Edit tour

Windows Analysis Report
https://metamaaskloogin.webflow.io/

Overview

General Information

Sample URL:	https://metamaaskloogin.webflow.io/
Analysis ID:	1637950
Infos:

Errors URL not reachable

Detection

Score:	52
Range:	0 - 100
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

AI detected suspicious URL

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6884 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6504 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1980,i,3220628845632107283,18224929301032935228,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=1552 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 7584 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1980,i,3220628845632107283,18224929301032935228,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=5040 /prefetch:8 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 7788 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://metamaaskloogin.webflow.io/" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Joe Sandbox Signatures

• AV Detection
• Phishing
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://metamaaskloogin.webflow.io/

Avira URL Cloud: detection malicious, Label: phishing

Phishing

AI detected suspicious URL

Source: https://metamaaskloogin.webflow.io

Joe Sandbox AI: The URL 'https://metamaaskloogin.webflow.io' appears to be a typosquatting attempt targeting the known brand MetaMask. The legitimate URL for MetaMask is 'https://metamask.io'. The analyzed URL uses a visual character substitution by adding an extra 'a' in 'metamaask' and includes 'loogin', which is a misspelling of 'login'. These changes are likely intended to deceive users into thinking they are accessing the legitimate MetaMask site. The use of 'webflow.io' as a domain extension is not inherently suspicious, as Webflow is a legitimate platform for hosting websites. However, the combination of the misspelled brand name and the context of 'login' suggests an attempt to mimic a login page, increasing the likelihood of user confusion. The structural similarity and context strongly indicate a typosquatting attempt.

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.74.47.205
Source: unknown	TCP traffic detected without corresponding DNS query: 20.74.47.205
Source: unknown	TCP traffic detected without corresponding DNS query: 20.74.47.205
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.77.188
Source: unknown	TCP traffic detected without corresponding DNS query: 23.15.178.200
Source: unknown	TCP traffic detected without corresponding DNS query: 23.15.178.200
Source: unknown	TCP traffic detected without corresponding DNS query: 23.15.178.200
Source: unknown	TCP traffic detected without corresponding DNS query: 23.15.178.200
Source: unknown	TCP traffic detected without corresponding DNS query: 23.15.178.200
Source: unknown	TCP traffic detected without corresponding DNS query: 23.15.178.200
Source: unknown	TCP traffic detected without corresponding DNS query: 23.15.178.200
Source: unknown	TCP traffic detected without corresponding DNS query: 23.15.178.200
Source: unknown	TCP traffic detected without corresponding DNS query: 23.15.178.200
Source: unknown	TCP traffic detected without corresponding DNS query: 23.15.178.200
Source: unknown	TCP traffic detected without corresponding DNS query: 23.15.178.200
Source: unknown	TCP traffic detected without corresponding DNS query: 23.15.178.200
Source: unknown	TCP traffic detected without corresponding DNS query: 23.15.178.200
Source: unknown	TCP traffic detected without corresponding DNS query: 23.15.178.200
Source: unknown	TCP traffic detected without corresponding DNS query: 23.15.178.200
Source: unknown	TCP traffic detected without corresponding DNS query: 23.15.178.200
Source: unknown	TCP traffic detected without corresponding DNS query: 23.15.178.200
Source: unknown	TCP traffic detected without corresponding DNS query: 23.15.178.200
Source: unknown	TCP traffic detected without corresponding DNS query: 23.15.178.200
Source: unknown	TCP traffic detected without corresponding DNS query: 23.15.178.200
Source: unknown	TCP traffic detected without corresponding DNS query: 23.15.178.200
Source: unknown	TCP traffic detected without corresponding DNS query: 23.15.178.200
Source: unknown	TCP traffic detected without corresponding DNS query: 23.15.178.200
Source: unknown	TCP traffic detected without corresponding DNS query: 23.15.178.200
Source: unknown	TCP traffic detected without corresponding DNS query: 23.15.178.200
Source: unknown	TCP traffic detected without corresponding DNS query: 23.15.178.200
Source: unknown	TCP traffic detected without corresponding DNS query: 23.15.178.200
Source: unknown	TCP traffic detected without corresponding DNS query: 23.15.178.200
Source: unknown	TCP traffic detected without corresponding DNS query: 23.15.178.200
Source: unknown	TCP traffic detected without corresponding DNS query: 23.15.178.200
Source: unknown	TCP traffic detected without corresponding DNS query: 23.15.178.200
Source: unknown	TCP traffic detected without corresponding DNS query: 23.15.178.200
Source: unknown	TCP traffic detected without corresponding DNS query: 23.15.178.200
Source: unknown	TCP traffic detected without corresponding DNS query: 23.15.178.200
Source: unknown	TCP traffic detected without corresponding DNS query: 23.15.178.200
Source: unknown	TCP traffic detected without corresponding DNS query: 23.15.178.200
Source: unknown	TCP traffic detected without corresponding DNS query: 23.15.178.200

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: metamaaskloogin.webflow.io

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49697 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: classification engine

Classification label: mal52.win@23/0@4/3

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1980,i,3220628845632107283,18224929301032935228,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=1552 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1980,i,3220628845632107283,18224929301032935228,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=5040 /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://metamaaskloogin.webflow.io/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1980,i,3220628845632107283,18224929301032935228,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=1552 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1980,i,3220628845632107283,18224929301032935228,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=5040 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://metamaaskloogin.webflow.io/	100%	Avira URL Cloud	phishing

Name	IP	Active	Malicious	Antivirus Detection	Reputation
metamaaskloogin.webflow.io	172.64.151.8	true	true		unknown
www.google.com	142.250.185.132	true	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
142.250.185.132	www.google.com	United States		15169	GOOGLEUS	false
172.64.151.8	metamaaskloogin.webflow.io	United States		13335	CLOUDFLARENETUS	true

Private

IP
192.168.2.5

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1637950
Start date and time:	2025-03-14 01:29:54 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 1m 59s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://metamaaskloogin.webflow.io/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	15
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal52.win@23/0@4/3
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	URL browsing timeout or error

Errors

URL not reachable

Warnings

Exclude process from analysis (whitelisted): sppsvc.exe, BackgroundTransferHost.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 2.16.185.191, 142.250.181.227, 142.250.185.142, 172.217.16.206, 74.125.133.84, 216.58.206.67, 52.165.164.15
Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, clientservices.googleapis.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, e16604.dscf.akamaiedge.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, glb.cws.prod.dcat.dsp.trafficmanager.net, clients.l.google.com, prod.fs.microsoft.com.akadns.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
VT rate limit hit for: https://metamaaskloogin.webflow.io/

Total Packets: 219
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 14, 2025 01:30:39.747355938 CET	49672	443	192.168.2.5	204.79.197.203
Mar 14, 2025 01:30:43.591428041 CET	49676	443	192.168.2.5	20.189.173.14
Mar 14, 2025 01:30:43.903551102 CET	49676	443	192.168.2.5	20.189.173.14
Mar 14, 2025 01:30:44.512954950 CET	49676	443	192.168.2.5	20.189.173.14
Mar 14, 2025 01:30:44.559809923 CET	49672	443	192.168.2.5	204.79.197.203
Mar 14, 2025 01:30:45.716029882 CET	49676	443	192.168.2.5	20.189.173.14
Mar 14, 2025 01:30:48.122297049 CET	49676	443	192.168.2.5	20.189.173.14
Mar 14, 2025 01:30:52.926964045 CET	49676	443	192.168.2.5	20.189.173.14
Mar 14, 2025 01:30:54.286606073 CET	49672	443	192.168.2.5	204.79.197.203
Mar 14, 2025 01:30:54.564013958 CET	49698	443	192.168.2.5	20.74.47.205
Mar 14, 2025 01:30:54.564408064 CET	49697	443	192.168.2.5	20.74.47.205
Mar 14, 2025 01:30:54.564512014 CET	49700	443	192.168.2.5	20.74.47.205
Mar 14, 2025 01:30:54.564659119 CET	49701	80	192.168.2.5	199.232.210.172
Mar 14, 2025 01:30:54.564726114 CET	49702	80	192.168.2.5	199.232.210.172
Mar 14, 2025 01:30:54.564793110 CET	49704	80	192.168.2.5	199.232.210.172
Mar 14, 2025 01:30:54.564821959 CET	49707	80	192.168.2.5	2.23.77.188
Mar 14, 2025 01:30:54.597138882 CET	49723	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:54.597145081 CET	49724	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:54.597189903 CET	443	49724	23.15.178.200	192.168.2.5
Mar 14, 2025 01:30:54.597189903 CET	443	49723	23.15.178.200	192.168.2.5
Mar 14, 2025 01:30:54.597265959 CET	49723	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:54.597331047 CET	49724	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:54.649624109 CET	49724	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:54.649638891 CET	443	49724	23.15.178.200	192.168.2.5
Mar 14, 2025 01:30:54.649956942 CET	49723	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:54.649990082 CET	443	49723	23.15.178.200	192.168.2.5
Mar 14, 2025 01:30:54.650243998 CET	443	49724	23.15.178.200	192.168.2.5
Mar 14, 2025 01:30:54.650532007 CET	443	49723	23.15.178.200	192.168.2.5
Mar 14, 2025 01:30:54.651046038 CET	49726	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:54.651086092 CET	443	49726	23.15.178.200	192.168.2.5
Mar 14, 2025 01:30:54.651166916 CET	49727	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:54.651191950 CET	49726	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:54.651191950 CET	443	49727	23.15.178.200	192.168.2.5
Mar 14, 2025 01:30:54.651377916 CET	49727	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:54.651540041 CET	49726	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:54.651557922 CET	443	49726	23.15.178.200	192.168.2.5
Mar 14, 2025 01:30:54.651725054 CET	49727	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:54.651740074 CET	443	49727	23.15.178.200	192.168.2.5
Mar 14, 2025 01:30:54.651899099 CET	443	49726	23.15.178.200	192.168.2.5
Mar 14, 2025 01:30:54.652160883 CET	443	49727	23.15.178.200	192.168.2.5
Mar 14, 2025 01:30:54.652477026 CET	49728	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:54.652494907 CET	443	49728	23.15.178.200	192.168.2.5
Mar 14, 2025 01:30:54.652546883 CET	49728	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:54.652776003 CET	49729	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:54.652796030 CET	443	49729	23.15.178.200	192.168.2.5
Mar 14, 2025 01:30:54.652812958 CET	49728	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:54.652838945 CET	443	49728	23.15.178.200	192.168.2.5
Mar 14, 2025 01:30:54.652842999 CET	49729	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:54.652884007 CET	49728	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:54.653023005 CET	49729	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:54.653052092 CET	443	49729	23.15.178.200	192.168.2.5
Mar 14, 2025 01:30:54.653103113 CET	49729	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:54.829885006 CET	49731	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:54.829927921 CET	443	49731	23.15.178.200	192.168.2.5
Mar 14, 2025 01:30:54.830025911 CET	49731	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:54.830523968 CET	49731	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:54.830543995 CET	443	49731	23.15.178.200	192.168.2.5
Mar 14, 2025 01:30:54.831141949 CET	443	49731	23.15.178.200	192.168.2.5
Mar 14, 2025 01:30:54.831695080 CET	49732	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:54.831715107 CET	443	49732	23.15.178.200	192.168.2.5
Mar 14, 2025 01:30:54.831815958 CET	49732	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:54.832227945 CET	49732	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:54.832245111 CET	443	49732	23.15.178.200	192.168.2.5
Mar 14, 2025 01:30:54.832645893 CET	443	49732	23.15.178.200	192.168.2.5
Mar 14, 2025 01:30:54.833091974 CET	49733	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:54.833142996 CET	443	49733	23.15.178.200	192.168.2.5
Mar 14, 2025 01:30:54.833204031 CET	49733	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:54.833348989 CET	49733	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:54.833378077 CET	443	49733	23.15.178.200	192.168.2.5
Mar 14, 2025 01:30:54.833460093 CET	49733	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:54.839764118 CET	49734	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:54.839787006 CET	443	49734	23.15.178.200	192.168.2.5
Mar 14, 2025 01:30:54.839886904 CET	49734	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:54.840178013 CET	49734	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:54.840188026 CET	443	49734	23.15.178.200	192.168.2.5
Mar 14, 2025 01:30:54.840625048 CET	443	49734	23.15.178.200	192.168.2.5
Mar 14, 2025 01:30:54.841099024 CET	49735	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:54.841114044 CET	443	49735	23.15.178.200	192.168.2.5
Mar 14, 2025 01:30:54.841222048 CET	49735	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:54.841662884 CET	49735	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:54.841677904 CET	443	49735	23.15.178.200	192.168.2.5
Mar 14, 2025 01:30:54.842092991 CET	443	49735	23.15.178.200	192.168.2.5
Mar 14, 2025 01:30:54.842538118 CET	49736	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:54.842561960 CET	443	49736	23.15.178.200	192.168.2.5
Mar 14, 2025 01:30:54.842628002 CET	49736	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:54.842678070 CET	49736	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:54.842706919 CET	443	49736	23.15.178.200	192.168.2.5
Mar 14, 2025 01:30:54.842792988 CET	49736	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:57.382436037 CET	49740	443	192.168.2.5	142.250.185.132
Mar 14, 2025 01:30:57.382476091 CET	443	49740	142.250.185.132	192.168.2.5
Mar 14, 2025 01:30:57.382531881 CET	49740	443	192.168.2.5	142.250.185.132
Mar 14, 2025 01:30:57.382855892 CET	49740	443	192.168.2.5	142.250.185.132
Mar 14, 2025 01:30:57.382868052 CET	443	49740	142.250.185.132	192.168.2.5
Mar 14, 2025 01:30:57.581343889 CET	443	49740	142.250.185.132	192.168.2.5
Mar 14, 2025 01:30:57.581933022 CET	49741	443	192.168.2.5	142.250.185.132
Mar 14, 2025 01:30:57.582045078 CET	443	49741	142.250.185.132	192.168.2.5
Mar 14, 2025 01:30:57.582240105 CET	49741	443	192.168.2.5	142.250.185.132
Mar 14, 2025 01:30:57.582667112 CET	49741	443	192.168.2.5	142.250.185.132
Mar 14, 2025 01:30:57.582722902 CET	443	49741	142.250.185.132	192.168.2.5
Mar 14, 2025 01:30:57.781948090 CET	443	49741	142.250.185.132	192.168.2.5
Mar 14, 2025 01:30:58.896624088 CET	49744	443	192.168.2.5	172.64.151.8
Mar 14, 2025 01:30:58.896680117 CET	443	49744	172.64.151.8	192.168.2.5
Mar 14, 2025 01:30:58.896758080 CET	49744	443	192.168.2.5	172.64.151.8
Mar 14, 2025 01:30:58.896785975 CET	49745	443	192.168.2.5	172.64.151.8
Mar 14, 2025 01:30:58.896821976 CET	443	49745	172.64.151.8	192.168.2.5
Mar 14, 2025 01:30:58.896879911 CET	49745	443	192.168.2.5	172.64.151.8
Mar 14, 2025 01:30:58.897212982 CET	49745	443	192.168.2.5	172.64.151.8
Mar 14, 2025 01:30:58.897223949 CET	443	49745	172.64.151.8	192.168.2.5
Mar 14, 2025 01:30:58.897670984 CET	49744	443	192.168.2.5	172.64.151.8
Mar 14, 2025 01:30:58.897691965 CET	443	49744	172.64.151.8	192.168.2.5
Mar 14, 2025 01:30:59.097063065 CET	443	49744	172.64.151.8	192.168.2.5
Mar 14, 2025 01:30:59.097632885 CET	49746	443	192.168.2.5	172.64.151.8
Mar 14, 2025 01:30:59.097700119 CET	443	49746	172.64.151.8	192.168.2.5
Mar 14, 2025 01:30:59.097778082 CET	49746	443	192.168.2.5	172.64.151.8
Mar 14, 2025 01:30:59.097995996 CET	443	49745	172.64.151.8	192.168.2.5
Mar 14, 2025 01:30:59.098195076 CET	49746	443	192.168.2.5	172.64.151.8
Mar 14, 2025 01:30:59.098206043 CET	443	49746	172.64.151.8	192.168.2.5
Mar 14, 2025 01:30:59.098562956 CET	49747	443	192.168.2.5	172.64.151.8
Mar 14, 2025 01:30:59.098676920 CET	443	49747	172.64.151.8	192.168.2.5
Mar 14, 2025 01:30:59.098790884 CET	49747	443	192.168.2.5	172.64.151.8
Mar 14, 2025 01:30:59.099072933 CET	49747	443	192.168.2.5	172.64.151.8
Mar 14, 2025 01:30:59.099114895 CET	443	49747	172.64.151.8	192.168.2.5
Mar 14, 2025 01:30:59.297090054 CET	443	49746	172.64.151.8	192.168.2.5
Mar 14, 2025 01:30:59.297318935 CET	443	49747	172.64.151.8	192.168.2.5
Mar 14, 2025 01:30:59.862195015 CET	49750	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:59.862260103 CET	443	49750	23.15.178.200	192.168.2.5
Mar 14, 2025 01:30:59.866235971 CET	49750	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:59.866584063 CET	49751	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:59.866627932 CET	443	49751	23.15.178.200	192.168.2.5
Mar 14, 2025 01:30:59.866708040 CET	49751	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:59.866707087 CET	49750	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:59.866724968 CET	443	49750	23.15.178.200	192.168.2.5
Mar 14, 2025 01:30:59.866957903 CET	49751	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:59.866964102 CET	443	49751	23.15.178.200	192.168.2.5
Mar 14, 2025 01:30:59.867403030 CET	443	49750	23.15.178.200	192.168.2.5
Mar 14, 2025 01:30:59.867702961 CET	443	49751	23.15.178.200	192.168.2.5
Mar 14, 2025 01:30:59.867841959 CET	49752	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:59.867880106 CET	443	49752	23.15.178.200	192.168.2.5
Mar 14, 2025 01:30:59.868144989 CET	49753	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:59.868185997 CET	443	49753	23.15.178.200	192.168.2.5
Mar 14, 2025 01:30:59.868215084 CET	49752	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:59.868544102 CET	49753	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:59.868628025 CET	49752	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:59.868640900 CET	443	49752	23.15.178.200	192.168.2.5
Mar 14, 2025 01:30:59.868659019 CET	49753	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:59.868665934 CET	443	49753	23.15.178.200	192.168.2.5
Mar 14, 2025 01:30:59.869123936 CET	443	49752	23.15.178.200	192.168.2.5
Mar 14, 2025 01:30:59.869270086 CET	443	49753	23.15.178.200	192.168.2.5
Mar 14, 2025 01:30:59.869550943 CET	49754	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:59.869581938 CET	443	49754	23.15.178.200	192.168.2.5
Mar 14, 2025 01:30:59.869693041 CET	49754	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:59.869693995 CET	49755	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:59.869728088 CET	443	49755	23.15.178.200	192.168.2.5
Mar 14, 2025 01:30:59.869743109 CET	49754	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:59.869764090 CET	443	49754	23.15.178.200	192.168.2.5
Mar 14, 2025 01:30:59.869786024 CET	49755	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:59.869872093 CET	49754	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:59.870058060 CET	49755	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:30:59.870086908 CET	443	49755	23.15.178.200	192.168.2.5
Mar 14, 2025 01:30:59.871700048 CET	49755	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:00.386384964 CET	49757	443	192.168.2.5	172.64.151.8
Mar 14, 2025 01:31:00.386441946 CET	443	49757	172.64.151.8	192.168.2.5
Mar 14, 2025 01:31:00.386533976 CET	49757	443	192.168.2.5	172.64.151.8
Mar 14, 2025 01:31:00.388077021 CET	49758	443	192.168.2.5	172.64.151.8
Mar 14, 2025 01:31:00.388139009 CET	443	49758	172.64.151.8	192.168.2.5
Mar 14, 2025 01:31:00.388704062 CET	49758	443	192.168.2.5	172.64.151.8
Mar 14, 2025 01:31:00.389086008 CET	49757	443	192.168.2.5	172.64.151.8
Mar 14, 2025 01:31:00.389101982 CET	443	49757	172.64.151.8	192.168.2.5
Mar 14, 2025 01:31:00.389372110 CET	49758	443	192.168.2.5	172.64.151.8
Mar 14, 2025 01:31:00.389384985 CET	443	49758	172.64.151.8	192.168.2.5
Mar 14, 2025 01:31:00.589171886 CET	443	49758	172.64.151.8	192.168.2.5
Mar 14, 2025 01:31:00.589685917 CET	49759	443	192.168.2.5	172.64.151.8
Mar 14, 2025 01:31:00.589728117 CET	443	49759	172.64.151.8	192.168.2.5
Mar 14, 2025 01:31:00.589798927 CET	49759	443	192.168.2.5	172.64.151.8
Mar 14, 2025 01:31:00.589879990 CET	443	49757	172.64.151.8	192.168.2.5
Mar 14, 2025 01:31:00.590131044 CET	49759	443	192.168.2.5	172.64.151.8
Mar 14, 2025 01:31:00.590145111 CET	443	49759	172.64.151.8	192.168.2.5
Mar 14, 2025 01:31:00.590462923 CET	49760	443	192.168.2.5	172.64.151.8
Mar 14, 2025 01:31:00.590471983 CET	443	49760	172.64.151.8	192.168.2.5
Mar 14, 2025 01:31:00.590518951 CET	49760	443	192.168.2.5	172.64.151.8
Mar 14, 2025 01:31:00.590822935 CET	49760	443	192.168.2.5	172.64.151.8
Mar 14, 2025 01:31:00.590835094 CET	443	49760	172.64.151.8	192.168.2.5
Mar 14, 2025 01:31:00.789700985 CET	443	49760	172.64.151.8	192.168.2.5
Mar 14, 2025 01:31:00.789849997 CET	443	49759	172.64.151.8	192.168.2.5
Mar 14, 2025 01:31:00.907937050 CET	49761	443	192.168.2.5	20.109.210.53
Mar 14, 2025 01:31:00.907991886 CET	443	49761	20.109.210.53	192.168.2.5
Mar 14, 2025 01:31:00.908102036 CET	49761	443	192.168.2.5	20.109.210.53
Mar 14, 2025 01:31:00.909080982 CET	49761	443	192.168.2.5	20.109.210.53
Mar 14, 2025 01:31:00.909096003 CET	443	49761	20.109.210.53	192.168.2.5
Mar 14, 2025 01:31:00.909761906 CET	443	49761	20.109.210.53	192.168.2.5
Mar 14, 2025 01:31:00.912764072 CET	49762	443	192.168.2.5	20.109.210.53
Mar 14, 2025 01:31:00.912813902 CET	443	49762	20.109.210.53	192.168.2.5
Mar 14, 2025 01:31:00.912875891 CET	49762	443	192.168.2.5	20.109.210.53
Mar 14, 2025 01:31:00.913183928 CET	49762	443	192.168.2.5	20.109.210.53
Mar 14, 2025 01:31:00.913197041 CET	443	49762	20.109.210.53	192.168.2.5
Mar 14, 2025 01:31:00.913582087 CET	443	49762	20.109.210.53	192.168.2.5
Mar 14, 2025 01:31:00.971333027 CET	49763	443	192.168.2.5	20.109.210.53
Mar 14, 2025 01:31:00.971368074 CET	443	49763	20.109.210.53	192.168.2.5
Mar 14, 2025 01:31:00.971451998 CET	49763	443	192.168.2.5	20.109.210.53
Mar 14, 2025 01:31:00.972327948 CET	49763	443	192.168.2.5	20.109.210.53
Mar 14, 2025 01:31:00.972335100 CET	443	49763	20.109.210.53	192.168.2.5
Mar 14, 2025 01:31:00.972795010 CET	443	49763	20.109.210.53	192.168.2.5
Mar 14, 2025 01:31:00.983411074 CET	49764	443	192.168.2.5	20.109.210.53
Mar 14, 2025 01:31:00.983458996 CET	443	49764	20.109.210.53	192.168.2.5
Mar 14, 2025 01:31:00.983583927 CET	49764	443	192.168.2.5	20.109.210.53
Mar 14, 2025 01:31:00.983921051 CET	49764	443	192.168.2.5	20.109.210.53
Mar 14, 2025 01:31:00.983932018 CET	443	49764	20.109.210.53	192.168.2.5
Mar 14, 2025 01:31:00.984316111 CET	443	49764	20.109.210.53	192.168.2.5
Mar 14, 2025 01:31:01.022834063 CET	49765	443	192.168.2.5	20.109.210.53
Mar 14, 2025 01:31:01.022891045 CET	443	49765	20.109.210.53	192.168.2.5
Mar 14, 2025 01:31:01.022964001 CET	49765	443	192.168.2.5	20.109.210.53
Mar 14, 2025 01:31:01.023293972 CET	49765	443	192.168.2.5	20.109.210.53
Mar 14, 2025 01:31:01.023313046 CET	443	49765	20.109.210.53	192.168.2.5
Mar 14, 2025 01:31:01.023977041 CET	443	49765	20.109.210.53	192.168.2.5
Mar 14, 2025 01:31:01.052536011 CET	49766	443	192.168.2.5	20.109.210.53
Mar 14, 2025 01:31:01.052587032 CET	443	49766	20.109.210.53	192.168.2.5
Mar 14, 2025 01:31:01.052661896 CET	49766	443	192.168.2.5	20.109.210.53
Mar 14, 2025 01:31:01.053107023 CET	49766	443	192.168.2.5	20.109.210.53
Mar 14, 2025 01:31:01.053119898 CET	443	49766	20.109.210.53	192.168.2.5
Mar 14, 2025 01:31:01.053993940 CET	443	49766	20.109.210.53	192.168.2.5
Mar 14, 2025 01:31:01.113457918 CET	49767	443	192.168.2.5	20.109.210.53
Mar 14, 2025 01:31:01.113502026 CET	443	49767	20.109.210.53	192.168.2.5
Mar 14, 2025 01:31:01.113604069 CET	49767	443	192.168.2.5	20.109.210.53
Mar 14, 2025 01:31:01.113924980 CET	49767	443	192.168.2.5	20.109.210.53
Mar 14, 2025 01:31:01.113934040 CET	443	49767	20.109.210.53	192.168.2.5
Mar 14, 2025 01:31:01.114815950 CET	443	49767	20.109.210.53	192.168.2.5
Mar 14, 2025 01:31:01.133042097 CET	49768	443	192.168.2.5	20.109.210.53
Mar 14, 2025 01:31:01.133095026 CET	443	49768	20.109.210.53	192.168.2.5
Mar 14, 2025 01:31:01.133253098 CET	49768	443	192.168.2.5	20.109.210.53
Mar 14, 2025 01:31:01.133668900 CET	49768	443	192.168.2.5	20.109.210.53
Mar 14, 2025 01:31:01.133686066 CET	443	49768	20.109.210.53	192.168.2.5
Mar 14, 2025 01:31:01.134386063 CET	443	49768	20.109.210.53	192.168.2.5
Mar 14, 2025 01:31:01.460901022 CET	49769	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.460961103 CET	443	49769	23.15.178.200	192.168.2.5
Mar 14, 2025 01:31:01.461185932 CET	49769	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.476212025 CET	49769	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.476228952 CET	443	49769	23.15.178.200	192.168.2.5
Mar 14, 2025 01:31:01.477003098 CET	443	49769	23.15.178.200	192.168.2.5
Mar 14, 2025 01:31:01.478135109 CET	49770	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.478194952 CET	443	49770	23.15.178.200	192.168.2.5
Mar 14, 2025 01:31:01.478291035 CET	49770	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.478569031 CET	49771	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.478615046 CET	443	49771	23.15.178.200	192.168.2.5
Mar 14, 2025 01:31:01.478660107 CET	49771	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.479038954 CET	49771	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.479053020 CET	443	49771	23.15.178.200	192.168.2.5
Mar 14, 2025 01:31:01.479739904 CET	443	49771	23.15.178.200	192.168.2.5
Mar 14, 2025 01:31:01.485364914 CET	49770	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.485383034 CET	443	49770	23.15.178.200	192.168.2.5
Mar 14, 2025 01:31:01.485801935 CET	49772	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.485831976 CET	443	49772	23.15.178.200	192.168.2.5
Mar 14, 2025 01:31:01.485929012 CET	443	49770	23.15.178.200	192.168.2.5
Mar 14, 2025 01:31:01.485949039 CET	49772	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.487023115 CET	49773	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.487034082 CET	443	49773	23.15.178.200	192.168.2.5
Mar 14, 2025 01:31:01.487102985 CET	49772	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.487118959 CET	443	49772	23.15.178.200	192.168.2.5
Mar 14, 2025 01:31:01.487137079 CET	49773	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.487198114 CET	49773	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.487231016 CET	443	49773	23.15.178.200	192.168.2.5
Mar 14, 2025 01:31:01.487360001 CET	49773	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.487577915 CET	443	49772	23.15.178.200	192.168.2.5
Mar 14, 2025 01:31:01.488660097 CET	49774	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.488673925 CET	443	49774	23.15.178.200	192.168.2.5
Mar 14, 2025 01:31:01.488734007 CET	49774	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.488833904 CET	49774	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.488876104 CET	443	49774	23.15.178.200	192.168.2.5
Mar 14, 2025 01:31:01.488924980 CET	49774	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.618669033 CET	49775	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.618717909 CET	443	49775	23.15.178.200	192.168.2.5
Mar 14, 2025 01:31:01.618786097 CET	49775	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.619555950 CET	49775	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.619571924 CET	443	49775	23.15.178.200	192.168.2.5
Mar 14, 2025 01:31:01.620223045 CET	443	49775	23.15.178.200	192.168.2.5
Mar 14, 2025 01:31:01.622852087 CET	49776	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.622885942 CET	443	49776	23.15.178.200	192.168.2.5
Mar 14, 2025 01:31:01.622986078 CET	49776	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.623326063 CET	49776	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.623337984 CET	443	49776	23.15.178.200	192.168.2.5
Mar 14, 2025 01:31:01.623732090 CET	443	49776	23.15.178.200	192.168.2.5
Mar 14, 2025 01:31:01.624660015 CET	49777	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.624701977 CET	443	49777	23.15.178.200	192.168.2.5
Mar 14, 2025 01:31:01.624787092 CET	49777	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.624883890 CET	49777	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.624923944 CET	443	49777	23.15.178.200	192.168.2.5
Mar 14, 2025 01:31:01.624969006 CET	49777	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.628371000 CET	49778	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.628424883 CET	443	49778	23.15.178.200	192.168.2.5
Mar 14, 2025 01:31:01.628501892 CET	49778	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.628925085 CET	49778	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.628947973 CET	443	49778	23.15.178.200	192.168.2.5
Mar 14, 2025 01:31:01.629324913 CET	443	49778	23.15.178.200	192.168.2.5
Mar 14, 2025 01:31:01.629754066 CET	49779	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.629780054 CET	443	49779	23.15.178.200	192.168.2.5
Mar 14, 2025 01:31:01.630012989 CET	49779	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.630430937 CET	49779	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.630443096 CET	443	49779	23.15.178.200	192.168.2.5
Mar 14, 2025 01:31:01.630788088 CET	443	49779	23.15.178.200	192.168.2.5
Mar 14, 2025 01:31:01.631284952 CET	49780	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.631298065 CET	443	49780	23.15.178.200	192.168.2.5
Mar 14, 2025 01:31:01.631380081 CET	49780	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.631414890 CET	49780	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.631460905 CET	443	49780	23.15.178.200	192.168.2.5
Mar 14, 2025 01:31:01.631504059 CET	49780	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.751210928 CET	49781	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.751271963 CET	443	49781	23.15.178.200	192.168.2.5
Mar 14, 2025 01:31:01.751364946 CET	49781	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.751954079 CET	49781	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.751966000 CET	443	49781	23.15.178.200	192.168.2.5
Mar 14, 2025 01:31:01.752625942 CET	443	49781	23.15.178.200	192.168.2.5
Mar 14, 2025 01:31:01.754861116 CET	49782	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.754914045 CET	443	49782	23.15.178.200	192.168.2.5
Mar 14, 2025 01:31:01.754983902 CET	49782	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.755363941 CET	49782	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.755377054 CET	443	49782	23.15.178.200	192.168.2.5
Mar 14, 2025 01:31:01.755736113 CET	443	49782	23.15.178.200	192.168.2.5
Mar 14, 2025 01:31:01.756500006 CET	49783	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.756531000 CET	443	49783	23.15.178.200	192.168.2.5
Mar 14, 2025 01:31:01.756705046 CET	49783	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.756989002 CET	49783	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.757010937 CET	443	49783	23.15.178.200	192.168.2.5
Mar 14, 2025 01:31:01.757169962 CET	49783	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.758927107 CET	49784	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.758963108 CET	443	49784	23.15.178.200	192.168.2.5
Mar 14, 2025 01:31:01.759066105 CET	49784	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.759380102 CET	49784	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.759394884 CET	443	49784	23.15.178.200	192.168.2.5
Mar 14, 2025 01:31:01.759738922 CET	443	49784	23.15.178.200	192.168.2.5
Mar 14, 2025 01:31:01.760135889 CET	49785	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.760162115 CET	443	49785	23.15.178.200	192.168.2.5
Mar 14, 2025 01:31:01.760313034 CET	49785	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.760607958 CET	49785	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.760617018 CET	443	49785	23.15.178.200	192.168.2.5
Mar 14, 2025 01:31:01.760936022 CET	443	49785	23.15.178.200	192.168.2.5
Mar 14, 2025 01:31:01.761606932 CET	49786	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.761632919 CET	443	49786	23.15.178.200	192.168.2.5
Mar 14, 2025 01:31:01.761763096 CET	49786	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.761893988 CET	49786	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:01.761909962 CET	443	49786	23.15.178.200	192.168.2.5
Mar 14, 2025 01:31:01.761950016 CET	49786	443	192.168.2.5	23.15.178.200
Mar 14, 2025 01:31:02.529659986 CET	49676	443	192.168.2.5	20.189.173.14
Mar 14, 2025 01:31:05.862550974 CET	49787	443	192.168.2.5	172.64.151.8
Mar 14, 2025 01:31:05.862601042 CET	443	49787	172.64.151.8	192.168.2.5
Mar 14, 2025 01:31:05.862714052 CET	49787	443	192.168.2.5	172.64.151.8
Mar 14, 2025 01:31:05.863193035 CET	49788	443	192.168.2.5	172.64.151.8
Mar 14, 2025 01:31:05.863226891 CET	443	49788	172.64.151.8	192.168.2.5
Mar 14, 2025 01:31:05.863671064 CET	49788	443	192.168.2.5	172.64.151.8
Mar 14, 2025 01:31:05.869926929 CET	49788	443	192.168.2.5	172.64.151.8
Mar 14, 2025 01:31:05.869944096 CET	443	49788	172.64.151.8	192.168.2.5
Mar 14, 2025 01:31:05.870023966 CET	49787	443	192.168.2.5	172.64.151.8
Mar 14, 2025 01:31:05.870038986 CET	443	49787	172.64.151.8	192.168.2.5
Mar 14, 2025 01:31:06.069117069 CET	443	49787	172.64.151.8	192.168.2.5
Mar 14, 2025 01:31:06.069221020 CET	443	49788	172.64.151.8	192.168.2.5
Mar 14, 2025 01:31:06.069811106 CET	49789	443	192.168.2.5	172.64.151.8
Mar 14, 2025 01:31:06.069853067 CET	443	49789	172.64.151.8	192.168.2.5
Mar 14, 2025 01:31:06.069926023 CET	49789	443	192.168.2.5	172.64.151.8
Mar 14, 2025 01:31:06.070226908 CET	49790	443	192.168.2.5	172.64.151.8
Mar 14, 2025 01:31:06.070266962 CET	443	49790	172.64.151.8	192.168.2.5
Mar 14, 2025 01:31:06.070326090 CET	49790	443	192.168.2.5	172.64.151.8
Mar 14, 2025 01:31:06.070606947 CET	49789	443	192.168.2.5	172.64.151.8
Mar 14, 2025 01:31:06.070626020 CET	443	49789	172.64.151.8	192.168.2.5
Mar 14, 2025 01:31:06.070920944 CET	49790	443	192.168.2.5	172.64.151.8
Mar 14, 2025 01:31:06.070935011 CET	443	49790	172.64.151.8	192.168.2.5
Mar 14, 2025 01:31:06.269499063 CET	443	49790	172.64.151.8	192.168.2.5
Mar 14, 2025 01:31:06.269530058 CET	443	49789	172.64.151.8	192.168.2.5
Mar 14, 2025 01:31:08.942678928 CET	49796	443	192.168.2.5	172.64.151.8
Mar 14, 2025 01:31:08.942713022 CET	49795	443	192.168.2.5	172.64.151.8
Mar 14, 2025 01:31:08.942723989 CET	443	49796	172.64.151.8	192.168.2.5
Mar 14, 2025 01:31:08.942749977 CET	443	49795	172.64.151.8	192.168.2.5
Mar 14, 2025 01:31:08.942832947 CET	49796	443	192.168.2.5	172.64.151.8
Mar 14, 2025 01:31:08.942838907 CET	49795	443	192.168.2.5	172.64.151.8
Mar 14, 2025 01:31:08.943161011 CET	49795	443	192.168.2.5	172.64.151.8
Mar 14, 2025 01:31:08.943176985 CET	443	49795	172.64.151.8	192.168.2.5
Mar 14, 2025 01:31:08.944099903 CET	49796	443	192.168.2.5	172.64.151.8
Mar 14, 2025 01:31:08.944128036 CET	443	49796	172.64.151.8	192.168.2.5
Mar 14, 2025 01:31:09.141231060 CET	443	49795	172.64.151.8	192.168.2.5
Mar 14, 2025 01:31:09.141879082 CET	49797	443	192.168.2.5	172.64.151.8
Mar 14, 2025 01:31:09.141921997 CET	443	49797	172.64.151.8	192.168.2.5
Mar 14, 2025 01:31:09.142108917 CET	49797	443	192.168.2.5	172.64.151.8
Mar 14, 2025 01:31:09.145164967 CET	443	49796	172.64.151.8	192.168.2.5
Mar 14, 2025 01:31:09.145206928 CET	49797	443	192.168.2.5	172.64.151.8
Mar 14, 2025 01:31:09.145219088 CET	443	49797	172.64.151.8	192.168.2.5
Mar 14, 2025 01:31:09.145822048 CET	49798	443	192.168.2.5	172.64.151.8
Mar 14, 2025 01:31:09.145863056 CET	443	49798	172.64.151.8	192.168.2.5
Mar 14, 2025 01:31:09.148292065 CET	49798	443	192.168.2.5	172.64.151.8
Mar 14, 2025 01:31:09.148646116 CET	49798	443	192.168.2.5	172.64.151.8
Mar 14, 2025 01:31:09.148672104 CET	443	49798	172.64.151.8	192.168.2.5
Mar 14, 2025 01:31:09.345463991 CET	443	49797	172.64.151.8	192.168.2.5
Mar 14, 2025 01:31:09.349154949 CET	443	49798	172.64.151.8	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 14, 2025 01:30:53.220698118 CET	53	59818	1.1.1.1	192.168.2.5
Mar 14, 2025 01:30:53.429660082 CET	53	64302	1.1.1.1	192.168.2.5
Mar 14, 2025 01:30:57.374419928 CET	54937	53	192.168.2.5	1.1.1.1
Mar 14, 2025 01:30:57.374651909 CET	63296	53	192.168.2.5	1.1.1.1
Mar 14, 2025 01:30:57.381422043 CET	53	54937	1.1.1.1	192.168.2.5
Mar 14, 2025 01:30:57.381464958 CET	53	63296	1.1.1.1	192.168.2.5
Mar 14, 2025 01:30:58.885588884 CET	52276	53	192.168.2.5	1.1.1.1
Mar 14, 2025 01:30:58.885765076 CET	50325	53	192.168.2.5	1.1.1.1
Mar 14, 2025 01:30:58.895596027 CET	53	52276	1.1.1.1	192.168.2.5
Mar 14, 2025 01:30:58.895618916 CET	53	50325	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 14, 2025 01:30:57.374419928 CET	192.168.2.5	1.1.1.1	0xa5c5	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Mar 14, 2025 01:30:57.374651909 CET	192.168.2.5	1.1.1.1	0x3c31	Standard query (0)	www.google.com	65	IN (0x0001)	false
Mar 14, 2025 01:30:58.885588884 CET	192.168.2.5	1.1.1.1	0x30c2	Standard query (0)	metamaaskloogin.webflow.io	A (IP address)	IN (0x0001)	false
Mar 14, 2025 01:30:58.885765076 CET	192.168.2.5	1.1.1.1	0xdff4	Standard query (0)	metamaaskloogin.webflow.io	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Mar 14, 2025 01:30:57.381422043 CET	1.1.1.1	192.168.2.5	0xa5c5	No error (0)	www.google.com	142.250.185.132	A (IP address)	IN (0x0001)	false
Mar 14, 2025 01:30:57.381464958 CET	1.1.1.1	192.168.2.5	0x3c31	No error (0)	www.google.com		65	IN (0x0001)	false
Mar 14, 2025 01:30:58.895596027 CET	1.1.1.1	192.168.2.5	0x30c2	No error (0)	metamaaskloogin.webflow.io	172.64.151.8	A (IP address)	IN (0x0001)	false
Mar 14, 2025 01:30:58.895596027 CET	1.1.1.1	192.168.2.5	0x30c2	No error (0)	metamaaskloogin.webflow.io	104.18.36.248	A (IP address)	IN (0x0001)	false
Mar 14, 2025 01:30:58.895618916 CET	1.1.1.1	192.168.2.5	0xdff4	No error (0)	metamaaskloogin.webflow.io		65	IN (0x0001)	false

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

Target ID:	2
Start time:	20:30:46
Start date:	13/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff697e50000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	5
Start time:	20:30:51
Start date:	13/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1980,i,3220628845632107283,18224929301032935228,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=1552 /prefetch:3
Imagebase:	0x7ff697e50000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	9
Start time:	20:30:54
Start date:	13/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1980,i,3220628845632107283,18224929301032935228,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=5040 /prefetch:8
Imagebase:	0x7ff697e50000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	12
Start time:	20:30:57
Start date:	13/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://metamaaskloogin.webflow.io/"
Imagebase:	0x7ff697e50000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://metamaaskloogin.webflow.io/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Private

General Information

Errors

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 6884, Parent PID: 5488

General

File Activities

File Opened

File Deleted

File Moved

Other File Operations

Registry Activities

Key Deleted

Key Value Deleted

Process Activities

Process Created

Process Terminated

Thread Activities

Thread Terminated

Memory Activities

Memory Usage Statistics

Timing Activities

Windows Analysis Report
https://metamaaskloogin.webflow.io/