Edit tour

Windows Analysis Report
https://meteamasklloginn.webflow.io/

Overview

General Information

Sample URL:https://meteamasklloginn.webflow.io/
Analysis ID:1637963
Infos:
Errors
  • URL not reachable

Detection

Score:52
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
AI detected suspicious URL

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • chrome.exe (PID: 1292 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 6712 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2016,i,11600984243989709786,12468429322676649553,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2044 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 7572 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2016,i,11600984243989709786,12468429322676649553,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=5008 /prefetch:8 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 7772 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://meteamasklloginn.webflow.io/" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: https://meteamasklloginn.webflow.io/Avira URL Cloud: detection malicious, Label: phishing

Phishing

barindex
Source: https://meteamasklloginn.webflow.ioJoe Sandbox AI: The URL 'meteamasklloginn.webflow.io' appears to be a typosquatting attempt targeting the known brand MetaMask. The legitimate URL for MetaMask is 'metamask.io'. The analyzed URL uses several tactics to mimic the legitimate one: 1. Character substitution and addition: The addition of extra 'e' and 'l' characters in 'meteamasklloginn' creates a visual similarity to 'metamask'. 2. Structural similarity: The use of 'webflow.io' as a domain extension is a common tactic to host phishing pages, although 'webflow.io' itself is a legitimate platform for web hosting. 3. Contextual assessment: The subdomain 'meteamasklloginn' suggests a login page, which is a common phishing strategy to capture user credentials. Given these factors, the URL is highly likely to be a typosquatting attempt designed to confuse users into thinking they are interacting with the legitimate MetaMask site.
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.215.57
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.215.57
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.215.57
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.215.57
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.215.57
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.215.57
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.215.57
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.215.57
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.215.57
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.215.57
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.215.57
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.215.57
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.215.57
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.215.57
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.215.57
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.215.57
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.215.57
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.215.57
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.215.57
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.215.57
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 150.171.27.254
Source: unknownTCP traffic detected without corresponding DNS query: 150.171.27.254
Source: unknownTCP traffic detected without corresponding DNS query: 150.171.27.254
Source: unknownTCP traffic detected without corresponding DNS query: 150.171.27.254
Source: unknownTCP traffic detected without corresponding DNS query: 150.171.27.254
Source: unknownTCP traffic detected without corresponding DNS query: 150.171.27.254
Source: unknownTCP traffic detected without corresponding DNS query: 150.171.27.254
Source: unknownTCP traffic detected without corresponding DNS query: 150.171.27.254
Source: unknownTCP traffic detected without corresponding DNS query: 150.171.27.254
Source: unknownTCP traffic detected without corresponding DNS query: 150.171.27.254
Source: unknownTCP traffic detected without corresponding DNS query: 150.171.27.254
Source: unknownTCP traffic detected without corresponding DNS query: 150.171.27.254
Source: unknownTCP traffic detected without corresponding DNS query: 150.171.27.254
Source: unknownTCP traffic detected without corresponding DNS query: 150.171.27.254
Source: unknownTCP traffic detected without corresponding DNS query: 150.171.27.254
Source: unknownTCP traffic detected without corresponding DNS query: 150.171.27.254
Source: unknownTCP traffic detected without corresponding DNS query: 150.171.27.254
Source: unknownTCP traffic detected without corresponding DNS query: 150.171.27.254
Source: unknownTCP traffic detected without corresponding DNS query: 150.171.27.254
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: meteamasklloginn.webflow.io
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49678
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49675
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
Source: classification engineClassification label: mal52.win@22/0@4/3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2016,i,11600984243989709786,12468429322676649553,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2044 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2016,i,11600984243989709786,12468429322676649553,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=5008 /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://meteamasklloginn.webflow.io/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2016,i,11600984243989709786,12468429322676649553,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2044 /prefetch:3Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2016,i,11600984243989709786,12468429322676649553,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=5008 /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Browser Extensions
1
Process Injection
1
Process Injection
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1637963 URL: https://meteamasklloginn.we... Startdate: 14/03/2025 Architecture: WINDOWS Score: 52 22 Antivirus / Scanner detection for submitted sample 2->22 24 AI detected suspicious URL 2->24 6 chrome.exe 2->6         started        9 chrome.exe 2->9         started        process3 dnsIp4 16 192.168.2.5, 443, 49675, 49678 unknown unknown 6->16 11 chrome.exe 6->11         started        14 chrome.exe 6->14         started        process5 dnsIp6 18 meteamasklloginn.webflow.io 172.64.151.8, 443, 49747, 49748 CLOUDFLARENETUS United States 11->18 20 www.google.com 216.58.206.68, 443, 49743, 49744 GOOGLEUS United States 11->20

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
https://meteamasklloginn.webflow.io/100%Avira URL Cloudphishing
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
meteamasklloginn.webflow.io
172.64.151.8
truetrue
    unknown
    www.google.com
    216.58.206.68
    truefalse
      high
      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs
      IPDomainCountryFlagASNASN NameMalicious
      172.64.151.8
      meteamasklloginn.webflow.ioUnited States
      13335CLOUDFLARENETUStrue
      216.58.206.68
      www.google.comUnited States
      15169GOOGLEUSfalse
      IP
      192.168.2.5
      Joe Sandbox version:42.0.0 Malachite
      Analysis ID:1637963
      Start date and time:2025-03-14 01:38:58 +01:00
      Joe Sandbox product:CloudBasic
      Overall analysis duration:0h 1m 55s
      Hypervisor based Inspection enabled:false
      Report type:full
      Cookbook file name:browseurl.jbs
      Sample URL:https://meteamasklloginn.webflow.io/
      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
      Number of analysed new started processes analysed:11
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • HCA enabled
      • EGA enabled
      • AMSI enabled
      Analysis Mode:default
      Analysis stop reason:Timeout
      Detection:MAL
      Classification:mal52.win@22/0@4/3
      EGA Information:Failed
      HCA Information:
      • Successful, ratio: 100%
      • Number of executed functions: 0
      • Number of non-executed functions: 0
      Cookbook Comments:
      • URL browsing timeout or error
      • URL not reachable
      • Exclude process from analysis (whitelisted): SIHClient.exe, backgroundTaskHost.exe, svchost.exe
      • Excluded IPs from analysis (whitelisted): 2.16.185.191, 142.250.184.206, 142.250.184.195, 142.250.185.142, 64.233.166.84
      • Excluded domains from analysis (whitelisted): ev2-ring.msedge.net, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, clientservices.googleapis.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, e16604.dscf.akamaiedge.net, fe3cr.delivery.mp.microsoft.com, c2a9c95e369881c67228a6591cac2686.clo.footprintdns.com, ax-ring.msedge.net, clients2.google.com, clients.l.google.com, prod.fs.microsoft.com.akadns.net
      • Not all processes where analyzed, report is missing behavior information
      • Report size getting too big, too many NtOpenFile calls found.
      • VT rate limit hit for: https://meteamasklloginn.webflow.io/
      No simulations
      No context
      No context
      No context
      No context
      No context
      No created / dropped files found
      No static file info

      Download Network PCAP: filteredfull

      • Total Packets: 172
      • 443 (HTTPS)
      • 53 (DNS)
      TimestampSource PortDest PortSource IPDest IP
      Mar 14, 2025 01:39:49.135284901 CET49676443192.168.2.520.189.173.14
      Mar 14, 2025 01:39:49.447362900 CET49676443192.168.2.520.189.173.14
      Mar 14, 2025 01:39:50.056713104 CET49676443192.168.2.520.189.173.14
      Mar 14, 2025 01:39:50.103602886 CET49672443192.168.2.5204.79.197.203
      Mar 14, 2025 01:39:51.259877920 CET49676443192.168.2.520.189.173.14
      Mar 14, 2025 01:39:53.666157007 CET49676443192.168.2.520.189.173.14
      Mar 14, 2025 01:39:56.725559950 CET49732443192.168.2.592.122.215.57
      Mar 14, 2025 01:39:56.725615978 CET4434973292.122.215.57192.168.2.5
      Mar 14, 2025 01:39:56.725840092 CET49732443192.168.2.592.122.215.57
      Mar 14, 2025 01:39:56.726310015 CET49732443192.168.2.592.122.215.57
      Mar 14, 2025 01:39:56.726321936 CET4434973292.122.215.57192.168.2.5
      Mar 14, 2025 01:39:56.727082014 CET4434973292.122.215.57192.168.2.5
      Mar 14, 2025 01:39:56.728326082 CET49733443192.168.2.592.122.215.57
      Mar 14, 2025 01:39:56.728374004 CET4434973392.122.215.57192.168.2.5
      Mar 14, 2025 01:39:56.728673935 CET49733443192.168.2.592.122.215.57
      Mar 14, 2025 01:39:56.728924990 CET49733443192.168.2.592.122.215.57
      Mar 14, 2025 01:39:56.728943110 CET4434973392.122.215.57192.168.2.5
      Mar 14, 2025 01:39:56.729326963 CET4434973392.122.215.57192.168.2.5
      Mar 14, 2025 01:39:56.730113029 CET49734443192.168.2.592.122.215.57
      Mar 14, 2025 01:39:56.730151892 CET4434973492.122.215.57192.168.2.5
      Mar 14, 2025 01:39:56.730241060 CET49734443192.168.2.592.122.215.57
      Mar 14, 2025 01:39:56.730396986 CET49734443192.168.2.592.122.215.57
      Mar 14, 2025 01:39:56.730444908 CET4434973492.122.215.57192.168.2.5
      Mar 14, 2025 01:39:56.730487108 CET49734443192.168.2.592.122.215.57
      Mar 14, 2025 01:39:56.743926048 CET49735443192.168.2.592.122.215.57
      Mar 14, 2025 01:39:56.743973017 CET4434973592.122.215.57192.168.2.5
      Mar 14, 2025 01:39:56.744112015 CET49735443192.168.2.592.122.215.57
      Mar 14, 2025 01:39:56.744363070 CET49735443192.168.2.592.122.215.57
      Mar 14, 2025 01:39:56.744376898 CET4434973592.122.215.57192.168.2.5
      Mar 14, 2025 01:39:56.745032072 CET4434973592.122.215.57192.168.2.5
      Mar 14, 2025 01:39:56.745382071 CET49736443192.168.2.592.122.215.57
      Mar 14, 2025 01:39:56.745425940 CET4434973692.122.215.57192.168.2.5
      Mar 14, 2025 01:39:56.745491982 CET49736443192.168.2.592.122.215.57
      Mar 14, 2025 01:39:56.745718002 CET49736443192.168.2.592.122.215.57
      Mar 14, 2025 01:39:56.745732069 CET4434973692.122.215.57192.168.2.5
      Mar 14, 2025 01:39:56.746129036 CET4434973692.122.215.57192.168.2.5
      Mar 14, 2025 01:39:56.746436119 CET49737443192.168.2.592.122.215.57
      Mar 14, 2025 01:39:56.746474981 CET4434973792.122.215.57192.168.2.5
      Mar 14, 2025 01:39:56.746581078 CET49737443192.168.2.592.122.215.57
      Mar 14, 2025 01:39:56.746727943 CET49737443192.168.2.592.122.215.57
      Mar 14, 2025 01:39:56.746762991 CET4434973792.122.215.57192.168.2.5
      Mar 14, 2025 01:39:56.746809006 CET49737443192.168.2.592.122.215.57
      Mar 14, 2025 01:39:58.483360052 CET49676443192.168.2.520.189.173.14
      Mar 14, 2025 01:39:59.713303089 CET49672443192.168.2.5204.79.197.203
      Mar 14, 2025 01:40:00.112585068 CET49743443192.168.2.5216.58.206.68
      Mar 14, 2025 01:40:00.112618923 CET44349743216.58.206.68192.168.2.5
      Mar 14, 2025 01:40:00.112687111 CET49743443192.168.2.5216.58.206.68
      Mar 14, 2025 01:40:00.113045931 CET49743443192.168.2.5216.58.206.68
      Mar 14, 2025 01:40:00.113058090 CET44349743216.58.206.68192.168.2.5
      Mar 14, 2025 01:40:00.314042091 CET44349743216.58.206.68192.168.2.5
      Mar 14, 2025 01:40:00.315201998 CET49744443192.168.2.5216.58.206.68
      Mar 14, 2025 01:40:00.315237045 CET44349744216.58.206.68192.168.2.5
      Mar 14, 2025 01:40:00.315320015 CET49744443192.168.2.5216.58.206.68
      Mar 14, 2025 01:40:00.315825939 CET49744443192.168.2.5216.58.206.68
      Mar 14, 2025 01:40:00.315838099 CET44349744216.58.206.68192.168.2.5
      Mar 14, 2025 01:40:00.513477087 CET44349744216.58.206.68192.168.2.5
      Mar 14, 2025 01:40:01.751133919 CET49747443192.168.2.5172.64.151.8
      Mar 14, 2025 01:40:01.751207113 CET44349747172.64.151.8192.168.2.5
      Mar 14, 2025 01:40:01.751276016 CET49747443192.168.2.5172.64.151.8
      Mar 14, 2025 01:40:01.751529932 CET49748443192.168.2.5172.64.151.8
      Mar 14, 2025 01:40:01.751564980 CET44349748172.64.151.8192.168.2.5
      Mar 14, 2025 01:40:01.751790047 CET49747443192.168.2.5172.64.151.8
      Mar 14, 2025 01:40:01.751807928 CET44349747172.64.151.8192.168.2.5
      Mar 14, 2025 01:40:01.751904011 CET49748443192.168.2.5172.64.151.8
      Mar 14, 2025 01:40:01.752254009 CET49748443192.168.2.5172.64.151.8
      Mar 14, 2025 01:40:01.752265930 CET44349748172.64.151.8192.168.2.5
      Mar 14, 2025 01:40:01.949923992 CET44349747172.64.151.8192.168.2.5
      Mar 14, 2025 01:40:01.950462103 CET49749443192.168.2.5172.64.151.8
      Mar 14, 2025 01:40:01.950515032 CET44349749172.64.151.8192.168.2.5
      Mar 14, 2025 01:40:01.950623989 CET49749443192.168.2.5172.64.151.8
      Mar 14, 2025 01:40:01.951081991 CET49749443192.168.2.5172.64.151.8
      Mar 14, 2025 01:40:01.951095104 CET44349749172.64.151.8192.168.2.5
      Mar 14, 2025 01:40:01.953624010 CET44349748172.64.151.8192.168.2.5
      Mar 14, 2025 01:40:01.954042912 CET49750443192.168.2.5172.64.151.8
      Mar 14, 2025 01:40:01.954081059 CET44349750172.64.151.8192.168.2.5
      Mar 14, 2025 01:40:01.954130888 CET49750443192.168.2.5172.64.151.8
      Mar 14, 2025 01:40:01.954447031 CET49750443192.168.2.5172.64.151.8
      Mar 14, 2025 01:40:01.954459906 CET44349750172.64.151.8192.168.2.5
      Mar 14, 2025 01:40:02.149380922 CET44349749172.64.151.8192.168.2.5
      Mar 14, 2025 01:40:02.153373957 CET44349750172.64.151.8192.168.2.5
      Mar 14, 2025 01:40:03.195343018 CET49755443192.168.2.5172.64.151.8
      Mar 14, 2025 01:40:03.195388079 CET44349755172.64.151.8192.168.2.5
      Mar 14, 2025 01:40:03.195489883 CET49756443192.168.2.5172.64.151.8
      Mar 14, 2025 01:40:03.195532084 CET44349756172.64.151.8192.168.2.5
      Mar 14, 2025 01:40:03.195543051 CET49755443192.168.2.5172.64.151.8
      Mar 14, 2025 01:40:03.195732117 CET49756443192.168.2.5172.64.151.8
      Mar 14, 2025 01:40:03.196490049 CET49756443192.168.2.5172.64.151.8
      Mar 14, 2025 01:40:03.196490049 CET49755443192.168.2.5172.64.151.8
      Mar 14, 2025 01:40:03.196501970 CET44349755172.64.151.8192.168.2.5
      Mar 14, 2025 01:40:03.196502924 CET44349756172.64.151.8192.168.2.5
      Mar 14, 2025 01:40:03.397134066 CET44349755172.64.151.8192.168.2.5
      Mar 14, 2025 01:40:03.397660971 CET44349756172.64.151.8192.168.2.5
      Mar 14, 2025 01:40:03.398467064 CET49758443192.168.2.5172.64.151.8
      Mar 14, 2025 01:40:03.398468018 CET49757443192.168.2.5172.64.151.8
      Mar 14, 2025 01:40:03.398507118 CET44349758172.64.151.8192.168.2.5
      Mar 14, 2025 01:40:03.398507118 CET44349757172.64.151.8192.168.2.5
      Mar 14, 2025 01:40:03.398598909 CET49758443192.168.2.5172.64.151.8
      Mar 14, 2025 01:40:03.398598909 CET49757443192.168.2.5172.64.151.8
      Mar 14, 2025 01:40:03.399135113 CET49758443192.168.2.5172.64.151.8
      Mar 14, 2025 01:40:03.399135113 CET49757443192.168.2.5172.64.151.8
      Mar 14, 2025 01:40:03.399144888 CET44349758172.64.151.8192.168.2.5
      Mar 14, 2025 01:40:03.399148941 CET44349757172.64.151.8192.168.2.5
      Mar 14, 2025 01:40:03.597027063 CET44349758172.64.151.8192.168.2.5
      Mar 14, 2025 01:40:03.597558022 CET44349757172.64.151.8192.168.2.5
      Mar 14, 2025 01:40:08.088005066 CET49676443192.168.2.520.189.173.14
      Mar 14, 2025 01:40:08.644382954 CET49761443192.168.2.5172.64.151.8
      Mar 14, 2025 01:40:08.644428968 CET44349761172.64.151.8192.168.2.5
      Mar 14, 2025 01:40:08.644491911 CET49761443192.168.2.5172.64.151.8
      Mar 14, 2025 01:40:08.644676924 CET49762443192.168.2.5172.64.151.8
      Mar 14, 2025 01:40:08.644710064 CET44349762172.64.151.8192.168.2.5
      Mar 14, 2025 01:40:08.644758940 CET49762443192.168.2.5172.64.151.8
      Mar 14, 2025 01:40:08.645067930 CET49762443192.168.2.5172.64.151.8
      Mar 14, 2025 01:40:08.645078897 CET44349762172.64.151.8192.168.2.5
      Mar 14, 2025 01:40:08.645337105 CET49761443192.168.2.5172.64.151.8
      Mar 14, 2025 01:40:08.645351887 CET44349761172.64.151.8192.168.2.5
      Mar 14, 2025 01:40:08.716767073 CET49763443192.168.2.520.109.210.53
      Mar 14, 2025 01:40:08.716836929 CET4434976320.109.210.53192.168.2.5
      Mar 14, 2025 01:40:08.716921091 CET49763443192.168.2.520.109.210.53
      Mar 14, 2025 01:40:08.726051092 CET49763443192.168.2.520.109.210.53
      Mar 14, 2025 01:40:08.726088047 CET4434976320.109.210.53192.168.2.5
      Mar 14, 2025 01:40:08.726675987 CET4434976320.109.210.53192.168.2.5
      Mar 14, 2025 01:40:08.732472897 CET49764443192.168.2.520.109.210.53
      Mar 14, 2025 01:40:08.732528925 CET4434976420.109.210.53192.168.2.5
      Mar 14, 2025 01:40:08.732600927 CET49764443192.168.2.520.109.210.53
      Mar 14, 2025 01:40:08.733161926 CET49764443192.168.2.520.109.210.53
      Mar 14, 2025 01:40:08.733174086 CET4434976420.109.210.53192.168.2.5
      Mar 14, 2025 01:40:08.733562946 CET4434976420.109.210.53192.168.2.5
      Mar 14, 2025 01:40:08.845240116 CET44349762172.64.151.8192.168.2.5
      Mar 14, 2025 01:40:08.845990896 CET44349761172.64.151.8192.168.2.5
      Mar 14, 2025 01:40:08.846112967 CET49765443192.168.2.5172.64.151.8
      Mar 14, 2025 01:40:08.846152067 CET44349765172.64.151.8192.168.2.5
      Mar 14, 2025 01:40:08.846214056 CET49765443192.168.2.5172.64.151.8
      Mar 14, 2025 01:40:08.846858978 CET49766443192.168.2.5172.64.151.8
      Mar 14, 2025 01:40:08.846894026 CET44349766172.64.151.8192.168.2.5
      Mar 14, 2025 01:40:08.846991062 CET49766443192.168.2.5172.64.151.8
      Mar 14, 2025 01:40:08.847318888 CET49765443192.168.2.5172.64.151.8
      Mar 14, 2025 01:40:08.847330093 CET44349765172.64.151.8192.168.2.5
      Mar 14, 2025 01:40:08.847667933 CET49766443192.168.2.5172.64.151.8
      Mar 14, 2025 01:40:08.847682953 CET44349766172.64.151.8192.168.2.5
      Mar 14, 2025 01:40:08.864655972 CET49767443192.168.2.520.109.210.53
      Mar 14, 2025 01:40:08.864701033 CET4434976720.109.210.53192.168.2.5
      Mar 14, 2025 01:40:08.864767075 CET49767443192.168.2.520.109.210.53
      Mar 14, 2025 01:40:08.873687983 CET49767443192.168.2.520.109.210.53
      Mar 14, 2025 01:40:08.873703957 CET4434976720.109.210.53192.168.2.5
      Mar 14, 2025 01:40:08.874248981 CET4434976720.109.210.53192.168.2.5
      Mar 14, 2025 01:40:08.950671911 CET49768443192.168.2.520.109.210.53
      Mar 14, 2025 01:40:08.950727940 CET4434976820.109.210.53192.168.2.5
      Mar 14, 2025 01:40:08.950798035 CET49768443192.168.2.520.109.210.53
      Mar 14, 2025 01:40:08.951280117 CET49768443192.168.2.520.109.210.53
      Mar 14, 2025 01:40:08.951291084 CET4434976820.109.210.53192.168.2.5
      Mar 14, 2025 01:40:08.951855898 CET4434976820.109.210.53192.168.2.5
      Mar 14, 2025 01:40:08.999882936 CET49769443192.168.2.520.109.210.53
      Mar 14, 2025 01:40:08.999937057 CET4434976920.109.210.53192.168.2.5
      Mar 14, 2025 01:40:09.000236034 CET49769443192.168.2.520.109.210.53
      Mar 14, 2025 01:40:09.000643969 CET49769443192.168.2.520.109.210.53
      Mar 14, 2025 01:40:09.000657082 CET4434976920.109.210.53192.168.2.5
      Mar 14, 2025 01:40:09.001288891 CET4434976920.109.210.53192.168.2.5
      Mar 14, 2025 01:40:09.025542974 CET49770443192.168.2.520.109.210.53
      Mar 14, 2025 01:40:09.025590897 CET4434977020.109.210.53192.168.2.5
      Mar 14, 2025 01:40:09.025655031 CET49770443192.168.2.520.109.210.53
      Mar 14, 2025 01:40:09.026371002 CET49770443192.168.2.520.109.210.53
      Mar 14, 2025 01:40:09.026382923 CET4434977020.109.210.53192.168.2.5
      Mar 14, 2025 01:40:09.026933908 CET4434977020.109.210.53192.168.2.5
      Mar 14, 2025 01:40:09.045058966 CET44349765172.64.151.8192.168.2.5
      Mar 14, 2025 01:40:09.045382023 CET44349766172.64.151.8192.168.2.5
      Mar 14, 2025 01:40:09.071846962 CET49771443192.168.2.520.109.210.53
      Mar 14, 2025 01:40:09.071901083 CET4434977120.109.210.53192.168.2.5
      Mar 14, 2025 01:40:09.071985960 CET49771443192.168.2.520.109.210.53
      Mar 14, 2025 01:40:09.072285891 CET49771443192.168.2.520.109.210.53
      Mar 14, 2025 01:40:09.072297096 CET4434977120.109.210.53192.168.2.5
      Mar 14, 2025 01:40:09.072807074 CET4434977120.109.210.53192.168.2.5
      Mar 14, 2025 01:40:09.076384068 CET49772443192.168.2.520.109.210.53
      Mar 14, 2025 01:40:09.076412916 CET4434977220.109.210.53192.168.2.5
      Mar 14, 2025 01:40:09.076584101 CET49772443192.168.2.520.109.210.53
      Mar 14, 2025 01:40:09.076982975 CET49772443192.168.2.520.109.210.53
      Mar 14, 2025 01:40:09.076992035 CET4434977220.109.210.53192.168.2.5
      Mar 14, 2025 01:40:09.077377081 CET4434977220.109.210.53192.168.2.5
      Mar 14, 2025 01:40:09.242893934 CET49675443192.168.2.52.23.227.208
      Mar 14, 2025 01:40:09.242942095 CET443496752.23.227.208192.168.2.5
      Mar 14, 2025 01:40:09.243037939 CET49675443192.168.2.52.23.227.208
      Mar 14, 2025 01:40:09.243047953 CET443496752.23.227.208192.168.2.5
      Mar 14, 2025 01:40:09.346813917 CET49773443192.168.2.5150.171.27.254
      Mar 14, 2025 01:40:09.346856117 CET44349773150.171.27.254192.168.2.5
      Mar 14, 2025 01:40:09.346929073 CET49773443192.168.2.5150.171.27.254
      Mar 14, 2025 01:40:09.347238064 CET49773443192.168.2.5150.171.27.254
      Mar 14, 2025 01:40:09.347250938 CET44349773150.171.27.254192.168.2.5
      Mar 14, 2025 01:40:09.347855091 CET44349773150.171.27.254192.168.2.5
      Mar 14, 2025 01:40:09.348691940 CET49774443192.168.2.5150.171.27.254
      Mar 14, 2025 01:40:09.348723888 CET44349774150.171.27.254192.168.2.5
      Mar 14, 2025 01:40:09.348906040 CET49774443192.168.2.5150.171.27.254
      Mar 14, 2025 01:40:09.350362062 CET49774443192.168.2.5150.171.27.254
      Mar 14, 2025 01:40:09.350373030 CET44349774150.171.27.254192.168.2.5
      Mar 14, 2025 01:40:09.350764036 CET44349774150.171.27.254192.168.2.5
      Mar 14, 2025 01:40:09.356820107 CET49775443192.168.2.5150.171.27.254
      Mar 14, 2025 01:40:09.356862068 CET44349775150.171.27.254192.168.2.5
      Mar 14, 2025 01:40:09.356914997 CET49775443192.168.2.5150.171.27.254
      Mar 14, 2025 01:40:09.357227087 CET49775443192.168.2.5150.171.27.254
      Mar 14, 2025 01:40:09.357254028 CET44349775150.171.27.254192.168.2.5
      Mar 14, 2025 01:40:09.357312918 CET49775443192.168.2.5150.171.27.254
      Mar 14, 2025 01:40:09.360187054 CET49776443192.168.2.5150.171.27.254
      Mar 14, 2025 01:40:09.360229015 CET44349776150.171.27.254192.168.2.5
      Mar 14, 2025 01:40:09.360284090 CET49776443192.168.2.5150.171.27.254
      Mar 14, 2025 01:40:09.361229897 CET49776443192.168.2.5150.171.27.254
      Mar 14, 2025 01:40:09.361241102 CET44349776150.171.27.254192.168.2.5
      Mar 14, 2025 01:40:09.361661911 CET44349776150.171.27.254192.168.2.5
      Mar 14, 2025 01:40:09.363037109 CET49777443192.168.2.5150.171.27.254
      Mar 14, 2025 01:40:09.363064051 CET44349777150.171.27.254192.168.2.5
      Mar 14, 2025 01:40:09.363125086 CET49777443192.168.2.5150.171.27.254
      Mar 14, 2025 01:40:09.363408089 CET49777443192.168.2.5150.171.27.254
      Mar 14, 2025 01:40:09.363424063 CET44349777150.171.27.254192.168.2.5
      Mar 14, 2025 01:40:09.363771915 CET44349777150.171.27.254192.168.2.5
      Mar 14, 2025 01:40:09.364275932 CET49778443192.168.2.5150.171.27.254
      Mar 14, 2025 01:40:09.364315987 CET44349778150.171.27.254192.168.2.5
      Mar 14, 2025 01:40:09.364641905 CET49778443192.168.2.5150.171.27.254
      Mar 14, 2025 01:40:09.364803076 CET49778443192.168.2.5150.171.27.254
      Mar 14, 2025 01:40:09.364828110 CET44349778150.171.27.254192.168.2.5
      Mar 14, 2025 01:40:09.364900112 CET49778443192.168.2.5150.171.27.254
      Mar 14, 2025 01:40:09.377521038 CET49779443192.168.2.5150.171.31.254
      Mar 14, 2025 01:40:09.377557993 CET44349779150.171.31.254192.168.2.5
      Mar 14, 2025 01:40:09.377684116 CET49779443192.168.2.5150.171.31.254
      Mar 14, 2025 01:40:09.377983093 CET49779443192.168.2.5150.171.31.254
      Mar 14, 2025 01:40:09.377994061 CET44349779150.171.31.254192.168.2.5
      Mar 14, 2025 01:40:09.378431082 CET44349779150.171.31.254192.168.2.5
      Mar 14, 2025 01:40:09.379431963 CET49780443192.168.2.5150.171.31.254
      Mar 14, 2025 01:40:09.379453897 CET44349780150.171.31.254192.168.2.5
      Mar 14, 2025 01:40:09.379551888 CET49780443192.168.2.5150.171.31.254
      Mar 14, 2025 01:40:09.380238056 CET49780443192.168.2.5150.171.31.254
      Mar 14, 2025 01:40:09.380249023 CET44349780150.171.31.254192.168.2.5
      Mar 14, 2025 01:40:09.380630016 CET44349780150.171.31.254192.168.2.5
      Mar 14, 2025 01:40:09.381372929 CET49781443192.168.2.5150.171.31.254
      Mar 14, 2025 01:40:09.381385088 CET44349781150.171.31.254192.168.2.5
      Mar 14, 2025 01:40:09.381443024 CET49781443192.168.2.5150.171.31.254
      Mar 14, 2025 01:40:09.381544113 CET49781443192.168.2.5150.171.31.254
      Mar 14, 2025 01:40:09.381567001 CET44349781150.171.31.254192.168.2.5
      Mar 14, 2025 01:40:09.381664991 CET49781443192.168.2.5150.171.31.254
      Mar 14, 2025 01:40:09.383452892 CET49782443192.168.2.5150.171.31.254
      Mar 14, 2025 01:40:09.383467913 CET44349782150.171.31.254192.168.2.5
      Mar 14, 2025 01:40:09.383573055 CET49782443192.168.2.5150.171.31.254
      Mar 14, 2025 01:40:09.383889914 CET49782443192.168.2.5150.171.31.254
      Mar 14, 2025 01:40:09.383900881 CET44349782150.171.31.254192.168.2.5
      Mar 14, 2025 01:40:09.384279966 CET44349782150.171.31.254192.168.2.5
      Mar 14, 2025 01:40:09.385664940 CET49783443192.168.2.5150.171.31.254
      Mar 14, 2025 01:40:09.385679960 CET44349783150.171.31.254192.168.2.5
      Mar 14, 2025 01:40:09.385777950 CET49783443192.168.2.5150.171.31.254
      Mar 14, 2025 01:40:09.386202097 CET49783443192.168.2.5150.171.31.254
      Mar 14, 2025 01:40:09.386210918 CET44349783150.171.31.254192.168.2.5
      Mar 14, 2025 01:40:09.386563063 CET44349783150.171.31.254192.168.2.5
      Mar 14, 2025 01:40:09.386888981 CET49784443192.168.2.5150.171.31.254
      Mar 14, 2025 01:40:09.386905909 CET44349784150.171.31.254192.168.2.5
      Mar 14, 2025 01:40:09.386984110 CET49784443192.168.2.5150.171.31.254
      Mar 14, 2025 01:40:09.387371063 CET49784443192.168.2.5150.171.31.254
      Mar 14, 2025 01:40:09.387397051 CET44349784150.171.31.254192.168.2.5
      Mar 14, 2025 01:40:09.387633085 CET49784443192.168.2.5150.171.31.254
      Mar 14, 2025 01:40:09.390727043 CET49678443192.168.2.5204.79.197.222
      Mar 14, 2025 01:40:09.390743017 CET44349678204.79.197.222192.168.2.5
      Mar 14, 2025 01:40:09.391211033 CET49785443192.168.2.5204.79.197.222
      Mar 14, 2025 01:40:09.391232967 CET44349785204.79.197.222192.168.2.5
      Mar 14, 2025 01:40:09.391318083 CET49785443192.168.2.5204.79.197.222
      Mar 14, 2025 01:40:09.391494989 CET49785443192.168.2.5204.79.197.222
      Mar 14, 2025 01:40:09.391505003 CET44349785204.79.197.222192.168.2.5
      Mar 14, 2025 01:40:09.391863108 CET44349785204.79.197.222192.168.2.5
      Mar 14, 2025 01:40:09.392234087 CET49786443192.168.2.5204.79.197.222
      Mar 14, 2025 01:40:09.392241955 CET44349786204.79.197.222192.168.2.5
      Mar 14, 2025 01:40:09.392386913 CET49786443192.168.2.5204.79.197.222
      Mar 14, 2025 01:40:09.392708063 CET49786443192.168.2.5204.79.197.222
      Mar 14, 2025 01:40:09.392719984 CET44349786204.79.197.222192.168.2.5
      Mar 14, 2025 01:40:09.393079042 CET44349786204.79.197.222192.168.2.5
      Mar 14, 2025 01:40:09.393532038 CET49787443192.168.2.5204.79.197.222
      Mar 14, 2025 01:40:09.393565893 CET44349787204.79.197.222192.168.2.5
      Mar 14, 2025 01:40:09.393712997 CET49787443192.168.2.5204.79.197.222
      Mar 14, 2025 01:40:09.393785000 CET49787443192.168.2.5204.79.197.222
      Mar 14, 2025 01:40:09.393802881 CET44349787204.79.197.222192.168.2.5
      Mar 14, 2025 01:40:09.393843889 CET49787443192.168.2.5204.79.197.222
      Mar 14, 2025 01:40:09.795166016 CET49788443192.168.2.592.122.215.57
      Mar 14, 2025 01:40:09.795223951 CET4434978892.122.215.57192.168.2.5
      Mar 14, 2025 01:40:09.795289993 CET49788443192.168.2.592.122.215.57
      Mar 14, 2025 01:40:09.795445919 CET49789443192.168.2.592.122.215.57
      Mar 14, 2025 01:40:09.795490980 CET4434978992.122.215.57192.168.2.5
      Mar 14, 2025 01:40:09.795548916 CET49789443192.168.2.592.122.215.57
      Mar 14, 2025 01:40:09.796013117 CET49789443192.168.2.592.122.215.57
      Mar 14, 2025 01:40:09.796024084 CET4434978992.122.215.57192.168.2.5
      Mar 14, 2025 01:40:09.796273947 CET49788443192.168.2.592.122.215.57
      Mar 14, 2025 01:40:09.796284914 CET4434978892.122.215.57192.168.2.5
      Mar 14, 2025 01:40:09.796802044 CET4434978992.122.215.57192.168.2.5
      Mar 14, 2025 01:40:09.796921015 CET4434978892.122.215.57192.168.2.5
      Mar 14, 2025 01:40:09.798429012 CET49790443192.168.2.592.122.215.57
      Mar 14, 2025 01:40:09.798455954 CET4434979092.122.215.57192.168.2.5
      Mar 14, 2025 01:40:09.798499107 CET49790443192.168.2.592.122.215.57
      Mar 14, 2025 01:40:09.798521996 CET49791443192.168.2.592.122.215.57
      Mar 14, 2025 01:40:09.798558950 CET4434979192.122.215.57192.168.2.5
      Mar 14, 2025 01:40:09.798607111 CET49791443192.168.2.592.122.215.57
      Mar 14, 2025 01:40:09.798911095 CET49790443192.168.2.592.122.215.57
      Mar 14, 2025 01:40:09.798923969 CET4434979092.122.215.57192.168.2.5
      Mar 14, 2025 01:40:09.799128056 CET49791443192.168.2.592.122.215.57
      Mar 14, 2025 01:40:09.799139977 CET4434979192.122.215.57192.168.2.5
      Mar 14, 2025 01:40:09.799313068 CET4434979092.122.215.57192.168.2.5
      Mar 14, 2025 01:40:09.799673080 CET4434979192.122.215.57192.168.2.5
      Mar 14, 2025 01:40:09.800398111 CET49792443192.168.2.592.122.215.57
      Mar 14, 2025 01:40:09.800411940 CET4434979292.122.215.57192.168.2.5
      Mar 14, 2025 01:40:09.800659895 CET49792443192.168.2.592.122.215.57
      Mar 14, 2025 01:40:09.800729036 CET49792443192.168.2.592.122.215.57
      Mar 14, 2025 01:40:09.800748110 CET4434979292.122.215.57192.168.2.5
      Mar 14, 2025 01:40:09.800791025 CET49792443192.168.2.592.122.215.57
      Mar 14, 2025 01:40:09.801842928 CET49793443192.168.2.592.122.215.57
      Mar 14, 2025 01:40:09.801856995 CET4434979392.122.215.57192.168.2.5
      Mar 14, 2025 01:40:09.801920891 CET49793443192.168.2.592.122.215.57
      Mar 14, 2025 01:40:09.801973104 CET49793443192.168.2.592.122.215.57
      Mar 14, 2025 01:40:09.801996946 CET4434979392.122.215.57192.168.2.5
      Mar 14, 2025 01:40:09.802042007 CET49793443192.168.2.592.122.215.57
      TimestampSource PortDest PortSource IPDest IP
      Mar 14, 2025 01:39:56.079938889 CET53605481.1.1.1192.168.2.5
      Mar 14, 2025 01:39:56.082930088 CET53513321.1.1.1192.168.2.5
      Mar 14, 2025 01:40:00.104744911 CET5207553192.168.2.51.1.1.1
      Mar 14, 2025 01:40:00.104926109 CET5836653192.168.2.51.1.1.1
      Mar 14, 2025 01:40:00.111412048 CET53520751.1.1.1192.168.2.5
      Mar 14, 2025 01:40:00.111447096 CET53583661.1.1.1192.168.2.5
      Mar 14, 2025 01:40:01.720258951 CET5270753192.168.2.51.1.1.1
      Mar 14, 2025 01:40:01.720904112 CET5304653192.168.2.51.1.1.1
      Mar 14, 2025 01:40:01.734848022 CET53530461.1.1.1192.168.2.5
      Mar 14, 2025 01:40:01.750447989 CET53527071.1.1.1192.168.2.5
      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
      Mar 14, 2025 01:40:00.104744911 CET192.168.2.51.1.1.10x730fStandard query (0)www.google.comA (IP address)IN (0x0001)false
      Mar 14, 2025 01:40:00.104926109 CET192.168.2.51.1.1.10xd9Standard query (0)www.google.com65IN (0x0001)false
      Mar 14, 2025 01:40:01.720258951 CET192.168.2.51.1.1.10xfec7Standard query (0)meteamasklloginn.webflow.ioA (IP address)IN (0x0001)false
      Mar 14, 2025 01:40:01.720904112 CET192.168.2.51.1.1.10x7096Standard query (0)meteamasklloginn.webflow.io65IN (0x0001)false
      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
      Mar 14, 2025 01:40:00.111412048 CET1.1.1.1192.168.2.50x730fNo error (0)www.google.com216.58.206.68A (IP address)IN (0x0001)false
      Mar 14, 2025 01:40:00.111447096 CET1.1.1.1192.168.2.50xd9No error (0)www.google.com65IN (0x0001)false
      Mar 14, 2025 01:40:01.734848022 CET1.1.1.1192.168.2.50x7096No error (0)meteamasklloginn.webflow.io65IN (0x0001)false
      Mar 14, 2025 01:40:01.750447989 CET1.1.1.1192.168.2.50xfec7No error (0)meteamasklloginn.webflow.io172.64.151.8A (IP address)IN (0x0001)false
      Mar 14, 2025 01:40:01.750447989 CET1.1.1.1192.168.2.50xfec7No error (0)meteamasklloginn.webflow.io104.18.36.248A (IP address)IN (0x0001)false
      0510152025s020406080100

      Click to jump to process

      0510152025s0.0050100MB

      Click to jump to process

      Target ID:3
      Start time:20:39:50
      Start date:13/03/2025
      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
      Wow64 process (32bit):false
      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
      Imagebase:0x7ff65bd60000
      File size:3'388'000 bytes
      MD5 hash:E81F54E6C1129887AEA47E7D092680BF
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low
      Has exited:false

      Target ID:4
      Start time:20:39:54
      Start date:13/03/2025
      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
      Wow64 process (32bit):false
      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2016,i,11600984243989709786,12468429322676649553,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2044 /prefetch:3
      Imagebase:0x7ff684cc0000
      File size:3'388'000 bytes
      MD5 hash:E81F54E6C1129887AEA47E7D092680BF
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low
      Has exited:false

      Target ID:5
      Start time:20:39:56
      Start date:13/03/2025
      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
      Wow64 process (32bit):false
      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2016,i,11600984243989709786,12468429322676649553,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=5008 /prefetch:8
      Imagebase:0x7ff684cc0000
      File size:3'388'000 bytes
      MD5 hash:E81F54E6C1129887AEA47E7D092680BF
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low
      Has exited:false

      Target ID:8
      Start time:20:40:00
      Start date:13/03/2025
      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
      Wow64 process (32bit):false
      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://meteamasklloginn.webflow.io/"
      Imagebase:0x7ff684cc0000
      File size:3'388'000 bytes
      MD5 hash:E81F54E6C1129887AEA47E7D092680BF
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low
      Has exited:true
      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

      No disassembly