714	443	192.168.2.16	184.28.90.27
Oct 1, 2024 11:09:51.417596102 CEST	49714	443	192.168.2.16	184.28.90.27
Oct 1, 2024 11:09:51.417634964 CEST	443	49714	184.28.90.27	192.168.2.16
Oct 1, 2024 11:09:51.417660952 CEST	443	49714	184.28.90.27	192.168.2.16
Oct 1, 2024 11:09:51.425332069 CEST	49715	443	192.168.2.16	4.245.163.56
Oct 1, 2024 11:09:51.425375938 CEST	443	49715	4.245.163.56	192.168.2.16
Oct 1, 2024 11:09:51.425571918 CEST	49715	443	192.168.2.16	4.245.163.56
Oct 1, 2024 11:09:51.427040100 CEST	49715	443	192.168.2.16	4.245.163.56
Oct 1, 2024 11:09:51.427050114 CEST	443	49715	4.245.163.56	192.168.2.16
Oct 1, 2024 11:09:52.021563053 CEST	49678	443	192.168.2.16	20.189.173.10
Oct 1, 2024 11:09:52.191577911 CEST	443	49715	4.245.163.56	192.168.2.16
Oct 1, 2024 11:09:52.191705942 CEST	49715	443	192.168.2.16	4.245.163.56
Oct 1, 2024 11:09:52.194330931 CEST	49715	443	192.168.2.16	4.245.163.56
Oct 1, 2024 11:09:52.194341898 CEST	443	49715	4.245.163.56	192.168.2.16
Oct 1, 2024 11:09:52.194720030 CEST	443	49715	4.245.163.56	192.168.2.16
Oct 1, 2024 11:09:52.245543003 CEST	49715	443	192.168.2.16	4.245.163.56
Oct 1, 2024 11:09:52.259062052 CEST	49715	443	192.168.2.16	4.245.163.56
Oct 1, 2024 11:09:52.277538061 CEST	49673	443	192.168.2.16	204.79.197.203
Oct 1, 2024 11:09:52.303419113 CEST	443	49715	4.245.163.56	192.168.2.16
Oct 1, 2024 11:09:52.511347055 CEST	443	49715	4.245.163.56	192.168.2.16
Oct 1, 2024 11:09:52.511368036 CEST	443	49715	4.245.163.56	192.168.2.16
Oct 1, 2024 11:09:52.511377096 CEST	443	49715	4.245.163.56	192.168.2.16
Oct 1, 2024 11:09:52.511404991 CEST	443	49715	4.245.163.56	192.168.2.16
Oct 1, 2024 11:09:52.511420965 CEST	443	49715	4.245.163.56	192.168.2.16
Oct 1, 2024 11:09:52.511429071 CEST	443	49715	4.245.163.56	192.168.2.16
Oct 1, 2024 11:09:52.511446953 CEST	49715	443	192.168.2.16	4.245.163.56
Oct 1, 2024 11:09:52.511460066 CEST	443	49715	4.245.163.56	192.168.2.16
Oct 1, 2024 11:09:52.511573076 CEST	49715	443	192.168.2.16	4.245.163.56
Oct 1, 2024 11:09:52.512171984 CEST	443	49715	4.245.163.56	192.168.2.16
Oct 1, 2024 11:09:52.512258053 CEST	49715	443	192.168.2.16	4.245.163.56
Oct 1, 2024 11:09:52.512264967 CEST	443	49715	4.245.163.56	192.168.2.16
Oct 1, 2024 11:09:52.512276888 CEST	443	49715	4.245.163.56	192.168.2.16
Oct 1, 2024 11:09:52.512332916 CEST	49715	443	192.168.2.16	4.245.163.56
Oct 1, 2024 11:09:52.524862051 CEST	49715	443	192.168.2.16	4.245.163.56
Oct 1, 2024 11:09:52.524862051 CEST	49715	443	192.168.2.16	4.245.163.56
Oct 1, 2024 11:09:52.524888039 CEST	443	49715	4.245.163.56	192.168.2.16
Oct 1, 2024 11:09:52.524899006 CEST	443	49715	4.245.163.56	192.168.2.16
Oct 1, 2024 11:09:53.221534967 CEST	49678	443	192.168.2.16	20.189.173.10
Oct 1, 2024 11:09:55.585654974 CEST	49680	80	192.168.2.16	192.229.211.108
Oct 1, 2024 11:09:55.633671999 CEST	49678	443	192.168.2.16	20.189.173.10
Oct 1, 2024 11:09:55.888516903 CEST	49680	80	192.168.2.16	192.229.211.108
Oct 1, 2024 11:09:56.494518995 CEST	49680	80	192.168.2.16	192.229.211.108
Oct 1, 2024 11:09:57.076802015 CEST	443	49711	142.250.184.228	192.168.2.16
Oct 1, 2024 11:09:57.076874971 CEST	443	49711	142.250.184.228	192.168.2.16
Oct 1, 2024 11:09:57.076951027 CEST	49711	443	192.168.2.16	142.250.184.228
Oct 1, 2024 11:09:57.707473993 CEST	49680	80	192.168.2.16	192.229.211.108
Oct 1, 2024 11:09:57.947777033 CEST	49711	443	192.168.2.16	142.250.184.228
Oct 1, 2024 11:09:57.947805882 CEST	443	49711	142.250.184.228	192.168.2.16
Oct 1, 2024 11:10:00.116504908 CEST	49680	80	192.168.2.16	192.229.211.108
Oct 1, 2024 11:10:00.434550047 CEST	49678	443	192.168.2.16	20.189.173.10
Oct 1, 2024 11:10:00.734702110 CEST	49716	443	192.168.2.16	142.250.184.228
Oct 1, 2024 11:10:00.734778881 CEST	443	49716	142.250.184.228	192.168.2.16
Oct 1, 2024 11:10:00.734878063 CEST	49716	443	192.168.2.16	142.250.184.228
Oct 1, 2024 11:10:00.735523939 CEST	49716	443	192.168.2.16	142.250.184.228
Oct 1, 2024 11:10:00.735574007 CEST	443	49716	142.250.184.228	192.168.2.16
Oct 1, 2024 11:10:01.381006002 CEST	443	49716	142.250.184.228	192.168.2.16
Oct 1, 2024 11:10:01.381459951 CEST	49716	443	192.168.2.16	142.250.184.228
Oct 1, 2024 11:10:01.381511927 CEST	443	49716	142.250.184.228	192.168.2.16
Oct 1, 2024 11:10:01.382149935 CEST	443	49716	142.250.184.228	192.168.2.16
Oct 1, 2024 11:10:01.382468939 CEST	49716	443	192.168.2.16	142.250.184.228
Oct 1, 2024 11:10:01.382572889 CEST	443	49716	142.250.184.228	192.168.2.16
Oct 1, 2024 11:10:01.382596016 CEST	49716	443	192.168.2.16	142.250.184.228
Oct 1, 2024 11:10:01.423574924 CEST	49716	443	192.168.2.16	142.250.184.228
Oct 1, 2024 11:10:01.423597097 CEST	443	49716	142.250.184.228	192.168.2.16
Oct 1, 2024 11:10:01.672756910 CEST	443	49716	142.250.184.228	192.168.2.16
Oct 1, 2024 11:10:01.672822952 CEST	443	49716	142.250.184.228	192.168.2.16
Oct 1, 2024 11:10:01.672852993 CEST	443	49716	142.250.184.228	192.168.2.16
Oct 1, 2024 11:10:01.672970057 CEST	49716	443	192.168.2.16	142.250.184.228
Oct 1, 2024 11:10:01.673001051 CEST	443	49716	142.250.184.228	192.168.2.16
Oct 1, 2024 11:10:01.673058987 CEST	49716	443	192.168.2.16	142.250.184.228
Oct 1, 2024 11:10:01.674910069 CEST	443	49716	142.250.184.228	192.168.2.16
Oct 1, 2024 11:10:01.675286055 CEST	443	49716	142.250.184.228	192.168.2.16
Oct 1, 2024 11:10:01.675369024 CEST	49716	443	192.168.2.16	142.250.184.228
Oct 1, 2024 11:10:01.675498009 CEST	49716	443	192.168.2.16	142.250.184.228
Oct 1, 2024 11:10:01.675530910 CEST	443	49716	142.250.184.228	192.168.2.16
Oct 1, 2024 11:10:01.885490894 CEST	49673	443	192.168.2.16	204.79.197.203
Oct 1, 2024 11:10:04.930475950 CEST	49680	80	192.168.2.16	192.229.211.108
Oct 1, 2024 11:10:06.881903887 CEST	49717	443	192.168.2.16	95.131.50.86
Oct 1, 2024 11:10:06.882010937 CEST	443	49717	95.131.50.86	192.168.2.16
Oct 1, 2024 11:10:06.882105112 CEST	49717	443	192.168.2.16	95.131.50.86
Oct 1, 2024 11:10:06.882229090 CEST	49718	443	192.168.2.16	95.131.50.86
Oct 1, 2024 11:10:06.882250071 CEST	443	49718	95.131.50.86	192.168.2.16
Oct 1, 2024 11:10:06.882312059 CEST	49718	443	192.168.2.16	95.131.50.86
Oct 1, 2024 11:10:06.882431030 CEST	49717	443	192.168.2.16	95.131.50.86
Oct 1, 2024 11:10:06.882461071 CEST	443	49717	95.131.50.86	192.168.2.16
Oct 1, 2024 11:10:06.882579088 CEST	49718	443	192.168.2.16	95.131.50.86
Oct 1, 2024 11:10:06.882599115 CEST	443	49718	95.131.50.86	192.168.2.16
Oct 1, 2024 11:10:07.819571972 CEST	443	49718	95.131.50.86	192.168.2.16
Oct 1, 2024 11:10:07.819925070 CEST	49718	443	192.168.2.16	95.131.50.86
Oct 1, 2024 11:10:07.819988966 CEST	443	49718	95.131.50.86	192.168.2.16
Oct 1, 2024 11:10:07.821099043 CEST	443	49718	95.131.50.86	192.168.2.16
Oct 1, 2024 11:10:07.821213007 CEST	49718	443	192.168.2.16	95.131.50.86
Oct 1, 2024 11:10:07.823195934 CEST	443	49717	95.131.50.86	192.168.2.16
Oct 1, 2024 11:10:07.825378895 CEST	49717	443	192.168.2.16	95.131.50.86
Oct 1, 2024 11:10:07.825397015 CEST	443	49717	95.131.50.86	192.168.2.16
Oct 1, 2024 11:10:07.827028990 CEST	443	49717	95.131.50.86	192.168.2.16
Oct 1, 2024 11:10:07.827114105 CEST	49717	443	192.168.2.16	95.131.50.86
Oct 1, 2024 11:10:07.828105927 CEST	49717	443	192.168.2.16	95.131.50.86
Oct 1, 2024 11:10:07.828208923 CEST	443	49717	95.131.50.86	192.168.2.16
Oct 1, 2024 11:10:07.828286886 CEST	49718	443	192.168.2.16	95.131.50.86
Oct 1, 2024 11:10:07.828396082 CEST	443	49718	95.131.50.86	192.168.2.16
Oct 1, 2024 11:10:07.828408003 CEST	49717	443	192.168.2.16	95.131.50.86
Oct 1, 2024 11:10:07.828424931 CEST	443	49717	95.131.50.86	192.168.2.16
Oct 1, 2024 11:10:07.870439053 CEST	49717	443	192.168.2.16	95.131.50.86
Oct 1, 2024 11:10:07.870439053 CEST	49718	443	192.168.2.16	95.131.50.86
Oct 1, 2024 11:10:07.870482922 CEST	443	49718	95.131.50.86	192.168.2.16
Oct 1, 2024 11:10:07.919620991 CEST	49718	443	192.168.2.16	95.131.50.86
Oct 1, 2024 11:10:08.022846937 CEST	443	49717	95.131.50.86	192.168.2.16
Oct 1, 2024 11:10:08.078408003 CEST	49717	443	192.168.2.16	95.131.50.86
Oct 1, 2024 11:10:08.124125004 CEST	443	49717	95.131.50.86	192.168.2.16
Oct 1, 2024 11:10:08.124140024 CEST	443	49717	95.131.50.86	192.168.2.16
Oct 1, 2024 11:10:08.124185085 CEST	443	49717	95.131.50.86	192.168.2.16
Oct 1, 2024 11:10:08.124200106 CEST	443	49717	95.131.50.86	192.168.2.16
Oct 1, 2024 11:10:08.124222040 CEST	443	49717	95.131.50.86	192.168.2.16
Oct 1, 2024 11:10:08.124229908 CEST	49717	443	192.168.2.16	95.131.50.86
Oct 1, 2024 11:10:08.124281883 CEST	443	49717	95.131.50.86	192.168.2.16
Oct 1, 2024 11:10:08.124315023 CEST	49717	443	192.168.2.16	95.131.50.86
Oct 1, 2024 11:10:08.124349117 CEST	49717	443	192.168.2.16	95.131.50.86
Oct 1, 2024 11:10:08.125627041 CEST	443	49717	95.131.50.86	192.168.2.16
Oct 1, 2024 11:10:08.125637054 CEST	443	49717	95.131.50.86	192.168.2.16
Oct 1, 2024 11:10:08.125658035 CEST	443	49717	95.131.50.86	192.168.2.16
Oct 1, 2024 11:10:08.125708103 CEST	49717	443	192.168.2.16	95.131.50.86
Oct 1, 2024 11:10:08.125735044 CEST	443	49717	95.131.50.86	192.168.2.16
Oct 1, 2024 11:10:08.125761032 CEST	49717	443	192.168.2.16	95.131.50.86
Oct 1, 2024 11:10:08.125782013 CEST	49717	443	192.168.2.16	95.131.50.86
Oct 1, 2024 11:10:08.225075960 CEST	443	49717	95.131.50.86	192.168.2.16
Oct 1, 2024 11:10:08.225115061 CEST	443	49717	95.131.50.86	192.168.2.16
Oct 1, 2024 11:10:08.225183964 CEST	49717	443	192.168.2.16	95.131.50.86
Oct 1, 2024 11:10:08.225270987 CEST	443	49717	95.131.50.86	192.168.2.16
Oct 1, 2024 11:10:08.225322008 CEST	49717	443	192.168.2.16	95.131.50.86
Oct 1, 2024 11:10:08.225322962 CEST	49717	443	192.168.2.16	95.131.50.86
Oct 1, 2024 11:10:08.226787090 CEST	443	49717	95.131.50.86	192.168.2.16
Oct 1, 2024 11:10:08.226815939 CEST	443	49717	95.131.50.86	192.168.2.16
Oct 1, 2024 11:10:08.226881027 CEST	49717	443	192.168.2.16	95.131.50.86
Oct 1, 2024 11:10:08.226897001 CEST	443	49717	95.131.50.86	192.168.2.16
Oct 1, 2024 11:10:08.226948977 CEST	49717	443	192.168.2.16	95.131.50.86
Oct 1, 2024 11:10:08.226948977 CEST	49717	443	192.168.2.16	95.131.50.86
Oct 1, 2024 11:10:08.227731943 CEST	443	49717	95.131.50.86	192.168.2.16
Oct 1, 2024 11:10:08.227751970 CEST	443	49717	95.131.50.86	192.168.2.16
Oct 1, 2024 11:10:08.227818966 CEST	49717	443	192.168.2.16	95.131.50.86
Oct 1, 2024 11:10:08.227835894 CEST	443	49717	95.131.50.86	192.168.2.16
Oct 1, 2024 11:10:08.227889061 CEST	49717	443	192.168.2.16	95.131.50.86
Oct 1, 2024 11:10:08.229537010 CEST	443	49717	95.131.50.86	192.168.2.16
Oct 1, 2024 11:10:08.229561090 CEST	443	49717	95.131.50.86	192.168.2.16
Oct 1, 2024 11:10:08.229635000 CEST	49717	443	192.168.2.16	95.131.50.86
Oct 1, 2024 11:10:08.229656935 CEST	443	49717	95.131.50.86	192.168.2.16
Oct 1, 2024 11:10:08.229717016 CEST	49717	443	192.168.2.16	95.131.50.86
Oct 1, 2024 11:10:08.339762926 CEST	443	49717	95.131.50.86	192.168.2.16
Oct 1, 2024 11:10:08.339792967 CEST	443	49717	95.131.50.86	192.168.2.16
Oct 1, 2024 11:10:08.339895964 CEST	49717	443	192.168.2.16	95.131.50.86
Oct 1, 2024 11:10:08.339952946 CEST	443	49717	95.131.50.86	192.168.2.16
Oct 1, 2024 11:10:08.340014935 CEST	49717	443	192.168.2.16	95.131.50.86
Oct 1, 2024 11:10:08.340078115 CEST	443	49717	95.131.50.86	192.168.2.16
Oct 1, 2024 11:10:08.340096951 CEST	443	49717	95.131.50.86	192.168.2.16
Oct 1, 2024 11:10:08.340136051 CEST	49717	443	192.168.2.16	95.131.50.86
Oct 1, 2024 11:10:08.340151072 CEST	443	49717	95.131.50.86	192.168.2.16
Oct 1, 2024 11:10:08.340173006 CEST	443	49717	95.131.50.86	192.168.2.16
Oct 1, 2024 11:10:08.340178013 CEST	49717	443	192.168.2.16	95.131.50.86
Oct 1, 2024 11:10:08.340204000 CEST	49717	443	192.168.2.16	95.131.50.86
Oct 1, 2024 11:10:08.340214968 CEST	443	49717	95.131.50.86	192.168.2.16
Oct 1, 2024 11:10:08.340264082 CEST	49717	443	192.168.2.16	95.131.50.86
Oct 1, 2024 11:10:08.340275049 CEST	443	49717	95.131.50.86	192.168.2.16
Oct 1, 2024 11:10:08.340327024 CEST	49717	443	192.168.2.16	95.131.50.86
Oct 1, 2024 11:10:08.340409994 CEST	49717	443	192.168.2.16	95.131.50.86
Oct 1, 2024 11:10:08.340440989 CEST	443	49717	95.131.50.86	192.168.2.16
Oct 1, 2024 11:10:10.037344933 CEST	49678	443	192.168.2.16	20.189.173.10
Oct 1, 2024 11:10:14.544373035 CEST	49680	80	192.168.2.16	192.229.211.108
Oct 1, 2024 11:10:27.636329889 CEST	49707	80	192.168.2.16	95.131.50.86
Oct 1, 2024 11:10:27.641249895 CEST	80	49707	95.131.50.86	192.168.2.16
Oct 1, 2024 11:10:27.836107016 CEST	443	49718	95.131.50.86	192.168.2.16
Oct 1, 2024 11:10:27.836239100 CEST	443	49718	95.131.50.86	192.168.2.16
Oct 1, 2024 11:10:27.836368084 CEST	49718	443	192.168.2.16	95.131.50.86
Oct 1, 2024 11:10:27.957281113 CEST	49718	443	192.168.2.16	95.131.50.86
Oct 1, 2024 11:10:27.957351923 CEST	443	49718	95.131.50.86	192.168.2.16
Oct 1, 2024 11:10:28.802658081 CEST	49697	80	192.168.2.16	199.232.210.172
Oct 1, 2024 11:10:28.802791119 CEST	49698	80	192.168.2.16	199.232.210.172
Oct 1, 2024 11:10:28.807996035 CEST	80	49697	199.232.210.172	192.168.2.16
Oct 1, 2024 11:10:28.808084965 CEST	49697	80	192.168.2.16	199.232.210.172
Oct 1, 2024 11:10:28.808574915 CEST	80	49698	199.232.210.172	192.168.2.16
Oct 1, 2024 11:10:28.808638096 CEST	49698	80	192.168.2.16	199.232.210.172
Oct 1, 2024 11:10:29.032905102 CEST	49719	443	192.168.2.16	4.245.163.56
Oct 1, 2024 11:10:29.032963991 CEST	443	49719	4.245.163.56	192.168.2.16
Oct 1, 2024 11:10:29.033071995 CEST	49719	443	192.168.2.16	4.245.163.56
Oct 1, 2024 11:10:29.033524036 CEST	49719	443	192.168.2.16	4.245.163.56
Oct 1, 2024 11:10:29.033543110 CEST	443	49719	4.245.163.56	192.168.2.16
Oct 1, 2024 11:10:29.805027008 CEST	443	49719	4.245.163.56	192.168.2.16
Oct 1, 2024 11:10:29.805136919 CEST	49719	443	192.168.2.16	4.245.163.56
Oct 1, 2024 11:10:29.806514978 CEST	49719	443	192.168.2.16	4.245.163.56
Oct 1, 2024 11:10:29.806538105 CEST	443	49719	4.245.163.56	192.168.2.16
Oct 1, 2024 11:10:29.806864023 CEST	443	49719	4.245.163.56	192.168.2.16
Oct 1, 2024 11:10:29.808655024 CEST	49719	443	192.168.2.16	4.245.163.56
Oct 1, 2024 11:10:29.855420113 CEST	443	49719	4.245.163.56	192.168.2.16
Oct 1, 2024 11:10:30.125744104 CEST	443	49719	4.245.163.56	192.168.2.16
Oct 1, 2024 11:10:30.125796080 CEST	443	49719	4.245.163.56	192.168.2.16
Oct 1, 2024 11:10:30.125837088 CEST	443	49719	4.245.163.56	192.168.2.16
Oct 1, 2024 11:10:30.125896931 CEST	49719	443	192.168.2.16	4.245.163.56
Oct 1, 2024 11:10:30.125933886 CEST	443	49719	4.245.163.56	192.168.2.16
Oct 1, 2024 11:10:30.125957012 CEST	49719	443	192.168.2.16	4.245.163.56
Oct 1, 2024 11:10:30.125994921 CEST	49719	443	192.168.2.16	4.245.163.56
Oct 1, 2024 11:10:30.126544952 CEST	443	49719	4.245.163.56	192.168.2.16
Oct 1, 2024 11:10:30.126591921 CEST	443	49719	4.245.163.56	192.168.2.16
Oct 1, 2024 11:10:30.126619101 CEST	49719	443	192.168.2.16	4.245.163.56
Oct 1, 2024 11:10:30.126629114 CEST	443	49719	4.245.163.56	192.168.2.16
Oct 1, 2024 11:10:30.126668930 CEST	49719	443	192.168.2.16	4.245.163.56
Oct 1, 2024 11:10:30.126761913 CEST	443	49719	4.245.163.56	192.168.2.16
Oct 1, 2024 11:10:30.126817942 CEST	49719	443	192.168.2.16	4.245.163.56
Oct 1, 2024 11:10:30.129160881 CEST	49719	443	192.168.2.16	4.245.163.56
Oct 1, 2024 11:10:30.129179955 CEST	443	49719	4.245.163.56	192.168.2.16
Oct 1, 2024 11:10:30.129204035 CEST	49719	443	192.168.2.16	4.245.163.56
Oct 1, 2024 11:10:30.129213095 CEST	443	49719	4.245.163.56	192.168.2.16
Oct 1, 2024 11:10:34.764740944 CEST	80	49707	95.131.50.86	192.168.2.16
Oct 1, 2024 11:10:34.764802933 CEST	49707	80	192.168.2.16	95.131.50.86
Oct 1, 2024 11:10:35.947679043 CEST	49707	80	192.168.2.16	95.131.50.86
Oct 1, 2024 11:10:35.952528954 CEST	80	49707	95.131.50.86	192.168.2.16
Oct 1, 2024 11:10:46.565675020 CEST	49721	443	192.168.2.16	142.250.184.228
Oct 1, 2024 11:10:46.565711975 CEST	443	49721	142.250.184.228	192.168.2.16
Oct 1, 2024 11:10:46.565784931 CEST	49721	443	192.168.2.16	142.250.184.228
Oct 1, 2024 11:10:46.566029072 CEST	49721	443	192.168.2.16	142.250.184.228
Oct 1, 2024 11:10:46.566040993 CEST	443	49721	142.250.184.228	192.168.2.16
Oct 1, 2024 11:10:47.196990013 CEST	443	49721	142.250.184.228	192.168.2.16
Oct 1, 2024 11:10:47.197360992 CEST	49721	443	192.168.2.16	142.250.184.228
Oct 1, 2024 11:10:47.197391033 CEST	443	49721	142.250.184.228	192.168.2.16
Oct 1, 2024 11:10:47.197853088 CEST	443	49721	142.250.184.228	192.168.2.16
Oct 1, 2024 11:10:47.198250055 CEST	49721	443	192.168.2.16	142.250.184.228
Oct 1, 2024 11:10:47.198333025 CEST	443	49721	142.250.184.228	192.168.2.16
Oct 1, 2024 11:10:47.252115965 CEST	49721	443	192.168.2.16	142.250.184.228
Oct 1, 2024 11:10:57.111026049 CEST	443	49721	142.250.184.228	192.168.2.16
Oct 1, 2024 11:10:57.111108065 CEST	443	49721	142.250.184.228	192.168.2.16
Oct 1, 2024 11:10:57.111165047 CEST	49721	443	192.168.2.16	142.250.184.228
Oct 1, 2024 11:10:57.946547031 CEST	49721	443	192.168.2.16	142.250.184.228
Oct 1, 2024 11:10:57.946573019 CEST	443	49721	142.250.184.228	192.168.2.16
Oct 1, 2024 11:11:19.475080967 CEST	49700	80	192.168.2.16	192.229.221.95
Oct 1, 2024 11:11:19.481614113 CEST	80	49700	192.229.221.95	192.168.2.16
Oct 1, 2024 11:11:19.481688976 CEST	49700	80	192.168.2.16	192.229.221.95

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 1, 2024 11:09:41.732845068 CEST	53	57153	1.1.1.1	192.168.2.16
Oct 1, 2024 11:09:41.751152992 CEST	53	54683	1.1.1.1	192.168.2.16
Oct 1, 2024 11:09:42.605144024 CEST	51894	53	192.168.2.16	1.1.1.1
Oct 1, 2024 11:09:42.606010914 CEST	58998	53	192.168.2.16	1.1.1.1
Oct 1, 2024 11:09:42.626661062 CEST	53	58998	1.1.1.1	192.168.2.16
Oct 1, 2024 11:09:42.627207041 CEST	53	51894	1.1.1.1	192.168.2.16
Oct 1, 2024 11:09:42.749772072 CEST	53	64284	1.1.1.1	192.168.2.16
Oct 1, 2024 11:09:43.282522917 CEST	55326	53	192.168.2.16	1.1.1.1
Oct 1, 2024 11:09:43.282691956 CEST	59948	53	192.168.2.16	1.1.1.1
Oct 1, 2024 11:09:43.291749001 CEST	53	55326	1.1.1.1	192.168.2.16
Oct 1, 2024 11:09:43.303015947 CEST	53	59948	1.1.1.1	192.168.2.16
Oct 1, 2024 11:09:43.303806067 CEST	54494	53	192.168.2.16	1.1.1.1
Oct 1, 2024 11:09:43.313711882 CEST	53	54494	1.1.1.1	192.168.2.16
Oct 1, 2024 11:09:43.360671997 CEST	50502	53	192.168.2.16	8.8.8.8
Oct 1, 2024 11:09:43.361205101 CEST	55752	53	192.168.2.16	1.1.1.1
Oct 1, 2024 11:09:43.367510080 CEST	53	50502	8.8.8.8	192.168.2.16
Oct 1, 2024 11:09:43.368041992 CEST	53	55752	1.1.1.1	192.168.2.16
Oct 1, 2024 11:09:44.380336046 CEST	58267	53	192.168.2.16	1.1.1.1
Oct 1, 2024 11:09:44.380491018 CEST	52143	53	192.168.2.16	1.1.1.1
Oct 1, 2024 11:09:44.396653891 CEST	53	52143	1.1.1.1	192.168.2.16
Oct 1, 2024 11:09:44.397490025 CEST	53	58267	1.1.1.1	192.168.2.16
Oct 1, 2024 11:09:46.506958961 CEST	54916	53	192.168.2.16	1.1.1.1
Oct 1, 2024 11:09:46.507354975 CEST	52311	53	192.168.2.16	1.1.1.1
Oct 1, 2024 11:09:46.513956070 CEST	53	54916	1.1.1.1	192.168.2.16
Oct 1, 2024 11:09:46.514750957 CEST	53	52311	1.1.1.1	192.168.2.16
Oct 1, 2024 11:09:49.419498920 CEST	53574	53	192.168.2.16	1.1.1.1
Oct 1, 2024 11:09:49.419634104 CEST	53034	53	192.168.2.16	1.1.1.1
Oct 1, 2024 11:09:49.429044962 CEST	53	53034	1.1.1.1	192.168.2.16
Oct 1, 2024 11:09:49.435519934 CEST	53	53574	1.1.1.1	192.168.2.16
Oct 1, 2024 11:09:49.436140060 CEST	49199	53	192.168.2.16	1.1.1.1
Oct 1, 2024 11:09:49.451369047 CEST	53	49199	1.1.1.1	192.168.2.16
Oct 1, 2024 11:09:59.773458004 CEST	53	62280	1.1.1.1	192.168.2.16
Oct 1, 2024 11:10:06.797641993 CEST	50299	53	192.168.2.16	1.1.1.1
Oct 1, 2024 11:10:06.797827959 CEST	55569	53	192.168.2.16	1.1.1.1
Oct 1, 2024 11:10:06.866647005 CEST	53	55569	1.1.1.1	192.168.2.16
Oct 1, 2024 11:10:06.881330013 CEST	53	50299	1.1.1.1	192.168.2.16
Oct 1, 2024 11:10:18.828032970 CEST	53	63312	1.1.1.1	192.168.2.16
Oct 1, 2024 11:10:38.044347048 CEST	58596	53	192.168.2.16	1.1.1.1
Oct 1, 2024 11:10:38.044507980 CEST	50565	53	192.168.2.16	1.1.1.1
Oct 1, 2024 11:10:38.063452005 CEST	53	50565	1.1.1.1	192.168.2.16
Oct 1, 2024 11:10:38.063467026 CEST	53	58596	1.1.1.1	192.168.2.16
Oct 1, 2024 11:10:38.064171076 CEST	59717	53	192.168.2.16	1.1.1.1
Oct 1, 2024 11:10:38.079937935 CEST	53	59717	1.1.1.1	192.168.2.16
Oct 1, 2024 11:10:41.367679119 CEST	53	53833	1.1.1.1	192.168.2.16
Oct 1, 2024 11:10:41.654563904 CEST	53	53163	1.1.1.1	192.168.2.16
Oct 1, 2024 11:10:47.280452013 CEST	138	138	192.168.2.16	192.168.2.255
Oct 1, 2024 11:10:54.760548115 CEST	61544	53	192.168.2.16	1.1.1.1
Oct 1, 2024 11:10:54.776014090 CEST	53	61544	1.1.1.1	192.168.2.16
Oct 1, 2024 11:11:09.297240019 CEST	53	51047	1.1.1.1	192.168.2.16
Oct 1, 2024 11:11:24.379492998 CEST	64805	53	192.168.2.16	1.1.1.1
Oct 1, 2024 11:11:24.396135092 CEST	53	64805	1.1.1.1	192.168.2.16
Oct 1, 2024 11:11:38.089459896 CEST	49619	53	192.168.2.16	1.1.1.1
Oct 1, 2024 11:11:38.089587927 CEST	52179	53	192.168.2.16	1.1.1.1
Oct 1, 2024 11:11:38.096173048 CEST	53	52179	1.1.1.1	192.168.2.16
Oct 1, 2024 11:11:38.103864908 CEST	53	49619	1.1.1.1	192.168.2.16
Oct 1, 2024 11:11:38.104557991 CEST	55581	53	192.168.2.16	1.1.1.1
Oct 1, 2024 11:11:38.113522053 CEST	53	55581	1.1.1.1	192.168.2.16

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 1, 2024 11:09:42.605144024 CEST	192.168.2.16	1.1.1.1	0xdc40	Standard query (0)	www.coolcatalogue.eu	A (IP address)	IN (0x0001)	false
Oct 1, 2024 11:09:42.606010914 CEST	192.168.2.16	1.1.1.1	0x5d64	Standard query (0)	www.coolcatalogue.eu	65	IN (0x0001)	false
Oct 1, 2024 11:09:43.282522917 CEST	192.168.2.16	1.1.1.1	0x3092	Standard query (0)	cool-catalogue.eunp	A (IP address)	IN (0x0001)	false
Oct 1, 2024 11:09:43.282691956 CEST	192.168.2.16	1.1.1.1	0x1622	Standard query (0)	cool-catalogue.eunp	65	IN (0x0001)	false
Oct 1, 2024 11:09:43.303806067 CEST	192.168.2.16	1.1.1.1	0x2977	Standard query (0)	cool-catalogue.eunp	A (IP address)	IN (0x0001)	false
Oct 1, 2024 11:09:43.360671997 CEST	192.168.2.16	8.8.8.8	0x2341	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Oct 1, 2024 11:09:43.361205101 CEST	192.168.2.16	1.1.1.1	0x4028	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Oct 1, 2024 11:09:44.380336046 CEST	192.168.2.16	1.1.1.1	0xc20b	Standard query (0)	cool-catalogue.eunp	A (IP address)	IN (0x0001)	false
Oct 1, 2024 11:09:44.380491018 CEST	192.168.2.16	1.1.1.1	0x3152	Standard query (0)	cool-catalogue.eunp	65	IN (0x0001)	false
Oct 1, 2024 11:09:46.506958961 CEST	192.168.2.16	1.1.1.1	0x8f49	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 1, 2024 11:09:46.507354975 CEST	192.168.2.16	1.1.1.1	0x5fc3	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 1, 2024 11:09:49.419498920 CEST	192.168.2.16	1.1.1.1	0xf00	Standard query (0)	cool-catalogue.eunp	A (IP address)	IN (0x0001)	false
Oct 1, 2024 11:09:49.419634104 CEST	192.168.2.16	1.1.1.1	0x126b	Standard query (0)	cool-catalogue.eunp	65	IN (0x0001)	false
Oct 1, 2024 11:09:49.436140060 CEST	192.168.2.16	1.1.1.1	0xd5cb	Standard query (0)	cool-catalogue.eunp	A (IP address)	IN (0x0001)	false
Oct 1, 2024 11:10:06.797641993 CEST	192.168.2.16	1.1.1.1	0xbd81	Standard query (0)	cool-catalogue.eu	A (IP address)	IN (0x0001)	false
Oct 1, 2024 11:10:06.797827959 CEST	192.168.2.16	1.1.1.1	0xe4cd	Standard query (0)	cool-catalogue.eu	65	IN (0x0001)	false
Oct 1, 2024 11:10:38.044347048 CEST	192.168.2.16	1.1.1.1	0xd432	Standard query (0)	cool-catalogue.eunp	A (IP address)	IN (0x0001)	false
Oct 1, 2024 11:10:38.044507980 CEST	192.168.2.16	1.1.1.1	0x75d2	Standard query (0)	cool-catalogue.eunp	65	IN (0x0001)	false
Oct 1, 2024 11:10:38.064171076 CEST	192.168.2.16	1.1.1.1	0x971f	Standard query (0)	cool-catalogue.eunp	A (IP address)	IN (0x0001)	false
Oct 1, 2024 11:10:54.760548115 CEST	192.168.2.16	1.1.1.1	0xd1e6	Standard query (0)	cool-catalogue.eunp	A (IP address)	IN (0x0001)	false
Oct 1, 2024 11:11:24.379492998 CEST	192.168.2.16	1.1.1.1	0x7af4	Standard query (0)	cool-catalogue.eunp	A (IP address)	IN (0x0001)	false
Oct 1, 2024 11:11:38.089459896 CEST	192.168.2.16	1.1.1.1	0x4b1a	Standard query (0)	cool-catalogue.eunp	A (IP address)	IN (0x0001)	false
Oct 1, 2024 11:11:38.089587927 CEST	192.168.2.16	1.1.1.1	0xdc75	Standard query (0)	cool-catalogue.eunp	65	IN (0x0001)	false
Oct 1, 2024 11:11:38.104557991 CEST	192.168.2.16	1.1.1.1	0xba05	Standard query (0)	cool-catalogue.eunp	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 1, 2024 11:09:42.626661062 CEST	1.1.1.1	192.168.2.16	0x5d64	No error (0)	www.coolcatalogue.eu	coolcatalogue.eu		CNAME (Canonical name)	IN (0x0001)	false
Oct 1, 2024 11:09:42.627207041 CEST	1.1.1.1	192.168.2.16	0xdc40	No error (0)	www.coolcatalogue.eu	coolcatalogue.eu		CNAME (Canonical name)	IN (0x0001)	false
Oct 1, 2024 11:09:42.627207041 CEST	1.1.1.1	192.168.2.16	0xdc40	No error (0)	coolcatalogue.eu		95.131.50.86	A (IP address)	IN (0x0001)	false
Oct 1, 2024 11:09:43.291749001 CEST	1.1.1.1	192.168.2.16	0x3092	Name error (3)	cool-catalogue.eunp	none	none	A (IP address)	IN (0x0001)	false
Oct 1, 2024 11:09:43.303015947 CEST	1.1.1.1	192.168.2.16	0x1622	Name error (3)	cool-catalogue.eunp	none	none	65	IN (0x0001)	false
Oct 1, 2024 11:09:43.313711882 CEST	1.1.1.1	192.168.2.16	0x2977	Name error (3)	cool-catalogue.eunp	none	none	A (IP address)	IN (0x0001)	false
Oct 1, 2024 11:09:43.367510080 CEST	8.8.8.8	192.168.2.16	0x2341	No error (0)	google.com		142.250.184.206	A (IP address)	IN (0x0001)	false
Oct 1, 2024 11:09:43.368041992 CEST	1.1.1.1	192.168.2.16	0x4028	No error (0)	google.com		142.250.186.142	A (IP address)	IN (0x0001)	false
Oct 1, 2024 11:09:44.396653891 CEST	1.1.1.1	192.168.2.16	0x3152	Name error (3)	cool-catalogue.eunp	none	none	65	IN (0x0001)	false
Oct 1, 2024 11:09:44.397490025 CEST	1.1.1.1	192.168.2.16	0xc20b	Name error (3)	cool-catalogue.eunp	none	none	A (IP address)	IN (0x0001)	false
Oct 1, 2024 11:09:46.513956070 CEST	1.1.1.1	192.168.2.16	0x8f49	No error (0)	www.google.com		142.250.184.228	A (IP address)	IN (0x0001)	false
Oct 1, 2024 11:09:46.514750957 CEST	1.1.1.1	192.168.2.16	0x5fc3	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 1, 2024 11:09:49.429044962 CEST	1.1.1.1	192.168.2.16	0x126b	Name error (3)	cool-catalogue.eunp	none	none	65	IN (0x0001)	false
Oct 1, 2024 11:09:49.435519934 CEST	1.1.1.1	192.168.2.16	0xf00	Name error (3)	cool-catalogue.eunp	none	none	A (IP address)	IN (0x0001)	false
Oct 1, 2024 11:09:49.451369047 CEST	1.1.1.1	192.168.2.16	0xd5cb	Name error (3)	cool-catalogue.eunp	none	none	A (IP address)	IN (0x0001)	false
Oct 1, 2024 11:10:06.881330013 CEST	1.1.1.1	192.168.2.16	0xbd81	No error (0)	cool-catalogue.eu		95.131.50.86	A (IP address)	IN (0x0001)	false
Oct 1, 2024 11:10:38.063452005 CEST	1.1.1.1	192.168.2.16	0x75d2	Name error (3)	cool-catalogue.eunp	none	none	65	IN (0x0001)	false
Oct 1, 2024 11:10:38.063467026 CEST	1.1.1.1	192.168.2.16	0xd432	Name error (3)	cool-catalogue.eunp	none	none	A (IP address)	IN (0x0001)	false
Oct 1, 2024 11:10:38.079937935 CEST	1.1.1.1	192.168.2.16	0x971f	Name error (3)	cool-catalogue.eunp	none	none	A (IP address)	IN (0x0001)	false
Oct 1, 2024 11:10:54.776014090 CEST	1.1.1.1	192.168.2.16	0xd1e6	Name error (3)	cool-catalogue.eunp	none	none	A (IP address)	IN (0x0001)	false
Oct 1, 2024 11:11:24.396135092 CEST	1.1.1.1	192.168.2.16	0x7af4	Name error (3)	cool-catalogue.eunp	none	none	A (IP address)	IN (0x0001)	false
Oct 1, 2024 11:11:38.096173048 CEST	1.1.1.1	192.168.2.16	0xdc75	Name error (3)	cool-catalogue.eunp	none	none	65	IN (0x0001)	false
Oct 1, 2024 11:11:38.103864908 CEST	1.1.1.1	192.168.2.16	0x4b1a	Name error (3)	cool-catalogue.eunp	none	none	A (IP address)	IN (0x0001)	false
Oct 1, 2024 11:11:38.113522053 CEST	1.1.1.1	192.168.2.16	0xba05	Name error (3)	cool-catalogue.eunp	none	none	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

fs.microsoft.com

slscr.update.microsoft.com

www.google.com

cool-catalogue.eu

www.coolcatalogue.eu

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.16	49706	95.131.50.86	80	6976	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 11:09:42.632910013 CEST	505	OUT	GET /np/cool2024/hu/files/content-page/55a9d7862d5de5084903c7ae3adf5dff.zip HTTP/1.1 Host: www.coolcatalogue.eu Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Oct 1, 2024 11:09:43.279963017 CEST	612	IN	HTTP/1.1 302 Found Date: Tue, 01 Oct 2024 09:09:43 GMT Server: Apache X-Frame-Options: SAMEORIGIN Location: https://cool-catalogue.eunp/cool2024/hu/files/content-page/55a9d7862d5de5084903c7ae3adf5dff.zip Content-Length: 279 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 6f 6f 6c 2d 63 61 74 61 6c 6f 67 75 65 2e 65 75 6e 70 2f 63 6f 6f 6c 32 30 32 34 2f 68 75 2f 66 69 6c 65 73 2f 63 6f 6e 74 65 6e 74 2d 70 61 67 65 2f 35 35 61 39 64 37 38 36 32 64 35 64 65 35 30 38 34 39 30 33 63 37 61 65 33 61 64 66 35 64 66 66 2e 7a 69 70 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="https://cool-catalogue.eunp/cool2024/hu/files/content-page/55a9d7862d5de5084903c7ae3adf5dff.zip">here</a>.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.16	49707	95.131.50.86	80	6976	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 11:10:27.636329889 CEST	6	OUT	Data Raw: 00 Data Ascii:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.16	49713	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-01 09:09:49 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-01 09:09:50 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=200160 Date: Tue, 01 Oct 2024 09:09:50 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.16	49714	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-01 09:09:50 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-01 09:09:51 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=200103 Date: Tue, 01 Oct 2024 09:09:51 GMT Content-Length: 55 Connection: close X-CID: 2
2024-10-01 09:09:51 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.16	49715	4.245.163.56	443

Timestamp	Bytes transferred	Direction	Data
2024-10-01 09:09:52 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=HStgZT61zEMDeuT&MD=2EwErSAk HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-01 09:09:52 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: a83ecd2f-50d5-418b-b073-32bd1e82cb64 MS-RequestId: 39fce735-ecac-4c45-b429-176c0d457659 MS-CV: pPMr/CZn7k2DY4dm.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Tue, 01 Oct 2024 09:09:51 GMT Connection: close Content-Length: 24490
2024-10-01 09:09:52 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-10-01 09:09:52 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.16	49716	142.250.184.228	443	6976	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 09:10:01 UTC	613	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-01 09:10:01 UTC	1266	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 09:10:01 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-t9JzhZFwHsQ-E6q_PwFy0g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-01 09:10:01 UTC	124	IN	Data Raw: 63 66 34 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 6e 79 74 20 73 74 72 61 6e 64 73 20 68 69 6e 74 73 22 2c 22 63 6f 6c 6c 65 67 65 20 66 6f 6f 74 62 61 6c 6c 20 72 61 6e 6b 69 6e 67 73 22 2c 22 6d 65 67 61 6c 6f 70 6f 6c 69 73 20 6d 6f 76 69 65 20 66 72 61 6e 63 69 73 20 66 6f 72 64 20 63 6f 70 70 6f 6c 61 22 2c 22 73 6f 63 69 61 6c 20 73 65 63 75 72 69 74 79 20 63 6f 6c Data Ascii: cf4)]}'["",["nyt strands hints","college football rankings","megalopolis movie francis ford coppola","social security col
2024-10-01 09:10:01 UTC	1390	IN	Data Raw: 61 20 69 6e 63 72 65 61 73 65 20 32 30 32 35 22 2c 22 65 61 72 74 68 20 6d 69 6e 69 20 6d 6f 6f 6e 20 61 73 74 65 72 6f 69 64 22 2c 22 73 74 20 6c 6f 75 69 73 20 63 61 72 64 69 6e 61 6c 73 20 70 72 65 73 73 20 63 6f 6e 66 65 72 65 6e 63 65 22 2c 22 6f 63 74 6f 62 65 72 20 73 73 69 20 70 61 79 6d 65 6e 74 20 73 6f 63 69 61 6c 20 73 65 63 75 72 69 74 79 22 2c 22 77 69 6e 74 65 72 20 61 72 63 20 63 68 61 6c 6c 65 6e 67 65 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 Data Ascii: a increase 2025","earth mini moon asteroid","st louis cardinals press conference","october ssi payment social security","winter arc challenge"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVH
2024-10-01 09:10:01 UTC	1390	IN	Data Raw: 52 44 63 33 70 50 62 6e 41 79 54 6d 64 36 4d 31 42 72 54 6e 6f 34 54 55 64 36 51 30 56 52 4d 56 64 6b 65 48 46 53 63 44 46 47 61 46 6b 34 63 6e 42 4c 5a 6d 35 71 51 56 42 46 54 58 63 32 62 30 70 48 53 48 41 79 4f 47 67 34 54 56 41 72 53 47 6c 48 63 6b 4e 45 4d 57 70 4a 65 45 39 4a 63 6d 52 78 59 6d 4a 54 52 31 5a 51 52 7a 56 58 4c 33 6c 33 4f 44 52 6a 59 6c 5a 59 4d 69 39 42 59 30 78 71 4f 47 6c 4e 55 48 6c 77 61 31 5a 57 59 31 41 78 64 6a 64 53 56 7a 46 6a 63 32 74 4f 54 45 4e 72 63 6d 46 4b 57 6e 42 4d 51 69 73 77 5a 47 67 78 4e 57 56 48 52 57 73 34 56 46 55 34 62 57 70 59 53 45 6b 78 64 44 4a 70 61 30 52 6e 61 6e 70 48 54 6b 4d 30 65 58 41 32 5a 58 55 30 61 58 6c 6c 61 47 73 79 56 6e 42 73 52 58 4a 4c 4f 58 6c 52 4d 58 56 35 55 6a 41 31 52 47 5a 34 4f Data Ascii: RDc3pPbnAyTmd6M1BrTno4TUd6Q0VRMVdkeHFScDFGaFk4cnBLZm5qQVBFTXc2b0pHSHAyOGg4TVArSGlHckNEMWpJeE9JcmRxYmJTR1ZQRzVXL3l3ODRjYlZYMi9BY0xqOGlNUHlwa1ZWY1AxdjdSVzFjc2tOTENrcmFKWnBMQiswZGgxNWVHRWs4VFU4bWpYSEkxdDJpa0RnanpHTkM0eXA2ZXU0aXllaGsyVnBsRXJLOXlRMXV5UjA1RGZ4O
2024-10-01 09:10:01 UTC	419	IN	Data Raw: 64 46 52 55 63 6b 70 56 51 53 74 72 61 30 78 6b 53 45 6c 30 59 6a 4a 44 4d 33 68 34 4d 56 4e 36 4d 47 56 55 64 6b 68 43 52 6b 46 4b 59 58 4e 71 4e 30 74 73 61 6b 6c 59 56 55 49 78 57 53 74 76 5a 7a 5a 7a 5a 6c 6c 44 59 30 49 30 64 6a 52 74 52 31 51 77 52 57 52 51 55 6d 46 45 62 55 56 79 52 54 5a 70 54 47 68 57 4e 33 6f 35 5a 46 4a 71 54 6d 4e 33 65 6b 74 78 65 6b 64 6b 4e 54 5a 31 56 58 6c 54 54 57 39 53 61 55 46 47 51 6c 56 48 4e 45 5a 6f 65 6a 4e 33 4c 31 4e 57 61 54 49 72 57 6b 70 79 54 32 39 59 4d 48 6c 4b 57 54 56 30 62 6a 4a 57 55 79 74 72 57 45 30 32 62 57 4a 4e 53 6c 42 57 5a 33 6c 33 61 55 64 75 55 54 49 32 65 55 68 30 64 57 5a 48 4e 54 59 30 61 31 52 74 63 32 4e 46 65 45 35 4b 55 33 70 56 4d 46 52 31 63 47 78 70 54 6c 55 77 5a 32 4e 42 4d 7a 4e Data Ascii: dFRUckpVQStra0xkSEl0YjJDM3h4MVN6MGVUdkhCRkFKYXNqN0tsaklYVUIxWStvZzZzZllDY0I0djRtR1QwRWRQUmFEbUVyRTZpTGhWN3o5ZFJqTmN3ektxekdkNTZ1VXlTTW9SaUFGQlVHNEZoejN3L1NWaTIrWkpyT29YMHlKWTV0bjJWUytrWE02bWJNSlBWZ3l3aUduUTI2eUh0dWZHNTY0a1Rtc2NFeE5KU3pVMFR1cGxpTlUwZ2NBMzN
2024-10-01 09:10:01 UTC	110	IN	Data Raw: 36 38 0d 0a 54 41 78 54 6c 51 34 65 6b 70 4d 4f 47 70 51 65 56 4e 34 56 33 6c 4e 4d 48 5a 35 4d 48 68 57 55 30 4e 30 53 33 70 46 63 30 63 34 64 45 78 35 61 54 46 4a 56 57 74 32 54 55 78 6e 53 45 74 4b 51 55 46 42 4d 55 55 79 59 33 41 55 22 2c 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 0d 0a Data Ascii: 68TAxTlQ4ekpMOGpQeVN4V3lNMHZ5MHhWU0N0S3pFc0c4dEx5aTFJVWt2TUxnSEtKQUFBMUUyY3AU","zl":10002},{"zl":10002},{"
2024-10-01 09:10:01 UTC	338	IN	Data Raw: 31 34 62 0d 0a 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 72 65 6c 65 76 61 6e 63 65 22 3a 5b 31 32 35 37 2c 31 32 35 36 2c 31 32 35 35 2c 31 32 35 34 2c 31 32 35 33 2c 31 32 35 32 2c 31 32 35 31 2c 31 32 35 30 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 73 75 62 74 79 70 65 73 22 3a 5b 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 5d 2c 22 67 6f 6f 67 6c 65 3a Data Ascii: 14bzl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:
2024-10-01 09:10:01 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.16	49717	95.131.50.86	443	6976	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 09:10:07 UTC	730	OUT	GET /np/cool2024/hu/files/content-page/55a9d7862d5de5084903c7ae3adf5dff.zip HTTP/1.1 Host: cool-catalogue.eu Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-01 09:10:08 UTC	276	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 09:10:07 GMT Server: Apache X-Frame-Options: SAMEORIGIN Last-Modified: Fri, 19 Jan 2024 02:35:22 GMT Accept-Ranges: bytes Content-Length: 133611 X-XSS-Protection: 1; mode=block Connection: close Content-Type: application/zip
2024-10-01 09:10:08 UTC	16384	IN	Data Raw: 50 4b 03 04 e2 89 97 e2 85 a6 e2 8b 95 e2 88 a7 e2 97 8d e2 97 84 e2 88 b8 e2 8a 96 e2 85 a2 e2 8a 8c e2 89 80 e2 97 bf e2 97 95 e2 89 a0 e2 89 a7 e2 88 84 2f e2 8b 9c e2 97 98 e2 8a 8d e2 97 93 e2 89 88 51 e2 89 99 e2 89 93 e2 89 a8 e2 89 8d cf 80 4e e2 97 ae e2 8a a8 26 e2 97 95 e2 8a 8b 6e e2 88 be 53 e2 88 a9 e2 8a a7 e2 8b 84 e2 85 9f e2 89 82 51 e2 96 b5 e2 8a a8 e2 8b 83 25 e2 8b 91 e2 89 a4 e2 85 a4 e2 97 a2 e2 89 91 e2 8a bf c3 b8 e2 89 84 e2 97 b8 e2 8c 92 e2 97 8f e2 8a ad e2 89 9f e2 97 87 2a e2 8a a9 e2 96 ae 2f e2 96 a6 e2 8a bd 7e e2 8a a2 e2 96 ac e2 97 8d e2 8a ba e2 89 97 59 e2 97 a9 e3 8f 91 e2 88 b9 e2 96 a5 e2 89 bb e2 89 86 ef b9 a2 e2 88 a2 5a e2 86 89 e2 8a a2 e2 85 92 e2 97 98 e2 85 99 e2 8a 9f cf 80 e2 8a 80 5a e2 88 8f 3a 5e e2 Data Ascii: PK/QN&nSQ%*/~YZZ:^
2024-10-01 09:10:08 UTC	16384	IN	Data Raw: 47 2f 4f 35 d7 ff 32 66 68 db 93 d2 1d 0a 05 c5 0e 16 08 09 04 8b c2 59 00 ea 88 21 79 06 0b ea 0e 9e 9f 90 a1 10 e6 d4 15 15 2a d3 fd 92 c7 34 40 39 c9 97 0b 04 33 bc e6 1a 9e 56 67 ae 2b 40 57 e8 f6 5a 48 14 09 e9 1e 5b a1 97 83 46 87 14 51 c0 30 a4 94 e6 32 ae 00 5b 40 e7 b3 96 f9 25 65 0f 4c 80 b6 a6 09 47 70 9b 67 6e 65 1b 9c d1 c1 a3 d0 c0 29 bf ec fe a1 4c a9 a3 69 ca a9 25 d8 06 ab aa 04 df ee 15 9c 06 c5 b5 65 52 33 99 44 1a 7e 19 5c f4 8d 9a a3 c7 f6 ca cf e6 a9 d7 e3 a0 3c 20 82 35 3f cd 65 8b 14 1a 68 f5 6d 7f 35 cb b7 6f 57 50 ce 33 62 2c 2d 48 a7 fb 7c c2 80 3e 5d 4a d7 07 9c 19 fa a8 70 31 db 8d 14 6a 07 db 0e 98 97 1f 76 d2 f2 cf 81 2a 9c 45 98 58 af b0 f5 2b d5 81 27 c6 8f 1a f3 81 35 b1 e3 4f 7c a6 ab ad d5 0d 3f 77 9b 58 23 38 13 2e cb Data Ascii: G/O52fhY!y4@93Vg+@WZH[FQ02[@%eLGpgne)Li%eR3D~\< 5?ehm5oWP3b,-H\|>]Jp1jvEX+'5O\|?wX#8.
2024-10-01 09:10:08 UTC	16384	IN	Data Raw: 02 e8 b4 75 c7 d7 5f 96 4e 7f 6c e8 ff 49 df 20 b3 e3 a9 30 d5 31 4e 72 ae b1 bd 1b f7 ab a7 64 22 fe 5b bc d6 2a e7 55 05 43 c4 52 c5 d1 04 71 78 41 79 62 58 51 01 83 c4 d8 e9 c8 d0 25 2b 4a 05 c5 3c 1b 37 45 aa 0a 66 06 ca 8a e6 0d 48 2c ab 51 54 e1 f8 b7 b0 ca b4 eb cc 3f 82 78 fa 6e 2f eb f3 0f 6a 43 9b 1c 46 3e 9c 0e d2 88 af a1 35 a1 58 1f b4 d4 18 a0 21 3e 49 59 a6 07 98 a8 b4 dd b8 fc 6f 8f 7e 1c 31 a2 24 1e 15 86 91 c2 02 e5 4d 94 4c 00 e5 51 ef 5f c3 c8 b5 fb aa f5 2b 78 cf 66 0b 64 ad 01 12 54 12 bb 6b 78 81 38 fd d9 80 a4 32 47 3f 0a 52 0e f7 96 77 aa fc 84 e0 31 28 97 30 e8 e8 00 87 17 45 f7 78 0d 31 a6 a3 03 8a a2 8d 77 12 82 2c d4 35 cd 00 e9 61 66 81 39 30 ce 1e 18 08 6c a6 59 6d c2 d9 d4 34 82 1a ce ae a0 c9 d4 4c 15 17 c4 7c 9f 67 de 09 Data Ascii: u_NlI 01Nrd"[*UCRqxAybXQ%+J<7EfH,QT?xn/jCF>5X!>IYo~1$MLQ_+xfdTkx82G?Rw1(0Ex1w,5af90lYm4L\|g
2024-10-01 09:10:08 UTC	16384	IN	Data Raw: bc 0e f4 c8 60 a5 1f ee 4b 47 a6 ab b5 cd 0d fd 19 9a 2b 1b 2a 2b cb f9 8d c5 9e 99 e0 dd 95 2c 42 e4 cb 35 77 22 09 a4 de 3d b1 07 4e f2 29 08 6e c4 27 a2 7b 8b d8 70 a4 e6 90 0f 7f 4a 1c 4d 72 49 77 a6 24 fc 4b 6c 7a c6 6c 99 0a e9 95 dd 5a 1a 7b 5d e5 31 f8 e5 29 fa 12 a7 92 9e a7 9d 89 61 e8 ba 3f e6 ac b6 6e 75 aa 75 f2 af 52 00 02 e6 e5 c6 51 3a 00 7c 1a ae 73 e9 1e 00 ef e3 6d 1a c8 09 0d c5 24 8c 1e b7 12 65 b2 ee f7 66 e7 2e 23 a8 e7 5e c9 83 3d 67 45 7d f0 25 07 88 ea 16 21 da 0a d5 9b 4f d8 13 29 33 e2 6b 9a e8 c8 ff 02 01 e5 13 a7 40 b5 1b 9f 55 bb af bb 71 a1 d4 cb 35 66 78 50 40 c5 4c dd 9e bd db 24 20 d2 22 3d 32 50 57 a4 87 0a cf 8b 84 33 ad d0 f6 a1 a8 81 be 55 65 8d 69 56 11 09 72 3c d2 26 95 06 2e 15 0d 25 80 42 52 f5 95 35 9f a8 e3 03 Data Ascii: `KG+*+,B5w"=N)n'{pJMrIw$KlzlZ{]1)a?nuuRQ:\|sm$ef.#^=gE}%!O)3k@Uq5fxP@L$ "=2PW3UeiVr<&.%BR5
2024-10-01 09:10:08 UTC	16384	IN	Data Raw: 56 d5 a6 9c 5b 6a c1 b4 c8 b5 df 00 b7 c9 2e 91 78 ef 94 a6 8a 10 03 2e b2 ac d1 95 3b d8 11 45 b0 d2 68 44 e9 67 a3 8d ca c4 a5 fd f5 08 8a 79 30 9e 81 6f 6d 1c 79 14 36 fb b4 a4 80 89 ce a3 d0 ac 5e 40 4d 1d 43 83 f3 75 2f 25 9a e0 9a d6 30 1c 44 51 b1 b3 71 77 4f f5 3c 1d f2 58 d9 bf f0 50 2b ab 63 dd 39 50 6c 8b 94 38 86 b5 06 8d a2 92 cf a5 38 f1 95 3c ef ff 08 dd d4 e3 01 2e a0 78 e8 77 4c 23 db 94 8e 97 1f 57 e3 79 03 39 3c 0b 39 45 ea 5e 67 f7 cd d8 a4 fe 50 ae 10 b4 61 1a 8c 11 d0 76 42 97 d4 6a 51 7d eb 6f 42 3b d1 c8 d9 0b a0 3e a9 47 1c 40 e8 7a b6 b8 40 2b 6a dd a6 30 43 cd 49 3c b0 9d 02 13 84 98 49 99 7f 0e 08 2e 5b b1 a2 26 70 0a 29 90 11 2e d9 e4 2b e6 7a 38 4f 10 92 a9 73 b1 e9 05 e5 ca a4 03 a9 d2 83 7b 82 35 cc b2 23 ec 2f 81 76 b1 8e Data Ascii: V[j.x.;EhDgy0omy6^@MCu/%0DQqwO<XP+c9Pl88<.xwL#Wy9<9E^gPavBjQ}oB;>G@z@+j0CI<I.[&p).+z8Os{5#/v
2024-10-01 09:10:08 UTC	16384	IN	Data Raw: 7c ea fc 27 b4 b0 67 fd 6b b5 fa 29 13 92 69 20 9b 70 40 48 22 03 53 35 fa e3 9a e6 76 6c e2 50 4f 7f 08 5b 18 3a 5c 0d 33 05 90 4c 7a 9c 1d 82 e2 01 c1 17 b8 d2 da cc 49 ea 48 ec 5b 27 50 70 e0 da ad 74 ba e8 a6 8a cb af 4a 2b 86 63 bc 3c d0 9d 33 7f df 0e 32 a5 12 ac a3 b6 70 5e 7a 13 9a 5f cc f0 09 bd 7b 2d 90 8d 3c d7 46 e0 32 88 2e f1 73 fe 97 0e 1c 10 5e 0d 16 70 61 29 f7 77 1a c7 b5 29 f4 44 f1 71 dc 36 df 38 b1 c6 d5 2d 88 a3 8c 4d b7 e1 50 ba 02 e8 6f 2f 0e b1 39 8f 3b 71 28 42 2e 57 77 f6 d1 38 7f 27 32 d7 d6 5c 30 bb ae c4 dd f5 78 04 e0 17 7e 8c f0 d7 dc bd da b0 70 d7 53 b4 b1 b0 3d c5 3a 08 f5 10 7b 3c 96 e4 36 e8 21 8b 37 7a ff 7a 6a c1 f7 16 bf 66 b4 68 dd 97 17 6b 0b db 2f cb dd ff 2d c4 b3 80 6a e7 f9 3b 0c eb 8b ba e6 1a 35 82 99 d6 83 Data Ascii: \|'gk)i p@H"S5vlPO[:\3LzIH['PptJ+c<32p^z_{-<F2.s^pa)w)Dq68-MPo/9;q(B.Ww8'2\0x~pS=:{<6!7zzjfhk/-j;5
2024-10-01 09:10:08 UTC	16384	IN	Data Raw: dd e0 d3 ff f1 63 58 9f 2c bd f6 9a a1 e0 5b 7c a4 c2 d1 b4 03 cc 01 39 1f ef fb 49 2a db e9 83 95 3b d6 5c 76 39 57 04 87 06 bc 1b e9 0c db 74 e6 be ce a0 05 ec c0 07 fa e6 3e c7 5e c1 76 80 f4 cd 4e 4c d9 2e 36 16 05 7c 9f e5 e5 3b 96 90 ef be 69 fc 5b 87 a4 74 3f ee bd 06 b4 c9 60 75 91 fb d7 a1 77 f3 e8 24 30 6f 3e c9 d9 8e 99 74 9b af d6 30 d1 e8 bd 25 f9 9f 39 ae a9 ac 2d 36 33 1c 65 8f 88 68 bb 0e 91 c4 c3 12 23 f0 de c4 d0 f6 25 ca a2 9b 02 f1 40 73 33 8a a2 51 0d b8 d9 d3 55 16 4c 9a 6a 26 13 3e 34 29 8d 88 9c 21 32 bb 52 f6 b6 65 e9 96 b2 b9 1c 08 36 af af 9b 3b c9 e3 6a 14 76 3c 32 74 d3 f6 66 c3 ce e3 03 fc 07 9b 40 ac 2e 8a 72 2d 38 c7 10 b7 0d 86 79 20 93 c4 0f 48 b8 03 d6 3d 0d 19 46 f8 13 4e 56 13 d9 89 a4 4d 60 2b 86 c8 b5 f1 44 22 02 53 Data Ascii: cX,[\|9I*;\v9Wt>^vNL.6\|;i[t?`uw$0o>t0%9-63eh#%@s3QULj&>4)!2Re6;jv<2tf@.r-8y H=FNVM`+D"S
2024-10-01 09:10:08 UTC	16384	IN	Data Raw: e3 8b bd f0 de cf 5a af 90 e5 2c d3 2c 82 b8 87 20 77 66 5a 18 ab 6c 78 32 5f 54 8b 74 97 78 4b b1 da 6e 3a 6f d7 07 a1 5b 8b 99 de 90 02 33 f4 f2 ba 1f 2c 96 15 71 41 97 7f c4 6c a1 bf b7 c8 e7 61 43 41 5b 76 e9 69 f3 6c bf c4 d2 b7 a1 c3 17 e9 c9 4d 2d 1e f4 a4 27 f8 19 42 c3 84 bc 75 39 4e 0f 7a 3f b5 4c 63 e7 8f 86 22 f5 2d d0 5e c2 54 e0 f1 d3 a5 0f c7 45 25 49 ce 58 e0 40 dd 54 21 70 7e 43 ad 67 c7 73 b5 dc 04 a4 4c cc 7e 19 44 c6 05 fb 50 16 65 3f e1 c5 45 eb 64 d2 c6 6e 49 a1 15 ec 52 fa b4 56 b7 f3 bd f1 81 a7 e3 e3 27 df a5 07 3b 08 a9 c8 92 0d 4a d6 8b 19 7c d2 ad 8e d6 f1 11 f2 6f fd 04 3f 42 e7 1f d0 9f 7a 4f c2 71 eb cf b6 39 79 0b c2 99 0f 33 03 5b d0 d1 94 5c 2c e5 d1 37 ce 2a ab 2a 3e 1d a9 01 99 68 91 dc 70 d9 3d 25 39 92 e6 10 2e e6 a2 Data Ascii: Z,, wfZlx2_TtxKn:o[3,qAlaCA[vilM-'Bu9Nz?Lc"-^TE%IX@T!p~CgsL~DPe?EdnIRV';J\|o?BzOq9y3[\,7**>hp=%9.
2024-10-01 09:10:08 UTC	2539	IN	Data Raw: 32 37 5c 32 32 31 5c 32 36 32 5c 33 30 33 5c 33 36 31 4e 5e 78 5c 33 31 30 52 5c 32 37 37 5c 33 36 34 5c 33 35 33 54 5c 30 33 34 79 5c 32 37 34 29 0a 2f 4d 6f 64 44 61 74 65 28 3f 5c 32 36 36 5c 32 31 32 65 5c 32 32 36 45 5c 33 32 37 5c 32 32 31 5c 32 36 32 5c 33 30 33 5c 33 36 31 4e 5e 78 5c 33 31 30 52 5c 32 37 37 5c 33 36 34 5c 33 35 33 54 5c 30 33 34 79 5c 32 37 34 29 0a 2f 43 72 65 61 74 6f 72 28 2b 5c 33 31 30 5c 33 37 36 3c 5c 33 32 31 5c 30 33 34 29 3e 3e 65 6e 64 6f 62 6a 0a 35 32 20 30 20 6f 62 6a 0a 3c 3c 2f 46 69 6c 74 65 72 20 2f 53 74 61 6e 64 61 72 64 20 2f 56 20 31 20 2f 4c 65 6e 67 74 68 20 34 30 20 2f 52 20 32 20 2f 50 20 2d 34 20 2f 4f 20 28 4e f4 5e a6 7b 69 41 fb 96 87 12 d4 38 91 fb dc db e1 b4 f8 6f 47 01 1e 11 f4 7e 46 49 c6 4b 82 Data Ascii: 27\221\262\303\361N^x\310R\277\364\353T\034y\274)/ModDate(?\266\212e\226E\327\221\262\303\361N^x\310R\277\364\353T\034y\274)/Creator(+\310\376<\321\034)>>endobj52 0 obj<</Filter /Standard /V 1 /Length 40 /R 2 /P -4 /O (N^{iA8oG~FIK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.16	49719	4.245.163.56	443

Timestamp	Bytes transferred	Direction	Data
2024-10-01 09:10:29 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=HStgZT61zEMDeuT&MD=2EwErSAk HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-01 09:10:30 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: bd9e439b-99f8-4ed7-a3e0-1724f9580cc8 MS-RequestId: 8c0162af-8f2d-4aaa-b5dc-a443add4e890 MS-CV: p32nufUuZUKFBNkU.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Tue, 01 Oct 2024 09:10:29 GMT Connection: close Content-Length: 30005
2024-10-01 09:10:30 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-10-01 09:10:30 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 6312, Parent PID: 4528

General

Target ID:	0
Start time:	05:09:40
Start date:	01/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6976, Parent PID: 6312

General

Target ID:	1
Start time:	05:09:40
Start date:	01/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1980,i,10027575918938416306,16167855775297127617,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6644, Parent PID: 4528

General

Target ID:	2
Start time:	05:09:41
Start date:	01/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.coolcatalogue.eu/np/cool2024/hu/files/content-page/55a9d7862d5de5084903c7ae3adf5dff.zip"
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: rundll32.exePID: 3364, Parent PID: 804

General

Target ID:	15
Start time:	05:10:52
Start date:	01/10/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Imagebase:	0x7ff604540000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads (ex: `rundll32.exe {DLLname, DLLfunction}` ).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://www.coolcatalogue.eu/np/cool2024/hu/files/content-page/55a9d7862d5de5084903c7ae3adf5dff.zip

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

C:\Users\user\Downloads\55a9d7862d5de5084903c7ae3adf5dff.zip (copy)

C:\Users\user\Downloads\55a9d7862d5de5084903c7ae3adf5dff.zip.crdownload

Chrome Cache Entry: 58

Chrome Cache Entry: 59

Static File Info

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 6312, Parent PID: 4528

Windows Analysis Report
http://www.coolcatalogue.eu/np/cool2024/hu/files/content-page/55a9d7862d5de5084903c7ae3adf5dff.zip