Edit tour

Windows Analysis Report
https://gemini-loogin.webflow.io/

Overview

General Information

Sample URL:https://gemini-loogin.webflow.io/
Analysis ID:1637948
Infos:
Errors
  • URL not reachable

Detection

Score:52
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
AI detected suspicious URL

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • chrome.exe (PID: 2596 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 5480 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2036,i,15301946799802338618,8132495871975699470,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2064 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 6860 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://gemini-loogin.webflow.io/" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: https://gemini-loogin.webflow.io/Avira URL Cloud: detection malicious, Label: phishing

Phishing

barindex
Source: https://gemini-loogin.webflow.ioJoe Sandbox AI: The URL 'https://gemini-loogin.webflow.io' appears to be a typosquatting attempt targeting the known cryptocurrency exchange brand 'Gemini'. The legitimate URL for Gemini is 'https://www.gemini.com'. The analyzed URL uses a subdomain 'gemini-loogin' which includes a misspelling of 'login' as 'loogin', a common tactic in typosquatting to deceive users. The use of 'webflow.io' as the domain extension is not inherently suspicious, as Webflow is a legitimate platform for hosting websites. However, the combination of the misspelled subdomain and the known brand name suggests an attempt to confuse users into thinking they are accessing a legitimate Gemini login page. The similarity score is high due to the structural resemblance and character-level similarity to the legitimate brand URL, and the likelihood of user confusion is significant, leading to a high spoofed score.
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: gemini-loogin.webflow.io
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: classification engineClassification label: mal52.win@24/0@4/3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2036,i,15301946799802338618,8132495871975699470,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2064 /prefetch:3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://gemini-loogin.webflow.io/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2036,i,15301946799802338618,8132495871975699470,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2064 /prefetch:3Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Browser Extensions
1
Process Injection
1
Process Injection
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1637948 URL: https://gemini-loogin.webflow.io/ Startdate: 14/03/2025 Architecture: WINDOWS Score: 52 20 Antivirus / Scanner detection for submitted sample 2->20 22 AI detected suspicious URL 2->22 6 chrome.exe 2->6         started        9 chrome.exe 2->9         started        process3 dnsIp4 14 192.168.2.6, 443, 49707, 49708 unknown unknown 6->14 11 chrome.exe 6->11         started        process5 dnsIp6 16 gemini-loogin.webflow.io 172.64.151.8, 443, 49711, 49712 CLOUDFLARENETUS United States 11->16 18 www.google.com 172.217.18.4, 443, 49707, 49708 GOOGLEUS United States 11->18

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
https://gemini-loogin.webflow.io/100%Avira URL Cloudphishing
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
www.google.com
172.217.18.4
truefalse
    high
    gemini-loogin.webflow.io
    172.64.151.8
    truetrue
      unknown
      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs
      IPDomainCountryFlagASNASN NameMalicious
      172.217.18.4
      www.google.comUnited States
      15169GOOGLEUSfalse
      172.64.151.8
      gemini-loogin.webflow.ioUnited States
      13335CLOUDFLARENETUStrue
      IP
      192.168.2.6
      Joe Sandbox version:42.0.0 Malachite
      Analysis ID:1637948
      Start date and time:2025-03-14 01:27:53 +01:00
      Joe Sandbox product:CloudBasic
      Overall analysis duration:0h 1m 55s
      Hypervisor based Inspection enabled:false
      Report type:full
      Cookbook file name:browseurl.jbs
      Sample URL:https://gemini-loogin.webflow.io/
      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
      Number of analysed new started processes analysed:14
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • HCA enabled
      • EGA enabled
      • AMSI enabled
      Analysis Mode:default
      Analysis stop reason:Timeout
      Detection:MAL
      Classification:mal52.win@24/0@4/3
      EGA Information:Failed
      HCA Information:
      • Successful, ratio: 100%
      • Number of executed functions: 0
      • Number of non-executed functions: 0
      Cookbook Comments:
      • URL browsing timeout or error
      • URL not reachable
      • Exclude process from analysis (whitelisted): SIHClient.exe, SgrmBroker.exe, svchost.exe, TextInputHost.exe
      • Excluded IPs from analysis (whitelisted): 142.250.186.131, 142.250.181.238, 142.250.186.46, 108.177.15.84
      • Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, accounts.google.com, slscr.update.microsoft.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
      • Not all processes where analyzed, report is missing behavior information
      • Report size getting too big, too many NtOpenFile calls found.
      • VT rate limit hit for: https://gemini-loogin.webflow.io/
      No simulations
      No context
      No context
      No context
      No context
      No context
      No created / dropped files found
      No static file info

      Download Network PCAP: filteredfull

      • Total Packets: 118
      • 443 (HTTPS)
      • 53 (DNS)
      TimestampSource PortDest PortSource IPDest IP
      Mar 14, 2025 01:28:45.419621944 CET49672443192.168.2.6204.79.197.203
      Mar 14, 2025 01:28:45.747003078 CET49672443192.168.2.6204.79.197.203
      Mar 14, 2025 01:28:46.356393099 CET49672443192.168.2.6204.79.197.203
      Mar 14, 2025 01:28:47.559648037 CET49672443192.168.2.6204.79.197.203
      Mar 14, 2025 01:28:50.090907097 CET49672443192.168.2.6204.79.197.203
      Mar 14, 2025 01:28:52.084781885 CET49707443192.168.2.6172.217.18.4
      Mar 14, 2025 01:28:52.084817886 CET44349707172.217.18.4192.168.2.6
      Mar 14, 2025 01:28:52.084978104 CET49707443192.168.2.6172.217.18.4
      Mar 14, 2025 01:28:52.085315943 CET49707443192.168.2.6172.217.18.4
      Mar 14, 2025 01:28:52.085330009 CET44349707172.217.18.4192.168.2.6
      Mar 14, 2025 01:28:52.285603046 CET44349707172.217.18.4192.168.2.6
      Mar 14, 2025 01:28:52.286322117 CET49708443192.168.2.6172.217.18.4
      Mar 14, 2025 01:28:52.286374092 CET44349708172.217.18.4192.168.2.6
      Mar 14, 2025 01:28:52.286663055 CET49708443192.168.2.6172.217.18.4
      Mar 14, 2025 01:28:52.286804914 CET49708443192.168.2.6172.217.18.4
      Mar 14, 2025 01:28:52.286818027 CET44349708172.217.18.4192.168.2.6
      Mar 14, 2025 01:28:52.485250950 CET44349708172.217.18.4192.168.2.6
      Mar 14, 2025 01:28:53.570466995 CET49711443192.168.2.6172.64.151.8
      Mar 14, 2025 01:28:53.570492983 CET44349711172.64.151.8192.168.2.6
      Mar 14, 2025 01:28:53.570568085 CET49711443192.168.2.6172.64.151.8
      Mar 14, 2025 01:28:53.570673943 CET49712443192.168.2.6172.64.151.8
      Mar 14, 2025 01:28:53.570712090 CET44349712172.64.151.8192.168.2.6
      Mar 14, 2025 01:28:53.570775986 CET49712443192.168.2.6172.64.151.8
      Mar 14, 2025 01:28:53.571294069 CET49712443192.168.2.6172.64.151.8
      Mar 14, 2025 01:28:53.571310043 CET44349712172.64.151.8192.168.2.6
      Mar 14, 2025 01:28:53.571685076 CET49711443192.168.2.6172.64.151.8
      Mar 14, 2025 01:28:53.571700096 CET44349711172.64.151.8192.168.2.6
      Mar 14, 2025 01:28:53.706440926 CET49713443192.168.2.623.60.203.209
      Mar 14, 2025 01:28:53.706480026 CET4434971323.60.203.209192.168.2.6
      Mar 14, 2025 01:28:53.706607103 CET49713443192.168.2.623.60.203.209
      Mar 14, 2025 01:28:53.708499908 CET49713443192.168.2.623.60.203.209
      Mar 14, 2025 01:28:53.708513975 CET4434971323.60.203.209192.168.2.6
      Mar 14, 2025 01:28:53.709156990 CET4434971323.60.203.209192.168.2.6
      Mar 14, 2025 01:28:53.715075970 CET49714443192.168.2.623.60.203.209
      Mar 14, 2025 01:28:53.715111971 CET4434971423.60.203.209192.168.2.6
      Mar 14, 2025 01:28:53.715225935 CET49714443192.168.2.623.60.203.209
      Mar 14, 2025 01:28:53.715754986 CET49714443192.168.2.623.60.203.209
      Mar 14, 2025 01:28:53.715769053 CET4434971423.60.203.209192.168.2.6
      Mar 14, 2025 01:28:53.716175079 CET4434971423.60.203.209192.168.2.6
      Mar 14, 2025 01:28:53.716667891 CET49715443192.168.2.623.60.203.209
      Mar 14, 2025 01:28:53.716711998 CET4434971523.60.203.209192.168.2.6
      Mar 14, 2025 01:28:53.716975927 CET49715443192.168.2.623.60.203.209
      Mar 14, 2025 01:28:53.717495918 CET49715443192.168.2.623.60.203.209
      Mar 14, 2025 01:28:53.717533112 CET4434971523.60.203.209192.168.2.6
      Mar 14, 2025 01:28:53.717611074 CET49715443192.168.2.623.60.203.209
      Mar 14, 2025 01:28:53.769004107 CET44349711172.64.151.8192.168.2.6
      Mar 14, 2025 01:28:53.769653082 CET49716443192.168.2.6172.64.151.8
      Mar 14, 2025 01:28:53.769687891 CET44349716172.64.151.8192.168.2.6
      Mar 14, 2025 01:28:53.769900084 CET49716443192.168.2.6172.64.151.8
      Mar 14, 2025 01:28:53.770267010 CET49716443192.168.2.6172.64.151.8
      Mar 14, 2025 01:28:53.770281076 CET44349716172.64.151.8192.168.2.6
      Mar 14, 2025 01:28:53.770919085 CET44349712172.64.151.8192.168.2.6
      Mar 14, 2025 01:28:53.771507025 CET49717443192.168.2.6172.64.151.8
      Mar 14, 2025 01:28:53.771538019 CET44349717172.64.151.8192.168.2.6
      Mar 14, 2025 01:28:53.771663904 CET49717443192.168.2.6172.64.151.8
      Mar 14, 2025 01:28:53.771998882 CET49717443192.168.2.6172.64.151.8
      Mar 14, 2025 01:28:53.772017956 CET44349717172.64.151.8192.168.2.6
      Mar 14, 2025 01:28:53.970026970 CET44349716172.64.151.8192.168.2.6
      Mar 14, 2025 01:28:53.970074892 CET44349717172.64.151.8192.168.2.6
      Mar 14, 2025 01:28:54.072294950 CET49678443192.168.2.620.42.65.91
      Mar 14, 2025 01:28:54.373944998 CET49678443192.168.2.620.42.65.91
      Mar 14, 2025 01:28:54.903868914 CET49672443192.168.2.6204.79.197.203
      Mar 14, 2025 01:28:54.981987953 CET49678443192.168.2.620.42.65.91
      Mar 14, 2025 01:28:55.028435946 CET49721443192.168.2.6172.64.151.8
      Mar 14, 2025 01:28:55.028492928 CET44349721172.64.151.8192.168.2.6
      Mar 14, 2025 01:28:55.028561115 CET49721443192.168.2.6172.64.151.8
      Mar 14, 2025 01:28:55.028768063 CET49722443192.168.2.6172.64.151.8
      Mar 14, 2025 01:28:55.028827906 CET44349722172.64.151.8192.168.2.6
      Mar 14, 2025 01:28:55.028887033 CET49722443192.168.2.6172.64.151.8
      Mar 14, 2025 01:28:55.029166937 CET49721443192.168.2.6172.64.151.8
      Mar 14, 2025 01:28:55.029185057 CET44349721172.64.151.8192.168.2.6
      Mar 14, 2025 01:28:55.029442072 CET49722443192.168.2.6172.64.151.8
      Mar 14, 2025 01:28:55.029459000 CET44349722172.64.151.8192.168.2.6
      Mar 14, 2025 01:28:55.228914976 CET44349722172.64.151.8192.168.2.6
      Mar 14, 2025 01:28:55.229469061 CET49723443192.168.2.6172.64.151.8
      Mar 14, 2025 01:28:55.229497910 CET44349721172.64.151.8192.168.2.6
      Mar 14, 2025 01:28:55.229511023 CET44349723172.64.151.8192.168.2.6
      Mar 14, 2025 01:28:55.229582071 CET49723443192.168.2.6172.64.151.8
      Mar 14, 2025 01:28:55.229836941 CET49724443192.168.2.6172.64.151.8
      Mar 14, 2025 01:28:55.229872942 CET44349724172.64.151.8192.168.2.6
      Mar 14, 2025 01:28:55.229931116 CET49724443192.168.2.6172.64.151.8
      Mar 14, 2025 01:28:55.230194092 CET49723443192.168.2.6172.64.151.8
      Mar 14, 2025 01:28:55.230211973 CET44349723172.64.151.8192.168.2.6
      Mar 14, 2025 01:28:55.230597019 CET49724443192.168.2.6172.64.151.8
      Mar 14, 2025 01:28:55.230611086 CET44349724172.64.151.8192.168.2.6
      Mar 14, 2025 01:28:55.429164886 CET44349724172.64.151.8192.168.2.6
      Mar 14, 2025 01:28:55.429883003 CET44349723172.64.151.8192.168.2.6
      Mar 14, 2025 01:28:56.191704988 CET49678443192.168.2.620.42.65.91
      Mar 14, 2025 01:28:58.595628023 CET49678443192.168.2.620.42.65.91
      Mar 14, 2025 01:29:00.223125935 CET49725443192.168.2.6172.64.151.8
      Mar 14, 2025 01:29:00.223191023 CET44349725172.64.151.8192.168.2.6
      Mar 14, 2025 01:29:00.223278046 CET49725443192.168.2.6172.64.151.8
      Mar 14, 2025 01:29:00.223575115 CET49726443192.168.2.6172.64.151.8
      Mar 14, 2025 01:29:00.223622084 CET44349726172.64.151.8192.168.2.6
      Mar 14, 2025 01:29:00.223683119 CET49726443192.168.2.6172.64.151.8
      Mar 14, 2025 01:29:00.224319935 CET49725443192.168.2.6172.64.151.8
      Mar 14, 2025 01:29:00.224333048 CET44349725172.64.151.8192.168.2.6
      Mar 14, 2025 01:29:00.224616051 CET49726443192.168.2.6172.64.151.8
      Mar 14, 2025 01:29:00.224632978 CET44349726172.64.151.8192.168.2.6
      Mar 14, 2025 01:29:00.425338030 CET44349726172.64.151.8192.168.2.6
      Mar 14, 2025 01:29:00.425867081 CET44349725172.64.151.8192.168.2.6
      Mar 14, 2025 01:29:00.426261902 CET49727443192.168.2.6172.64.151.8
      Mar 14, 2025 01:29:00.426310062 CET44349727172.64.151.8192.168.2.6
      Mar 14, 2025 01:29:00.426390886 CET49727443192.168.2.6172.64.151.8
      Mar 14, 2025 01:29:00.426803112 CET49728443192.168.2.6172.64.151.8
      Mar 14, 2025 01:29:00.426845074 CET44349728172.64.151.8192.168.2.6
      Mar 14, 2025 01:29:00.426960945 CET49728443192.168.2.6172.64.151.8
      Mar 14, 2025 01:29:00.427246094 CET49727443192.168.2.6172.64.151.8
      Mar 14, 2025 01:29:00.427262068 CET44349727172.64.151.8192.168.2.6
      Mar 14, 2025 01:29:00.427661896 CET49728443192.168.2.6172.64.151.8
      Mar 14, 2025 01:29:00.427679062 CET44349728172.64.151.8192.168.2.6
      Mar 14, 2025 01:29:00.625062943 CET44349728172.64.151.8192.168.2.6
      Mar 14, 2025 01:29:00.625169992 CET44349727172.64.151.8192.168.2.6
      Mar 14, 2025 01:29:03.398380995 CET49678443192.168.2.620.42.65.91
      Mar 14, 2025 01:29:03.445370913 CET49733443192.168.2.64.245.163.56
      Mar 14, 2025 01:29:03.445409060 CET443497334.245.163.56192.168.2.6
      Mar 14, 2025 01:29:03.445480108 CET49733443192.168.2.64.245.163.56
      Mar 14, 2025 01:29:03.446867943 CET49733443192.168.2.64.245.163.56
      Mar 14, 2025 01:29:03.446880102 CET443497334.245.163.56192.168.2.6
      Mar 14, 2025 01:29:03.447424889 CET443497334.245.163.56192.168.2.6
      Mar 14, 2025 01:29:03.451306105 CET49734443192.168.2.64.245.163.56
      Mar 14, 2025 01:29:03.451325893 CET443497344.245.163.56192.168.2.6
      Mar 14, 2025 01:29:03.451395035 CET49734443192.168.2.64.245.163.56
      Mar 14, 2025 01:29:03.451776981 CET49734443192.168.2.64.245.163.56
      Mar 14, 2025 01:29:03.451786041 CET443497344.245.163.56192.168.2.6
      Mar 14, 2025 01:29:03.452126026 CET443497344.245.163.56192.168.2.6
      Mar 14, 2025 01:29:03.494169950 CET49735443192.168.2.64.245.163.56
      Mar 14, 2025 01:29:03.494216919 CET443497354.245.163.56192.168.2.6
      Mar 14, 2025 01:29:03.494276047 CET49735443192.168.2.64.245.163.56
      Mar 14, 2025 01:29:03.494549036 CET49735443192.168.2.64.245.163.56
      Mar 14, 2025 01:29:03.494565010 CET443497354.245.163.56192.168.2.6
      Mar 14, 2025 01:29:03.494982958 CET443497354.245.163.56192.168.2.6
      Mar 14, 2025 01:29:03.512778044 CET49736443192.168.2.64.245.163.56
      Mar 14, 2025 01:29:03.512797117 CET443497364.245.163.56192.168.2.6
      Mar 14, 2025 01:29:03.512908936 CET49736443192.168.2.64.245.163.56
      Mar 14, 2025 01:29:03.513303041 CET49736443192.168.2.64.245.163.56
      Mar 14, 2025 01:29:03.513313055 CET443497364.245.163.56192.168.2.6
      Mar 14, 2025 01:29:03.513695002 CET443497364.245.163.56192.168.2.6
      Mar 14, 2025 01:29:03.547414064 CET49737443192.168.2.64.245.163.56
      Mar 14, 2025 01:29:03.547456980 CET443497374.245.163.56192.168.2.6
      Mar 14, 2025 01:29:03.547523975 CET49737443192.168.2.64.245.163.56
      Mar 14, 2025 01:29:03.547945023 CET49737443192.168.2.64.245.163.56
      Mar 14, 2025 01:29:03.547960043 CET443497374.245.163.56192.168.2.6
      Mar 14, 2025 01:29:03.548388004 CET443497374.245.163.56192.168.2.6
      Mar 14, 2025 01:29:03.564413071 CET49738443192.168.2.64.245.163.56
      Mar 14, 2025 01:29:03.564455986 CET443497384.245.163.56192.168.2.6
      Mar 14, 2025 01:29:03.564519882 CET49738443192.168.2.64.245.163.56
      Mar 14, 2025 01:29:03.564827919 CET49738443192.168.2.64.245.163.56
      Mar 14, 2025 01:29:03.564846039 CET443497384.245.163.56192.168.2.6
      Mar 14, 2025 01:29:03.565249920 CET443497384.245.163.56192.168.2.6
      Mar 14, 2025 01:29:03.606823921 CET49739443192.168.2.64.245.163.56
      Mar 14, 2025 01:29:03.606856108 CET443497394.245.163.56192.168.2.6
      Mar 14, 2025 01:29:03.606909037 CET49739443192.168.2.64.245.163.56
      Mar 14, 2025 01:29:03.607378006 CET49739443192.168.2.64.245.163.56
      Mar 14, 2025 01:29:03.607388973 CET443497394.245.163.56192.168.2.6
      Mar 14, 2025 01:29:03.607762098 CET443497394.245.163.56192.168.2.6
      Mar 14, 2025 01:29:03.610398054 CET49740443192.168.2.64.245.163.56
      Mar 14, 2025 01:29:03.610410929 CET443497404.245.163.56192.168.2.6
      Mar 14, 2025 01:29:03.610460043 CET49740443192.168.2.64.245.163.56
      Mar 14, 2025 01:29:03.610759020 CET49740443192.168.2.64.245.163.56
      Mar 14, 2025 01:29:03.610769033 CET443497404.245.163.56192.168.2.6
      Mar 14, 2025 01:29:03.611104965 CET443497404.245.163.56192.168.2.6
      Mar 14, 2025 01:29:04.513354063 CET49672443192.168.2.6204.79.197.203
      Mar 14, 2025 01:29:05.647779942 CET49741443192.168.2.6172.64.151.8
      Mar 14, 2025 01:29:05.647845030 CET44349741172.64.151.8192.168.2.6
      Mar 14, 2025 01:29:05.647917032 CET49741443192.168.2.6172.64.151.8
      Mar 14, 2025 01:29:05.648107052 CET49742443192.168.2.6172.64.151.8
      Mar 14, 2025 01:29:05.648134947 CET44349742172.64.151.8192.168.2.6
      Mar 14, 2025 01:29:05.648181915 CET49742443192.168.2.6172.64.151.8
      Mar 14, 2025 01:29:05.648682117 CET49742443192.168.2.6172.64.151.8
      Mar 14, 2025 01:29:05.648696899 CET44349742172.64.151.8192.168.2.6
      Mar 14, 2025 01:29:05.649184942 CET49741443192.168.2.6172.64.151.8
      Mar 14, 2025 01:29:05.649226904 CET44349741172.64.151.8192.168.2.6
      Mar 14, 2025 01:29:05.849520922 CET44349742172.64.151.8192.168.2.6
      Mar 14, 2025 01:29:05.850044012 CET49743443192.168.2.6172.64.151.8
      Mar 14, 2025 01:29:05.850085974 CET44349743172.64.151.8192.168.2.6
      Mar 14, 2025 01:29:05.850171089 CET49743443192.168.2.6172.64.151.8
      Mar 14, 2025 01:29:05.850564003 CET49743443192.168.2.6172.64.151.8
      Mar 14, 2025 01:29:05.850583076 CET44349743172.64.151.8192.168.2.6
      Mar 14, 2025 01:29:05.850936890 CET44349741172.64.151.8192.168.2.6
      Mar 14, 2025 01:29:05.851356030 CET49744443192.168.2.6172.64.151.8
      Mar 14, 2025 01:29:05.851393938 CET44349744172.64.151.8192.168.2.6
      Mar 14, 2025 01:29:05.851464987 CET49744443192.168.2.6172.64.151.8
      Mar 14, 2025 01:29:05.851752043 CET49744443192.168.2.6172.64.151.8
      Mar 14, 2025 01:29:05.851763964 CET44349744172.64.151.8192.168.2.6
      Mar 14, 2025 01:29:06.049061060 CET44349743172.64.151.8192.168.2.6
      Mar 14, 2025 01:29:06.053808928 CET44349744172.64.151.8192.168.2.6
      Mar 14, 2025 01:29:08.047698021 CET49745443192.168.2.6172.64.151.8
      Mar 14, 2025 01:29:08.047748089 CET44349745172.64.151.8192.168.2.6
      Mar 14, 2025 01:29:08.047858000 CET49745443192.168.2.6172.64.151.8
      Mar 14, 2025 01:29:08.048119068 CET49746443192.168.2.6172.64.151.8
      Mar 14, 2025 01:29:08.048160076 CET44349746172.64.151.8192.168.2.6
      Mar 14, 2025 01:29:08.048289061 CET49746443192.168.2.6172.64.151.8
      Mar 14, 2025 01:29:08.048516989 CET49745443192.168.2.6172.64.151.8
      Mar 14, 2025 01:29:08.048530102 CET44349745172.64.151.8192.168.2.6
      Mar 14, 2025 01:29:08.049042940 CET49746443192.168.2.6172.64.151.8
      Mar 14, 2025 01:29:08.049066067 CET44349746172.64.151.8192.168.2.6
      Mar 14, 2025 01:29:08.249581099 CET44349746172.64.151.8192.168.2.6
      Mar 14, 2025 01:29:08.249725103 CET44349745172.64.151.8192.168.2.6
      Mar 14, 2025 01:29:08.250302076 CET49747443192.168.2.6172.64.151.8
      Mar 14, 2025 01:29:08.250360012 CET44349747172.64.151.8192.168.2.6
      Mar 14, 2025 01:29:08.250533104 CET49747443192.168.2.6172.64.151.8
      Mar 14, 2025 01:29:08.250787973 CET49748443192.168.2.6172.64.151.8
      Mar 14, 2025 01:29:08.250830889 CET44349748172.64.151.8192.168.2.6
      Mar 14, 2025 01:29:08.250890970 CET49748443192.168.2.6172.64.151.8
      Mar 14, 2025 01:29:08.251185894 CET49747443192.168.2.6172.64.151.8
      Mar 14, 2025 01:29:08.251204014 CET44349747172.64.151.8192.168.2.6
      Mar 14, 2025 01:29:08.251460075 CET49748443192.168.2.6172.64.151.8
      Mar 14, 2025 01:29:08.251476049 CET44349748172.64.151.8192.168.2.6
      Mar 14, 2025 01:29:08.449173927 CET44349747172.64.151.8192.168.2.6
      Mar 14, 2025 01:29:08.449193954 CET44349748172.64.151.8192.168.2.6
      Mar 14, 2025 01:29:13.013484001 CET49678443192.168.2.620.42.65.91
      TimestampSource PortDest PortSource IPDest IP
      Mar 14, 2025 01:28:48.237350941 CET53650301.1.1.1192.168.2.6
      Mar 14, 2025 01:28:48.271768093 CET53637741.1.1.1192.168.2.6
      Mar 14, 2025 01:28:52.076802015 CET5404553192.168.2.61.1.1.1
      Mar 14, 2025 01:28:52.076998949 CET6288253192.168.2.61.1.1.1
      Mar 14, 2025 01:28:52.083673954 CET53628821.1.1.1192.168.2.6
      Mar 14, 2025 01:28:52.083899975 CET53540451.1.1.1192.168.2.6
      Mar 14, 2025 01:28:53.557802916 CET6387853192.168.2.61.1.1.1
      Mar 14, 2025 01:28:53.558021069 CET5295353192.168.2.61.1.1.1
      Mar 14, 2025 01:28:53.568789959 CET53529531.1.1.1192.168.2.6
      Mar 14, 2025 01:28:53.569489956 CET53638781.1.1.1192.168.2.6
      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
      Mar 14, 2025 01:28:52.076802015 CET192.168.2.61.1.1.10xc49bStandard query (0)www.google.comA (IP address)IN (0x0001)false
      Mar 14, 2025 01:28:52.076998949 CET192.168.2.61.1.1.10x9a65Standard query (0)www.google.com65IN (0x0001)false
      Mar 14, 2025 01:28:53.557802916 CET192.168.2.61.1.1.10x211dStandard query (0)gemini-loogin.webflow.ioA (IP address)IN (0x0001)false
      Mar 14, 2025 01:28:53.558021069 CET192.168.2.61.1.1.10xad71Standard query (0)gemini-loogin.webflow.io65IN (0x0001)false
      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
      Mar 14, 2025 01:28:52.083673954 CET1.1.1.1192.168.2.60x9a65No error (0)www.google.com65IN (0x0001)false
      Mar 14, 2025 01:28:52.083899975 CET1.1.1.1192.168.2.60xc49bNo error (0)www.google.com172.217.18.4A (IP address)IN (0x0001)false
      Mar 14, 2025 01:28:53.568789959 CET1.1.1.1192.168.2.60xad71No error (0)gemini-loogin.webflow.io65IN (0x0001)false
      Mar 14, 2025 01:28:53.569489956 CET1.1.1.1192.168.2.60x211dNo error (0)gemini-loogin.webflow.io172.64.151.8A (IP address)IN (0x0001)false
      Mar 14, 2025 01:28:53.569489956 CET1.1.1.1192.168.2.60x211dNo error (0)gemini-loogin.webflow.io104.18.36.248A (IP address)IN (0x0001)false
      01020s020406080100

      Click to jump to process

      01020s0.0050100MB

      Click to jump to process

      Target ID:1
      Start time:20:28:44
      Start date:13/03/2025
      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
      Wow64 process (32bit):false
      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
      Imagebase:0x7ff63b000000
      File size:3'388'000 bytes
      MD5 hash:E81F54E6C1129887AEA47E7D092680BF
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low
      Has exited:false

      Target ID:3
      Start time:20:28:45
      Start date:13/03/2025
      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
      Wow64 process (32bit):false
      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2036,i,15301946799802338618,8132495871975699470,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2064 /prefetch:3
      Imagebase:0x7ff63b000000
      File size:3'388'000 bytes
      MD5 hash:E81F54E6C1129887AEA47E7D092680BF
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low
      Has exited:false

      Target ID:7
      Start time:20:28:52
      Start date:13/03/2025
      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
      Wow64 process (32bit):false
      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://gemini-loogin.webflow.io/"
      Imagebase:0x7ff63b000000
      File size:3'388'000 bytes
      MD5 hash:E81F54E6C1129887AEA47E7D092680BF
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low
      Has exited:true
      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

      No disassembly