Edit tour

Windows Analysis Report
https://www.11775357.com/

Overview

General Information

Sample URL:https://www.11775357.com/
Analysis ID:1637938
Infos:
Errors
  • URL not reachable

Detection

Score:48
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • chrome.exe (PID: 6476 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 6464 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2036,i,5527945556923350627,15880901870232561179,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2068 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 7396 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2036,i,5527945556923350627,15880901870232561179,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=5036 /prefetch:8 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 7588 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.11775357.com/" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: https://www.11775357.com/Avira URL Cloud: detection malicious, Label: phishing
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 150.171.28.10
Source: unknownTCP traffic detected without corresponding DNS query: 150.171.28.10
Source: unknownTCP traffic detected without corresponding DNS query: 150.171.28.10
Source: unknownTCP traffic detected without corresponding DNS query: 150.171.28.10
Source: unknownTCP traffic detected without corresponding DNS query: 150.171.28.10
Source: unknownTCP traffic detected without corresponding DNS query: 150.171.28.10
Source: unknownTCP traffic detected without corresponding DNS query: 150.171.28.10
Source: unknownTCP traffic detected without corresponding DNS query: 150.171.28.10
Source: unknownTCP traffic detected without corresponding DNS query: 150.171.28.10
Source: unknownTCP traffic detected without corresponding DNS query: 150.171.28.10
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: www.11775357.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: classification engineClassification label: mal48.win@23/0@6/3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2036,i,5527945556923350627,15880901870232561179,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2068 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2036,i,5527945556923350627,15880901870232561179,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=5036 /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.11775357.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2036,i,5527945556923350627,15880901870232561179,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2068 /prefetch:3Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2036,i,5527945556923350627,15880901870232561179,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=5036 /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection
1
Process Injection
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1637938 URL: https://www.11775357.com/ Startdate: 14/03/2025 Architecture: WINDOWS Score: 48 24 Antivirus / Scanner detection for submitted sample 2->24 6 chrome.exe 2->6         started        9 chrome.exe 2->9         started        process3 dnsIp4 16 192.168.2.5, 443, 49727, 49728 unknown unknown 6->16 11 chrome.exe 6->11         started        14 chrome.exe 6->14         started        process5 dnsIp6 18 www.google.com 142.250.186.132, 443, 49727, 49728 GOOGLEUS United States 11->18 20 xin.jump4mnydu.xyz 45.138.71.205, 443, 49733, 49734 AS40676US Italy 11->20 22 2 other IPs or domains 11->22

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
https://www.11775357.com/100%Avira URL Cloudphishing
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
xin.jump4mnydu.xyz
45.138.71.205
truefalse
    high
    www.google.com
    142.250.186.132
    truefalse
      high
      www.11775357.com
      unknown
      unknownfalse
        unknown
        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs
        IPDomainCountryFlagASNASN NameMalicious
        45.138.71.205
        xin.jump4mnydu.xyzItaly
        40676AS40676USfalse
        142.250.186.132
        www.google.comUnited States
        15169GOOGLEUSfalse
        IP
        192.168.2.5
        Joe Sandbox version:42.0.0 Malachite
        Analysis ID:1637938
        Start date and time:2025-03-14 01:25:53 +01:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:0h 1m 59s
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:browseurl.jbs
        Sample URL:https://www.11775357.com/
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Number of analysed new started processes analysed:10
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • HCA enabled
        • EGA enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Detection:MAL
        Classification:mal48.win@23/0@6/3
        EGA Information:Failed
        HCA Information:
        • Successful, ratio: 100%
        • Number of executed functions: 0
        • Number of non-executed functions: 0
        Cookbook Comments:
        • URL browsing timeout or error
        • URL not reachable
        • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
        • Excluded IPs from analysis (whitelisted): 216.58.206.46, 142.250.184.227, 172.217.16.206, 142.251.168.84
        • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, slscr.update.microsoft.com, clientservices.googleapis.com, g.bing.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
        • Not all processes where analyzed, report is missing behavior information
        • Report size getting too big, too many NtOpenFile calls found.
        • VT rate limit hit for: https://www.11775357.com/
        No simulations
        No context
        No context
        No context
        No context
        No context
        No created / dropped files found
        No static file info

        Download Network PCAP: filteredfull

        • Total Packets: 109
        • 443 (HTTPS)
        • 53 (DNS)
        TimestampSource PortDest PortSource IPDest IP
        Mar 14, 2025 01:26:42.797875881 CET49676443192.168.2.520.189.173.14
        Mar 14, 2025 01:26:43.109991074 CET49676443192.168.2.520.189.173.14
        Mar 14, 2025 01:26:43.719374895 CET49676443192.168.2.520.189.173.14
        Mar 14, 2025 01:26:43.766273022 CET49672443192.168.2.5204.79.197.203
        Mar 14, 2025 01:26:44.922506094 CET49676443192.168.2.520.189.173.14
        Mar 14, 2025 01:26:47.328835011 CET49676443192.168.2.520.189.173.14
        Mar 14, 2025 01:26:52.157521963 CET49676443192.168.2.520.189.173.14
        Mar 14, 2025 01:26:53.472601891 CET49672443192.168.2.5204.79.197.203
        Mar 14, 2025 01:26:55.167196989 CET49727443192.168.2.5142.250.186.132
        Mar 14, 2025 01:26:55.167243004 CET44349727142.250.186.132192.168.2.5
        Mar 14, 2025 01:26:55.167515039 CET49727443192.168.2.5142.250.186.132
        Mar 14, 2025 01:26:55.167726994 CET49727443192.168.2.5142.250.186.132
        Mar 14, 2025 01:26:55.167747021 CET44349727142.250.186.132192.168.2.5
        Mar 14, 2025 01:26:55.365647078 CET44349727142.250.186.132192.168.2.5
        Mar 14, 2025 01:26:55.366368055 CET49728443192.168.2.5142.250.186.132
        Mar 14, 2025 01:26:55.366482019 CET44349728142.250.186.132192.168.2.5
        Mar 14, 2025 01:26:55.367110014 CET49728443192.168.2.5142.250.186.132
        Mar 14, 2025 01:26:55.367225885 CET49728443192.168.2.5142.250.186.132
        Mar 14, 2025 01:26:55.367238998 CET44349728142.250.186.132192.168.2.5
        Mar 14, 2025 01:26:55.566273928 CET44349728142.250.186.132192.168.2.5
        Mar 14, 2025 01:26:57.998081923 CET49733443192.168.2.545.138.71.205
        Mar 14, 2025 01:26:57.998135090 CET4434973345.138.71.205192.168.2.5
        Mar 14, 2025 01:26:57.998197079 CET49733443192.168.2.545.138.71.205
        Mar 14, 2025 01:26:57.998637915 CET49733443192.168.2.545.138.71.205
        Mar 14, 2025 01:26:57.998648882 CET4434973345.138.71.205192.168.2.5
        Mar 14, 2025 01:26:57.999272108 CET49734443192.168.2.545.138.71.205
        Mar 14, 2025 01:26:57.999309063 CET4434973445.138.71.205192.168.2.5
        Mar 14, 2025 01:26:57.999366045 CET49734443192.168.2.545.138.71.205
        Mar 14, 2025 01:26:57.999633074 CET49734443192.168.2.545.138.71.205
        Mar 14, 2025 01:26:57.999644041 CET4434973445.138.71.205192.168.2.5
        Mar 14, 2025 01:26:58.197904110 CET4434973345.138.71.205192.168.2.5
        Mar 14, 2025 01:26:58.197909117 CET4434973445.138.71.205192.168.2.5
        Mar 14, 2025 01:26:58.198484898 CET49735443192.168.2.545.138.71.205
        Mar 14, 2025 01:26:58.198528051 CET4434973545.138.71.205192.168.2.5
        Mar 14, 2025 01:26:58.198585033 CET49735443192.168.2.545.138.71.205
        Mar 14, 2025 01:26:58.198879004 CET49736443192.168.2.545.138.71.205
        Mar 14, 2025 01:26:58.198919058 CET4434973645.138.71.205192.168.2.5
        Mar 14, 2025 01:26:58.198977947 CET49736443192.168.2.545.138.71.205
        Mar 14, 2025 01:26:58.199229002 CET49735443192.168.2.545.138.71.205
        Mar 14, 2025 01:26:58.199243069 CET4434973545.138.71.205192.168.2.5
        Mar 14, 2025 01:26:58.199484110 CET49736443192.168.2.545.138.71.205
        Mar 14, 2025 01:26:58.199502945 CET4434973645.138.71.205192.168.2.5
        Mar 14, 2025 01:26:58.397452116 CET4434973545.138.71.205192.168.2.5
        Mar 14, 2025 01:26:58.397459984 CET4434973645.138.71.205192.168.2.5
        Mar 14, 2025 01:26:59.443469048 CET49739443192.168.2.545.138.71.205
        Mar 14, 2025 01:26:59.443521976 CET4434973945.138.71.205192.168.2.5
        Mar 14, 2025 01:26:59.443577051 CET49739443192.168.2.545.138.71.205
        Mar 14, 2025 01:26:59.443803072 CET49740443192.168.2.545.138.71.205
        Mar 14, 2025 01:26:59.443844080 CET4434974045.138.71.205192.168.2.5
        Mar 14, 2025 01:26:59.443902016 CET49740443192.168.2.545.138.71.205
        Mar 14, 2025 01:26:59.444207907 CET49739443192.168.2.545.138.71.205
        Mar 14, 2025 01:26:59.444221973 CET4434973945.138.71.205192.168.2.5
        Mar 14, 2025 01:26:59.444799900 CET49740443192.168.2.545.138.71.205
        Mar 14, 2025 01:26:59.444812059 CET4434974045.138.71.205192.168.2.5
        Mar 14, 2025 01:26:59.642047882 CET4434973945.138.71.205192.168.2.5
        Mar 14, 2025 01:26:59.642659903 CET49741443192.168.2.545.138.71.205
        Mar 14, 2025 01:26:59.642694950 CET4434974145.138.71.205192.168.2.5
        Mar 14, 2025 01:26:59.642765045 CET49741443192.168.2.545.138.71.205
        Mar 14, 2025 01:26:59.643131971 CET49741443192.168.2.545.138.71.205
        Mar 14, 2025 01:26:59.643148899 CET4434974145.138.71.205192.168.2.5
        Mar 14, 2025 01:26:59.645824909 CET4434974045.138.71.205192.168.2.5
        Mar 14, 2025 01:26:59.646219969 CET49742443192.168.2.545.138.71.205
        Mar 14, 2025 01:26:59.646239996 CET4434974245.138.71.205192.168.2.5
        Mar 14, 2025 01:26:59.646298885 CET49742443192.168.2.545.138.71.205
        Mar 14, 2025 01:26:59.646709919 CET49742443192.168.2.545.138.71.205
        Mar 14, 2025 01:26:59.646722078 CET4434974245.138.71.205192.168.2.5
        Mar 14, 2025 01:26:59.841882944 CET4434974145.138.71.205192.168.2.5
        Mar 14, 2025 01:26:59.845453978 CET4434974245.138.71.205192.168.2.5
        Mar 14, 2025 01:27:00.488948107 CET49743443192.168.2.5142.250.186.132
        Mar 14, 2025 01:27:00.489011049 CET44349743142.250.186.132192.168.2.5
        Mar 14, 2025 01:27:00.489125013 CET49743443192.168.2.5142.250.186.132
        Mar 14, 2025 01:27:00.489831924 CET49743443192.168.2.5142.250.186.132
        Mar 14, 2025 01:27:00.489846945 CET44349743142.250.186.132192.168.2.5
        Mar 14, 2025 01:27:00.690114021 CET44349743142.250.186.132192.168.2.5
        Mar 14, 2025 01:27:00.690849066 CET49744443192.168.2.5142.250.186.132
        Mar 14, 2025 01:27:00.690881014 CET44349744142.250.186.132192.168.2.5
        Mar 14, 2025 01:27:00.690963984 CET49744443192.168.2.5142.250.186.132
        Mar 14, 2025 01:27:00.691297054 CET49744443192.168.2.5142.250.186.132
        Mar 14, 2025 01:27:00.691309929 CET44349744142.250.186.132192.168.2.5
        Mar 14, 2025 01:27:00.889358044 CET44349744142.250.186.132192.168.2.5
        Mar 14, 2025 01:27:01.767011881 CET49676443192.168.2.520.189.173.14
        Mar 14, 2025 01:27:02.905246019 CET49745443192.168.2.54.175.87.197
        Mar 14, 2025 01:27:02.905272007 CET443497454.175.87.197192.168.2.5
        Mar 14, 2025 01:27:02.905359983 CET49745443192.168.2.54.175.87.197
        Mar 14, 2025 01:27:02.906933069 CET49745443192.168.2.54.175.87.197
        Mar 14, 2025 01:27:02.906946898 CET443497454.175.87.197192.168.2.5
        Mar 14, 2025 01:27:02.907732010 CET443497454.175.87.197192.168.2.5
        Mar 14, 2025 01:27:02.939377069 CET49746443192.168.2.54.175.87.197
        Mar 14, 2025 01:27:02.939403057 CET443497464.175.87.197192.168.2.5
        Mar 14, 2025 01:27:02.939507961 CET49746443192.168.2.54.175.87.197
        Mar 14, 2025 01:27:02.939851046 CET49746443192.168.2.54.175.87.197
        Mar 14, 2025 01:27:02.939861059 CET443497464.175.87.197192.168.2.5
        Mar 14, 2025 01:27:02.940414906 CET443497464.175.87.197192.168.2.5
        Mar 14, 2025 01:27:02.996380091 CET49747443192.168.2.54.175.87.197
        Mar 14, 2025 01:27:02.996421099 CET443497474.175.87.197192.168.2.5
        Mar 14, 2025 01:27:02.996490955 CET49747443192.168.2.54.175.87.197
        Mar 14, 2025 01:27:02.996809959 CET49747443192.168.2.54.175.87.197
        Mar 14, 2025 01:27:02.996822119 CET443497474.175.87.197192.168.2.5
        Mar 14, 2025 01:27:02.997435093 CET443497474.175.87.197192.168.2.5
        Mar 14, 2025 01:27:03.028176069 CET49748443192.168.2.54.175.87.197
        Mar 14, 2025 01:27:03.028223991 CET443497484.175.87.197192.168.2.5
        Mar 14, 2025 01:27:03.028292894 CET49748443192.168.2.54.175.87.197
        Mar 14, 2025 01:27:03.028661013 CET49748443192.168.2.54.175.87.197
        Mar 14, 2025 01:27:03.028676987 CET443497484.175.87.197192.168.2.5
        Mar 14, 2025 01:27:03.029336929 CET443497484.175.87.197192.168.2.5
        Mar 14, 2025 01:27:03.082644939 CET49749443192.168.2.54.175.87.197
        Mar 14, 2025 01:27:03.082685947 CET443497494.175.87.197192.168.2.5
        Mar 14, 2025 01:27:03.082758904 CET49749443192.168.2.54.175.87.197
        Mar 14, 2025 01:27:03.083092928 CET49749443192.168.2.54.175.87.197
        Mar 14, 2025 01:27:03.083107948 CET443497494.175.87.197192.168.2.5
        Mar 14, 2025 01:27:03.083755016 CET443497494.175.87.197192.168.2.5
        Mar 14, 2025 01:27:03.108768940 CET49750443192.168.2.54.175.87.197
        Mar 14, 2025 01:27:03.108793974 CET443497504.175.87.197192.168.2.5
        Mar 14, 2025 01:27:03.109024048 CET49750443192.168.2.54.175.87.197
        Mar 14, 2025 01:27:03.109178066 CET49750443192.168.2.54.175.87.197
        Mar 14, 2025 01:27:03.109188080 CET443497504.175.87.197192.168.2.5
        Mar 14, 2025 01:27:03.109747887 CET443497504.175.87.197192.168.2.5
        Mar 14, 2025 01:27:03.133275986 CET49751443192.168.2.54.175.87.197
        Mar 14, 2025 01:27:03.133317947 CET443497514.175.87.197192.168.2.5
        Mar 14, 2025 01:27:03.133397102 CET49751443192.168.2.54.175.87.197
        Mar 14, 2025 01:27:03.133809090 CET49751443192.168.2.54.175.87.197
        Mar 14, 2025 01:27:03.133822918 CET443497514.175.87.197192.168.2.5
        Mar 14, 2025 01:27:03.134351969 CET443497514.175.87.197192.168.2.5
        Mar 14, 2025 01:27:03.156924009 CET49752443192.168.2.54.175.87.197
        Mar 14, 2025 01:27:03.156956911 CET443497524.175.87.197192.168.2.5
        Mar 14, 2025 01:27:03.157032013 CET49752443192.168.2.54.175.87.197
        Mar 14, 2025 01:27:03.157314062 CET49752443192.168.2.54.175.87.197
        Mar 14, 2025 01:27:03.157329082 CET443497524.175.87.197192.168.2.5
        Mar 14, 2025 01:27:03.157866001 CET443497524.175.87.197192.168.2.5
        Mar 14, 2025 01:27:04.477415085 CET49754443192.168.2.5150.171.28.10
        Mar 14, 2025 01:27:04.477430105 CET44349754150.171.28.10192.168.2.5
        Mar 14, 2025 01:27:04.477514982 CET49754443192.168.2.5150.171.28.10
        Mar 14, 2025 01:27:04.481893063 CET49754443192.168.2.5150.171.28.10
        Mar 14, 2025 01:27:04.481905937 CET44349754150.171.28.10192.168.2.5
        Mar 14, 2025 01:27:04.482549906 CET44349754150.171.28.10192.168.2.5
        Mar 14, 2025 01:27:04.483299971 CET49755443192.168.2.5150.171.28.10
        Mar 14, 2025 01:27:04.483339071 CET44349755150.171.28.10192.168.2.5
        Mar 14, 2025 01:27:04.483414888 CET49755443192.168.2.5150.171.28.10
        Mar 14, 2025 01:27:04.483952045 CET49755443192.168.2.5150.171.28.10
        Mar 14, 2025 01:27:04.483967066 CET44349755150.171.28.10192.168.2.5
        Mar 14, 2025 01:27:04.484361887 CET44349755150.171.28.10192.168.2.5
        Mar 14, 2025 01:27:04.484987974 CET49756443192.168.2.5150.171.28.10
        Mar 14, 2025 01:27:04.485016108 CET44349756150.171.28.10192.168.2.5
        Mar 14, 2025 01:27:04.485097885 CET49756443192.168.2.5150.171.28.10
        Mar 14, 2025 01:27:04.485220909 CET49756443192.168.2.5150.171.28.10
        Mar 14, 2025 01:27:04.485246897 CET44349756150.171.28.10192.168.2.5
        Mar 14, 2025 01:27:04.485323906 CET49756443192.168.2.5150.171.28.10
        Mar 14, 2025 01:27:04.855215073 CET49758443192.168.2.545.138.71.205
        Mar 14, 2025 01:27:04.855263948 CET4434975845.138.71.205192.168.2.5
        Mar 14, 2025 01:27:04.855392933 CET49758443192.168.2.545.138.71.205
        Mar 14, 2025 01:27:04.856007099 CET49758443192.168.2.545.138.71.205
        Mar 14, 2025 01:27:04.856017113 CET49759443192.168.2.545.138.71.205
        Mar 14, 2025 01:27:04.856019020 CET4434975845.138.71.205192.168.2.5
        Mar 14, 2025 01:27:04.856050968 CET4434975945.138.71.205192.168.2.5
        Mar 14, 2025 01:27:04.856187105 CET49759443192.168.2.545.138.71.205
        Mar 14, 2025 01:27:04.858108997 CET49759443192.168.2.545.138.71.205
        Mar 14, 2025 01:27:04.858125925 CET4434975945.138.71.205192.168.2.5
        Mar 14, 2025 01:27:05.053941011 CET4434975845.138.71.205192.168.2.5
        Mar 14, 2025 01:27:05.054589033 CET49760443192.168.2.545.138.71.205
        Mar 14, 2025 01:27:05.054614067 CET4434976045.138.71.205192.168.2.5
        Mar 14, 2025 01:27:05.054867029 CET49760443192.168.2.545.138.71.205
        Mar 14, 2025 01:27:05.055118084 CET49760443192.168.2.545.138.71.205
        Mar 14, 2025 01:27:05.055128098 CET4434976045.138.71.205192.168.2.5
        Mar 14, 2025 01:27:05.057672977 CET4434975945.138.71.205192.168.2.5
        Mar 14, 2025 01:27:05.058070898 CET49761443192.168.2.545.138.71.205
        Mar 14, 2025 01:27:05.058095932 CET4434976145.138.71.205192.168.2.5
        Mar 14, 2025 01:27:05.058218002 CET49761443192.168.2.545.138.71.205
        Mar 14, 2025 01:27:05.058475018 CET49761443192.168.2.545.138.71.205
        Mar 14, 2025 01:27:05.058482885 CET4434976145.138.71.205192.168.2.5
        Mar 14, 2025 01:27:05.253087997 CET4434976045.138.71.205192.168.2.5
        Mar 14, 2025 01:27:05.256979942 CET4434976145.138.71.205192.168.2.5
        Mar 14, 2025 01:27:11.431807041 CET49764443192.168.2.545.138.71.205
        Mar 14, 2025 01:27:11.431807995 CET49765443192.168.2.545.138.71.205
        Mar 14, 2025 01:27:11.431853056 CET4434976445.138.71.205192.168.2.5
        Mar 14, 2025 01:27:11.431857109 CET4434976545.138.71.205192.168.2.5
        Mar 14, 2025 01:27:11.432075977 CET49765443192.168.2.545.138.71.205
        Mar 14, 2025 01:27:11.432106972 CET49764443192.168.2.545.138.71.205
        Mar 14, 2025 01:27:11.432571888 CET49765443192.168.2.545.138.71.205
        Mar 14, 2025 01:27:11.432589054 CET4434976545.138.71.205192.168.2.5
        Mar 14, 2025 01:27:11.436026096 CET49764443192.168.2.545.138.71.205
        Mar 14, 2025 01:27:11.436043978 CET4434976445.138.71.205192.168.2.5
        Mar 14, 2025 01:27:11.633506060 CET4434976445.138.71.205192.168.2.5
        Mar 14, 2025 01:27:11.634150982 CET49766443192.168.2.545.138.71.205
        Mar 14, 2025 01:27:11.634188890 CET4434976645.138.71.205192.168.2.5
        Mar 14, 2025 01:27:11.634516001 CET49766443192.168.2.545.138.71.205
        Mar 14, 2025 01:27:11.634655952 CET49766443192.168.2.545.138.71.205
        Mar 14, 2025 01:27:11.634671926 CET4434976645.138.71.205192.168.2.5
        Mar 14, 2025 01:27:11.637851954 CET4434976545.138.71.205192.168.2.5
        Mar 14, 2025 01:27:11.638448000 CET49767443192.168.2.545.138.71.205
        Mar 14, 2025 01:27:11.638489962 CET4434976745.138.71.205192.168.2.5
        Mar 14, 2025 01:27:11.638649940 CET49767443192.168.2.545.138.71.205
        Mar 14, 2025 01:27:11.638988018 CET49767443192.168.2.545.138.71.205
        Mar 14, 2025 01:27:11.639000893 CET4434976745.138.71.205192.168.2.5
        Mar 14, 2025 01:27:11.833019018 CET4434976645.138.71.205192.168.2.5
        Mar 14, 2025 01:27:11.837560892 CET4434976745.138.71.205192.168.2.5
        TimestampSource PortDest PortSource IPDest IP
        Mar 14, 2025 01:26:51.176683903 CET53651531.1.1.1192.168.2.5
        Mar 14, 2025 01:26:51.183751106 CET53571621.1.1.1192.168.2.5
        Mar 14, 2025 01:26:55.158129930 CET6264953192.168.2.51.1.1.1
        Mar 14, 2025 01:26:55.158129930 CET5068353192.168.2.51.1.1.1
        Mar 14, 2025 01:26:55.166204929 CET53506831.1.1.1192.168.2.5
        Mar 14, 2025 01:26:55.166225910 CET53626491.1.1.1192.168.2.5
        Mar 14, 2025 01:26:56.929286957 CET5873553192.168.2.51.1.1.1
        Mar 14, 2025 01:26:56.929286957 CET5727853192.168.2.51.1.1.1
        Mar 14, 2025 01:26:56.946296930 CET53572781.1.1.1192.168.2.5
        Mar 14, 2025 01:26:56.946808100 CET6381853192.168.2.51.1.1.1
        Mar 14, 2025 01:26:56.963244915 CET53638181.1.1.1192.168.2.5
        Mar 14, 2025 01:26:57.942740917 CET6110353192.168.2.51.1.1.1
        Mar 14, 2025 01:26:57.997276068 CET53587351.1.1.1192.168.2.5
        Mar 14, 2025 01:26:59.100658894 CET53611031.1.1.1192.168.2.5
        TimestampSource IPDest IPChecksumCodeType
        Mar 14, 2025 01:26:59.100755930 CET192.168.2.51.1.1.1c231(Port unreachable)Destination Unreachable
        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
        Mar 14, 2025 01:26:55.158129930 CET192.168.2.51.1.1.10x9f5eStandard query (0)www.google.comA (IP address)IN (0x0001)false
        Mar 14, 2025 01:26:55.158129930 CET192.168.2.51.1.1.10xe2d0Standard query (0)www.google.com65IN (0x0001)false
        Mar 14, 2025 01:26:56.929286957 CET192.168.2.51.1.1.10x3cccStandard query (0)www.11775357.comA (IP address)IN (0x0001)false
        Mar 14, 2025 01:26:56.929286957 CET192.168.2.51.1.1.10x6c11Standard query (0)www.11775357.com65IN (0x0001)false
        Mar 14, 2025 01:26:56.946808100 CET192.168.2.51.1.1.10xcfe9Standard query (0)www.11775357.com65IN (0x0001)false
        Mar 14, 2025 01:26:57.942740917 CET192.168.2.51.1.1.10x87afStandard query (0)www.11775357.comA (IP address)IN (0x0001)false
        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
        Mar 14, 2025 01:26:55.166204929 CET1.1.1.1192.168.2.50xe2d0No error (0)www.google.com65IN (0x0001)false
        Mar 14, 2025 01:26:55.166225910 CET1.1.1.1192.168.2.50x9f5eNo error (0)www.google.com142.250.186.132A (IP address)IN (0x0001)false
        Mar 14, 2025 01:26:56.946296930 CET1.1.1.1192.168.2.50x6c11Server failure (2)www.11775357.comnonenone65IN (0x0001)false
        Mar 14, 2025 01:26:56.963244915 CET1.1.1.1192.168.2.50xcfe9Server failure (2)www.11775357.comnonenone65IN (0x0001)false
        Mar 14, 2025 01:26:57.997276068 CET1.1.1.1192.168.2.50x3cccNo error (0)www.11775357.comxin.cname66.comCNAME (Canonical name)IN (0x0001)false
        Mar 14, 2025 01:26:57.997276068 CET1.1.1.1192.168.2.50x3cccNo error (0)xin.cname66.comxin.jump4mnydu.xyzCNAME (Canonical name)IN (0x0001)false
        Mar 14, 2025 01:26:57.997276068 CET1.1.1.1192.168.2.50x3cccNo error (0)xin.jump4mnydu.xyz45.138.71.205A (IP address)IN (0x0001)false
        Mar 14, 2025 01:26:59.100658894 CET1.1.1.1192.168.2.50x87afNo error (0)www.11775357.comxin.cname66.comCNAME (Canonical name)IN (0x0001)false
        Mar 14, 2025 01:26:59.100658894 CET1.1.1.1192.168.2.50x87afNo error (0)xin.cname66.comxin.jump4mnydu.xyzCNAME (Canonical name)IN (0x0001)false
        Mar 14, 2025 01:26:59.100658894 CET1.1.1.1192.168.2.50x87afNo error (0)xin.jump4mnydu.xyz45.138.71.205A (IP address)IN (0x0001)false
        01020s020406080100

        Click to jump to process

        Click to jump to process

        Target ID:1
        Start time:20:26:45
        Start date:13/03/2025
        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
        Imagebase:0x7ff6cb0e0000
        File size:3'388'000 bytes
        MD5 hash:E81F54E6C1129887AEA47E7D092680BF
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Has exited:false

        Target ID:2
        Start time:20:26:49
        Start date:13/03/2025
        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2036,i,5527945556923350627,15880901870232561179,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2068 /prefetch:3
        Imagebase:0x7ff6cb0e0000
        File size:3'388'000 bytes
        MD5 hash:E81F54E6C1129887AEA47E7D092680BF
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Has exited:false

        Target ID:3
        Start time:20:26:52
        Start date:13/03/2025
        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2036,i,5527945556923350627,15880901870232561179,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=5036 /prefetch:8
        Imagebase:0x7ff6cb0e0000
        File size:3'388'000 bytes
        MD5 hash:E81F54E6C1129887AEA47E7D092680BF
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Has exited:false

        Target ID:6
        Start time:20:26:56
        Start date:13/03/2025
        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.11775357.com/"
        Imagebase:0x7ff6cb0e0000
        File size:3'388'000 bytes
        MD5 hash:E81F54E6C1129887AEA47E7D092680BF
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Has exited:true
        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

        No disassembly