Edit tour

Windows Analysis Report
https://kucoinuxlogin.webflow.io/

Overview

General Information

Sample URL:https://kucoinuxlogin.webflow.io/
Analysis ID:1637949
Infos:
Errors
  • URL not reachable

Detection

Score:52
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
AI detected suspicious URL

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • chrome.exe (PID: 2696 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 6156 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2276,i,14816279118109633960,6743079271261266847,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2300 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 7024 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://kucoinuxlogin.webflow.io/" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: https://kucoinuxlogin.webflow.io/Avira URL Cloud: detection malicious, Label: phishing

Phishing

barindex
Source: https://kucoinuxlogin.webflow.ioJoe Sandbox AI: The URL 'kucoinuxlogin.webflow.io' appears to be attempting to mimic the legitimate cryptocurrency exchange platform KuCoin. The use of 'kucoin' in the subdomain suggests an attempt to associate with the known brand. The addition of 'uxlogin' could be interpreted as a structural change to imply a login page, which is a common tactic in phishing attempts. The domain 'webflow.io' is a legitimate platform for web hosting and design, which could be used for unrelated purposes, but in this context, it adds to the suspicion due to the subdomain's construction. The similarity score is high due to the use of the brand name and the structural implication of a login page, which could confuse users. The likelihood of typosquatting is also high given these factors.
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 2.16.185.191
Source: unknownTCP traffic detected without corresponding DNS query: 2.16.185.191
Source: unknownTCP traffic detected without corresponding DNS query: 2.16.185.191
Source: unknownTCP traffic detected without corresponding DNS query: 2.16.185.191
Source: unknownTCP traffic detected without corresponding DNS query: 2.16.185.191
Source: unknownTCP traffic detected without corresponding DNS query: 2.16.185.191
Source: unknownTCP traffic detected without corresponding DNS query: 2.16.185.191
Source: unknownTCP traffic detected without corresponding DNS query: 2.16.185.191
Source: unknownTCP traffic detected without corresponding DNS query: 2.16.185.191
Source: unknownTCP traffic detected without corresponding DNS query: 2.16.185.191
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknownTCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknownTCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknownTCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: kucoinuxlogin.webflow.io
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: classification engineClassification label: mal52.win@21/0@4/3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2276,i,14816279118109633960,6743079271261266847,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2300 /prefetch:3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://kucoinuxlogin.webflow.io/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2276,i,14816279118109633960,6743079271261266847,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2300 /prefetch:3Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Browser Extensions
1
Process Injection
1
Process Injection
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1637949 URL: https://kucoinuxlogin.webflow.io/ Startdate: 14/03/2025 Architecture: WINDOWS Score: 52 20 Antivirus / Scanner detection for submitted sample 2->20 22 AI detected suspicious URL 2->22 6 chrome.exe 2->6         started        9 chrome.exe 2->9         started        process3 dnsIp4 14 192.168.2.4, 443, 49708, 49733 unknown unknown 6->14 11 chrome.exe 6->11         started        process5 dnsIp6 16 kucoinuxlogin.webflow.io 172.64.151.8, 443, 49738, 49739 CLOUDFLARENETUS United States 11->16 18 www.google.com 172.217.18.4, 443, 49733, 49734 GOOGLEUS United States 11->18

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
https://kucoinuxlogin.webflow.io/100%Avira URL Cloudphishing
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
kucoinuxlogin.webflow.io
172.64.151.8
truetrue
    unknown
    www.google.com
    172.217.18.4
    truefalse
      high
      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs
      IPDomainCountryFlagASNASN NameMalicious
      172.217.18.4
      www.google.comUnited States
      15169GOOGLEUSfalse
      172.64.151.8
      kucoinuxlogin.webflow.ioUnited States
      13335CLOUDFLARENETUStrue
      IP
      192.168.2.4
      Joe Sandbox version:42.0.0 Malachite
      Analysis ID:1637949
      Start date and time:2025-03-14 01:28:54 +01:00
      Joe Sandbox product:CloudBasic
      Overall analysis duration:0h 2m 4s
      Hypervisor based Inspection enabled:false
      Report type:full
      Cookbook file name:browseurl.jbs
      Sample URL:https://kucoinuxlogin.webflow.io/
      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
      Number of analysed new started processes analysed:15
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • HCA enabled
      • EGA enabled
      • AMSI enabled
      Analysis Mode:default
      Analysis stop reason:Timeout
      Detection:MAL
      Classification:mal52.win@21/0@4/3
      EGA Information:Failed
      HCA Information:
      • Successful, ratio: 100%
      • Number of executed functions: 0
      • Number of non-executed functions: 0
      Cookbook Comments:
      • URL browsing timeout or error
      • URL not reachable
      • Exclude process from analysis (whitelisted): RuntimeBroker.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, svchost.exe
      • Excluded IPs from analysis (whitelisted): 216.58.206.35, 172.217.18.14, 142.250.185.238, 64.233.184.84, 2.23.77.188
      • Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, ocsp.digicert.com, accounts.google.com, slscr.update.microsoft.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
      • Not all processes where analyzed, report is missing behavior information
      • Report size getting too big, too many NtOpenFile calls found.
      • VT rate limit hit for: https://kucoinuxlogin.webflow.io/
      No simulations
      No context
      No context
      No context
      No context
      No context
      No created / dropped files found
      No static file info

      Download Network PCAP: filteredfull

      • Total Packets: 115
      • 443 (HTTPS)
      • 80 (HTTP)
      • 53 (DNS)
      TimestampSource PortDest PortSource IPDest IP
      Mar 14, 2025 01:29:52.099981070 CET49671443192.168.2.4204.79.197.203
      Mar 14, 2025 01:29:52.521128893 CET49671443192.168.2.4204.79.197.203
      Mar 14, 2025 01:29:53.222596884 CET49671443192.168.2.4204.79.197.203
      Mar 14, 2025 01:29:54.425717115 CET49671443192.168.2.4204.79.197.203
      Mar 14, 2025 01:29:55.226161003 CET49733443192.168.2.4172.217.18.4
      Mar 14, 2025 01:29:55.226203918 CET44349733172.217.18.4192.168.2.4
      Mar 14, 2025 01:29:55.226280928 CET49733443192.168.2.4172.217.18.4
      Mar 14, 2025 01:29:55.226636887 CET49733443192.168.2.4172.217.18.4
      Mar 14, 2025 01:29:55.226646900 CET44349733172.217.18.4192.168.2.4
      Mar 14, 2025 01:29:55.425853014 CET44349733172.217.18.4192.168.2.4
      Mar 14, 2025 01:29:55.486399889 CET49734443192.168.2.4172.217.18.4
      Mar 14, 2025 01:29:55.486442089 CET44349734172.217.18.4192.168.2.4
      Mar 14, 2025 01:29:55.486772060 CET49734443192.168.2.4172.217.18.4
      Mar 14, 2025 01:29:55.487071037 CET49734443192.168.2.4172.217.18.4
      Mar 14, 2025 01:29:55.487086058 CET44349734172.217.18.4192.168.2.4
      Mar 14, 2025 01:29:55.685128927 CET44349734172.217.18.4192.168.2.4
      Mar 14, 2025 01:29:56.832370996 CET49671443192.168.2.4204.79.197.203
      Mar 14, 2025 01:29:58.012841940 CET49738443192.168.2.4172.64.151.8
      Mar 14, 2025 01:29:58.012904882 CET44349738172.64.151.8192.168.2.4
      Mar 14, 2025 01:29:58.012986898 CET49738443192.168.2.4172.64.151.8
      Mar 14, 2025 01:29:58.013154984 CET49739443192.168.2.4172.64.151.8
      Mar 14, 2025 01:29:58.013206959 CET44349739172.64.151.8192.168.2.4
      Mar 14, 2025 01:29:58.013259888 CET49739443192.168.2.4172.64.151.8
      Mar 14, 2025 01:29:58.013689041 CET49738443192.168.2.4172.64.151.8
      Mar 14, 2025 01:29:58.013708115 CET44349738172.64.151.8192.168.2.4
      Mar 14, 2025 01:29:58.014055014 CET49739443192.168.2.4172.64.151.8
      Mar 14, 2025 01:29:58.014070034 CET44349739172.64.151.8192.168.2.4
      Mar 14, 2025 01:29:58.213274002 CET44349739172.64.151.8192.168.2.4
      Mar 14, 2025 01:29:58.213591099 CET44349738172.64.151.8192.168.2.4
      Mar 14, 2025 01:29:58.218839884 CET49740443192.168.2.4172.64.151.8
      Mar 14, 2025 01:29:58.218883991 CET44349740172.64.151.8192.168.2.4
      Mar 14, 2025 01:29:58.218959093 CET49740443192.168.2.4172.64.151.8
      Mar 14, 2025 01:29:58.219078064 CET49741443192.168.2.4172.64.151.8
      Mar 14, 2025 01:29:58.219141006 CET44349741172.64.151.8192.168.2.4
      Mar 14, 2025 01:29:58.219209909 CET49741443192.168.2.4172.64.151.8
      Mar 14, 2025 01:29:58.219351053 CET49740443192.168.2.4172.64.151.8
      Mar 14, 2025 01:29:58.219362974 CET44349740172.64.151.8192.168.2.4
      Mar 14, 2025 01:29:58.219579935 CET49741443192.168.2.4172.64.151.8
      Mar 14, 2025 01:29:58.219598055 CET44349741172.64.151.8192.168.2.4
      Mar 14, 2025 01:29:58.416941881 CET44349740172.64.151.8192.168.2.4
      Mar 14, 2025 01:29:58.417660952 CET44349741172.64.151.8192.168.2.4
      Mar 14, 2025 01:29:59.250962973 CET49745443192.168.2.42.16.185.191
      Mar 14, 2025 01:29:59.251000881 CET443497452.16.185.191192.168.2.4
      Mar 14, 2025 01:29:59.251200914 CET49745443192.168.2.42.16.185.191
      Mar 14, 2025 01:29:59.260397911 CET49745443192.168.2.42.16.185.191
      Mar 14, 2025 01:29:59.260413885 CET443497452.16.185.191192.168.2.4
      Mar 14, 2025 01:29:59.261042118 CET443497452.16.185.191192.168.2.4
      Mar 14, 2025 01:29:59.265330076 CET49746443192.168.2.42.16.185.191
      Mar 14, 2025 01:29:59.265364885 CET443497462.16.185.191192.168.2.4
      Mar 14, 2025 01:29:59.265464067 CET49746443192.168.2.42.16.185.191
      Mar 14, 2025 01:29:59.265686035 CET49746443192.168.2.42.16.185.191
      Mar 14, 2025 01:29:59.265698910 CET443497462.16.185.191192.168.2.4
      Mar 14, 2025 01:29:59.266098976 CET443497462.16.185.191192.168.2.4
      Mar 14, 2025 01:29:59.266355991 CET49747443192.168.2.42.16.185.191
      Mar 14, 2025 01:29:59.266398907 CET443497472.16.185.191192.168.2.4
      Mar 14, 2025 01:29:59.266462088 CET49747443192.168.2.42.16.185.191
      Mar 14, 2025 01:29:59.271217108 CET49747443192.168.2.42.16.185.191
      Mar 14, 2025 01:29:59.271250010 CET443497472.16.185.191192.168.2.4
      Mar 14, 2025 01:29:59.271303892 CET49747443192.168.2.42.16.185.191
      Mar 14, 2025 01:29:59.475465059 CET49748443192.168.2.4172.64.151.8
      Mar 14, 2025 01:29:59.475488901 CET44349748172.64.151.8192.168.2.4
      Mar 14, 2025 01:29:59.475548029 CET49748443192.168.2.4172.64.151.8
      Mar 14, 2025 01:29:59.475739002 CET49749443192.168.2.4172.64.151.8
      Mar 14, 2025 01:29:59.475800037 CET44349749172.64.151.8192.168.2.4
      Mar 14, 2025 01:29:59.475847960 CET49749443192.168.2.4172.64.151.8
      Mar 14, 2025 01:29:59.476747036 CET49749443192.168.2.4172.64.151.8
      Mar 14, 2025 01:29:59.476768017 CET44349749172.64.151.8192.168.2.4
      Mar 14, 2025 01:29:59.477188110 CET49748443192.168.2.4172.64.151.8
      Mar 14, 2025 01:29:59.477200985 CET44349748172.64.151.8192.168.2.4
      Mar 14, 2025 01:29:59.677119970 CET44349749172.64.151.8192.168.2.4
      Mar 14, 2025 01:29:59.677587986 CET49750443192.168.2.4172.64.151.8
      Mar 14, 2025 01:29:59.677638054 CET44349750172.64.151.8192.168.2.4
      Mar 14, 2025 01:29:59.677704096 CET49750443192.168.2.4172.64.151.8
      Mar 14, 2025 01:29:59.678065062 CET49750443192.168.2.4172.64.151.8
      Mar 14, 2025 01:29:59.678091049 CET44349750172.64.151.8192.168.2.4
      Mar 14, 2025 01:29:59.678111076 CET44349748172.64.151.8192.168.2.4
      Mar 14, 2025 01:29:59.678484917 CET49751443192.168.2.4172.64.151.8
      Mar 14, 2025 01:29:59.678518057 CET44349751172.64.151.8192.168.2.4
      Mar 14, 2025 01:29:59.678575039 CET49751443192.168.2.4172.64.151.8
      Mar 14, 2025 01:29:59.678858042 CET49751443192.168.2.4172.64.151.8
      Mar 14, 2025 01:29:59.678872108 CET44349751172.64.151.8192.168.2.4
      Mar 14, 2025 01:29:59.877240896 CET44349750172.64.151.8192.168.2.4
      Mar 14, 2025 01:29:59.877914906 CET44349751172.64.151.8192.168.2.4
      Mar 14, 2025 01:30:00.692039013 CET49678443192.168.2.420.189.173.27
      Mar 14, 2025 01:30:01.004260063 CET49678443192.168.2.420.189.173.27
      Mar 14, 2025 01:30:01.613571882 CET49678443192.168.2.420.189.173.27
      Mar 14, 2025 01:30:01.644833088 CET49671443192.168.2.4204.79.197.203
      Mar 14, 2025 01:30:02.816252947 CET49678443192.168.2.420.189.173.27
      Mar 14, 2025 01:30:03.889703035 CET49708443192.168.2.452.113.196.254
      Mar 14, 2025 01:30:03.894476891 CET4434970852.113.196.254192.168.2.4
      Mar 14, 2025 01:30:03.994287968 CET4434970852.113.196.254192.168.2.4
      Mar 14, 2025 01:30:03.994313002 CET4434970852.113.196.254192.168.2.4
      Mar 14, 2025 01:30:03.994326115 CET4434970852.113.196.254192.168.2.4
      Mar 14, 2025 01:30:03.994338036 CET4434970852.113.196.254192.168.2.4
      Mar 14, 2025 01:30:03.994349957 CET4434970852.113.196.254192.168.2.4
      Mar 14, 2025 01:30:03.994355917 CET49708443192.168.2.452.113.196.254
      Mar 14, 2025 01:30:03.994363070 CET4434970852.113.196.254192.168.2.4
      Mar 14, 2025 01:30:03.994375944 CET49708443192.168.2.452.113.196.254
      Mar 14, 2025 01:30:03.994421005 CET49708443192.168.2.452.113.196.254
      Mar 14, 2025 01:30:04.015363932 CET4968180192.168.2.42.17.190.73
      Mar 14, 2025 01:30:04.316077948 CET4968180192.168.2.42.17.190.73
      Mar 14, 2025 01:30:04.906629086 CET49753443192.168.2.4172.64.151.8
      Mar 14, 2025 01:30:04.906678915 CET44349753172.64.151.8192.168.2.4
      Mar 14, 2025 01:30:04.906810045 CET49753443192.168.2.4172.64.151.8
      Mar 14, 2025 01:30:04.906933069 CET49754443192.168.2.4172.64.151.8
      Mar 14, 2025 01:30:04.906977892 CET44349754172.64.151.8192.168.2.4
      Mar 14, 2025 01:30:04.907023907 CET49754443192.168.2.4172.64.151.8
      Mar 14, 2025 01:30:04.908271074 CET49754443192.168.2.4172.64.151.8
      Mar 14, 2025 01:30:04.908284903 CET44349754172.64.151.8192.168.2.4
      Mar 14, 2025 01:30:04.908468962 CET49753443192.168.2.4172.64.151.8
      Mar 14, 2025 01:30:04.908488035 CET44349753172.64.151.8192.168.2.4
      Mar 14, 2025 01:30:04.926256895 CET4968180192.168.2.42.17.190.73
      Mar 14, 2025 01:30:05.105792999 CET44349754172.64.151.8192.168.2.4
      Mar 14, 2025 01:30:05.106585026 CET49755443192.168.2.4172.64.151.8
      Mar 14, 2025 01:30:05.106643915 CET44349755172.64.151.8192.168.2.4
      Mar 14, 2025 01:30:05.106726885 CET49755443192.168.2.4172.64.151.8
      Mar 14, 2025 01:30:05.107172012 CET49755443192.168.2.4172.64.151.8
      Mar 14, 2025 01:30:05.107188940 CET44349755172.64.151.8192.168.2.4
      Mar 14, 2025 01:30:05.109632969 CET44349753172.64.151.8192.168.2.4
      Mar 14, 2025 01:30:05.110009909 CET49756443192.168.2.4172.64.151.8
      Mar 14, 2025 01:30:05.110052109 CET44349756172.64.151.8192.168.2.4
      Mar 14, 2025 01:30:05.110122919 CET49756443192.168.2.4172.64.151.8
      Mar 14, 2025 01:30:05.110455036 CET49756443192.168.2.4172.64.151.8
      Mar 14, 2025 01:30:05.110474110 CET44349756172.64.151.8192.168.2.4
      Mar 14, 2025 01:30:05.221770048 CET49678443192.168.2.420.189.173.27
      Mar 14, 2025 01:30:05.305680037 CET44349755172.64.151.8192.168.2.4
      Mar 14, 2025 01:30:05.309755087 CET44349756172.64.151.8192.168.2.4
      Mar 14, 2025 01:30:05.662535906 CET49757443192.168.2.4172.64.151.8
      Mar 14, 2025 01:30:05.662537098 CET49758443192.168.2.4172.64.151.8
      Mar 14, 2025 01:30:05.662592888 CET44349757172.64.151.8192.168.2.4
      Mar 14, 2025 01:30:05.662592888 CET44349758172.64.151.8192.168.2.4
      Mar 14, 2025 01:30:05.663130045 CET49757443192.168.2.4172.64.151.8
      Mar 14, 2025 01:30:05.663187981 CET49758443192.168.2.4172.64.151.8
      Mar 14, 2025 01:30:05.664761066 CET49758443192.168.2.4172.64.151.8
      Mar 14, 2025 01:30:05.664762020 CET49757443192.168.2.4172.64.151.8
      Mar 14, 2025 01:30:05.664778948 CET44349757172.64.151.8192.168.2.4
      Mar 14, 2025 01:30:05.664786100 CET44349758172.64.151.8192.168.2.4
      Mar 14, 2025 01:30:05.865896940 CET44349757172.64.151.8192.168.2.4
      Mar 14, 2025 01:30:05.865948915 CET44349758172.64.151.8192.168.2.4
      Mar 14, 2025 01:30:05.875163078 CET49759443192.168.2.4172.64.151.8
      Mar 14, 2025 01:30:05.875220060 CET44349759172.64.151.8192.168.2.4
      Mar 14, 2025 01:30:05.875461102 CET49759443192.168.2.4172.64.151.8
      Mar 14, 2025 01:30:05.875461102 CET49760443192.168.2.4172.64.151.8
      Mar 14, 2025 01:30:05.875493050 CET44349760172.64.151.8192.168.2.4
      Mar 14, 2025 01:30:05.875883102 CET49759443192.168.2.4172.64.151.8
      Mar 14, 2025 01:30:05.875900984 CET44349759172.64.151.8192.168.2.4
      Mar 14, 2025 01:30:05.875941038 CET49760443192.168.2.4172.64.151.8
      Mar 14, 2025 01:30:05.876251936 CET49760443192.168.2.4172.64.151.8
      Mar 14, 2025 01:30:05.876266003 CET44349760172.64.151.8192.168.2.4
      Mar 14, 2025 01:30:06.073189020 CET44349759172.64.151.8192.168.2.4
      Mar 14, 2025 01:30:06.073651075 CET44349760172.64.151.8192.168.2.4
      Mar 14, 2025 01:30:06.133627892 CET4968180192.168.2.42.17.190.73
      Mar 14, 2025 01:30:06.184343100 CET49761443192.168.2.44.245.163.56
      Mar 14, 2025 01:30:06.184367895 CET443497614.245.163.56192.168.2.4
      Mar 14, 2025 01:30:06.184521914 CET49761443192.168.2.44.245.163.56
      Mar 14, 2025 01:30:06.185725927 CET49761443192.168.2.44.245.163.56
      Mar 14, 2025 01:30:06.185738087 CET443497614.245.163.56192.168.2.4
      Mar 14, 2025 01:30:06.186300039 CET443497614.245.163.56192.168.2.4
      Mar 14, 2025 01:30:06.232662916 CET49762443192.168.2.44.245.163.56
      Mar 14, 2025 01:30:06.232698917 CET443497624.245.163.56192.168.2.4
      Mar 14, 2025 01:30:06.232867956 CET49762443192.168.2.44.245.163.56
      Mar 14, 2025 01:30:06.234298944 CET49762443192.168.2.44.245.163.56
      Mar 14, 2025 01:30:06.234308958 CET443497624.245.163.56192.168.2.4
      Mar 14, 2025 01:30:06.234646082 CET443497624.245.163.56192.168.2.4
      Mar 14, 2025 01:30:06.263660908 CET49763443192.168.2.44.245.163.56
      Mar 14, 2025 01:30:06.263712883 CET443497634.245.163.56192.168.2.4
      Mar 14, 2025 01:30:06.263942957 CET49763443192.168.2.44.245.163.56
      Mar 14, 2025 01:30:06.264219999 CET49763443192.168.2.44.245.163.56
      Mar 14, 2025 01:30:06.264235973 CET443497634.245.163.56192.168.2.4
      Mar 14, 2025 01:30:06.264602900 CET443497634.245.163.56192.168.2.4
      Mar 14, 2025 01:30:06.279931068 CET49764443192.168.2.44.245.163.56
      Mar 14, 2025 01:30:06.279979944 CET443497644.245.163.56192.168.2.4
      Mar 14, 2025 01:30:06.280088902 CET49764443192.168.2.44.245.163.56
      Mar 14, 2025 01:30:06.280360937 CET49764443192.168.2.44.245.163.56
      Mar 14, 2025 01:30:06.280378103 CET443497644.245.163.56192.168.2.4
      Mar 14, 2025 01:30:06.280692101 CET443497644.245.163.56192.168.2.4
      Mar 14, 2025 01:30:06.305185080 CET49765443192.168.2.44.245.163.56
      Mar 14, 2025 01:30:06.305197001 CET443497654.245.163.56192.168.2.4
      Mar 14, 2025 01:30:06.305347919 CET49765443192.168.2.44.245.163.56
      Mar 14, 2025 01:30:06.305596113 CET49765443192.168.2.44.245.163.56
      Mar 14, 2025 01:30:06.305605888 CET443497654.245.163.56192.168.2.4
      Mar 14, 2025 01:30:06.305938959 CET443497654.245.163.56192.168.2.4
      Mar 14, 2025 01:30:06.314203978 CET49766443192.168.2.44.245.163.56
      Mar 14, 2025 01:30:06.314218044 CET443497664.245.163.56192.168.2.4
      Mar 14, 2025 01:30:06.314317942 CET49766443192.168.2.44.245.163.56
      Mar 14, 2025 01:30:06.314580917 CET49766443192.168.2.44.245.163.56
      Mar 14, 2025 01:30:06.314590931 CET443497664.245.163.56192.168.2.4
      Mar 14, 2025 01:30:06.314954996 CET443497664.245.163.56192.168.2.4
      Mar 14, 2025 01:30:06.331973076 CET49767443192.168.2.44.245.163.56
      Mar 14, 2025 01:30:06.331996918 CET443497674.245.163.56192.168.2.4
      Mar 14, 2025 01:30:06.332182884 CET49767443192.168.2.44.245.163.56
      Mar 14, 2025 01:30:06.332561970 CET49767443192.168.2.44.245.163.56
      Mar 14, 2025 01:30:06.332575083 CET443497674.245.163.56192.168.2.4
      Mar 14, 2025 01:30:06.332916975 CET443497674.245.163.56192.168.2.4
      Mar 14, 2025 01:30:06.342221975 CET49768443192.168.2.44.245.163.56
      Mar 14, 2025 01:30:06.342253923 CET443497684.245.163.56192.168.2.4
      Mar 14, 2025 01:30:06.342339993 CET49768443192.168.2.44.245.163.56
      Mar 14, 2025 01:30:06.342643976 CET49768443192.168.2.44.245.163.56
      Mar 14, 2025 01:30:06.342655897 CET443497684.245.163.56192.168.2.4
      Mar 14, 2025 01:30:06.343005896 CET443497684.245.163.56192.168.2.4
      Mar 14, 2025 01:30:08.535382986 CET4968180192.168.2.42.17.190.73
      Mar 14, 2025 01:30:10.035293102 CET49678443192.168.2.420.189.173.27
      Mar 14, 2025 01:30:11.254249096 CET49671443192.168.2.4204.79.197.203
      Mar 14, 2025 01:30:13.347995043 CET4968180192.168.2.42.17.190.73
      TimestampSource PortDest PortSource IPDest IP
      Mar 14, 2025 01:29:52.519437075 CET53645541.1.1.1192.168.2.4
      Mar 14, 2025 01:29:52.533024073 CET53584061.1.1.1192.168.2.4
      Mar 14, 2025 01:29:55.217807055 CET5147153192.168.2.41.1.1.1
      Mar 14, 2025 01:29:55.218103886 CET5254153192.168.2.41.1.1.1
      Mar 14, 2025 01:29:55.224857092 CET53514711.1.1.1192.168.2.4
      Mar 14, 2025 01:29:55.225315094 CET53525411.1.1.1192.168.2.4
      Mar 14, 2025 01:29:57.998878956 CET5471853192.168.2.41.1.1.1
      Mar 14, 2025 01:29:57.999150991 CET5146953192.168.2.41.1.1.1
      Mar 14, 2025 01:29:58.007738113 CET53547181.1.1.1192.168.2.4
      Mar 14, 2025 01:29:58.008194923 CET53514691.1.1.1192.168.2.4
      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
      Mar 14, 2025 01:29:55.217807055 CET192.168.2.41.1.1.10xad56Standard query (0)www.google.comA (IP address)IN (0x0001)false
      Mar 14, 2025 01:29:55.218103886 CET192.168.2.41.1.1.10xd62dStandard query (0)www.google.com65IN (0x0001)false
      Mar 14, 2025 01:29:57.998878956 CET192.168.2.41.1.1.10x6d0fStandard query (0)kucoinuxlogin.webflow.ioA (IP address)IN (0x0001)false
      Mar 14, 2025 01:29:57.999150991 CET192.168.2.41.1.1.10xd051Standard query (0)kucoinuxlogin.webflow.io65IN (0x0001)false
      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
      Mar 14, 2025 01:29:55.224857092 CET1.1.1.1192.168.2.40xad56No error (0)www.google.com172.217.18.4A (IP address)IN (0x0001)false
      Mar 14, 2025 01:29:55.225315094 CET1.1.1.1192.168.2.40xd62dNo error (0)www.google.com65IN (0x0001)false
      Mar 14, 2025 01:29:58.007738113 CET1.1.1.1192.168.2.40x6d0fNo error (0)kucoinuxlogin.webflow.io172.64.151.8A (IP address)IN (0x0001)false
      Mar 14, 2025 01:29:58.007738113 CET1.1.1.1192.168.2.40x6d0fNo error (0)kucoinuxlogin.webflow.io104.18.36.248A (IP address)IN (0x0001)false
      Mar 14, 2025 01:29:58.008194923 CET1.1.1.1192.168.2.40xd051No error (0)kucoinuxlogin.webflow.io65IN (0x0001)false
      0510152025s020406080100

      Click to jump to process

      0510152025s0.0050100MB

      Click to jump to process

      Target ID:1
      Start time:20:29:47
      Start date:13/03/2025
      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
      Wow64 process (32bit):false
      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
      Imagebase:0x7ff786830000
      File size:3'388'000 bytes
      MD5 hash:E81F54E6C1129887AEA47E7D092680BF
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low
      Has exited:false

      Target ID:2
      Start time:20:29:50
      Start date:13/03/2025
      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
      Wow64 process (32bit):false
      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2276,i,14816279118109633960,6743079271261266847,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2300 /prefetch:3
      Imagebase:0x7ff786830000
      File size:3'388'000 bytes
      MD5 hash:E81F54E6C1129887AEA47E7D092680BF
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low
      Has exited:false

      Target ID:4
      Start time:20:29:57
      Start date:13/03/2025
      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
      Wow64 process (32bit):false
      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://kucoinuxlogin.webflow.io/"
      Imagebase:0x7ff786830000
      File size:3'388'000 bytes
      MD5 hash:E81F54E6C1129887AEA47E7D092680BF
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low
      Has exited:true
      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

      No disassembly