Windows
Analysis Report
http://convertix-api.xyz
Overview
General Information
Detection
Score: | 52 |
Range: | 0 - 100 |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
chrome.exe (PID: 692 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --s tart-maxim ized "abou t:blank" MD5: E81F54E6C1129887AEA47E7D092680BF) chrome.exe (PID: 4132 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --no-pre-r ead-main-d ll --field -trial-han dle=2340,i ,138489201 9129994715 5,12211409 3238351935 97,262144 --disable- features=O ptimizatio nGuideMode lDownloadi ng,Optimiz ationHints ,Optimizat ionHintsFe tching,Opt imizationT argetPredi ction --va riations-s eed-versio n=20250306 -183004.42 9000 --moj o-platform -channel-h andle=2352 /prefetch :3 MD5: E81F54E6C1129887AEA47E7D092680BF)
chrome.exe (PID: 6840 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt p://conver tix-api.xy z" MD5: E81F54E6C1129887AEA47E7D092680BF)
- cleanup
- • AV Detection
- • Compliance
- • Networking
- • System Summary
Click to jump to signature section
AV Detection |
---|
Source: | Avira URL Cloud: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Networking |
---|
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Process Injection | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | malware |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
google.com | 142.250.65.238 | true | false | high | |
www.google.com | 142.250.176.196 | true | false | high | |
convertix-api.xyz | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.250.176.196 | www.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.4 |
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1653629 |
Start date and time: | 2025-04-01 13:49:20 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 1m 52s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | http://convertix-api.xyz |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 11 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal52.troj.win@22/0@20/2 |
Cookbook Comments: |
|
- URL not reachable
- Exclude process from analysis
(whitelisted): SIHClient.exe, SgrmBroker.exe, svchost.exe - Excluded IPs from analysis (wh
itelisted): 142.251.40.195, 14 2.250.81.238, 142.250.72.110, 142.251.167.84, 142.251.40.206 , 142.251.40.142, 142.250.80.7 8, 23.203.176.221, 199.232.214 .172, 142.250.65.238, 142.250. 65.206, 184.31.69.3, 172.202.1 63.200 - Excluded domains from analysis
(whitelisted): fs.microsoft.c om, clients2.google.com, ocsp. digicert.com, accounts.google. com, redirector.gvt1.com, slsc r.update.microsoft.com, ctldl. windowsupdate.com, clientservi ces.googleapis.com, clients.l. google.com, c.pki.goog, fe3cr. delivery.mp.microsoft.com - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtOpenFile calls found . - VT rate limit hit for: http:/
/convertix-api.xyz
Download Network PCAP: filtered – full
- Total Packets: 73
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 1, 2025 13:50:18.904021025 CEST | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
Apr 1, 2025 13:50:19.312493086 CEST | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
Apr 1, 2025 13:50:19.950922966 CEST | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
Apr 1, 2025 13:50:21.153501034 CEST | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
Apr 1, 2025 13:50:21.602921963 CEST | 49720 | 443 | 192.168.2.4 | 142.250.176.196 |
Apr 1, 2025 13:50:21.602961063 CEST | 443 | 49720 | 142.250.176.196 | 192.168.2.4 |
Apr 1, 2025 13:50:21.603032112 CEST | 49720 | 443 | 192.168.2.4 | 142.250.176.196 |
Apr 1, 2025 13:50:21.603233099 CEST | 49720 | 443 | 192.168.2.4 | 142.250.176.196 |
Apr 1, 2025 13:50:21.603245974 CEST | 443 | 49720 | 142.250.176.196 | 192.168.2.4 |
Apr 1, 2025 13:50:21.799602032 CEST | 443 | 49720 | 142.250.176.196 | 192.168.2.4 |
Apr 1, 2025 13:50:21.799675941 CEST | 49720 | 443 | 192.168.2.4 | 142.250.176.196 |
Apr 1, 2025 13:50:21.801035881 CEST | 49720 | 443 | 192.168.2.4 | 142.250.176.196 |
Apr 1, 2025 13:50:21.801048040 CEST | 443 | 49720 | 142.250.176.196 | 192.168.2.4 |
Apr 1, 2025 13:50:21.801260948 CEST | 443 | 49720 | 142.250.176.196 | 192.168.2.4 |
Apr 1, 2025 13:50:21.841420889 CEST | 49720 | 443 | 192.168.2.4 | 142.250.176.196 |
Apr 1, 2025 13:50:23.559372902 CEST | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
Apr 1, 2025 13:50:27.668709040 CEST | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
Apr 1, 2025 13:50:27.980709076 CEST | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
Apr 1, 2025 13:50:28.372157097 CEST | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
Apr 1, 2025 13:50:28.592298031 CEST | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
Apr 1, 2025 13:50:29.794030905 CEST | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
Apr 1, 2025 13:50:30.963105917 CEST | 49681 | 80 | 192.168.2.4 | 2.17.190.73 |
Apr 1, 2025 13:50:31.256601095 CEST | 49709 | 443 | 192.168.2.4 | 131.253.33.254 |
Apr 1, 2025 13:50:31.256937981 CEST | 49709 | 443 | 192.168.2.4 | 131.253.33.254 |
Apr 1, 2025 13:50:31.256963968 CEST | 49709 | 443 | 192.168.2.4 | 131.253.33.254 |
Apr 1, 2025 13:50:31.264292002 CEST | 49681 | 80 | 192.168.2.4 | 2.17.190.73 |
Apr 1, 2025 13:50:31.353431940 CEST | 443 | 49709 | 131.253.33.254 | 192.168.2.4 |
Apr 1, 2025 13:50:31.353466988 CEST | 443 | 49709 | 131.253.33.254 | 192.168.2.4 |
Apr 1, 2025 13:50:31.355431080 CEST | 443 | 49709 | 131.253.33.254 | 192.168.2.4 |
Apr 1, 2025 13:50:31.355451107 CEST | 443 | 49709 | 131.253.33.254 | 192.168.2.4 |
Apr 1, 2025 13:50:31.355499029 CEST | 49709 | 443 | 192.168.2.4 | 131.253.33.254 |
Apr 1, 2025 13:50:31.355534077 CEST | 49709 | 443 | 192.168.2.4 | 131.253.33.254 |
Apr 1, 2025 13:50:31.357383013 CEST | 49709 | 443 | 192.168.2.4 | 131.253.33.254 |
Apr 1, 2025 13:50:31.357453108 CEST | 443 | 49709 | 131.253.33.254 | 192.168.2.4 |
Apr 1, 2025 13:50:31.357495070 CEST | 443 | 49709 | 131.253.33.254 | 192.168.2.4 |
Apr 1, 2025 13:50:31.357523918 CEST | 49709 | 443 | 192.168.2.4 | 131.253.33.254 |
Apr 1, 2025 13:50:31.357538939 CEST | 49709 | 443 | 192.168.2.4 | 131.253.33.254 |
Apr 1, 2025 13:50:31.362472057 CEST | 49709 | 443 | 192.168.2.4 | 131.253.33.254 |
Apr 1, 2025 13:50:31.453619003 CEST | 443 | 49709 | 131.253.33.254 | 192.168.2.4 |
Apr 1, 2025 13:50:31.459089994 CEST | 443 | 49709 | 131.253.33.254 | 192.168.2.4 |
Apr 1, 2025 13:50:31.461499929 CEST | 443 | 49709 | 131.253.33.254 | 192.168.2.4 |
Apr 1, 2025 13:50:31.461555004 CEST | 49709 | 443 | 192.168.2.4 | 131.253.33.254 |
Apr 1, 2025 13:50:31.461571932 CEST | 443 | 49709 | 131.253.33.254 | 192.168.2.4 |
Apr 1, 2025 13:50:31.461612940 CEST | 49709 | 443 | 192.168.2.4 | 131.253.33.254 |
Apr 1, 2025 13:50:31.464900017 CEST | 49680 | 443 | 192.168.2.4 | 204.79.197.222 |
Apr 1, 2025 13:50:31.466510057 CEST | 49731 | 443 | 192.168.2.4 | 204.79.197.222 |
Apr 1, 2025 13:50:31.466607094 CEST | 443 | 49731 | 204.79.197.222 | 192.168.2.4 |
Apr 1, 2025 13:50:31.466711044 CEST | 49731 | 443 | 192.168.2.4 | 204.79.197.222 |
Apr 1, 2025 13:50:31.466892958 CEST | 49731 | 443 | 192.168.2.4 | 204.79.197.222 |
Apr 1, 2025 13:50:31.466914892 CEST | 443 | 49731 | 204.79.197.222 | 192.168.2.4 |
Apr 1, 2025 13:50:31.748974085 CEST | 443 | 49731 | 204.79.197.222 | 192.168.2.4 |
Apr 1, 2025 13:50:31.749227047 CEST | 49731 | 443 | 192.168.2.4 | 204.79.197.222 |
Apr 1, 2025 13:50:31.764370918 CEST | 49680 | 443 | 192.168.2.4 | 204.79.197.222 |
Apr 1, 2025 13:50:31.796580076 CEST | 443 | 49720 | 142.250.176.196 | 192.168.2.4 |
Apr 1, 2025 13:50:31.796653986 CEST | 443 | 49720 | 142.250.176.196 | 192.168.2.4 |
Apr 1, 2025 13:50:31.796797037 CEST | 49720 | 443 | 192.168.2.4 | 142.250.176.196 |
Apr 1, 2025 13:50:31.871840000 CEST | 49681 | 80 | 192.168.2.4 | 2.17.190.73 |
Apr 1, 2025 13:50:32.152817965 CEST | 49720 | 443 | 192.168.2.4 | 142.250.176.196 |
Apr 1, 2025 13:50:32.152863026 CEST | 443 | 49720 | 142.250.176.196 | 192.168.2.4 |
Apr 1, 2025 13:50:32.201109886 CEST | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
Apr 1, 2025 13:50:32.380218983 CEST | 49680 | 443 | 192.168.2.4 | 204.79.197.222 |
Apr 1, 2025 13:50:32.704226017 CEST | 49734 | 80 | 192.168.2.4 | 142.250.176.195 |
Apr 1, 2025 13:50:32.793365955 CEST | 80 | 49734 | 142.250.176.195 | 192.168.2.4 |
Apr 1, 2025 13:50:32.793483019 CEST | 49734 | 80 | 192.168.2.4 | 142.250.176.195 |
Apr 1, 2025 13:50:32.793670893 CEST | 49734 | 80 | 192.168.2.4 | 142.250.176.195 |
Apr 1, 2025 13:50:32.883192062 CEST | 80 | 49734 | 142.250.176.195 | 192.168.2.4 |
Apr 1, 2025 13:50:32.883214951 CEST | 80 | 49734 | 142.250.176.195 | 192.168.2.4 |
Apr 1, 2025 13:50:32.891774893 CEST | 49734 | 80 | 192.168.2.4 | 142.250.176.195 |
Apr 1, 2025 13:50:32.982289076 CEST | 80 | 49734 | 142.250.176.195 | 192.168.2.4 |
Apr 1, 2025 13:50:33.028423071 CEST | 49734 | 80 | 192.168.2.4 | 142.250.176.195 |
Apr 1, 2025 13:50:33.075292110 CEST | 49681 | 80 | 192.168.2.4 | 2.17.190.73 |
Apr 1, 2025 13:50:33.590926886 CEST | 49680 | 443 | 192.168.2.4 | 204.79.197.222 |
Apr 1, 2025 13:50:35.481061935 CEST | 49681 | 80 | 192.168.2.4 | 2.17.190.73 |
Apr 1, 2025 13:50:35.996835947 CEST | 49680 | 443 | 192.168.2.4 | 204.79.197.222 |
Apr 1, 2025 13:50:37.012803078 CEST | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
Apr 1, 2025 13:50:37.981561899 CEST | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
Apr 1, 2025 13:50:40.294015884 CEST | 49681 | 80 | 192.168.2.4 | 2.17.190.73 |
Apr 1, 2025 13:50:40.802298069 CEST | 49680 | 443 | 192.168.2.4 | 204.79.197.222 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 1, 2025 13:50:18.489871979 CEST | 53 | 60296 | 1.1.1.1 | 192.168.2.4 |
Apr 1, 2025 13:50:18.565867901 CEST | 53 | 49237 | 1.1.1.1 | 192.168.2.4 |
Apr 1, 2025 13:50:19.306946993 CEST | 53 | 55006 | 1.1.1.1 | 192.168.2.4 |
Apr 1, 2025 13:50:21.498842001 CEST | 64154 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 1, 2025 13:50:21.499169111 CEST | 53329 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 1, 2025 13:50:21.596755981 CEST | 53 | 64154 | 1.1.1.1 | 192.168.2.4 |
Apr 1, 2025 13:50:21.597203016 CEST | 53 | 53329 | 1.1.1.1 | 192.168.2.4 |
Apr 1, 2025 13:50:23.805742979 CEST | 57231 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 1, 2025 13:50:23.807907104 CEST | 58441 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 1, 2025 13:50:23.819696903 CEST | 51891 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 1, 2025 13:50:23.820040941 CEST | 58964 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 1, 2025 13:50:23.905888081 CEST | 53 | 57231 | 1.1.1.1 | 192.168.2.4 |
Apr 1, 2025 13:50:23.909147978 CEST | 53 | 58441 | 1.1.1.1 | 192.168.2.4 |
Apr 1, 2025 13:50:23.910151958 CEST | 60926 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 1, 2025 13:50:23.929023027 CEST | 53 | 51891 | 1.1.1.1 | 192.168.2.4 |
Apr 1, 2025 13:50:23.945329905 CEST | 53 | 58964 | 1.1.1.1 | 192.168.2.4 |
Apr 1, 2025 13:50:24.017261028 CEST | 53 | 60926 | 1.1.1.1 | 192.168.2.4 |
Apr 1, 2025 13:50:24.021893024 CEST | 63760 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 1, 2025 13:50:24.022133112 CEST | 60326 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 1, 2025 13:50:24.121113062 CEST | 53 | 63760 | 1.1.1.1 | 192.168.2.4 |
Apr 1, 2025 13:50:24.127816916 CEST | 53 | 60326 | 1.1.1.1 | 192.168.2.4 |
Apr 1, 2025 13:50:24.168716908 CEST | 65464 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 1, 2025 13:50:24.169212103 CEST | 54735 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 1, 2025 13:50:24.267311096 CEST | 53 | 54735 | 1.1.1.1 | 192.168.2.4 |
Apr 1, 2025 13:50:24.267684937 CEST | 53 | 65464 | 8.8.8.8 | 192.168.2.4 |
Apr 1, 2025 13:50:25.186615944 CEST | 49202 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 1, 2025 13:50:25.186944008 CEST | 53832 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 1, 2025 13:50:25.289231062 CEST | 53 | 53832 | 1.1.1.1 | 192.168.2.4 |
Apr 1, 2025 13:50:25.305422068 CEST | 53 | 49202 | 1.1.1.1 | 192.168.2.4 |
Apr 1, 2025 13:50:30.324337959 CEST | 50855 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 1, 2025 13:50:30.324732065 CEST | 55156 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 1, 2025 13:50:30.428042889 CEST | 53 | 55156 | 1.1.1.1 | 192.168.2.4 |
Apr 1, 2025 13:50:30.444894075 CEST | 53 | 50855 | 1.1.1.1 | 192.168.2.4 |
Apr 1, 2025 13:50:30.445789099 CEST | 55020 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 1, 2025 13:50:30.553792953 CEST | 53 | 55020 | 1.1.1.1 | 192.168.2.4 |
Apr 1, 2025 13:50:32.114216089 CEST | 63649 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 1, 2025 13:50:32.114809036 CEST | 59441 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 1, 2025 13:50:32.217312098 CEST | 53 | 59441 | 1.1.1.1 | 192.168.2.4 |
Apr 1, 2025 13:50:32.221580029 CEST | 53 | 63649 | 1.1.1.1 | 192.168.2.4 |
Apr 1, 2025 13:50:32.259407043 CEST | 51520 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 1, 2025 13:50:32.260081053 CEST | 62365 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 1, 2025 13:50:32.356677055 CEST | 53 | 62365 | 8.8.8.8 | 192.168.2.4 |
Apr 1, 2025 13:50:32.357408047 CEST | 53 | 51520 | 1.1.1.1 | 192.168.2.4 |
Apr 1, 2025 13:50:36.347776890 CEST | 53 | 55502 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 1, 2025 13:50:21.498842001 CEST | 192.168.2.4 | 1.1.1.1 | 0xa395 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 1, 2025 13:50:21.499169111 CEST | 192.168.2.4 | 1.1.1.1 | 0xa9b3 | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 1, 2025 13:50:23.805742979 CEST | 192.168.2.4 | 1.1.1.1 | 0x7e46 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 1, 2025 13:50:23.807907104 CEST | 192.168.2.4 | 1.1.1.1 | 0xe2b2 | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 1, 2025 13:50:23.819696903 CEST | 192.168.2.4 | 1.1.1.1 | 0x2400 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 1, 2025 13:50:23.820040941 CEST | 192.168.2.4 | 1.1.1.1 | 0x29d | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 1, 2025 13:50:23.910151958 CEST | 192.168.2.4 | 1.1.1.1 | 0x1604 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 1, 2025 13:50:24.021893024 CEST | 192.168.2.4 | 1.1.1.1 | 0xb5f9 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 1, 2025 13:50:24.022133112 CEST | 192.168.2.4 | 1.1.1.1 | 0x4acd | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 1, 2025 13:50:24.168716908 CEST | 192.168.2.4 | 8.8.8.8 | 0x4b8c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 1, 2025 13:50:24.169212103 CEST | 192.168.2.4 | 1.1.1.1 | 0x658a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 1, 2025 13:50:25.186615944 CEST | 192.168.2.4 | 1.1.1.1 | 0x43bb | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 1, 2025 13:50:25.186944008 CEST | 192.168.2.4 | 1.1.1.1 | 0x147e | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 1, 2025 13:50:30.324337959 CEST | 192.168.2.4 | 1.1.1.1 | 0x8999 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 1, 2025 13:50:30.324732065 CEST | 192.168.2.4 | 1.1.1.1 | 0xeba5 | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 1, 2025 13:50:30.445789099 CEST | 192.168.2.4 | 1.1.1.1 | 0xe548 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 1, 2025 13:50:32.114216089 CEST | 192.168.2.4 | 1.1.1.1 | 0x4b04 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 1, 2025 13:50:32.114809036 CEST | 192.168.2.4 | 1.1.1.1 | 0x392b | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 1, 2025 13:50:32.259407043 CEST | 192.168.2.4 | 1.1.1.1 | 0x6d34 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 1, 2025 13:50:32.260081053 CEST | 192.168.2.4 | 8.8.8.8 | 0x1df7 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 1, 2025 13:50:21.596755981 CEST | 1.1.1.1 | 192.168.2.4 | 0xa395 | No error (0) | 142.250.176.196 | A (IP address) | IN (0x0001) | false | ||
Apr 1, 2025 13:50:21.597203016 CEST | 1.1.1.1 | 192.168.2.4 | 0xa9b3 | No error (0) | 65 | IN (0x0001) | false | |||
Apr 1, 2025 13:50:23.905888081 CEST | 1.1.1.1 | 192.168.2.4 | 0x7e46 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Apr 1, 2025 13:50:23.909147978 CEST | 1.1.1.1 | 192.168.2.4 | 0xe2b2 | Name error (3) | none | none | 65 | IN (0x0001) | false | |
Apr 1, 2025 13:50:23.929023027 CEST | 1.1.1.1 | 192.168.2.4 | 0x2400 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Apr 1, 2025 13:50:23.945329905 CEST | 1.1.1.1 | 192.168.2.4 | 0x29d | Name error (3) | none | none | 65 | IN (0x0001) | false | |
Apr 1, 2025 13:50:24.017261028 CEST | 1.1.1.1 | 192.168.2.4 | 0x1604 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Apr 1, 2025 13:50:24.121113062 CEST | 1.1.1.1 | 192.168.2.4 | 0xb5f9 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Apr 1, 2025 13:50:24.127816916 CEST | 1.1.1.1 | 192.168.2.4 | 0x4acd | Name error (3) | none | none | 65 | IN (0x0001) | false | |
Apr 1, 2025 13:50:24.267311096 CEST | 1.1.1.1 | 192.168.2.4 | 0x658a | No error (0) | 142.250.65.238 | A (IP address) | IN (0x0001) | false | ||
Apr 1, 2025 13:50:24.267684937 CEST | 8.8.8.8 | 192.168.2.4 | 0x4b8c | No error (0) | 142.250.64.78 | A (IP address) | IN (0x0001) | false | ||
Apr 1, 2025 13:50:25.289231062 CEST | 1.1.1.1 | 192.168.2.4 | 0x147e | Name error (3) | none | none | 65 | IN (0x0001) | false | |
Apr 1, 2025 13:50:25.305422068 CEST | 1.1.1.1 | 192.168.2.4 | 0x43bb | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Apr 1, 2025 13:50:30.428042889 CEST | 1.1.1.1 | 192.168.2.4 | 0xeba5 | Name error (3) | none | none | 65 | IN (0x0001) | false | |
Apr 1, 2025 13:50:30.444894075 CEST | 1.1.1.1 | 192.168.2.4 | 0x8999 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Apr 1, 2025 13:50:30.553792953 CEST | 1.1.1.1 | 192.168.2.4 | 0xe548 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Apr 1, 2025 13:50:32.217312098 CEST | 1.1.1.1 | 192.168.2.4 | 0x392b | Name error (3) | none | none | 65 | IN (0x0001) | false | |
Apr 1, 2025 13:50:32.221580029 CEST | 1.1.1.1 | 192.168.2.4 | 0x4b04 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Apr 1, 2025 13:50:32.356677055 CEST | 8.8.8.8 | 192.168.2.4 | 0x1df7 | No error (0) | 142.250.64.78 | A (IP address) | IN (0x0001) | false | ||
Apr 1, 2025 13:50:32.357408047 CEST | 1.1.1.1 | 192.168.2.4 | 0x6d34 | No error (0) | 142.251.32.110 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
0 | 192.168.2.4 | 49734 | 142.250.176.195 | 80 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 1, 2025 13:50:32.793670893 CEST | 202 | OUT | |
Apr 1, 2025 13:50:32.883214951 CEST | 223 | IN | |
Apr 1, 2025 13:50:32.891774893 CEST | 200 | OUT | |
Apr 1, 2025 13:50:32.982289076 CEST | 223 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 1 |
Start time: | 07:50:14 |
Start date: | 01/04/2025 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff786830000 |
File size: | 3'388'000 bytes |
MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 07:50:16 |
Start date: | 01/04/2025 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff786830000 |
File size: | 3'388'000 bytes |
MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 4 |
Start time: | 07:50:23 |
Start date: | 01/04/2025 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff786830000 |
File size: | 3'388'000 bytes |
MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |