Edit tour

Windows Analysis Report
https://2h.ae/HWtB

Overview

General Information

Sample URL:	https://2h.ae/HWtB
Analysis ID:	1431057
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5552 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2840 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1952,i,7220497278789268327,86842902818398423,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6508 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://2h.ae/HWtB" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

HTTP traffic detected: POST /report/v4?s=vWtfxXmzRTuAWAaU3TcHGjdCOP8h9jp%2BPGFqoLu5G6MVoysJa%2FoonHBct64fEVzHi8uyaWSbomlO0htqkfbtxzSJmFT165GKM%2FwV7ozoT7k6WWJ2yEPxAbrW HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 383Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 12:20:51 GMTContent-Type: text/plain; charset=utf-8Content-Length: 9Connection: closeAccess-Control-Allow-Origin: *ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vWtfxXmzRTuAWAaU3TcHGjdCOP8h9jp%2BPGFqoLu5G6MVoysJa%2FoonHBct64fEVzHi8uyaWSbomlO0htqkfbtxzSJmFT165GKM%2FwV7ozoT7k6WWJ2yEPxAbrW"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 87960cba6934100b-LAXalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 12:20:51 GMTContent-Type: text/plain; charset=utf-8Content-Length: 9Connection: closeAccess-Control-Allow-Origin: *ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"Cache-Control: max-age=14400CF-Cache-Status: MISSReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T1G3MdaVaNfmcutBNGcnKEMa4t04PtBGAK4fCxv6aDPlONIspAQ4S7CJlD3qzK8ONufr9brsP00Vsffg85oiAYa1id%2Fw5%2FbvZaCpVOh5c2Rg4WQGaZtZkX2q"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 87960cc09b3c7e80-LAXalt-svc: h3=":443"; ma=86400

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 23.206.6.29:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.206.6.29:443 -> 192.168.2.4:49744 version: TLS 1.2

Source: classification engine

Classification label: mal48.win@17/4@8/7

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1952,i,7220497278789268327,86842902818398423,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://2h.ae/HWtB"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1952,i,7220497278789268327,86842902818398423,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://2h.ae/HWtB	100%	Avira URL Cloud	phishing

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://dgt.lat/favicon.ico	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
a.nel.cloudflare.com	35.190.80.1	true	false	high
dgt.lat	104.21.56.244	true	false	unknown
www.google.com	142.250.141.104	true	false	high
2h.ae	172.67.205.158	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://dgt.lat/favicon.ico	false	Avira URL Cloud: safe	unknown
https://a.nel.cloudflare.com/report/v4?s=T1G3MdaVaNfmcutBNGcnKEMa4t04PtBGAK4fCxv6aDPlONIspAQ4S7CJlD3qzK8ONufr9brsP00Vsffg85oiAYa1id%2Fw5%2FbvZaCpVOh5c2Rg4WQGaZtZkX2q	false		high
https://2h.ae/HWtB	true		unknown
https://a.nel.cloudflare.com/report/v4?s=vWtfxXmzRTuAWAaU3TcHGjdCOP8h9jp%2BPGFqoLu5G6MVoysJa%2FoonHBct64fEVzHi8uyaWSbomlO0htqkfbtxzSJmFT165GKM%2FwV7ozoT7k6WWJ2yEPxAbrW	false		high
https://dgt.lat/entra	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.21.56.244	dgt.lat	United States	13335	CLOUDFLARENETUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
142.250.141.104	www.google.com	United States	15169	GOOGLEUS	false
172.67.205.158	2h.ae	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.4
192.168.2.5

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1431057
Start date and time:	2024-04-24 14:19:55 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 8s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://2h.ae/HWtB
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@17/4@8/7

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 74.125.137.94, 142.251.2.139, 142.251.2.100, 142.251.2.138, 142.251.2.102, 142.251.2.101, 142.251.2.113, 142.251.2.84, 34.104.35.123, 20.12.23.50, 23.1.234.57, 23.1.234.24, 192.229.211.108, 20.3.187.198, 142.250.101.94
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-bg-shim.trafficmanager.net, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 41

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	9
Entropy (8bit):	2.94770277922009
Encrypted:	false
SSDEEP:	3:Obn:Obn
MD5:	9D1EAD73E678FA2F51A70A933B0BF017
SHA1:	D205CBD6783332A212C5AE92D73C77178C2D2F28
SHA-256:	0019DFC4B32D63C1392AA264AED2253C1E0C2FB09216F8E2CC269BBFB8BB49B5
SHA-512:	935B3D516E996F6D25948BA8A54C1B7F70F7F0E3F517E36481FDF0196C2C5CFC2841F86E891F3DF9517746B7FB605DB47CDDED1B8FF78D9482DDAA621DB43A34
Malicious:	false
Reputation:	low
URL:	https://dgt.lat/favicon.ico
Preview:	Not Found

Chrome Cache Entry: 42

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	9
Entropy (8bit):	2.94770277922009
Encrypted:	false
SSDEEP:	3:Obn:Obn
MD5:	9D1EAD73E678FA2F51A70A933B0BF017
SHA1:	D205CBD6783332A212C5AE92D73C77178C2D2F28
SHA-256:	0019DFC4B32D63C1392AA264AED2253C1E0C2FB09216F8E2CC269BBFB8BB49B5
SHA-512:	935B3D516E996F6D25948BA8A54C1B7F70F7F0E3F517E36481FDF0196C2C5CFC2841F86E891F3DF9517746B7FB605DB47CDDED1B8FF78D9482DDAA621DB43A34
Malicious:	false
Reputation:	low
URL:	https://dgt.lat/entra
Preview:	Not Found

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 24, 2024 14:20:38.383193970 CEST	49678	443	192.168.2.4	104.46.162.224
Apr 24, 2024 14:20:40.507972002 CEST	49675	443	192.168.2.4	173.222.162.32
Apr 24, 2024 14:20:48.277358055 CEST	49736	443	192.168.2.4	172.67.205.158
Apr 24, 2024 14:20:48.277439117 CEST	443	49736	172.67.205.158	192.168.2.4
Apr 24, 2024 14:20:48.277587891 CEST	49736	443	192.168.2.4	172.67.205.158
Apr 24, 2024 14:20:48.277822018 CEST	49737	443	192.168.2.4	172.67.205.158
Apr 24, 2024 14:20:48.277883053 CEST	443	49737	172.67.205.158	192.168.2.4
Apr 24, 2024 14:20:48.277932882 CEST	49737	443	192.168.2.4	172.67.205.158
Apr 24, 2024 14:20:48.278089046 CEST	49736	443	192.168.2.4	172.67.205.158
Apr 24, 2024 14:20:48.278140068 CEST	443	49736	172.67.205.158	192.168.2.4
Apr 24, 2024 14:20:48.278234005 CEST	49737	443	192.168.2.4	172.67.205.158
Apr 24, 2024 14:20:48.278253078 CEST	443	49737	172.67.205.158	192.168.2.4
Apr 24, 2024 14:20:48.611964941 CEST	443	49737	172.67.205.158	192.168.2.4
Apr 24, 2024 14:20:48.612293959 CEST	49737	443	192.168.2.4	172.67.205.158
Apr 24, 2024 14:20:48.612313032 CEST	443	49737	172.67.205.158	192.168.2.4
Apr 24, 2024 14:20:48.613363028 CEST	443	49737	172.67.205.158	192.168.2.4
Apr 24, 2024 14:20:48.613430023 CEST	49737	443	192.168.2.4	172.67.205.158
Apr 24, 2024 14:20:48.614033937 CEST	443	49736	172.67.205.158	192.168.2.4
Apr 24, 2024 14:20:48.614691973 CEST	49736	443	192.168.2.4	172.67.205.158
Apr 24, 2024 14:20:48.614712954 CEST	443	49736	172.67.205.158	192.168.2.4
Apr 24, 2024 14:20:48.615724087 CEST	49737	443	192.168.2.4	172.67.205.158
Apr 24, 2024 14:20:48.615791082 CEST	443	49737	172.67.205.158	192.168.2.4
Apr 24, 2024 14:20:48.615984917 CEST	49737	443	192.168.2.4	172.67.205.158
Apr 24, 2024 14:20:48.615993977 CEST	443	49737	172.67.205.158	192.168.2.4
Apr 24, 2024 14:20:48.616229057 CEST	443	49736	172.67.205.158	192.168.2.4
Apr 24, 2024 14:20:48.616290092 CEST	49736	443	192.168.2.4	172.67.205.158
Apr 24, 2024 14:20:48.617373943 CEST	49736	443	192.168.2.4	172.67.205.158
Apr 24, 2024 14:20:48.617458105 CEST	443	49736	172.67.205.158	192.168.2.4
Apr 24, 2024 14:20:48.660655975 CEST	49737	443	192.168.2.4	172.67.205.158
Apr 24, 2024 14:20:48.661391020 CEST	49736	443	192.168.2.4	172.67.205.158
Apr 24, 2024 14:20:48.661426067 CEST	443	49736	172.67.205.158	192.168.2.4
Apr 24, 2024 14:20:48.709235907 CEST	49736	443	192.168.2.4	172.67.205.158
Apr 24, 2024 14:20:49.973352909 CEST	443	49737	172.67.205.158	192.168.2.4
Apr 24, 2024 14:20:49.977591038 CEST	443	49737	172.67.205.158	192.168.2.4
Apr 24, 2024 14:20:49.977634907 CEST	49737	443	192.168.2.4	172.67.205.158
Apr 24, 2024 14:20:49.981472015 CEST	49737	443	192.168.2.4	172.67.205.158
Apr 24, 2024 14:20:49.981499910 CEST	443	49737	172.67.205.158	192.168.2.4
Apr 24, 2024 14:20:50.119702101 CEST	49675	443	192.168.2.4	173.222.162.32
Apr 24, 2024 14:20:50.239497900 CEST	49739	443	192.168.2.4	104.21.56.244
Apr 24, 2024 14:20:50.239550114 CEST	443	49739	104.21.56.244	192.168.2.4
Apr 24, 2024 14:20:50.239629030 CEST	49739	443	192.168.2.4	104.21.56.244
Apr 24, 2024 14:20:50.240295887 CEST	49739	443	192.168.2.4	104.21.56.244
Apr 24, 2024 14:20:50.240325928 CEST	443	49739	104.21.56.244	192.168.2.4
Apr 24, 2024 14:20:50.355494022 CEST	49740	443	192.168.2.4	142.250.141.104
Apr 24, 2024 14:20:50.355576038 CEST	443	49740	142.250.141.104	192.168.2.4
Apr 24, 2024 14:20:50.355658054 CEST	49740	443	192.168.2.4	142.250.141.104
Apr 24, 2024 14:20:50.355887890 CEST	49740	443	192.168.2.4	142.250.141.104
Apr 24, 2024 14:20:50.355921030 CEST	443	49740	142.250.141.104	192.168.2.4
Apr 24, 2024 14:20:50.573556900 CEST	443	49739	104.21.56.244	192.168.2.4
Apr 24, 2024 14:20:50.577461004 CEST	49739	443	192.168.2.4	104.21.56.244
Apr 24, 2024 14:20:50.577497959 CEST	443	49739	104.21.56.244	192.168.2.4
Apr 24, 2024 14:20:50.579093933 CEST	443	49739	104.21.56.244	192.168.2.4
Apr 24, 2024 14:20:50.579179049 CEST	49739	443	192.168.2.4	104.21.56.244
Apr 24, 2024 14:20:50.716877937 CEST	443	49740	142.250.141.104	192.168.2.4
Apr 24, 2024 14:20:50.717217922 CEST	49740	443	192.168.2.4	142.250.141.104
Apr 24, 2024 14:20:50.717272997 CEST	443	49740	142.250.141.104	192.168.2.4
Apr 24, 2024 14:20:50.718251944 CEST	443	49740	142.250.141.104	192.168.2.4
Apr 24, 2024 14:20:50.718359947 CEST	49740	443	192.168.2.4	142.250.141.104
Apr 24, 2024 14:20:50.801234961 CEST	49741	443	192.168.2.4	23.206.6.29
Apr 24, 2024 14:20:50.801278114 CEST	443	49741	23.206.6.29	192.168.2.4
Apr 24, 2024 14:20:50.801522017 CEST	49741	443	192.168.2.4	23.206.6.29
Apr 24, 2024 14:20:50.810359001 CEST	49741	443	192.168.2.4	23.206.6.29
Apr 24, 2024 14:20:50.810373068 CEST	443	49741	23.206.6.29	192.168.2.4
Apr 24, 2024 14:20:50.865324974 CEST	49739	443	192.168.2.4	104.21.56.244
Apr 24, 2024 14:20:50.865324974 CEST	49739	443	192.168.2.4	104.21.56.244
Apr 24, 2024 14:20:50.865408897 CEST	443	49739	104.21.56.244	192.168.2.4
Apr 24, 2024 14:20:50.865565062 CEST	443	49739	104.21.56.244	192.168.2.4
Apr 24, 2024 14:20:50.866050005 CEST	49740	443	192.168.2.4	142.250.141.104
Apr 24, 2024 14:20:50.866218090 CEST	443	49740	142.250.141.104	192.168.2.4
Apr 24, 2024 14:20:50.914963007 CEST	49740	443	192.168.2.4	142.250.141.104
Apr 24, 2024 14:20:50.914982080 CEST	49739	443	192.168.2.4	104.21.56.244
Apr 24, 2024 14:20:50.914992094 CEST	443	49740	142.250.141.104	192.168.2.4
Apr 24, 2024 14:20:50.915039062 CEST	443	49739	104.21.56.244	192.168.2.4
Apr 24, 2024 14:20:50.959391117 CEST	49739	443	192.168.2.4	104.21.56.244
Apr 24, 2024 14:20:50.959471941 CEST	49740	443	192.168.2.4	142.250.141.104
Apr 24, 2024 14:20:51.155462027 CEST	443	49741	23.206.6.29	192.168.2.4
Apr 24, 2024 14:20:51.155822992 CEST	49741	443	192.168.2.4	23.206.6.29
Apr 24, 2024 14:20:51.161392927 CEST	49741	443	192.168.2.4	23.206.6.29
Apr 24, 2024 14:20:51.161437035 CEST	443	49741	23.206.6.29	192.168.2.4
Apr 24, 2024 14:20:51.161664963 CEST	443	49741	23.206.6.29	192.168.2.4
Apr 24, 2024 14:20:51.205389023 CEST	49741	443	192.168.2.4	23.206.6.29
Apr 24, 2024 14:20:51.212076902 CEST	443	49739	104.21.56.244	192.168.2.4
Apr 24, 2024 14:20:51.212239981 CEST	443	49739	104.21.56.244	192.168.2.4
Apr 24, 2024 14:20:51.214816093 CEST	49739	443	192.168.2.4	104.21.56.244
Apr 24, 2024 14:20:51.223974943 CEST	49739	443	192.168.2.4	104.21.56.244
Apr 24, 2024 14:20:51.223999977 CEST	443	49739	104.21.56.244	192.168.2.4
Apr 24, 2024 14:20:51.320127964 CEST	49742	443	192.168.2.4	104.21.56.244
Apr 24, 2024 14:20:51.320194006 CEST	443	49742	104.21.56.244	192.168.2.4
Apr 24, 2024 14:20:51.321443081 CEST	49742	443	192.168.2.4	104.21.56.244
Apr 24, 2024 14:20:51.321789026 CEST	49742	443	192.168.2.4	104.21.56.244
Apr 24, 2024 14:20:51.321825981 CEST	443	49742	104.21.56.244	192.168.2.4
Apr 24, 2024 14:20:51.356055975 CEST	49741	443	192.168.2.4	23.206.6.29
Apr 24, 2024 14:20:51.391154051 CEST	49743	443	192.168.2.4	35.190.80.1
Apr 24, 2024 14:20:51.391208887 CEST	443	49743	35.190.80.1	192.168.2.4
Apr 24, 2024 14:20:51.391371012 CEST	49743	443	192.168.2.4	35.190.80.1
Apr 24, 2024 14:20:51.393471003 CEST	49743	443	192.168.2.4	35.190.80.1
Apr 24, 2024 14:20:51.393488884 CEST	443	49743	35.190.80.1	192.168.2.4
Apr 24, 2024 14:20:51.396152973 CEST	443	49741	23.206.6.29	192.168.2.4
Apr 24, 2024 14:20:51.525125980 CEST	443	49741	23.206.6.29	192.168.2.4
Apr 24, 2024 14:20:51.525187016 CEST	443	49741	23.206.6.29	192.168.2.4
Apr 24, 2024 14:20:51.525247097 CEST	49741	443	192.168.2.4	23.206.6.29
Apr 24, 2024 14:20:51.547581911 CEST	49741	443	192.168.2.4	23.206.6.29
Apr 24, 2024 14:20:51.547646046 CEST	443	49741	23.206.6.29	192.168.2.4
Apr 24, 2024 14:20:51.547677994 CEST	49741	443	192.168.2.4	23.206.6.29
Apr 24, 2024 14:20:51.547694921 CEST	443	49741	23.206.6.29	192.168.2.4
Apr 24, 2024 14:20:51.606946945 CEST	49744	443	192.168.2.4	23.206.6.29
Apr 24, 2024 14:20:51.606990099 CEST	443	49744	23.206.6.29	192.168.2.4
Apr 24, 2024 14:20:51.607058048 CEST	49744	443	192.168.2.4	23.206.6.29
Apr 24, 2024 14:20:51.607908964 CEST	49744	443	192.168.2.4	23.206.6.29
Apr 24, 2024 14:20:51.607925892 CEST	443	49744	23.206.6.29	192.168.2.4
Apr 24, 2024 14:20:51.656213999 CEST	443	49742	104.21.56.244	192.168.2.4
Apr 24, 2024 14:20:51.656558990 CEST	49742	443	192.168.2.4	104.21.56.244
Apr 24, 2024 14:20:51.656582117 CEST	443	49742	104.21.56.244	192.168.2.4
Apr 24, 2024 14:20:51.657741070 CEST	443	49742	104.21.56.244	192.168.2.4
Apr 24, 2024 14:20:51.658648968 CEST	49742	443	192.168.2.4	104.21.56.244
Apr 24, 2024 14:20:51.658844948 CEST	443	49742	104.21.56.244	192.168.2.4
Apr 24, 2024 14:20:51.659091949 CEST	49742	443	192.168.2.4	104.21.56.244
Apr 24, 2024 14:20:51.700145006 CEST	443	49742	104.21.56.244	192.168.2.4
Apr 24, 2024 14:20:51.755716085 CEST	443	49743	35.190.80.1	192.168.2.4
Apr 24, 2024 14:20:51.756336927 CEST	49743	443	192.168.2.4	35.190.80.1
Apr 24, 2024 14:20:51.756350040 CEST	443	49743	35.190.80.1	192.168.2.4
Apr 24, 2024 14:20:51.757921934 CEST	443	49743	35.190.80.1	192.168.2.4
Apr 24, 2024 14:20:51.757987022 CEST	49743	443	192.168.2.4	35.190.80.1
Apr 24, 2024 14:20:51.766952038 CEST	49743	443	192.168.2.4	35.190.80.1
Apr 24, 2024 14:20:51.767041922 CEST	443	49743	35.190.80.1	192.168.2.4
Apr 24, 2024 14:20:51.767173052 CEST	49743	443	192.168.2.4	35.190.80.1
Apr 24, 2024 14:20:51.767187119 CEST	443	49743	35.190.80.1	192.168.2.4
Apr 24, 2024 14:20:51.819247961 CEST	49743	443	192.168.2.4	35.190.80.1
Apr 24, 2024 14:20:51.954957008 CEST	443	49744	23.206.6.29	192.168.2.4
Apr 24, 2024 14:20:51.955053091 CEST	49744	443	192.168.2.4	23.206.6.29
Apr 24, 2024 14:20:51.956397057 CEST	49744	443	192.168.2.4	23.206.6.29
Apr 24, 2024 14:20:51.956423998 CEST	443	49744	23.206.6.29	192.168.2.4
Apr 24, 2024 14:20:51.957412004 CEST	443	49744	23.206.6.29	192.168.2.4
Apr 24, 2024 14:20:51.958764076 CEST	49744	443	192.168.2.4	23.206.6.29
Apr 24, 2024 14:20:52.004112959 CEST	443	49744	23.206.6.29	192.168.2.4
Apr 24, 2024 14:20:52.041649103 CEST	443	49742	104.21.56.244	192.168.2.4
Apr 24, 2024 14:20:52.041733027 CEST	443	49742	104.21.56.244	192.168.2.4
Apr 24, 2024 14:20:52.041795015 CEST	49742	443	192.168.2.4	104.21.56.244
Apr 24, 2024 14:20:52.042531967 CEST	49742	443	192.168.2.4	104.21.56.244
Apr 24, 2024 14:20:52.042576075 CEST	443	49742	104.21.56.244	192.168.2.4
Apr 24, 2024 14:20:52.136362076 CEST	443	49743	35.190.80.1	192.168.2.4
Apr 24, 2024 14:20:52.136431932 CEST	443	49743	35.190.80.1	192.168.2.4
Apr 24, 2024 14:20:52.136473894 CEST	49743	443	192.168.2.4	35.190.80.1
Apr 24, 2024 14:20:52.136625051 CEST	49743	443	192.168.2.4	35.190.80.1
Apr 24, 2024 14:20:52.136651039 CEST	443	49743	35.190.80.1	192.168.2.4
Apr 24, 2024 14:20:52.136662960 CEST	49743	443	192.168.2.4	35.190.80.1
Apr 24, 2024 14:20:52.136701107 CEST	49743	443	192.168.2.4	35.190.80.1
Apr 24, 2024 14:20:52.137089014 CEST	49745	443	192.168.2.4	35.190.80.1
Apr 24, 2024 14:20:52.137124062 CEST	443	49745	35.190.80.1	192.168.2.4
Apr 24, 2024 14:20:52.137190104 CEST	49745	443	192.168.2.4	35.190.80.1
Apr 24, 2024 14:20:52.137443066 CEST	49745	443	192.168.2.4	35.190.80.1
Apr 24, 2024 14:20:52.137458086 CEST	443	49745	35.190.80.1	192.168.2.4
Apr 24, 2024 14:20:52.316171885 CEST	443	49744	23.206.6.29	192.168.2.4
Apr 24, 2024 14:20:52.316338062 CEST	443	49744	23.206.6.29	192.168.2.4
Apr 24, 2024 14:20:52.316402912 CEST	49744	443	192.168.2.4	23.206.6.29
Apr 24, 2024 14:20:52.321405888 CEST	49744	443	192.168.2.4	23.206.6.29
Apr 24, 2024 14:20:52.321460009 CEST	443	49744	23.206.6.29	192.168.2.4
Apr 24, 2024 14:20:52.321501017 CEST	49744	443	192.168.2.4	23.206.6.29
Apr 24, 2024 14:20:52.321517944 CEST	443	49744	23.206.6.29	192.168.2.4
Apr 24, 2024 14:20:52.487298012 CEST	443	49745	35.190.80.1	192.168.2.4
Apr 24, 2024 14:20:52.505477905 CEST	49745	443	192.168.2.4	35.190.80.1
Apr 24, 2024 14:20:52.505502939 CEST	443	49745	35.190.80.1	192.168.2.4
Apr 24, 2024 14:20:52.506704092 CEST	443	49745	35.190.80.1	192.168.2.4
Apr 24, 2024 14:20:52.553986073 CEST	49745	443	192.168.2.4	35.190.80.1
Apr 24, 2024 14:20:52.587009907 CEST	49745	443	192.168.2.4	35.190.80.1
Apr 24, 2024 14:20:52.587179899 CEST	443	49745	35.190.80.1	192.168.2.4
Apr 24, 2024 14:20:52.588035107 CEST	49745	443	192.168.2.4	35.190.80.1
Apr 24, 2024 14:20:52.628151894 CEST	443	49745	35.190.80.1	192.168.2.4
Apr 24, 2024 14:20:52.877614975 CEST	443	49745	35.190.80.1	192.168.2.4
Apr 24, 2024 14:20:52.877707005 CEST	443	49745	35.190.80.1	192.168.2.4
Apr 24, 2024 14:20:52.877854109 CEST	49745	443	192.168.2.4	35.190.80.1
Apr 24, 2024 14:20:52.889785051 CEST	49745	443	192.168.2.4	35.190.80.1
Apr 24, 2024 14:20:52.889837027 CEST	443	49745	35.190.80.1	192.168.2.4
Apr 24, 2024 14:21:00.716429949 CEST	443	49740	142.250.141.104	192.168.2.4
Apr 24, 2024 14:21:00.716495037 CEST	443	49740	142.250.141.104	192.168.2.4
Apr 24, 2024 14:21:00.716801882 CEST	49740	443	192.168.2.4	142.250.141.104
Apr 24, 2024 14:21:02.498891115 CEST	49740	443	192.168.2.4	142.250.141.104
Apr 24, 2024 14:21:02.498960018 CEST	443	49740	142.250.141.104	192.168.2.4
Apr 24, 2024 14:21:03.599906921 CEST	443	49736	172.67.205.158	192.168.2.4
Apr 24, 2024 14:21:03.599976063 CEST	443	49736	172.67.205.158	192.168.2.4
Apr 24, 2024 14:21:03.600044012 CEST	49736	443	192.168.2.4	172.67.205.158
Apr 24, 2024 14:21:04.248971939 CEST	49736	443	192.168.2.4	172.67.205.158
Apr 24, 2024 14:21:04.249032021 CEST	443	49736	172.67.205.158	192.168.2.4
Apr 24, 2024 14:21:50.228914976 CEST	49755	443	192.168.2.4	142.250.141.104
Apr 24, 2024 14:21:50.228949070 CEST	443	49755	142.250.141.104	192.168.2.4
Apr 24, 2024 14:21:50.229022026 CEST	49755	443	192.168.2.4	142.250.141.104
Apr 24, 2024 14:21:50.230024099 CEST	49755	443	192.168.2.4	142.250.141.104
Apr 24, 2024 14:21:50.230036974 CEST	443	49755	142.250.141.104	192.168.2.4
Apr 24, 2024 14:21:50.589513063 CEST	443	49755	142.250.141.104	192.168.2.4
Apr 24, 2024 14:21:50.590188026 CEST	49755	443	192.168.2.4	142.250.141.104
Apr 24, 2024 14:21:50.590214968 CEST	443	49755	142.250.141.104	192.168.2.4
Apr 24, 2024 14:21:50.591310024 CEST	443	49755	142.250.141.104	192.168.2.4
Apr 24, 2024 14:21:50.591983080 CEST	49755	443	192.168.2.4	142.250.141.104
Apr 24, 2024 14:21:50.592067003 CEST	443	49755	142.250.141.104	192.168.2.4
Apr 24, 2024 14:21:50.646783113 CEST	49755	443	192.168.2.4	142.250.141.104
Apr 24, 2024 14:21:51.226382971 CEST	49756	443	192.168.2.4	35.190.80.1
Apr 24, 2024 14:21:51.226466894 CEST	443	49756	35.190.80.1	192.168.2.4
Apr 24, 2024 14:21:51.226553917 CEST	49756	443	192.168.2.4	35.190.80.1
Apr 24, 2024 14:21:51.227974892 CEST	49756	443	192.168.2.4	35.190.80.1
Apr 24, 2024 14:21:51.228012085 CEST	443	49756	35.190.80.1	192.168.2.4
Apr 24, 2024 14:21:51.576412916 CEST	443	49756	35.190.80.1	192.168.2.4
Apr 24, 2024 14:21:51.576740980 CEST	49756	443	192.168.2.4	35.190.80.1
Apr 24, 2024 14:21:51.576806068 CEST	443	49756	35.190.80.1	192.168.2.4
Apr 24, 2024 14:21:51.577933073 CEST	443	49756	35.190.80.1	192.168.2.4
Apr 24, 2024 14:21:51.578478098 CEST	49756	443	192.168.2.4	35.190.80.1
Apr 24, 2024 14:21:51.578641891 CEST	49756	443	192.168.2.4	35.190.80.1
Apr 24, 2024 14:21:51.578675032 CEST	443	49756	35.190.80.1	192.168.2.4
Apr 24, 2024 14:21:51.631186008 CEST	49756	443	192.168.2.4	35.190.80.1
Apr 24, 2024 14:21:51.972615004 CEST	443	49756	35.190.80.1	192.168.2.4
Apr 24, 2024 14:21:51.972815990 CEST	443	49756	35.190.80.1	192.168.2.4
Apr 24, 2024 14:21:51.972879887 CEST	49756	443	192.168.2.4	35.190.80.1
Apr 24, 2024 14:21:51.973306894 CEST	49756	443	192.168.2.4	35.190.80.1
Apr 24, 2024 14:21:51.973315954 CEST	443	49756	35.190.80.1	192.168.2.4
Apr 24, 2024 14:21:51.974731922 CEST	49757	443	192.168.2.4	35.190.80.1
Apr 24, 2024 14:21:51.974744081 CEST	443	49757	35.190.80.1	192.168.2.4
Apr 24, 2024 14:21:51.974809885 CEST	49757	443	192.168.2.4	35.190.80.1
Apr 24, 2024 14:21:51.975469112 CEST	49757	443	192.168.2.4	35.190.80.1
Apr 24, 2024 14:21:51.975482941 CEST	443	49757	35.190.80.1	192.168.2.4
Apr 24, 2024 14:21:52.327585936 CEST	443	49757	35.190.80.1	192.168.2.4
Apr 24, 2024 14:21:52.331432104 CEST	49757	443	192.168.2.4	35.190.80.1
Apr 24, 2024 14:21:52.331444979 CEST	443	49757	35.190.80.1	192.168.2.4
Apr 24, 2024 14:21:52.331914902 CEST	443	49757	35.190.80.1	192.168.2.4
Apr 24, 2024 14:21:52.346462011 CEST	49757	443	192.168.2.4	35.190.80.1
Apr 24, 2024 14:21:52.346666098 CEST	443	49757	35.190.80.1	192.168.2.4
Apr 24, 2024 14:21:52.355849028 CEST	49757	443	192.168.2.4	35.190.80.1
Apr 24, 2024 14:21:52.396141052 CEST	443	49757	35.190.80.1	192.168.2.4
Apr 24, 2024 14:21:52.719677925 CEST	443	49757	35.190.80.1	192.168.2.4
Apr 24, 2024 14:21:52.719875097 CEST	443	49757	35.190.80.1	192.168.2.4
Apr 24, 2024 14:21:52.719943047 CEST	49757	443	192.168.2.4	35.190.80.1
Apr 24, 2024 14:21:52.720109940 CEST	49757	443	192.168.2.4	35.190.80.1
Apr 24, 2024 14:21:52.720118999 CEST	443	49757	35.190.80.1	192.168.2.4
Apr 24, 2024 14:21:52.720168114 CEST	49757	443	192.168.2.4	35.190.80.1
Apr 24, 2024 14:21:52.720176935 CEST	49757	443	192.168.2.4	35.190.80.1
Apr 24, 2024 14:21:57.321047068 CEST	49723	80	192.168.2.4	72.21.81.240
Apr 24, 2024 14:21:57.321341991 CEST	49724	80	192.168.2.4	72.21.81.240
Apr 24, 2024 14:21:57.480293989 CEST	80	49723	72.21.81.240	192.168.2.4
Apr 24, 2024 14:21:57.480475903 CEST	49723	80	192.168.2.4	72.21.81.240
Apr 24, 2024 14:21:57.480567932 CEST	80	49724	72.21.81.240	192.168.2.4
Apr 24, 2024 14:21:57.480762959 CEST	49724	80	192.168.2.4	72.21.81.240
Apr 24, 2024 14:22:00.597408056 CEST	443	49755	142.250.141.104	192.168.2.4
Apr 24, 2024 14:22:00.597588062 CEST	443	49755	142.250.141.104	192.168.2.4
Apr 24, 2024 14:22:00.597681999 CEST	49755	443	192.168.2.4	142.250.141.104
Apr 24, 2024 14:22:02.244451046 CEST	49755	443	192.168.2.4	142.250.141.104
Apr 24, 2024 14:22:02.244483948 CEST	443	49755	142.250.141.104	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 24, 2024 14:20:46.165534019 CEST	53	64282	1.1.1.1	192.168.2.4
Apr 24, 2024 14:20:46.172344923 CEST	53	56578	1.1.1.1	192.168.2.4
Apr 24, 2024 14:20:47.268094063 CEST	53	55860	1.1.1.1	192.168.2.4
Apr 24, 2024 14:20:48.103518963 CEST	51161	53	192.168.2.4	1.1.1.1
Apr 24, 2024 14:20:48.103641033 CEST	58425	53	192.168.2.4	1.1.1.1
Apr 24, 2024 14:20:48.275902033 CEST	53	51161	1.1.1.1	192.168.2.4
Apr 24, 2024 14:20:48.276595116 CEST	53	58425	1.1.1.1	192.168.2.4
Apr 24, 2024 14:20:49.984749079 CEST	56941	53	192.168.2.4	1.1.1.1
Apr 24, 2024 14:20:49.985346079 CEST	59932	53	192.168.2.4	1.1.1.1
Apr 24, 2024 14:20:50.177879095 CEST	55728	53	192.168.2.4	1.1.1.1
Apr 24, 2024 14:20:50.200762987 CEST	50661	53	192.168.2.4	1.1.1.1
Apr 24, 2024 14:20:50.223027945 CEST	53	59932	1.1.1.1	192.168.2.4
Apr 24, 2024 14:20:50.223076105 CEST	53	56941	1.1.1.1	192.168.2.4
Apr 24, 2024 14:20:50.331564903 CEST	53	55728	1.1.1.1	192.168.2.4
Apr 24, 2024 14:20:50.354425907 CEST	53	50661	1.1.1.1	192.168.2.4
Apr 24, 2024 14:20:51.221642017 CEST	49868	53	192.168.2.4	1.1.1.1
Apr 24, 2024 14:20:51.221642971 CEST	51159	53	192.168.2.4	1.1.1.1
Apr 24, 2024 14:20:51.377803087 CEST	53	49868	1.1.1.1	192.168.2.4
Apr 24, 2024 14:20:51.390379906 CEST	53	51159	1.1.1.1	192.168.2.4
Apr 24, 2024 14:21:04.646287918 CEST	53	58269	1.1.1.1	192.168.2.4
Apr 24, 2024 14:21:08.908278942 CEST	138	138	192.168.2.4	192.168.2.255
Apr 24, 2024 14:21:23.695956945 CEST	53	52340	1.1.1.1	192.168.2.4
Apr 24, 2024 14:21:45.726653099 CEST	53	56250	1.1.1.1	192.168.2.4
Apr 24, 2024 14:21:46.719619989 CEST	53	56147	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 24, 2024 14:20:48.103518963 CEST	192.168.2.4	1.1.1.1	0x6d89	Standard query (0)	2h.ae	A (IP address)	IN (0x0001)	false
Apr 24, 2024 14:20:48.103641033 CEST	192.168.2.4	1.1.1.1	0xbd7	Standard query (0)	2h.ae	65	IN (0x0001)	false
Apr 24, 2024 14:20:49.984749079 CEST	192.168.2.4	1.1.1.1	0xb89f	Standard query (0)	dgt.lat	A (IP address)	IN (0x0001)	false
Apr 24, 2024 14:20:49.985346079 CEST	192.168.2.4	1.1.1.1	0x9fcb	Standard query (0)	dgt.lat	65	IN (0x0001)	false
Apr 24, 2024 14:20:50.177879095 CEST	192.168.2.4	1.1.1.1	0x6402	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 24, 2024 14:20:50.200762987 CEST	192.168.2.4	1.1.1.1	0xff6f	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 24, 2024 14:20:51.221642017 CEST	192.168.2.4	1.1.1.1	0x34b2	Standard query (0)	a.nel.cloudflare.com	A (IP address)	IN (0x0001)	false
Apr 24, 2024 14:20:51.221642971 CEST	192.168.2.4	1.1.1.1	0x8d9f	Standard query (0)	a.nel.cloudflare.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 24, 2024 14:20:48.275902033 CEST	1.1.1.1	192.168.2.4	0x6d89	No error (0)	2h.ae		172.67.205.158	A (IP address)	IN (0x0001)	false
Apr 24, 2024 14:20:48.275902033 CEST	1.1.1.1	192.168.2.4	0x6d89	No error (0)	2h.ae		104.21.77.80	A (IP address)	IN (0x0001)	false
Apr 24, 2024 14:20:48.276595116 CEST	1.1.1.1	192.168.2.4	0xbd7	No error (0)	2h.ae			65	IN (0x0001)	false
Apr 24, 2024 14:20:50.223027945 CEST	1.1.1.1	192.168.2.4	0x9fcb	No error (0)	dgt.lat			65	IN (0x0001)	false
Apr 24, 2024 14:20:50.223076105 CEST	1.1.1.1	192.168.2.4	0xb89f	No error (0)	dgt.lat		104.21.56.244	A (IP address)	IN (0x0001)	false
Apr 24, 2024 14:20:50.223076105 CEST	1.1.1.1	192.168.2.4	0xb89f	No error (0)	dgt.lat		172.67.138.233	A (IP address)	IN (0x0001)	false
Apr 24, 2024 14:20:50.331564903 CEST	1.1.1.1	192.168.2.4	0x6402	No error (0)	www.google.com		142.250.141.104	A (IP address)	IN (0x0001)	false
Apr 24, 2024 14:20:50.331564903 CEST	1.1.1.1	192.168.2.4	0x6402	No error (0)	www.google.com		142.250.141.99	A (IP address)	IN (0x0001)	false
Apr 24, 2024 14:20:50.331564903 CEST	1.1.1.1	192.168.2.4	0x6402	No error (0)	www.google.com		142.250.141.103	A (IP address)	IN (0x0001)	false
Apr 24, 2024 14:20:50.331564903 CEST	1.1.1.1	192.168.2.4	0x6402	No error (0)	www.google.com		142.250.141.106	A (IP address)	IN (0x0001)	false
Apr 24, 2024 14:20:50.331564903 CEST	1.1.1.1	192.168.2.4	0x6402	No error (0)	www.google.com		142.250.141.147	A (IP address)	IN (0x0001)	false
Apr 24, 2024 14:20:50.331564903 CEST	1.1.1.1	192.168.2.4	0x6402	No error (0)	www.google.com		142.250.141.105	A (IP address)	IN (0x0001)	false
Apr 24, 2024 14:20:50.354425907 CEST	1.1.1.1	192.168.2.4	0xff6f	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 24, 2024 14:20:51.377803087 CEST	1.1.1.1	192.168.2.4	0x34b2	No error (0)	a.nel.cloudflare.com		35.190.80.1	A (IP address)	IN (0x0001)	false
Apr 24, 2024 14:21:03.813492060 CEST	1.1.1.1	192.168.2.4	0xa092	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 14:21:03.813492060 CEST	1.1.1.1	192.168.2.4	0xa092	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 24, 2024 14:21:16.780989885 CEST	1.1.1.1	192.168.2.4	0x4bab	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 14:21:16.780989885 CEST	1.1.1.1	192.168.2.4	0x4bab	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 24, 2024 14:21:38.739985943 CEST	1.1.1.1	192.168.2.4	0x801d	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 14:21:38.739985943 CEST	1.1.1.1	192.168.2.4	0x801d	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 24, 2024 14:21:58.943013906 CEST	1.1.1.1	192.168.2.4	0x9c96	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 14:21:58.943013906 CEST	1.1.1.1	192.168.2.4	0x9c96	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

2h.ae

dgt.lat

https:

fs.microsoft.com

a.nel.cloudflare.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49737	172.67.205.158	443	2840	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 12:20:48 UTC	652	OUT	GET /HWtB HTTP/1.1 Host: 2h.ae Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 12:20:49 UTC	926	IN	HTTP/1.1 301 Moved Permanently Date: Wed, 24 Apr 2024 12:20:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/7.4.30 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=g3a6kt5fafktbdmla3g03j5sjo; path=/ Set-Cookie: short_179918=1; expires=Wed, 24-Apr-2024 12:32:04 GMT; Max-Age=900; path=/; HttpOnly location: https://dgt.lat/entra Vary: User-Agent CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q8T%2BqrWfmsds8D8ZZlu6e3BsNqQUWK9rcQ6PjMPuu%2BeplD%2BDgr2lh%2B4zfW8SbzQo27h550WKXGI6VThNK0wH98AJjbMgGe3r3%2BV8V1PQaZHJuovAygG11w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87960cad8a1c1035-LAX alt-svc: h3=":443"; ma=86400
2024-04-24 12:20:49 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49739	104.21.56.244	443	2840	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 12:20:50 UTC	655	OUT	GET /entra HTTP/1.1 Host: dgt.lat Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 12:20:51 UTC	632	IN	HTTP/1.1 404 Not Found Date: Wed, 24 Apr 2024 12:20:51 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 9 Connection: close Access-Control-Allow-Origin: * ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg" CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vWtfxXmzRTuAWAaU3TcHGjdCOP8h9jp%2BPGFqoLu5G6MVoysJa%2FoonHBct64fEVzHi8uyaWSbomlO0htqkfbtxzSJmFT165GKM%2FwV7ozoT7k6WWJ2yEPxAbrW"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87960cba6934100b-LAX alt-svc: h3=":443"; ma=86400
2024-04-24 12:20:51 UTC	9	IN	Data Raw: 4e 6f 74 20 46 6f 75 6e 64 Data Ascii: Not Found

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49741	23.206.6.29	443

Timestamp	Bytes transferred	Direction	Data
2024-04-24 12:20:51 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-24 12:20:51 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (sac/2518) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=240177 Date: Wed, 24 Apr 2024 12:20:51 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49742	104.21.56.244	443	2840	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 12:20:51 UTC	575	OUT	GET /favicon.ico HTTP/1.1 Host: dgt.lat Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://dgt.lat/entra Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 12:20:52 UTC	657	IN	HTTP/1.1 404 Not Found Date: Wed, 24 Apr 2024 12:20:51 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 9 Connection: close Access-Control-Allow-Origin: * ETag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg" Cache-Control: max-age=14400 CF-Cache-Status: MISS Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T1G3MdaVaNfmcutBNGcnKEMa4t04PtBGAK4fCxv6aDPlONIspAQ4S7CJlD3qzK8ONufr9brsP00Vsffg85oiAYa1id%2Fw5%2FbvZaCpVOh5c2Rg4WQGaZtZkX2q"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87960cc09b3c7e80-LAX alt-svc: h3=":443"; ma=86400
2024-04-24 12:20:52 UTC	9	IN	Data Raw: 4e 6f 74 20 46 6f 75 6e 64 Data Ascii: Not Found

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49743	35.190.80.1	443	2840	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 12:20:51 UTC	514	OUT	OPTIONS /report/v4?s=vWtfxXmzRTuAWAaU3TcHGjdCOP8h9jp%2BPGFqoLu5G6MVoysJa%2FoonHBct64fEVzHi8uyaWSbomlO0htqkfbtxzSJmFT165GKM%2FwV7ozoT7k6WWJ2yEPxAbrW HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://dgt.lat Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 12:20:52 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: POST, OPTIONS access-control-allow-origin: * access-control-allow-headers: content-length, content-type date: Wed, 24 Apr 2024 12:20:51 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49744	23.206.6.29	443

Timestamp	Bytes transferred	Direction	Data
2024-04-24 12:20:51 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-24 12:20:52 UTC	531	IN	HTTP/1.1 200 OK Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Content-Type: application/octet-stream ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0Fz4RYwAAAACZW8dCTzveR7lI76J6Z2l5U0pDRURHRTA1MTgAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=240169 Date: Wed, 24 Apr 2024 12:20:52 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-24 12:20:52 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49745	35.190.80.1	443	2840	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 12:20:52 UTC	464	OUT	POST /report/v4?s=vWtfxXmzRTuAWAaU3TcHGjdCOP8h9jp%2BPGFqoLu5G6MVoysJa%2FoonHBct64fEVzHi8uyaWSbomlO0htqkfbtxzSJmFT165GKM%2FwV7ozoT7k6WWJ2yEPxAbrW HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 383 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 12:20:52 UTC	383	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 30 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 31 32 33 36 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 30 34 2e 32 31 2e 35 36 2e 32 34 34 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 34 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 64 67 74 2e 6c 61 74 2f 65 6e 74 72 61 22 2c Data Ascii: [{"age":0,"body":{"elapsed_time":1236,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"","sampling_fraction":1.0,"server_ip":"104.21.56.244","status_code":404,"type":"http.error"},"type":"network-error","url":"https://dgt.lat/entra",
2024-04-24 12:20:52 UTC	168	IN	HTTP/1.1 200 OK Content-Length: 0 date: Wed, 24 Apr 2024 12:20:52 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49756	35.190.80.1	443	2840	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 12:21:51 UTC	512	OUT	OPTIONS /report/v4?s=T1G3MdaVaNfmcutBNGcnKEMa4t04PtBGAK4fCxv6aDPlONIspAQ4S7CJlD3qzK8ONufr9brsP00Vsffg85oiAYa1id%2Fw5%2FbvZaCpVOh5c2Rg4WQGaZtZkX2q HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://dgt.lat Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 12:21:51 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: POST, OPTIONS access-control-allow-origin: * access-control-allow-headers: content-type, content-length date: Wed, 24 Apr 2024 12:21:51 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49757	35.190.80.1	443	2840	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 12:21:52 UTC	462	OUT	POST /report/v4?s=T1G3MdaVaNfmcutBNGcnKEMa4t04PtBGAK4fCxv6aDPlONIspAQ4S7CJlD3qzK8ONufr9brsP00Vsffg85oiAYa1id%2Fw5%2FbvZaCpVOh5c2Rg4WQGaZtZkX2q HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 413 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 12:21:52 UTC	413	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 35 39 31 38 33 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 37 32 32 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 64 67 74 2e 6c 61 74 2f 65 6e 74 72 61 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 30 34 2e 32 31 2e 35 36 2e 32 34 34 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 34 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 3a Data Ascii: [{"age":59183,"body":{"elapsed_time":722,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://dgt.lat/entra","sampling_fraction":1.0,"server_ip":"104.21.56.244","status_code":404,"type":"http.error"},"type":"network-error","url":
2024-04-24 12:21:52 UTC	168	IN	HTTP/1.1 200 OK Content-Length: 0 date: Wed, 24 Apr 2024 12:21:52 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 5552, Parent PID: 5680

General

Target ID:	0
Start time:	14:20:41
Start date:	24/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 2840, Parent PID: 5552

General

Target ID:	2
Start time:	14:20:44
Start date:	24/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1952,i,7220497278789268327,86842902818398423,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6508, Parent PID: 5680

General

Target ID:	3
Start time:	14:20:47
Start date:	24/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://2h.ae/HWtB"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /HWtB HTTP/1.1Host: 2h.aeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /entra HTTP/1.1Host: dgt.latConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: dgt.latConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://dgt.lat/entraAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: 2h.ae
Source: global traffic	DNS traffic detected: DNS query: dgt.lat
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://2h.ae/HWtB

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 41

Chrome Cache Entry: 42

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 5552, Parent PID: 5680

General

Chronological Activities

Analysis Process: chrome.exePID: 2840, Parent PID: 5552

General

Chronological Activities

Analysis Process: chrome.exePID: 6508, Parent PID: 5680

General

Chronological Activities

Disassembly

Windows Analysis Report
https://2h.ae/HWtB