Edit tour

Windows Analysis Report
https://www.google.com/url?q=https%3A%2F%2Fme.pwvk4.shop%2Feco.html&sa=D&sntz=1&usg=AOvVaw0TH_t6elPUdrmLbkcii4ce

Overview

General Information

Sample URL:https://www.google.com/url?q=https%3A%2F%2Fme.pwvk4.shop%2Feco.html&sa=D&sntz=1&usg=AOvVaw0TH_t6elPUdrmLbkcii4ce
Analysis ID:1644548
Infos:

Detection

Score:48
Range:0 - 100
Confidence:100%

Signatures

Antivirus detection for URL or domain
Creates files inside the system directory
Deletes files inside the Windows folder

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • chrome.exe (PID: 5292 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 5388 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2380,i,4120371299041682914,15196245815766887205,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2428 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 6860 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.google.com/url?q=https%3A%2F%2Fme.pwvk4.shop%2Feco.html&sa=D&sntz=1&usg=AOvVaw0TH_t6elPUdrmLbkcii4ce" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: https://me.pwvk4.shop/eco.htmlAvira URL Cloud: Label: malware
Source: unknownHTTPS traffic detected: 142.251.35.164:443 -> 192.168.2.4:49721 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.67
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.67
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.67
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.67
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.67
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.67
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.67
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /url?q=https%3A%2F%2Fme.pwvk4.shop%2Feco.html&sa=D&sntz=1&usg=AOvVaw0TH_t6elPUdrmLbkcii4ce HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Browser-Channel: stableX-Browser-Year: 2025X-Browser-Validation: wTKGXmLo+sPWz1JKKbFzUyHly1Q=X-Browser-Copyright: Copyright 2025 Google LLC. All rights reserved.X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEI0qDKAQig4coBCJKhywEInP7MAQiFoM0BCL7VzgEIgNbOAQjI3M4BCIrgzgEIruTOAQiL5c4BSec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global trafficHTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: me.pwvk4.shop
Source: chromecache_52.2.drString found in binary or memory: https://me.pwvk4.shop/eco.html
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49680 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 142.251.35.164:443 -> 192.168.2.4:49721 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5292_1111503899Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir5292_1111503899Jump to behavior
Source: classification engineClassification label: mal48.win@28/2@4/3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2380,i,4120371299041682914,15196245815766887205,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2428 /prefetch:3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.google.com/url?q=https%3A%2F%2Fme.pwvk4.shop%2Feco.html&sa=D&sntz=1&usg=AOvVaw0TH_t6elPUdrmLbkcii4ce"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2380,i,4120371299041682914,15196245815766887205,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2428 /prefetch:3Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection
1
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
File Deletion
Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer
Traffic DuplicationData Destruction
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1644548 URL: https://www.google.com/url?... Startdate: 20/03/2025 Architecture: WINDOWS Score: 48 20 Antivirus detection for URL or domain 2->20 6 chrome.exe 2 2->6         started        9 chrome.exe 2->9         started        process3 dnsIp4 14 192.168.2.4, 138, 443, 49709 unknown unknown 6->14 11 chrome.exe 6->11         started        process5 dnsIp6 16 www.google.com 142.251.35.164, 443, 49721, 49745 GOOGLEUS United States 11->16 18 me.pwvk4.shop 173.212.192.171, 443, 49725, 49726 CONTABODE Germany 11->18

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
https://www.google.com/url?q=https%3A%2F%2Fme.pwvk4.shop%2Feco.html&sa=D&sntz=1&usg=AOvVaw0TH_t6elPUdrmLbkcii4ce0%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://me.pwvk4.shop/eco.html100%Avira URL Cloudmalware

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
www.google.com
142.251.35.164
truefalse
    high
    me.pwvk4.shop
    173.212.192.171
    truefalse
      unknown
      NameMaliciousAntivirus DetectionReputation
      https://www.google.com/url?q=https%3A%2F%2Fme.pwvk4.shop%2Feco.html&sa=D&sntz=1&usg=AOvVaw0TH_t6elPUdrmLbkcii4cefalse
        high
        NameSourceMaliciousAntivirus DetectionReputation
        https://me.pwvk4.shop/eco.htmlchromecache_52.2.drfalse
        • Avira URL Cloud: malware
        unknown
        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs
        IPDomainCountryFlagASNASN NameMalicious
        142.251.35.164
        www.google.comUnited States
        15169GOOGLEUSfalse
        173.212.192.171
        me.pwvk4.shopGermany
        51167CONTABODEfalse
        IP
        192.168.2.4
        Joe Sandbox version:42.0.0 Malachite
        Analysis ID:1644548
        Start date and time:2025-03-20 17:13:28 +01:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:0h 2m 55s
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:browseurl.jbs
        Sample URL:https://www.google.com/url?q=https%3A%2F%2Fme.pwvk4.shop%2Feco.html&sa=D&sntz=1&usg=AOvVaw0TH_t6elPUdrmLbkcii4ce
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Number of analysed new started processes analysed:20
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • EGA enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Detection:MAL
        Classification:mal48.win@28/2@4/3
        • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, RuntimeBroker.exe, ShellExperienceHost.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
        • Excluded IPs from analysis (whitelisted): 142.251.32.99, 142.250.65.206, 192.178.155.84, 142.251.41.14, 23.33.192.6, 43.152.136.170, 142.251.32.110, 142.250.80.78, 142.250.65.227, 142.251.40.110, 142.251.35.174, 142.250.81.227, 142.251.40.206, 142.251.40.142, 184.31.69.3, 20.12.23.50
        • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, ocsp.digicert.com, update.googleapis.com, clients.l.google.com, www.gstatic.com, c.pki.goog
        • Not all processes where analyzed, report is missing behavior information
        • Report size getting too big, too many NtOpenFile calls found.
        • VT rate limit hit for: https://www.google.com/url?q=https%3A%2F%2Fme.pwvk4.shop%2Feco.html&amp;sa=D&amp;sntz=1&amp;usg=AOvVaw0TH_t6elPUdrmLbkcii4ce
        No simulations
        No context
        No context
        No context
        No context
        No context
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:HTML document, ASCII text, with CRLF, LF line terminators
        Category:downloaded
        Size (bytes):346
        Entropy (8bit):5.298693368672564
        Encrypted:false
        SSDEEP:6:wBzkrQWR0iYBtqW3kUWPq2JlKIOiB2gk7uR3Hp71QrizYmP:4krY1trWPqfUd3TQrpA
        MD5:C0581837DDD990944DEEE6105C64644E
        SHA1:CB2CCE75C7161FCCB27943650B91062EDB90D41D
        SHA-256:24AD030C9B4356B78D432C3274FFC3388F2D614C7539AF0FF2001D2277A5C227
        SHA-512:D23C23480E0680052761886A3AA2E3CE36174E4E2B23D1BDB7328F0931813DF82F5B8853222FE0E1C6AF4FE09F179C0D645AA47E657D5F3F6209EF646BC99545
        Malicious:false
        Reputation:low
        URL:https://www.google.com/url?q=https%3A%2F%2Fme.pwvk4.shop%2Feco.html&sa=D&sntz=1&usg=AOvVaw0TH_t6elPUdrmLbkcii4ce
        Preview:<HTML><HEAD>.<meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>Redirecting</TITLE>.<META HTTP-EQUIV="refresh" content="1; url=https://me.pwvk4.shop/eco.html">.</HEAD>.<BODY onLoad="location.replace('https://me.pwvk4.shop/eco.html'+document.location.hash)">.Redirecting you to https://me.pwvk4.shop/eco.html</BODY></HTML>..
        No static file info

        Download Network PCAP: filteredfull

        • Total Packets: 63
        • 443 (HTTPS)
        • 80 (HTTP)
        • 53 (DNS)
        TimestampSource PortDest PortSource IPDest IP
        Mar 20, 2025 17:14:18.698616982 CET4968180192.168.2.42.17.190.73
        Mar 20, 2025 17:14:26.246757030 CET49671443192.168.2.4204.79.197.203
        Mar 20, 2025 17:14:26.596818924 CET49671443192.168.2.4204.79.197.203
        Mar 20, 2025 17:14:27.213540077 CET49671443192.168.2.4204.79.197.203
        Mar 20, 2025 17:14:28.307378054 CET4968180192.168.2.42.17.190.73
        Mar 20, 2025 17:14:28.416719913 CET49671443192.168.2.4204.79.197.203
        Mar 20, 2025 17:14:30.198342085 CET49721443192.168.2.4142.251.35.164
        Mar 20, 2025 17:14:30.198435068 CET44349721142.251.35.164192.168.2.4
        Mar 20, 2025 17:14:30.198554993 CET49721443192.168.2.4142.251.35.164
        Mar 20, 2025 17:14:30.198709965 CET49721443192.168.2.4142.251.35.164
        Mar 20, 2025 17:14:30.198744059 CET44349721142.251.35.164192.168.2.4
        Mar 20, 2025 17:14:30.414021969 CET44349721142.251.35.164192.168.2.4
        Mar 20, 2025 17:14:30.414257050 CET49721443192.168.2.4142.251.35.164
        Mar 20, 2025 17:14:30.415379047 CET49721443192.168.2.4142.251.35.164
        Mar 20, 2025 17:14:30.415409088 CET44349721142.251.35.164192.168.2.4
        Mar 20, 2025 17:14:30.415831089 CET44349721142.251.35.164192.168.2.4
        Mar 20, 2025 17:14:30.463643074 CET49721443192.168.2.4142.251.35.164
        Mar 20, 2025 17:14:30.823051929 CET49671443192.168.2.4204.79.197.203
        Mar 20, 2025 17:14:31.624288082 CET49721443192.168.2.4142.251.35.164
        Mar 20, 2025 17:14:31.668329954 CET44349721142.251.35.164192.168.2.4
        Mar 20, 2025 17:14:31.856329918 CET44349721142.251.35.164192.168.2.4
        Mar 20, 2025 17:14:31.856441975 CET44349721142.251.35.164192.168.2.4
        Mar 20, 2025 17:14:31.856586933 CET49721443192.168.2.4142.251.35.164
        Mar 20, 2025 17:14:31.876243114 CET49721443192.168.2.4142.251.35.164
        Mar 20, 2025 17:14:31.876318932 CET44349721142.251.35.164192.168.2.4
        Mar 20, 2025 17:14:32.095650911 CET49725443192.168.2.4173.212.192.171
        Mar 20, 2025 17:14:32.095747948 CET44349725173.212.192.171192.168.2.4
        Mar 20, 2025 17:14:32.095944881 CET49725443192.168.2.4173.212.192.171
        Mar 20, 2025 17:14:32.096330881 CET49726443192.168.2.4173.212.192.171
        Mar 20, 2025 17:14:32.096419096 CET44349726173.212.192.171192.168.2.4
        Mar 20, 2025 17:14:32.096491098 CET49725443192.168.2.4173.212.192.171
        Mar 20, 2025 17:14:32.096513033 CET49726443192.168.2.4173.212.192.171
        Mar 20, 2025 17:14:32.096534014 CET44349725173.212.192.171192.168.2.4
        Mar 20, 2025 17:14:32.097162962 CET49726443192.168.2.4173.212.192.171
        Mar 20, 2025 17:14:32.097203016 CET44349726173.212.192.171192.168.2.4
        Mar 20, 2025 17:14:35.014436007 CET49678443192.168.2.420.189.173.27
        Mar 20, 2025 17:14:35.323028088 CET49678443192.168.2.420.189.173.27
        Mar 20, 2025 17:14:35.636488914 CET49671443192.168.2.4204.79.197.203
        Mar 20, 2025 17:14:35.934381008 CET49678443192.168.2.420.189.173.27
        Mar 20, 2025 17:14:37.142899036 CET49678443192.168.2.420.189.173.27
        Mar 20, 2025 17:14:37.408868074 CET49709443192.168.2.4131.253.33.254
        Mar 20, 2025 17:14:37.412802935 CET49709443192.168.2.4131.253.33.254
        Mar 20, 2025 17:14:37.412837982 CET49709443192.168.2.4131.253.33.254
        Mar 20, 2025 17:14:37.512208939 CET44349709131.253.33.254192.168.2.4
        Mar 20, 2025 17:14:37.513689041 CET44349709131.253.33.254192.168.2.4
        Mar 20, 2025 17:14:37.513765097 CET44349709131.253.33.254192.168.2.4
        Mar 20, 2025 17:14:37.513767004 CET49709443192.168.2.4131.253.33.254
        Mar 20, 2025 17:14:37.513817072 CET49709443192.168.2.4131.253.33.254
        Mar 20, 2025 17:14:37.514899969 CET49709443192.168.2.4131.253.33.254
        Mar 20, 2025 17:14:37.516817093 CET44349709131.253.33.254192.168.2.4
        Mar 20, 2025 17:14:37.516834021 CET44349709131.253.33.254192.168.2.4
        Mar 20, 2025 17:14:37.519311905 CET44349709131.253.33.254192.168.2.4
        Mar 20, 2025 17:14:37.519328117 CET44349709131.253.33.254192.168.2.4
        Mar 20, 2025 17:14:37.519387007 CET49709443192.168.2.4131.253.33.254
        Mar 20, 2025 17:14:37.531109095 CET49709443192.168.2.4131.253.33.254
        Mar 20, 2025 17:14:37.620481014 CET44349709131.253.33.254192.168.2.4
        Mar 20, 2025 17:14:37.635193110 CET44349709131.253.33.254192.168.2.4
        Mar 20, 2025 17:14:37.637644053 CET44349709131.253.33.254192.168.2.4
        Mar 20, 2025 17:14:37.637660980 CET44349709131.253.33.254192.168.2.4
        Mar 20, 2025 17:14:37.637708902 CET49709443192.168.2.4131.253.33.254
        Mar 20, 2025 17:14:37.637749910 CET49709443192.168.2.4131.253.33.254
        Mar 20, 2025 17:14:37.641053915 CET49680443192.168.2.4204.79.197.222
        Mar 20, 2025 17:14:37.641236067 CET49731443192.168.2.4204.79.197.222
        Mar 20, 2025 17:14:37.641290903 CET44349731204.79.197.222192.168.2.4
        Mar 20, 2025 17:14:37.641356945 CET49731443192.168.2.4204.79.197.222
        Mar 20, 2025 17:14:37.641733885 CET49731443192.168.2.4204.79.197.222
        Mar 20, 2025 17:14:37.641747952 CET44349731204.79.197.222192.168.2.4
        Mar 20, 2025 17:14:37.867718935 CET4973280192.168.2.4142.250.80.67
        Mar 20, 2025 17:14:37.950803995 CET49680443192.168.2.4204.79.197.222
        Mar 20, 2025 17:14:37.953547955 CET44349731204.79.197.222192.168.2.4
        Mar 20, 2025 17:14:37.953639030 CET49731443192.168.2.4204.79.197.222
        Mar 20, 2025 17:14:37.964956045 CET8049732142.250.80.67192.168.2.4
        Mar 20, 2025 17:14:37.965034008 CET4973280192.168.2.4142.250.80.67
        Mar 20, 2025 17:14:37.965166092 CET4973280192.168.2.4142.250.80.67
        Mar 20, 2025 17:14:38.062841892 CET8049732142.250.80.67192.168.2.4
        Mar 20, 2025 17:14:38.063338041 CET8049732142.250.80.67192.168.2.4
        Mar 20, 2025 17:14:38.067502022 CET4973280192.168.2.4142.250.80.67
        Mar 20, 2025 17:14:38.164695024 CET8049732142.250.80.67192.168.2.4
        Mar 20, 2025 17:14:38.218802929 CET4973280192.168.2.4142.250.80.67
        Mar 20, 2025 17:14:38.556977034 CET49680443192.168.2.4204.79.197.222
        Mar 20, 2025 17:14:39.544061899 CET49678443192.168.2.420.189.173.27
        Mar 20, 2025 17:14:39.762434959 CET49680443192.168.2.4204.79.197.222
        Mar 20, 2025 17:14:42.172049046 CET49680443192.168.2.4204.79.197.222
        Mar 20, 2025 17:14:44.353262901 CET49678443192.168.2.420.189.173.27
        Mar 20, 2025 17:14:45.250240088 CET49671443192.168.2.4204.79.197.203
        Mar 20, 2025 17:14:46.979095936 CET49680443192.168.2.4204.79.197.222
        Mar 20, 2025 17:14:53.967797995 CET49678443192.168.2.420.189.173.27
        Mar 20, 2025 17:14:56.589451075 CET49680443192.168.2.4204.79.197.222
        Mar 20, 2025 17:15:02.108572006 CET49725443192.168.2.4173.212.192.171
        Mar 20, 2025 17:15:02.108638048 CET49726443192.168.2.4173.212.192.171
        Mar 20, 2025 17:15:02.152365923 CET44349726173.212.192.171192.168.2.4
        Mar 20, 2025 17:15:02.156330109 CET44349725173.212.192.171192.168.2.4
        Mar 20, 2025 17:15:03.157748938 CET49737443192.168.2.4173.212.192.171
        Mar 20, 2025 17:15:03.157793045 CET44349737173.212.192.171192.168.2.4
        Mar 20, 2025 17:15:03.157972097 CET49738443192.168.2.4173.212.192.171
        Mar 20, 2025 17:15:03.158009052 CET44349738173.212.192.171192.168.2.4
        Mar 20, 2025 17:15:03.158119917 CET49737443192.168.2.4173.212.192.171
        Mar 20, 2025 17:15:03.158121109 CET49738443192.168.2.4173.212.192.171
        Mar 20, 2025 17:15:03.158363104 CET49738443192.168.2.4173.212.192.171
        Mar 20, 2025 17:15:03.158376932 CET44349738173.212.192.171192.168.2.4
        Mar 20, 2025 17:15:03.158438921 CET49737443192.168.2.4173.212.192.171
        Mar 20, 2025 17:15:03.158452988 CET44349737173.212.192.171192.168.2.4
        Mar 20, 2025 17:15:20.060657024 CET49740443192.168.2.4173.212.192.171
        Mar 20, 2025 17:15:20.060700893 CET44349740173.212.192.171192.168.2.4
        Mar 20, 2025 17:15:20.060762882 CET49740443192.168.2.4173.212.192.171
        Mar 20, 2025 17:15:20.061342955 CET49740443192.168.2.4173.212.192.171
        Mar 20, 2025 17:15:20.061355114 CET44349740173.212.192.171192.168.2.4
        Mar 20, 2025 17:15:28.863107920 CET49744443192.168.2.4173.212.192.171
        Mar 20, 2025 17:15:28.863163948 CET44349744173.212.192.171192.168.2.4
        Mar 20, 2025 17:15:28.863282919 CET49744443192.168.2.4173.212.192.171
        Mar 20, 2025 17:15:28.863425970 CET49744443192.168.2.4173.212.192.171
        Mar 20, 2025 17:15:28.863437891 CET44349744173.212.192.171192.168.2.4
        Mar 20, 2025 17:15:30.152700901 CET49745443192.168.2.4142.251.35.164
        Mar 20, 2025 17:15:30.152802944 CET44349745142.251.35.164192.168.2.4
        Mar 20, 2025 17:15:30.152896881 CET49745443192.168.2.4142.251.35.164
        Mar 20, 2025 17:15:30.153146029 CET49745443192.168.2.4142.251.35.164
        Mar 20, 2025 17:15:30.153172016 CET44349745142.251.35.164192.168.2.4
        Mar 20, 2025 17:15:30.374979973 CET44349745142.251.35.164192.168.2.4
        Mar 20, 2025 17:15:30.378936052 CET49745443192.168.2.4142.251.35.164
        Mar 20, 2025 17:15:30.379025936 CET44349745142.251.35.164192.168.2.4
        Mar 20, 2025 17:15:33.166301966 CET49738443192.168.2.4173.212.192.171
        Mar 20, 2025 17:15:33.166416883 CET49737443192.168.2.4173.212.192.171
        Mar 20, 2025 17:15:33.208323956 CET44349737173.212.192.171192.168.2.4
        Mar 20, 2025 17:15:33.208337069 CET44349738173.212.192.171192.168.2.4
        Mar 20, 2025 17:15:37.757380962 CET49748443192.168.2.4173.212.192.171
        Mar 20, 2025 17:15:37.757416010 CET44349748173.212.192.171192.168.2.4
        Mar 20, 2025 17:15:37.757488966 CET49748443192.168.2.4173.212.192.171
        Mar 20, 2025 17:15:37.758172035 CET49748443192.168.2.4173.212.192.171
        Mar 20, 2025 17:15:37.758207083 CET44349748173.212.192.171192.168.2.4
        Mar 20, 2025 17:15:38.604547977 CET4973280192.168.2.4142.250.80.67
        Mar 20, 2025 17:15:38.698242903 CET8049732142.250.80.67192.168.2.4
        Mar 20, 2025 17:15:38.698447943 CET4973280192.168.2.4142.250.80.67
        Mar 20, 2025 17:15:40.382153034 CET44349745142.251.35.164192.168.2.4
        Mar 20, 2025 17:15:40.382205963 CET44349745142.251.35.164192.168.2.4
        Mar 20, 2025 17:15:40.382275105 CET49745443192.168.2.4142.251.35.164
        Mar 20, 2025 17:15:42.097376108 CET49745443192.168.2.4142.251.35.164
        Mar 20, 2025 17:15:42.097415924 CET44349745142.251.35.164192.168.2.4
        Mar 20, 2025 17:15:46.507241011 CET49752443192.168.2.4173.212.192.171
        Mar 20, 2025 17:15:46.507282019 CET44349752173.212.192.171192.168.2.4
        Mar 20, 2025 17:15:46.507541895 CET49752443192.168.2.4173.212.192.171
        Mar 20, 2025 17:15:46.507641077 CET49752443192.168.2.4173.212.192.171
        Mar 20, 2025 17:15:46.507657051 CET44349752173.212.192.171192.168.2.4
        Mar 20, 2025 17:15:47.167793036 CET49726443192.168.2.4173.212.192.171
        Mar 20, 2025 17:15:47.167857885 CET44349726173.212.192.171192.168.2.4
        Mar 20, 2025 17:15:47.167906046 CET49725443192.168.2.4173.212.192.171
        Mar 20, 2025 17:15:47.167969942 CET44349725173.212.192.171192.168.2.4
        Mar 20, 2025 17:15:50.072402954 CET49740443192.168.2.4173.212.192.171
        Mar 20, 2025 17:15:50.120317936 CET44349740173.212.192.171192.168.2.4
        TimestampSource PortDest PortSource IPDest IP
        Mar 20, 2025 17:14:26.025969028 CET53574021.1.1.1192.168.2.4
        Mar 20, 2025 17:14:26.037811041 CET53633931.1.1.1192.168.2.4
        Mar 20, 2025 17:14:26.985266924 CET53602161.1.1.1192.168.2.4
        Mar 20, 2025 17:14:30.089495897 CET6169653192.168.2.41.1.1.1
        Mar 20, 2025 17:14:30.089606047 CET5123953192.168.2.41.1.1.1
        Mar 20, 2025 17:14:30.193698883 CET53512391.1.1.1192.168.2.4
        Mar 20, 2025 17:14:30.197135925 CET53616961.1.1.1192.168.2.4
        Mar 20, 2025 17:14:31.985167980 CET6204153192.168.2.41.1.1.1
        Mar 20, 2025 17:14:31.985800028 CET6023553192.168.2.41.1.1.1
        Mar 20, 2025 17:14:32.090683937 CET53602351.1.1.1192.168.2.4
        Mar 20, 2025 17:14:32.094311953 CET53620411.1.1.1192.168.2.4
        Mar 20, 2025 17:14:43.994743109 CET53634001.1.1.1192.168.2.4
        Mar 20, 2025 17:15:02.088939905 CET53505601.1.1.1192.168.2.4
        Mar 20, 2025 17:15:02.855297089 CET53643261.1.1.1192.168.2.4
        Mar 20, 2025 17:15:25.592703104 CET53634441.1.1.1192.168.2.4
        Mar 20, 2025 17:15:25.789093018 CET53577111.1.1.1192.168.2.4
        Mar 20, 2025 17:15:28.442660093 CET53645081.1.1.1192.168.2.4
        Mar 20, 2025 17:15:34.487042904 CET138138192.168.2.4192.168.2.255
        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
        Mar 20, 2025 17:14:30.089495897 CET192.168.2.41.1.1.10xeaa3Standard query (0)www.google.comA (IP address)IN (0x0001)false
        Mar 20, 2025 17:14:30.089606047 CET192.168.2.41.1.1.10x88aStandard query (0)www.google.com65IN (0x0001)false
        Mar 20, 2025 17:14:31.985167980 CET192.168.2.41.1.1.10x71edStandard query (0)me.pwvk4.shopA (IP address)IN (0x0001)false
        Mar 20, 2025 17:14:31.985800028 CET192.168.2.41.1.1.10xf1c0Standard query (0)me.pwvk4.shop65IN (0x0001)false
        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
        Mar 20, 2025 17:14:30.193698883 CET1.1.1.1192.168.2.40x88aNo error (0)www.google.com65IN (0x0001)false
        Mar 20, 2025 17:14:30.197135925 CET1.1.1.1192.168.2.40xeaa3No error (0)www.google.com142.251.35.164A (IP address)IN (0x0001)false
        Mar 20, 2025 17:14:32.094311953 CET1.1.1.1192.168.2.40x71edNo error (0)me.pwvk4.shop173.212.192.171A (IP address)IN (0x0001)false
        • www.google.com
        • c.pki.goog
        Session IDSource IPSource PortDestination IPDestination Port
        0192.168.2.449732142.250.80.6780
        TimestampBytes transferredDirectionData
        Mar 20, 2025 17:14:37.965166092 CET202OUTGET /r/gsr1.crl HTTP/1.1
        Cache-Control: max-age = 3000
        Connection: Keep-Alive
        Accept: */*
        If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMT
        User-Agent: Microsoft-CryptoAPI/10.0
        Host: c.pki.goog
        Mar 20, 2025 17:14:38.063338041 CET221INHTTP/1.1 304 Not Modified
        Date: Thu, 20 Mar 2025 16:13:27 GMT
        Expires: Thu, 20 Mar 2025 17:03:27 GMT
        Age: 71
        Last-Modified: Tue, 07 Jan 2025 07:28:00 GMT
        Cache-Control: public, max-age=3000
        Vary: Accept-Encoding
        Mar 20, 2025 17:14:38.067502022 CET200OUTGET /r/r4.crl HTTP/1.1
        Cache-Control: max-age = 3000
        Connection: Keep-Alive
        Accept: */*
        If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT
        User-Agent: Microsoft-CryptoAPI/10.0
        Host: c.pki.goog
        Mar 20, 2025 17:14:38.164695024 CET221INHTTP/1.1 304 Not Modified
        Date: Thu, 20 Mar 2025 16:13:30 GMT
        Expires: Thu, 20 Mar 2025 17:03:30 GMT
        Age: 68
        Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
        Cache-Control: public, max-age=3000
        Vary: Accept-Encoding


        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
        0192.168.2.449721142.251.35.1644435388C:\Program Files\Google\Chrome\Application\chrome.exe
        TimestampBytes transferredDirectionData
        2025-03-20 16:14:31 UTC1041OUTGET /url?q=https%3A%2F%2Fme.pwvk4.shop%2Feco.html&sa=D&sntz=1&usg=AOvVaw0TH_t6elPUdrmLbkcii4ce HTTP/1.1
        Host: www.google.com
        Connection: keep-alive
        sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
        sec-ch-ua-mobile: ?0
        sec-ch-ua-platform: "Windows"
        Upgrade-Insecure-Requests: 1
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
        X-Browser-Channel: stable
        X-Browser-Year: 2025
        X-Browser-Validation: wTKGXmLo+sPWz1JKKbFzUyHly1Q=
        X-Browser-Copyright: Copyright 2025 Google LLC. All rights reserved.
        X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEI0qDKAQig4coBCJKhywEInP7MAQiFoM0BCL7VzgEIgNbOAQjI3M4BCIrgzgEIruTOAQiL5c4B
        Sec-Fetch-Site: none
        Sec-Fetch-Mode: navigate
        Sec-Fetch-User: ?1
        Sec-Fetch-Dest: document
        Accept-Encoding: gzip, deflate, br, zstd
        Accept-Language: en-US,en;q=0.9
        2025-03-20 16:14:31 UTC811INHTTP/1.1 200 OK
        Location: https://me.pwvk4.shop/eco.html
        Cache-Control: private
        Content-Type: text/html; charset=UTF-8
        Strict-Transport-Security: max-age=31536000
        Permissions-Policy: unload=()
        P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
        Date: Thu, 20 Mar 2025 16:14:31 GMT
        Server: gws
        Content-Length: 346
        X-XSS-Protection: 0
        Expires: Thu, 20 Mar 2025 16:14:31 GMT
        Set-Cookie: NID=522=v4IvUU0JtEYiOjnbDNm5pddZFs0IBDKkI_D8cN-aCWGnKOhYslDMajpcRYkcpS3mZ-Z9qj4K8Q1XYV1V7x9cWTo7cI8Wkmxf1PdEztnBtoLohiKxlxDB7k2lZ_SiPM7eLr_5HN4ECi5yAkmWAl2IlsrJObJp7cnbKO6cZRbwWBtz804acxkxAytjW2VhosvysjSS8a_veUZJDF_hl28; expires=Fri, 19-Sep-2025 16:14:31 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
        Connection: close
        2025-03-20 16:14:31 UTC346INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 52 65 64 69 72 65 63 74 69 6e 67 3c 2f 54 49 54 4c 45 3e 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 31 3b 20 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 6d 65 2e 70 77 76 6b 34 2e 73 68 6f 70 2f 65 63 6f 2e 68 74 6d 6c 22 3e 0a 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 6f 6e 4c 6f 61 64 3d 22 6c 6f 63 61 74 69 6f 6e 2e 72 65 70 6c 61 63 65 28 27 68 74 74 70 73 3a 2f 2f 6d 65 2e 70 77 76 6b 34 2e 73 68 6f 70 2f 65 63 6f 2e 68 74 6d 6c 27 2b
        Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>Redirecting</TITLE><META HTTP-EQUIV="refresh" content="1; url=https://me.pwvk4.shop/eco.html"></HEAD><BODY onLoad="location.replace('https://me.pwvk4.shop/eco.html'+


        020406080s020406080100

        Click to jump to process

        020406080s0.0050100MB

        Click to jump to process

        Target ID:1
        Start time:12:14:20
        Start date:20/03/2025
        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
        Imagebase:0x7ff786830000
        File size:3'388'000 bytes
        MD5 hash:E81F54E6C1129887AEA47E7D092680BF
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Has exited:false

        Target ID:2
        Start time:12:14:24
        Start date:20/03/2025
        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2380,i,4120371299041682914,15196245815766887205,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2428 /prefetch:3
        Imagebase:0x7ff786830000
        File size:3'388'000 bytes
        MD5 hash:E81F54E6C1129887AEA47E7D092680BF
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Has exited:false

        Target ID:4
        Start time:12:14:30
        Start date:20/03/2025
        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.google.com/url?q=https%3A%2F%2Fme.pwvk4.shop%2Feco.html&sa=D&sntz=1&usg=AOvVaw0TH_t6elPUdrmLbkcii4ce"
        Imagebase:0x7ff786830000
        File size:3'388'000 bytes
        MD5 hash:E81F54E6C1129887AEA47E7D092680BF
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Has exited:true
        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

        No disassembly