Edit tour

Windows Analysis Report
https://mmetakkuhon.webflow.io/

Overview

General Information

Sample URL:https://mmetakkuhon.webflow.io/
Analysis ID:1637955
Infos:
Errors
  • URL not reachable

Detection

Score:48
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • chrome.exe (PID: 652 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 5616 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1972,i,11242766977018651820,14871192912168987510,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2032 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 6748 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://mmetakkuhon.webflow.io/" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: https://mmetakkuhon.webflow.io/Avira URL Cloud: detection malicious, Label: phishing
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: mmetakkuhon.webflow.io
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: classification engineClassification label: mal48.win@20/0@4/3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1972,i,11242766977018651820,14871192912168987510,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2032 /prefetch:3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://mmetakkuhon.webflow.io/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1972,i,11242766977018651820,14871192912168987510,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2032 /prefetch:3Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection
1
Process Injection
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1637955 URL: https://mmetakkuhon.webflow.io/ Startdate: 14/03/2025 Architecture: WINDOWS Score: 48 20 Antivirus / Scanner detection for submitted sample 2->20 6 chrome.exe 2->6         started        9 chrome.exe 2->9         started        process3 dnsIp4 14 192.168.2.4, 443, 49723, 49724 unknown unknown 6->14 11 chrome.exe 6->11         started        process5 dnsIp6 16 www.google.com 216.58.212.164, 443, 49723, 49724 GOOGLEUS United States 11->16 18 mmetakkuhon.webflow.io 104.18.36.248, 443, 49729, 49730 CLOUDFLARENETUS United States 11->18

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
https://mmetakkuhon.webflow.io/100%Avira URL Cloudphishing
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
mmetakkuhon.webflow.io
104.18.36.248
truefalse
    unknown
    www.google.com
    216.58.212.164
    truefalse
      high
      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs
      IPDomainCountryFlagASNASN NameMalicious
      104.18.36.248
      mmetakkuhon.webflow.ioUnited States
      13335CLOUDFLARENETUSfalse
      216.58.212.164
      www.google.comUnited States
      15169GOOGLEUSfalse
      IP
      192.168.2.4
      Joe Sandbox version:42.0.0 Malachite
      Analysis ID:1637955
      Start date and time:2025-03-14 01:32:55 +01:00
      Joe Sandbox product:CloudBasic
      Overall analysis duration:0h 1m 57s
      Hypervisor based Inspection enabled:false
      Report type:full
      Cookbook file name:browseurl.jbs
      Sample URL:https://mmetakkuhon.webflow.io/
      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
      Number of analysed new started processes analysed:11
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • HCA enabled
      • EGA enabled
      • AMSI enabled
      Analysis Mode:default
      Analysis stop reason:Timeout
      Detection:MAL
      Classification:mal48.win@20/0@4/3
      EGA Information:Failed
      HCA Information:
      • Successful, ratio: 100%
      • Number of executed functions: 0
      • Number of non-executed functions: 0
      Cookbook Comments:
      • URL browsing timeout or error
      • URL not reachable
      • Exclude process from analysis (whitelisted): SIHClient.exe, SgrmBroker.exe, svchost.exe
      • Excluded IPs from analysis (whitelisted): 216.58.212.163, 142.250.184.206, 172.217.18.110, 74.125.206.84, 199.232.214.172, 2.23.77.188
      • Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, ocsp.digicert.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
      • Not all processes where analyzed, report is missing behavior information
      • Report size getting too big, too many NtOpenFile calls found.
      • VT rate limit hit for: https://mmetakkuhon.webflow.io/
      No simulations
      No context
      No context
      No context
      No context
      No context
      No created / dropped files found
      No static file info

      Download Network PCAP: filteredfull

      • Total Packets: 99
      • 443 (HTTPS)
      • 80 (HTTP)
      • 53 (DNS)
      TimestampSource PortDest PortSource IPDest IP
      Mar 14, 2025 01:33:53.134682894 CET49671443192.168.2.4204.79.197.203
      Mar 14, 2025 01:33:53.531508923 CET49671443192.168.2.4204.79.197.203
      Mar 14, 2025 01:33:54.150365114 CET49671443192.168.2.4204.79.197.203
      Mar 14, 2025 01:33:55.352808952 CET49671443192.168.2.4204.79.197.203
      Mar 14, 2025 01:33:55.596066952 CET49723443192.168.2.4216.58.212.164
      Mar 14, 2025 01:33:55.596117973 CET44349723216.58.212.164192.168.2.4
      Mar 14, 2025 01:33:55.596182108 CET49723443192.168.2.4216.58.212.164
      Mar 14, 2025 01:33:55.596586943 CET49723443192.168.2.4216.58.212.164
      Mar 14, 2025 01:33:55.596600056 CET44349723216.58.212.164192.168.2.4
      Mar 14, 2025 01:33:55.798521996 CET44349723216.58.212.164192.168.2.4
      Mar 14, 2025 01:33:55.799369097 CET49724443192.168.2.4216.58.212.164
      Mar 14, 2025 01:33:55.799432993 CET44349724216.58.212.164192.168.2.4
      Mar 14, 2025 01:33:55.799624920 CET49724443192.168.2.4216.58.212.164
      Mar 14, 2025 01:33:55.799957037 CET49724443192.168.2.4216.58.212.164
      Mar 14, 2025 01:33:55.799976110 CET44349724216.58.212.164192.168.2.4
      Mar 14, 2025 01:33:55.997555971 CET44349724216.58.212.164192.168.2.4
      Mar 14, 2025 01:33:57.708524942 CET49729443192.168.2.4104.18.36.248
      Mar 14, 2025 01:33:57.708564043 CET44349729104.18.36.248192.168.2.4
      Mar 14, 2025 01:33:57.708635092 CET49729443192.168.2.4104.18.36.248
      Mar 14, 2025 01:33:57.708786964 CET49730443192.168.2.4104.18.36.248
      Mar 14, 2025 01:33:57.708808899 CET44349730104.18.36.248192.168.2.4
      Mar 14, 2025 01:33:57.709120035 CET49730443192.168.2.4104.18.36.248
      Mar 14, 2025 01:33:57.709201097 CET49730443192.168.2.4104.18.36.248
      Mar 14, 2025 01:33:57.709212065 CET44349730104.18.36.248192.168.2.4
      Mar 14, 2025 01:33:57.709487915 CET49729443192.168.2.4104.18.36.248
      Mar 14, 2025 01:33:57.709501028 CET44349729104.18.36.248192.168.2.4
      Mar 14, 2025 01:33:57.755218029 CET49671443192.168.2.4204.79.197.203
      Mar 14, 2025 01:33:57.909555912 CET44349730104.18.36.248192.168.2.4
      Mar 14, 2025 01:33:57.909605980 CET44349729104.18.36.248192.168.2.4
      Mar 14, 2025 01:33:57.910252094 CET49731443192.168.2.4104.18.36.248
      Mar 14, 2025 01:33:57.910304070 CET44349731104.18.36.248192.168.2.4
      Mar 14, 2025 01:33:57.910449028 CET49731443192.168.2.4104.18.36.248
      Mar 14, 2025 01:33:57.910572052 CET49732443192.168.2.4104.18.36.248
      Mar 14, 2025 01:33:57.910604954 CET44349732104.18.36.248192.168.2.4
      Mar 14, 2025 01:33:57.910679102 CET49732443192.168.2.4104.18.36.248
      Mar 14, 2025 01:33:57.910907030 CET49731443192.168.2.4104.18.36.248
      Mar 14, 2025 01:33:57.910921097 CET44349731104.18.36.248192.168.2.4
      Mar 14, 2025 01:33:57.911202908 CET49732443192.168.2.4104.18.36.248
      Mar 14, 2025 01:33:57.911216974 CET44349732104.18.36.248192.168.2.4
      Mar 14, 2025 01:33:58.109577894 CET44349732104.18.36.248192.168.2.4
      Mar 14, 2025 01:33:58.109589100 CET44349731104.18.36.248192.168.2.4
      Mar 14, 2025 01:33:59.164135933 CET49737443192.168.2.4104.18.36.248
      Mar 14, 2025 01:33:59.164191961 CET44349737104.18.36.248192.168.2.4
      Mar 14, 2025 01:33:59.164264917 CET49737443192.168.2.4104.18.36.248
      Mar 14, 2025 01:33:59.164694071 CET49738443192.168.2.4104.18.36.248
      Mar 14, 2025 01:33:59.164747000 CET44349738104.18.36.248192.168.2.4
      Mar 14, 2025 01:33:59.164810896 CET49738443192.168.2.4104.18.36.248
      Mar 14, 2025 01:33:59.166891098 CET49738443192.168.2.4104.18.36.248
      Mar 14, 2025 01:33:59.166910887 CET44349738104.18.36.248192.168.2.4
      Mar 14, 2025 01:33:59.167210102 CET49737443192.168.2.4104.18.36.248
      Mar 14, 2025 01:33:59.167226076 CET44349737104.18.36.248192.168.2.4
      Mar 14, 2025 01:33:59.365185976 CET44349738104.18.36.248192.168.2.4
      Mar 14, 2025 01:33:59.365756989 CET44349737104.18.36.248192.168.2.4
      Mar 14, 2025 01:33:59.366118908 CET49739443192.168.2.4104.18.36.248
      Mar 14, 2025 01:33:59.366239071 CET44349739104.18.36.248192.168.2.4
      Mar 14, 2025 01:33:59.366323948 CET49739443192.168.2.4104.18.36.248
      Mar 14, 2025 01:33:59.366635084 CET49740443192.168.2.4104.18.36.248
      Mar 14, 2025 01:33:59.366672993 CET44349740104.18.36.248192.168.2.4
      Mar 14, 2025 01:33:59.366734982 CET49740443192.168.2.4104.18.36.248
      Mar 14, 2025 01:33:59.367125034 CET49739443192.168.2.4104.18.36.248
      Mar 14, 2025 01:33:59.367162943 CET44349739104.18.36.248192.168.2.4
      Mar 14, 2025 01:33:59.367718935 CET49740443192.168.2.4104.18.36.248
      Mar 14, 2025 01:33:59.367733002 CET44349740104.18.36.248192.168.2.4
      Mar 14, 2025 01:33:59.566065073 CET44349739104.18.36.248192.168.2.4
      Mar 14, 2025 01:33:59.566072941 CET44349740104.18.36.248192.168.2.4
      Mar 14, 2025 01:34:00.303832054 CET49741443192.168.2.423.60.203.209
      Mar 14, 2025 01:34:00.303878069 CET4434974123.60.203.209192.168.2.4
      Mar 14, 2025 01:34:00.304764986 CET49741443192.168.2.423.60.203.209
      Mar 14, 2025 01:34:00.313436031 CET49741443192.168.2.423.60.203.209
      Mar 14, 2025 01:34:00.313450098 CET4434974123.60.203.209192.168.2.4
      Mar 14, 2025 01:34:00.314070940 CET4434974123.60.203.209192.168.2.4
      Mar 14, 2025 01:34:00.318172932 CET49742443192.168.2.423.60.203.209
      Mar 14, 2025 01:34:00.318214893 CET4434974223.60.203.209192.168.2.4
      Mar 14, 2025 01:34:00.318391085 CET49742443192.168.2.423.60.203.209
      Mar 14, 2025 01:34:00.318743944 CET49742443192.168.2.423.60.203.209
      Mar 14, 2025 01:34:00.318758965 CET4434974223.60.203.209192.168.2.4
      Mar 14, 2025 01:34:00.319138050 CET4434974223.60.203.209192.168.2.4
      Mar 14, 2025 01:34:00.319591045 CET49743443192.168.2.423.60.203.209
      Mar 14, 2025 01:34:00.319647074 CET4434974323.60.203.209192.168.2.4
      Mar 14, 2025 01:34:00.319850922 CET49743443192.168.2.423.60.203.209
      Mar 14, 2025 01:34:00.324297905 CET49743443192.168.2.423.60.203.209
      Mar 14, 2025 01:34:00.324337006 CET4434974323.60.203.209192.168.2.4
      Mar 14, 2025 01:34:00.324459076 CET49743443192.168.2.423.60.203.209
      Mar 14, 2025 01:34:01.903543949 CET49678443192.168.2.420.189.173.27
      Mar 14, 2025 01:34:02.211693048 CET49678443192.168.2.420.189.173.27
      Mar 14, 2025 01:34:02.555444956 CET49671443192.168.2.4204.79.197.203
      Mar 14, 2025 01:34:02.821074963 CET49678443192.168.2.420.189.173.27
      Mar 14, 2025 01:34:04.024607897 CET49678443192.168.2.420.189.173.27
      Mar 14, 2025 01:34:04.588171005 CET49745443192.168.2.4104.18.36.248
      Mar 14, 2025 01:34:04.588222027 CET44349745104.18.36.248192.168.2.4
      Mar 14, 2025 01:34:04.588318110 CET49746443192.168.2.4104.18.36.248
      Mar 14, 2025 01:34:04.588350058 CET49745443192.168.2.4104.18.36.248
      Mar 14, 2025 01:34:04.588360071 CET44349746104.18.36.248192.168.2.4
      Mar 14, 2025 01:34:04.588530064 CET49746443192.168.2.4104.18.36.248
      Mar 14, 2025 01:34:04.589293957 CET49745443192.168.2.4104.18.36.248
      Mar 14, 2025 01:34:04.589303970 CET44349745104.18.36.248192.168.2.4
      Mar 14, 2025 01:34:04.589543104 CET49746443192.168.2.4104.18.36.248
      Mar 14, 2025 01:34:04.589560032 CET44349746104.18.36.248192.168.2.4
      Mar 14, 2025 01:34:04.752408028 CET4968180192.168.2.42.17.190.73
      Mar 14, 2025 01:34:04.790026903 CET44349746104.18.36.248192.168.2.4
      Mar 14, 2025 01:34:04.790026903 CET44349745104.18.36.248192.168.2.4
      Mar 14, 2025 01:34:04.791388988 CET49748443192.168.2.4104.18.36.248
      Mar 14, 2025 01:34:04.791421890 CET44349748104.18.36.248192.168.2.4
      Mar 14, 2025 01:34:04.791610003 CET49748443192.168.2.4104.18.36.248
      Mar 14, 2025 01:34:04.791873932 CET49749443192.168.2.4104.18.36.248
      Mar 14, 2025 01:34:04.791897058 CET44349749104.18.36.248192.168.2.4
      Mar 14, 2025 01:34:04.791973114 CET49749443192.168.2.4104.18.36.248
      Mar 14, 2025 01:34:04.792224884 CET49748443192.168.2.4104.18.36.248
      Mar 14, 2025 01:34:04.792248964 CET44349748104.18.36.248192.168.2.4
      Mar 14, 2025 01:34:04.792536974 CET49749443192.168.2.4104.18.36.248
      Mar 14, 2025 01:34:04.792546988 CET44349749104.18.36.248192.168.2.4
      Mar 14, 2025 01:34:04.990103006 CET44349748104.18.36.248192.168.2.4
      Mar 14, 2025 01:34:04.993068933 CET44349749104.18.36.248192.168.2.4
      Mar 14, 2025 01:34:05.058780909 CET4968180192.168.2.42.17.190.73
      Mar 14, 2025 01:34:05.665549040 CET4968180192.168.2.42.17.190.73
      Mar 14, 2025 01:34:06.110500097 CET49752443192.168.2.452.149.20.212
      Mar 14, 2025 01:34:06.110537052 CET4434975252.149.20.212192.168.2.4
      Mar 14, 2025 01:34:06.110630035 CET49752443192.168.2.452.149.20.212
      Mar 14, 2025 01:34:06.111735106 CET49752443192.168.2.452.149.20.212
      Mar 14, 2025 01:34:06.111749887 CET4434975252.149.20.212192.168.2.4
      Mar 14, 2025 01:34:06.112401962 CET4434975252.149.20.212192.168.2.4
      Mar 14, 2025 01:34:06.117350101 CET49753443192.168.2.452.149.20.212
      Mar 14, 2025 01:34:06.117374897 CET4434975352.149.20.212192.168.2.4
      Mar 14, 2025 01:34:06.117434025 CET49753443192.168.2.452.149.20.212
      Mar 14, 2025 01:34:06.117711067 CET49753443192.168.2.452.149.20.212
      Mar 14, 2025 01:34:06.117717028 CET4434975352.149.20.212192.168.2.4
      Mar 14, 2025 01:34:06.118107080 CET4434975352.149.20.212192.168.2.4
      Mar 14, 2025 01:34:06.155981064 CET49754443192.168.2.452.149.20.212
      Mar 14, 2025 01:34:06.156032085 CET4434975452.149.20.212192.168.2.4
      Mar 14, 2025 01:34:06.156167984 CET49754443192.168.2.452.149.20.212
      Mar 14, 2025 01:34:06.156697035 CET49754443192.168.2.452.149.20.212
      Mar 14, 2025 01:34:06.156708002 CET4434975452.149.20.212192.168.2.4
      Mar 14, 2025 01:34:06.157248974 CET4434975452.149.20.212192.168.2.4
      Mar 14, 2025 01:34:06.172801018 CET49755443192.168.2.452.149.20.212
      Mar 14, 2025 01:34:06.172849894 CET4434975552.149.20.212192.168.2.4
      Mar 14, 2025 01:34:06.172985077 CET49755443192.168.2.452.149.20.212
      Mar 14, 2025 01:34:06.173260927 CET49755443192.168.2.452.149.20.212
      Mar 14, 2025 01:34:06.173280001 CET4434975552.149.20.212192.168.2.4
      Mar 14, 2025 01:34:06.173722029 CET4434975552.149.20.212192.168.2.4
      Mar 14, 2025 01:34:06.209367990 CET49756443192.168.2.452.149.20.212
      Mar 14, 2025 01:34:06.209402084 CET4434975652.149.20.212192.168.2.4
      Mar 14, 2025 01:34:06.209599018 CET49756443192.168.2.452.149.20.212
      Mar 14, 2025 01:34:06.210078955 CET49756443192.168.2.452.149.20.212
      Mar 14, 2025 01:34:06.210098982 CET4434975652.149.20.212192.168.2.4
      Mar 14, 2025 01:34:06.210643053 CET4434975652.149.20.212192.168.2.4
      Mar 14, 2025 01:34:06.248007059 CET49757443192.168.2.452.149.20.212
      Mar 14, 2025 01:34:06.248054981 CET4434975752.149.20.212192.168.2.4
      Mar 14, 2025 01:34:06.248131990 CET49757443192.168.2.452.149.20.212
      Mar 14, 2025 01:34:06.248529911 CET49757443192.168.2.452.149.20.212
      Mar 14, 2025 01:34:06.248539925 CET4434975752.149.20.212192.168.2.4
      Mar 14, 2025 01:34:06.249073982 CET4434975752.149.20.212192.168.2.4
      Mar 14, 2025 01:34:06.275315046 CET49758443192.168.2.452.149.20.212
      Mar 14, 2025 01:34:06.275353909 CET4434975852.149.20.212192.168.2.4
      Mar 14, 2025 01:34:06.275414944 CET49758443192.168.2.452.149.20.212
      Mar 14, 2025 01:34:06.275743961 CET49758443192.168.2.452.149.20.212
      Mar 14, 2025 01:34:06.275753021 CET4434975852.149.20.212192.168.2.4
      Mar 14, 2025 01:34:06.276181936 CET4434975852.149.20.212192.168.2.4
      Mar 14, 2025 01:34:06.296511889 CET49759443192.168.2.452.149.20.212
      Mar 14, 2025 01:34:06.296544075 CET4434975952.149.20.212192.168.2.4
      Mar 14, 2025 01:34:06.296622992 CET49759443192.168.2.452.149.20.212
      Mar 14, 2025 01:34:06.296936989 CET49759443192.168.2.452.149.20.212
      Mar 14, 2025 01:34:06.296951056 CET4434975952.149.20.212192.168.2.4
      Mar 14, 2025 01:34:06.297370911 CET4434975952.149.20.212192.168.2.4
      Mar 14, 2025 01:34:06.431174994 CET49678443192.168.2.420.189.173.27
      Mar 14, 2025 01:34:06.867855072 CET4968180192.168.2.42.17.190.73
      Mar 14, 2025 01:34:09.274836063 CET4968180192.168.2.42.17.190.73
      Mar 14, 2025 01:34:11.243814945 CET49678443192.168.2.420.189.173.27
      Mar 14, 2025 01:34:12.165544987 CET49671443192.168.2.4204.79.197.203
      Mar 14, 2025 01:34:14.087457895 CET4968180192.168.2.42.17.190.73
      TimestampSource PortDest PortSource IPDest IP
      Mar 14, 2025 01:33:52.215240955 CET53613751.1.1.1192.168.2.4
      Mar 14, 2025 01:33:52.263833046 CET53581971.1.1.1192.168.2.4
      Mar 14, 2025 01:33:55.588326931 CET6483953192.168.2.41.1.1.1
      Mar 14, 2025 01:33:55.588685989 CET5052553192.168.2.41.1.1.1
      Mar 14, 2025 01:33:55.594942093 CET53648391.1.1.1192.168.2.4
      Mar 14, 2025 01:33:55.595269918 CET53505251.1.1.1192.168.2.4
      Mar 14, 2025 01:33:57.694140911 CET6335153192.168.2.41.1.1.1
      Mar 14, 2025 01:33:57.694488049 CET6051453192.168.2.41.1.1.1
      Mar 14, 2025 01:33:57.705810070 CET53605141.1.1.1192.168.2.4
      Mar 14, 2025 01:33:57.707597971 CET53633511.1.1.1192.168.2.4
      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
      Mar 14, 2025 01:33:55.588326931 CET192.168.2.41.1.1.10x5135Standard query (0)www.google.comA (IP address)IN (0x0001)false
      Mar 14, 2025 01:33:55.588685989 CET192.168.2.41.1.1.10x6cd8Standard query (0)www.google.com65IN (0x0001)false
      Mar 14, 2025 01:33:57.694140911 CET192.168.2.41.1.1.10x6407Standard query (0)mmetakkuhon.webflow.ioA (IP address)IN (0x0001)false
      Mar 14, 2025 01:33:57.694488049 CET192.168.2.41.1.1.10xf18Standard query (0)mmetakkuhon.webflow.io65IN (0x0001)false
      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
      Mar 14, 2025 01:33:55.594942093 CET1.1.1.1192.168.2.40x5135No error (0)www.google.com216.58.212.164A (IP address)IN (0x0001)false
      Mar 14, 2025 01:33:55.595269918 CET1.1.1.1192.168.2.40x6cd8No error (0)www.google.com65IN (0x0001)false
      Mar 14, 2025 01:33:57.705810070 CET1.1.1.1192.168.2.40xf18No error (0)mmetakkuhon.webflow.io65IN (0x0001)false
      Mar 14, 2025 01:33:57.707597971 CET1.1.1.1192.168.2.40x6407No error (0)mmetakkuhon.webflow.io104.18.36.248A (IP address)IN (0x0001)false
      Mar 14, 2025 01:33:57.707597971 CET1.1.1.1192.168.2.40x6407No error (0)mmetakkuhon.webflow.io172.64.151.8A (IP address)IN (0x0001)false
      0510152025s020406080100

      Click to jump to process

      0510152025s0.0050100MB

      Click to jump to process

      Target ID:1
      Start time:20:33:47
      Start date:13/03/2025
      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
      Wow64 process (32bit):false
      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
      Imagebase:0x7ff786830000
      File size:3'388'000 bytes
      MD5 hash:E81F54E6C1129887AEA47E7D092680BF
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low
      Has exited:false

      Target ID:2
      Start time:20:33:49
      Start date:13/03/2025
      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
      Wow64 process (32bit):false
      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1972,i,11242766977018651820,14871192912168987510,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2032 /prefetch:3
      Imagebase:0x7ff786830000
      File size:3'388'000 bytes
      MD5 hash:E81F54E6C1129887AEA47E7D092680BF
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low
      Has exited:false

      Target ID:4
      Start time:20:33:56
      Start date:13/03/2025
      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
      Wow64 process (32bit):false
      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://mmetakkuhon.webflow.io/"
      Imagebase:0x7ff786830000
      File size:3'388'000 bytes
      MD5 hash:E81F54E6C1129887AEA47E7D092680BF
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low
      Has exited:true
      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

      No disassembly