Edit tour

Windows Analysis Report
http://e9ccawf5esyyffhp.premilkyway.com

Overview

General Information

Sample URL:http://e9ccawf5esyyffhp.premilkyway.com
Analysis ID:1658937
Infos:

Detection

Score:56
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Creates files inside the system directory
Deletes files inside the Windows folder

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • chrome.exe (PID: 7012 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 6204 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2020,i,4875125219528698518,6719171176563428912,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=1988 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 7188 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2020,i,4875125219528698518,6719171176563428912,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=4984 /prefetch:8 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 7396 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://e9ccawf5esyyffhp.premilkyway.com" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: http://e9ccawf5esyyffhp.premilkyway.comAvira URL Cloud: detection malicious, Label: malware
Source: https://e9ccawf5esyyffhp.premilkyway.com/favicon.icoAvira URL Cloud: Label: malware
Source: https://e9ccawf5esyyffhp.premilkyway.com/HTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 142.251.40.164:443 -> 192.168.2.5:49700 version: TLS 1.2
Source: unknownHTTPS traffic detected: 217.147.172.104:443 -> 192.168.2.5:49703 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.67
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.67
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.67
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.67
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.67
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.67
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.67
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.67
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: e9ccawf5esyyffhp.premilkyway.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: e9ccawf5esyyffhp.premilkyway.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://e9ccawf5esyyffhp.premilkyway.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIk6HLAQiJo8sBCIWgzQEI9s/OAQiB1s4BCMDYzgEI0uDOAQiv5M4BCOLkzgEIi+XOAQ==Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global trafficHTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: e9ccawf5esyyffhp.premilkyway.com
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 08 Apr 2025 06:07:13 GMTContent-Type: text/html; charset=utf-8Content-Length: 9Connection: closeETag: "48b2e2b8-9"
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownHTTPS traffic detected: 142.251.40.164:443 -> 192.168.2.5:49700 version: TLS 1.2
Source: unknownHTTPS traffic detected: 217.147.172.104:443 -> 192.168.2.5:49703 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir7012_204609730Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir7012_204609730Jump to behavior
Source: classification engineClassification label: mal56.win@24/6@6/3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2020,i,4875125219528698518,6719171176563428912,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=1988 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2020,i,4875125219528698518,6719171176563428912,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=4984 /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://e9ccawf5esyyffhp.premilkyway.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2020,i,4875125219528698518,6719171176563428912,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=1988 /prefetch:3Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2020,i,4875125219528698518,6719171176563428912,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=4984 /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection
1
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
File Deletion
Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer
Traffic DuplicationData Destruction
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1658937 URL: http://e9ccawf5esyyffhp.pre... Startdate: 08/04/2025 Architecture: WINDOWS Score: 56 22 Antivirus detection for URL or domain 2->22 24 Antivirus / Scanner detection for submitted sample 2->24 6 chrome.exe 2 2->6         started        9 chrome.exe 2->9         started        process3 dnsIp4 16 192.168.2.5, 138, 443, 49642 unknown unknown 6->16 11 chrome.exe 6->11         started        14 chrome.exe 6->14         started        process5 dnsIp6 18 www.google.com 142.251.40.164, 443, 49700, 49714 GOOGLEUS United States 11->18 20 e9ccawf5esyyffhp.premilkyway.com 217.147.172.104, 443, 49701, 49702 ETOP-ASPL Ukraine 11->20

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
http://e9ccawf5esyyffhp.premilkyway.com100%Avira URL Cloudmalware
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://e9ccawf5esyyffhp.premilkyway.com/favicon.ico100%Avira URL Cloudmalware

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
www.google.com
142.251.40.164
truefalse
    high
    e9ccawf5esyyffhp.premilkyway.com
    217.147.172.104
    truefalse
      unknown
      NameMaliciousAntivirus DetectionReputation
      http://c.pki.goog/r/gsr1.crlfalse
        high
        http://c.pki.goog/r/r4.crlfalse
          high
          https://e9ccawf5esyyffhp.premilkyway.com/false
            unknown
            https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhEfalse
              high
              https://e9ccawf5esyyffhp.premilkyway.com/favicon.icofalse
              • Avira URL Cloud: malware
              unknown
              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs
              IPDomainCountryFlagASNASN NameMalicious
              142.251.40.164
              www.google.comUnited States
              15169GOOGLEUSfalse
              217.147.172.104
              e9ccawf5esyyffhp.premilkyway.comUkraine
              20853ETOP-ASPLfalse
              IP
              192.168.2.5
              Joe Sandbox version:42.0.0 Malachite
              Analysis ID:1658937
              Start date and time:2025-04-08 08:06:12 +02:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 3m 3s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:browseurl.jbs
              Sample URL:http://e9ccawf5esyyffhp.premilkyway.com
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:14
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Detection:MAL
              Classification:mal56.win@24/6@6/3
              EGA Information:Failed
              HCA Information:
              • Successful, ratio: 100%
              • Number of executed functions: 0
              • Number of non-executed functions: 0
              • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
              • Excluded IPs from analysis (whitelisted): 199.232.210.172, 142.251.35.163, 142.250.80.110, 172.253.115.84, 142.251.32.110, 142.250.65.206, 142.250.65.174, 142.251.40.174, 142.250.65.238, 142.251.40.206, 142.251.40.110, 142.250.65.227, 142.251.40.131, 184.31.69.3, 172.202.163.200
              • Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, accounts.google.com, redirector.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, c.pki.goog, fe3cr.delivery.mp.microsoft.com
              • Not all processes where analyzed, report is missing behavior information
              • Report size getting too big, too many NtOpenFile calls found.
              • VT rate limit hit for: http://e9ccawf5esyyffhp.premilkyway.com
              No simulations
              No context
              No context
              No context
              No context
              No context
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:ASCII text, with no line terminators
              Category:downloaded
              Size (bytes):9
              Entropy (8bit):2.94770277922009
              Encrypted:false
              SSDEEP:3:Obn:Obn
              MD5:9D1EAD73E678FA2F51A70A933B0BF017
              SHA1:D205CBD6783332A212C5AE92D73C77178C2D2F28
              SHA-256:0019DFC4B32D63C1392AA264AED2253C1E0C2FB09216F8E2CC269BBFB8BB49B5
              SHA-512:935B3D516E996F6D25948BA8A54C1B7F70F7F0E3F517E36481FDF0196C2C5CFC2841F86E891F3DF9517746B7FB605DB47CDDED1B8FF78D9482DDAA621DB43A34
              Malicious:false
              Reputation:low
              URL:https://e9ccawf5esyyffhp.premilkyway.com/favicon.ico
              Preview:Not Found
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:HTML document, ASCII text
              Category:downloaded
              Size (bytes):138
              Entropy (8bit):4.298358974402016
              Encrypted:false
              SSDEEP:3:qVvzLUROngsoMHXbvxL4AqWsMgs0U9ClITULLP61IWKBc4NGb:qFzLIigsoCXLx0AqWDgs01lIgLP8IWK4
              MD5:0B8D672CB96B50A89E2FB404804F91A6
              SHA1:604FE9D10D1975090C63AEAE820A7ED076F72948
              SHA-256:BF21A7489A5BBB1E04E6AD11A83E47C958B4DA1610A5C272C0D2DDD5822F47D2
              SHA-512:D7EC9C9C7EB519A96D67D3184C8D20511350951EF103E8973879A91EB9EF33CA3FBA8BED0F017271C7B3F19C76C63D3B6E8692E0FDF5F60D233D84C1B07C53A3
              Malicious:false
              Reputation:low
              URL:https://e9ccawf5esyyffhp.premilkyway.com/
              Preview:<html>.<head><title>403 Forbidden</title></head>.<body>.<center><h1>403 Forbidden</h1></center>.<hr><center>nginx</center>.</body>.</html>
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:ASCII text, with very long lines (892)
              Category:downloaded
              Size (bytes):897
              Entropy (8bit):5.190126773531937
              Encrypted:false
              SSDEEP:24:hVEMMWLQQ9KUr6BHslgT1d1uawBATNuPld7FN2t2t2t2t2t2t2tomffffffo:zZQIGKlgJXwBABudJFNYYYYYYYomfffw
              MD5:9E0F927CC7051E71CF75A3EA65920822
              SHA1:EAAB583C89B48AD952C13F4D788A26F5ACB171F5
              SHA-256:E7B925588737ED26BF75F23B27B1F78C93578AC064D07CC7B94C86E43FCBE14D
              SHA-512:731223364EFCE8676E0CCBFD778DAB2D683CA930E81BCA68376105C6922B58316A6DB28974F6FE8AE2BCCCF1BDB9D18B9E568423C5A3A7A4BC90E11128C03EB5
              Malicious:false
              Reputation:low
              URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE
              Preview:)]}'.["",["monster hunter wilds blackember mass","arsenal vs real madrid champions league","dante devil may cry anime netflix","brazil visa requirements","lowes stores closing","dire wolf de extinction","type rune codes roblox","detroit tigers vs new york yankees"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChoIkk4SFQoRVHJlbmRpbmcgc2VhcmNoZXMoCg\u003d\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggesteventid":"-6312024143853492737","google:suggestrelevance":[1252,1251,1250,601,600,552,551,550],"google:suggestsubtypes":[[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]
              No static file info

              Download Network PCAP: filteredfull

              • Total Packets: 65
              • 443 (HTTPS)
              • 80 (HTTP)
              • 53 (DNS)
              TimestampSource PortDest PortSource IPDest IP
              Apr 8, 2025 08:06:57.670425892 CEST49672443192.168.2.5204.79.197.203
              Apr 8, 2025 08:07:02.482920885 CEST49672443192.168.2.5204.79.197.203
              Apr 8, 2025 08:07:04.224247932 CEST49676443192.168.2.520.189.173.14
              Apr 8, 2025 08:07:04.529795885 CEST49676443192.168.2.520.189.173.14
              Apr 8, 2025 08:07:05.139170885 CEST49676443192.168.2.520.189.173.14
              Apr 8, 2025 08:07:05.777496099 CEST4969180192.168.2.5142.250.80.67
              Apr 8, 2025 08:07:05.871984959 CEST8049691142.250.80.67192.168.2.5
              Apr 8, 2025 08:07:05.872097015 CEST4969180192.168.2.5142.250.80.67
              Apr 8, 2025 08:07:05.897092104 CEST4969180192.168.2.5142.250.80.67
              Apr 8, 2025 08:07:05.992388010 CEST8049691142.250.80.67192.168.2.5
              Apr 8, 2025 08:07:05.993216038 CEST8049691142.250.80.67192.168.2.5
              Apr 8, 2025 08:07:05.993386030 CEST8049691142.250.80.67192.168.2.5
              Apr 8, 2025 08:07:05.993444920 CEST4969180192.168.2.5142.250.80.67
              Apr 8, 2025 08:07:06.342288971 CEST49676443192.168.2.520.189.173.14
              Apr 8, 2025 08:07:06.440937996 CEST4969180192.168.2.5142.250.80.67
              Apr 8, 2025 08:07:06.536197901 CEST8049691142.250.80.67192.168.2.5
              Apr 8, 2025 08:07:06.588670969 CEST4969180192.168.2.5142.250.80.67
              Apr 8, 2025 08:07:08.749234915 CEST49676443192.168.2.520.189.173.14
              Apr 8, 2025 08:07:10.849718094 CEST49700443192.168.2.5142.251.40.164
              Apr 8, 2025 08:07:10.849761009 CEST44349700142.251.40.164192.168.2.5
              Apr 8, 2025 08:07:10.850045919 CEST49700443192.168.2.5142.251.40.164
              Apr 8, 2025 08:07:10.850045919 CEST49700443192.168.2.5142.251.40.164
              Apr 8, 2025 08:07:10.850078106 CEST44349700142.251.40.164192.168.2.5
              Apr 8, 2025 08:07:11.052745104 CEST44349700142.251.40.164192.168.2.5
              Apr 8, 2025 08:07:11.052812099 CEST49700443192.168.2.5142.251.40.164
              Apr 8, 2025 08:07:11.054074049 CEST49700443192.168.2.5142.251.40.164
              Apr 8, 2025 08:07:11.054081917 CEST44349700142.251.40.164192.168.2.5
              Apr 8, 2025 08:07:11.054321051 CEST44349700142.251.40.164192.168.2.5
              Apr 8, 2025 08:07:11.108005047 CEST49700443192.168.2.5142.251.40.164
              Apr 8, 2025 08:07:11.798301935 CEST4970180192.168.2.5217.147.172.104
              Apr 8, 2025 08:07:11.798610926 CEST4970280192.168.2.5217.147.172.104
              Apr 8, 2025 08:07:11.816679955 CEST49703443192.168.2.5217.147.172.104
              Apr 8, 2025 08:07:11.816730022 CEST44349703217.147.172.104192.168.2.5
              Apr 8, 2025 08:07:11.816993952 CEST49703443192.168.2.5217.147.172.104
              Apr 8, 2025 08:07:11.817558050 CEST49703443192.168.2.5217.147.172.104
              Apr 8, 2025 08:07:11.817569017 CEST44349703217.147.172.104192.168.2.5
              Apr 8, 2025 08:07:12.012180090 CEST8049702217.147.172.104192.168.2.5
              Apr 8, 2025 08:07:12.012264013 CEST8049701217.147.172.104192.168.2.5
              Apr 8, 2025 08:07:12.094274998 CEST49672443192.168.2.5204.79.197.203
              Apr 8, 2025 08:07:12.455632925 CEST44349703217.147.172.104192.168.2.5
              Apr 8, 2025 08:07:12.455718040 CEST49703443192.168.2.5217.147.172.104
              Apr 8, 2025 08:07:12.456862926 CEST49703443192.168.2.5217.147.172.104
              Apr 8, 2025 08:07:12.456877947 CEST44349703217.147.172.104192.168.2.5
              Apr 8, 2025 08:07:12.457139015 CEST44349703217.147.172.104192.168.2.5
              Apr 8, 2025 08:07:12.457438946 CEST49703443192.168.2.5217.147.172.104
              Apr 8, 2025 08:07:12.500279903 CEST44349703217.147.172.104192.168.2.5
              Apr 8, 2025 08:07:12.517584085 CEST4970280192.168.2.5217.147.172.104
              Apr 8, 2025 08:07:12.517750025 CEST4970180192.168.2.5217.147.172.104
              Apr 8, 2025 08:07:12.729362011 CEST8049702217.147.172.104192.168.2.5
              Apr 8, 2025 08:07:12.729999065 CEST8049701217.147.172.104192.168.2.5
              Apr 8, 2025 08:07:12.865626097 CEST44349703217.147.172.104192.168.2.5
              Apr 8, 2025 08:07:12.865701914 CEST44349703217.147.172.104192.168.2.5
              Apr 8, 2025 08:07:12.865803957 CEST49703443192.168.2.5217.147.172.104
              Apr 8, 2025 08:07:12.867011070 CEST49703443192.168.2.5217.147.172.104
              Apr 8, 2025 08:07:12.867034912 CEST44349703217.147.172.104192.168.2.5
              Apr 8, 2025 08:07:12.971385002 CEST49704443192.168.2.5217.147.172.104
              Apr 8, 2025 08:07:12.971441031 CEST44349704217.147.172.104192.168.2.5
              Apr 8, 2025 08:07:12.971571922 CEST49704443192.168.2.5217.147.172.104
              Apr 8, 2025 08:07:12.971719980 CEST49704443192.168.2.5217.147.172.104
              Apr 8, 2025 08:07:12.971731901 CEST44349704217.147.172.104192.168.2.5
              Apr 8, 2025 08:07:13.235519886 CEST4970180192.168.2.5217.147.172.104
              Apr 8, 2025 08:07:13.235560894 CEST4970280192.168.2.5217.147.172.104
              Apr 8, 2025 08:07:13.452785969 CEST8049701217.147.172.104192.168.2.5
              Apr 8, 2025 08:07:13.452810049 CEST8049702217.147.172.104192.168.2.5
              Apr 8, 2025 08:07:13.551793098 CEST49676443192.168.2.520.189.173.14
              Apr 8, 2025 08:07:13.612981081 CEST44349704217.147.172.104192.168.2.5
              Apr 8, 2025 08:07:13.659027100 CEST49704443192.168.2.5217.147.172.104
              Apr 8, 2025 08:07:13.660681009 CEST49704443192.168.2.5217.147.172.104
              Apr 8, 2025 08:07:13.660692930 CEST44349704217.147.172.104192.168.2.5
              Apr 8, 2025 08:07:13.660859108 CEST49704443192.168.2.5217.147.172.104
              Apr 8, 2025 08:07:13.660866022 CEST44349704217.147.172.104192.168.2.5
              Apr 8, 2025 08:07:13.959491014 CEST4970180192.168.2.5217.147.172.104
              Apr 8, 2025 08:07:13.959614992 CEST4970280192.168.2.5217.147.172.104
              Apr 8, 2025 08:07:14.028337955 CEST44349704217.147.172.104192.168.2.5
              Apr 8, 2025 08:07:14.028419971 CEST44349704217.147.172.104192.168.2.5
              Apr 8, 2025 08:07:14.028489113 CEST49704443192.168.2.5217.147.172.104
              Apr 8, 2025 08:07:14.034617901 CEST49704443192.168.2.5217.147.172.104
              Apr 8, 2025 08:07:14.034641981 CEST44349704217.147.172.104192.168.2.5
              Apr 8, 2025 08:07:14.173669100 CEST8049702217.147.172.104192.168.2.5
              Apr 8, 2025 08:07:14.173691034 CEST8049701217.147.172.104192.168.2.5
              Apr 8, 2025 08:07:14.687828064 CEST4970180192.168.2.5217.147.172.104
              Apr 8, 2025 08:07:14.687956095 CEST4970280192.168.2.5217.147.172.104
              Apr 8, 2025 08:07:14.899003983 CEST8049701217.147.172.104192.168.2.5
              Apr 8, 2025 08:07:14.899038076 CEST8049702217.147.172.104192.168.2.5
              Apr 8, 2025 08:07:15.367465973 CEST49700443192.168.2.5142.251.40.164
              Apr 8, 2025 08:07:15.408269882 CEST44349700142.251.40.164192.168.2.5
              Apr 8, 2025 08:07:15.486821890 CEST44349700142.251.40.164192.168.2.5
              Apr 8, 2025 08:07:15.488703012 CEST44349700142.251.40.164192.168.2.5
              Apr 8, 2025 08:07:15.488774061 CEST49700443192.168.2.5142.251.40.164
              Apr 8, 2025 08:07:15.490161896 CEST49700443192.168.2.5142.251.40.164
              Apr 8, 2025 08:07:15.490180969 CEST44349700142.251.40.164192.168.2.5
              Apr 8, 2025 08:07:23.155384064 CEST49676443192.168.2.520.189.173.14
              Apr 8, 2025 08:08:06.639116049 CEST4969180192.168.2.5142.250.80.67
              Apr 8, 2025 08:08:06.733448982 CEST8049691142.250.80.67192.168.2.5
              Apr 8, 2025 08:08:06.733503103 CEST4969180192.168.2.5142.250.80.67
              Apr 8, 2025 08:08:10.813697100 CEST49714443192.168.2.5142.251.40.164
              Apr 8, 2025 08:08:10.813747883 CEST44349714142.251.40.164192.168.2.5
              Apr 8, 2025 08:08:10.813828945 CEST49714443192.168.2.5142.251.40.164
              Apr 8, 2025 08:08:10.813999891 CEST49714443192.168.2.5142.251.40.164
              Apr 8, 2025 08:08:10.814006090 CEST44349714142.251.40.164192.168.2.5
              Apr 8, 2025 08:08:11.011647940 CEST44349714142.251.40.164192.168.2.5
              Apr 8, 2025 08:08:11.011944056 CEST49714443192.168.2.5142.251.40.164
              Apr 8, 2025 08:08:11.012021065 CEST44349714142.251.40.164192.168.2.5
              Apr 8, 2025 08:08:21.054827929 CEST44349714142.251.40.164192.168.2.5
              Apr 8, 2025 08:08:21.054889917 CEST44349714142.251.40.164192.168.2.5
              Apr 8, 2025 08:08:21.054944992 CEST49714443192.168.2.5142.251.40.164
              Apr 8, 2025 08:08:22.689369917 CEST49714443192.168.2.5142.251.40.164
              Apr 8, 2025 08:08:22.689409018 CEST44349714142.251.40.164192.168.2.5
              TimestampSource PortDest PortSource IPDest IP
              Apr 8, 2025 08:07:06.313232899 CEST53599151.1.1.1192.168.2.5
              Apr 8, 2025 08:07:06.477689981 CEST53544021.1.1.1192.168.2.5
              Apr 8, 2025 08:07:07.169136047 CEST53611741.1.1.1192.168.2.5
              Apr 8, 2025 08:07:10.749552011 CEST5072153192.168.2.51.1.1.1
              Apr 8, 2025 08:07:10.749753952 CEST5654553192.168.2.51.1.1.1
              Apr 8, 2025 08:07:10.848392010 CEST53565451.1.1.1192.168.2.5
              Apr 8, 2025 08:07:10.848417044 CEST53507211.1.1.1192.168.2.5
              Apr 8, 2025 08:07:11.694183111 CEST4971353192.168.2.51.1.1.1
              Apr 8, 2025 08:07:11.694520950 CEST5922153192.168.2.51.1.1.1
              Apr 8, 2025 08:07:11.711668015 CEST6379053192.168.2.51.1.1.1
              Apr 8, 2025 08:07:11.711842060 CEST6535353192.168.2.51.1.1.1
              Apr 8, 2025 08:07:11.794706106 CEST53497131.1.1.1192.168.2.5
              Apr 8, 2025 08:07:11.796295881 CEST53592211.1.1.1192.168.2.5
              Apr 8, 2025 08:07:11.814110041 CEST53637901.1.1.1192.168.2.5
              Apr 8, 2025 08:07:11.814377069 CEST53653531.1.1.1192.168.2.5
              Apr 8, 2025 08:07:24.263241053 CEST53564771.1.1.1192.168.2.5
              Apr 8, 2025 08:07:42.988750935 CEST53571931.1.1.1192.168.2.5
              Apr 8, 2025 08:08:04.785619974 CEST138138192.168.2.5192.168.2.255
              Apr 8, 2025 08:08:05.489176035 CEST53594541.1.1.1192.168.2.5
              Apr 8, 2025 08:08:06.149708986 CEST53587471.1.1.1192.168.2.5
              Apr 8, 2025 08:08:09.177805901 CEST53496421.1.1.1192.168.2.5
              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
              Apr 8, 2025 08:07:10.749552011 CEST192.168.2.51.1.1.10xbeafStandard query (0)www.google.comA (IP address)IN (0x0001)false
              Apr 8, 2025 08:07:10.749753952 CEST192.168.2.51.1.1.10x3d48Standard query (0)www.google.com65IN (0x0001)false
              Apr 8, 2025 08:07:11.694183111 CEST192.168.2.51.1.1.10x23b5Standard query (0)e9ccawf5esyyffhp.premilkyway.comA (IP address)IN (0x0001)false
              Apr 8, 2025 08:07:11.694520950 CEST192.168.2.51.1.1.10x782Standard query (0)e9ccawf5esyyffhp.premilkyway.com65IN (0x0001)false
              Apr 8, 2025 08:07:11.711668015 CEST192.168.2.51.1.1.10x70f4Standard query (0)e9ccawf5esyyffhp.premilkyway.comA (IP address)IN (0x0001)false
              Apr 8, 2025 08:07:11.711842060 CEST192.168.2.51.1.1.10x8c6bStandard query (0)e9ccawf5esyyffhp.premilkyway.com65IN (0x0001)false
              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
              Apr 8, 2025 08:07:10.848392010 CEST1.1.1.1192.168.2.50x3d48No error (0)www.google.com65IN (0x0001)false
              Apr 8, 2025 08:07:10.848417044 CEST1.1.1.1192.168.2.50xbeafNo error (0)www.google.com142.251.40.164A (IP address)IN (0x0001)false
              Apr 8, 2025 08:07:11.794706106 CEST1.1.1.1192.168.2.50x23b5No error (0)e9ccawf5esyyffhp.premilkyway.com217.147.172.104A (IP address)IN (0x0001)false
              Apr 8, 2025 08:07:11.814110041 CEST1.1.1.1192.168.2.50x70f4No error (0)e9ccawf5esyyffhp.premilkyway.com217.147.172.104A (IP address)IN (0x0001)false
              • e9ccawf5esyyffhp.premilkyway.com
              • www.google.com
              • c.pki.goog
              Session IDSource IPSource PortDestination IPDestination Port
              0192.168.2.549691142.250.80.6780
              TimestampBytes transferredDirectionData
              Apr 8, 2025 08:07:05.897092104 CEST202OUTGET /r/gsr1.crl HTTP/1.1
              Cache-Control: max-age = 3000
              Connection: Keep-Alive
              Accept: */*
              If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMT
              User-Agent: Microsoft-CryptoAPI/10.0
              Host: c.pki.goog
              Apr 8, 2025 08:07:05.993216038 CEST1254INHTTP/1.1 200 OK
              Accept-Ranges: bytes
              Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
              Cross-Origin-Resource-Policy: cross-origin
              Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
              Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
              Content-Length: 1739
              X-Content-Type-Options: nosniff
              Server: sffe
              X-XSS-Protection: 0
              Date: Tue, 08 Apr 2025 05:24:49 GMT
              Expires: Tue, 08 Apr 2025 06:14:49 GMT
              Cache-Control: public, max-age=3000
              Age: 2536
              Last-Modified: Mon, 07 Apr 2025 13:58:00 GMT
              Content-Type: application/pkix-crl
              Vary: Accept-Encoding
              Data Raw: 30 82 06 c7 30 82 05 af 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 57 31 0b 30 09 06 03 55 04 06 13 02 42 45 31 19 30 17 06 03 55 04 0a 13 10 47 6c 6f 62 61 6c 53 69 67 6e 20 6e 76 2d 73 61 31 10 30 0e 06 03 55 04 0b 13 07 52 6f 6f 74 20 43 41 31 1b 30 19 06 03 55 04 03 13 12 47 6c 6f 62 61 6c 53 69 67 6e 20 52 6f 6f 74 20 43 41 17 0d 32 35 30 34 30 37 30 30 30 30 30 30 5a 17 0d 32 35 30 37 31 35 30 30 30 30 30 30 5a 30 82 04 f1 30 2a 02 0b 04 00 00 00 00 01 1e 44 a5 e4 04 17 0d 31 34 31 31 32 35 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2a 02 0b 04 00 00 00 00 01 29 45 c3 a8 0f 17 0d 31 34 31 31 32 35 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2a 02 0b 04 00 00 00 00 01 20 19 c1 8d 68 17 0d 31 34 31 31 32 35 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2a 02 0b 04 00 00 00 00 01 2c 5e 7f 1a 88 17 0d 31 34 31 31 32 35 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2a 02 0b 04 00 00 00 00 01 15 4b 5a [TRUNCATED]
              Data Ascii: 000*H0W10UBE10UGlobalSign nv-sa10URoot CA10UGlobalSign Root CA250407000000Z250715000000Z00*D141125000000Z00U0*)E141125000000Z00U0* h141125000000Z00U0*,^141125000000Z00U0*KZ160107000000Z00U0*/NIR170419000000Z00U0*/NG170419000000Z00U0*/N9191120000000Z00U0*/N=k191204000000Z00U
              Apr 8, 2025 08:07:05.993386030 CEST1199INData Raw: 04 03 0a 01 05 30 2a 02 0b 04 00 00 00 00 01 2f 4e e1 3b 58 17 0d 31 39 31 32 30 34 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2d 02 0e 47 c3 0f ff 8a 61 9a 37 f5 a8 2e f0 b5 75 17 0d 32 30 30 36 33 30 30 30 30 30 30 30 5a
              Data Ascii: 0*/N;X191204000000Z00U0-Ga7.u200630000000Z00U0-GA>ThA200630000000Z00U0-GK&TA+200630000000Z00U0*6::200711160000Z00U0/vSBS
              Apr 8, 2025 08:07:06.440937996 CEST200OUTGET /r/r4.crl HTTP/1.1
              Cache-Control: max-age = 3000
              Connection: Keep-Alive
              Accept: */*
              If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT
              User-Agent: Microsoft-CryptoAPI/10.0
              Host: c.pki.goog
              Apr 8, 2025 08:07:06.536197901 CEST1243INHTTP/1.1 200 OK
              Accept-Ranges: bytes
              Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
              Cross-Origin-Resource-Policy: cross-origin
              Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
              Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
              Content-Length: 530
              X-Content-Type-Options: nosniff
              Server: sffe
              X-XSS-Protection: 0
              Date: Tue, 08 Apr 2025 05:17:11 GMT
              Expires: Tue, 08 Apr 2025 06:07:11 GMT
              Cache-Control: public, max-age=3000
              Age: 2995
              Last-Modified: Thu, 03 Apr 2025 14:18:00 GMT
              Content-Type: application/pkix-crl
              Vary: Accept-Encoding
              Data Raw: 30 82 02 0e 30 82 01 93 02 01 01 30 0a 06 08 2a 86 48 ce 3d 04 03 03 30 47 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 22 30 20 06 03 55 04 0a 13 19 47 6f 6f 67 6c 65 20 54 72 75 73 74 20 53 65 72 76 69 63 65 73 20 4c 4c 43 31 14 30 12 06 03 55 04 03 13 0b 47 54 53 20 52 6f 6f 74 20 52 34 17 0d 32 35 30 34 30 33 30 38 30 30 30 30 5a 17 0d 32 36 30 32 32 38 30 37 35 39 35 39 5a 30 81 e9 30 2f 02 10 6e 47 a9 ce 4f 46 c2 3d e2 49 ea cc 38 94 53 73 17 0d 31 39 30 39 33 30 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 01 f0 9c 5b 70 05 a6 dc 86 e2 f9 9e f3 17 0d 32 30 30 31 33 31 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 01 fe a5 81 44 7e 3b fd 3b b8 1c 24 98 17 0d 32 33 30 36 31 33 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 02 16 68 25 e1 70 04 40 61 24 91 f5 40 17 0d 32 35 30 34 30 33 30 38 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 02 00 8e b2 58 e7 b5 94 0c 1f f9 00 44 17 0d 32 35 30 [TRUNCATED]
              Data Ascii: 000*H=0G10UUS1"0 UGoogle Trust Services LLC10UGTS Root R4250403080000Z260228075959Z00/nGOF=I8Ss190930000000Z00U0,[p200131000000Z00U0,D~;;$230613000000Z00U0,h%p@a$@250403080000Z00U0,XD250403080000Z00U/0-0U0U#0LtI6>j0*H=i0f1>2en:IN@g=;bQZ~`NX1?^4y[$\4{;$zDeU6O


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              0192.168.2.549703217.147.172.1044436204C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              2025-04-08 06:07:12 UTC682OUTGET / HTTP/1.1
              Host: e9ccawf5esyyffhp.premilkyway.com
              Connection: keep-alive
              Upgrade-Insecure-Requests: 1
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
              sec-ch-ua-mobile: ?0
              sec-ch-ua-platform: "Windows"
              Sec-Fetch-Site: none
              Sec-Fetch-Mode: navigate
              Sec-Fetch-User: ?1
              Sec-Fetch-Dest: document
              Accept-Encoding: gzip, deflate, br, zstd
              Accept-Language: en-US,en;q=0.9
              2025-04-08 06:07:12 UTC311INHTTP/1.1 200 OK
              Server: nginx
              Date: Tue, 08 Apr 2025 06:07:12 GMT
              Content-Type: text/html; charset=UTF-8
              Content-Length: 138
              Connection: close
              Last-Modified: Fri, 19 Jul 2024 09:32:14 GMT
              ETag: "8a-61d965ede7521"
              Accept-Ranges: bytes
              X-Content-Type-Options: nosniff
              X-XSS-Protection: 1; mode=block
              2025-04-08 06:07:12 UTC138INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
              Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              1192.168.2.549704217.147.172.1044436204C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              2025-04-08 06:07:13 UTC627OUTGET /favicon.ico HTTP/1.1
              Host: e9ccawf5esyyffhp.premilkyway.com
              Connection: keep-alive
              sec-ch-ua-platform: "Windows"
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
              sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
              sec-ch-ua-mobile: ?0
              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
              Sec-Fetch-Site: same-origin
              Sec-Fetch-Mode: no-cors
              Sec-Fetch-Dest: image
              Referer: https://e9ccawf5esyyffhp.premilkyway.com/
              Accept-Encoding: gzip, deflate, br, zstd
              Accept-Language: en-US,en;q=0.9
              2025-04-08 06:07:14 UTC176INHTTP/1.1 404 Not Found
              Server: nginx
              Date: Tue, 08 Apr 2025 06:07:13 GMT
              Content-Type: text/html; charset=utf-8
              Content-Length: 9
              Connection: close
              ETag: "48b2e2b8-9"
              2025-04-08 06:07:14 UTC9INData Raw: 4e 6f 74 20 46 6f 75 6e 64
              Data Ascii: Not Found


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              2192.168.2.549700142.251.40.1644436204C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              2025-04-08 06:07:15 UTC575OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1
              Host: www.google.com
              Connection: keep-alive
              X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIk6HLAQiJo8sBCIWgzQEI9s/OAQiB1s4BCMDYzgEI0uDOAQiv5M4BCOLkzgEIi+XOAQ==
              Sec-Fetch-Site: none
              Sec-Fetch-Mode: no-cors
              Sec-Fetch-Dest: empty
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
              Accept-Encoding: gzip, deflate, br, zstd
              Accept-Language: en-US,en;q=0.9
              2025-04-08 06:07:15 UTC1303INHTTP/1.1 200 OK
              Date: Tue, 08 Apr 2025 06:07:15 GMT
              Pragma: no-cache
              Expires: -1
              Cache-Control: no-cache, must-revalidate
              Content-Type: text/javascript; charset=UTF-8
              Strict-Transport-Security: max-age=31536000
              Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-QEQZLhc9Sv6caToFV4iYug' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
              Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
              Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
              Accept-CH: Sec-CH-Prefers-Color-Scheme
              Accept-CH: Downlink
              Accept-CH: RTT
              Accept-CH: Sec-CH-UA-Form-Factors
              Accept-CH: Sec-CH-UA-Platform
              Accept-CH: Sec-CH-UA-Platform-Version
              Accept-CH: Sec-CH-UA-Full-Version
              Accept-CH: Sec-CH-UA-Arch
              Accept-CH: Sec-CH-UA-Model
              Accept-CH: Sec-CH-UA-Bitness
              Accept-CH: Sec-CH-UA-Full-Version-List
              Accept-CH: Sec-CH-UA-WoW64
              Permissions-Policy: unload=()
              Content-Disposition: attachment; filename="f.txt"
              Server: gws
              X-XSS-Protection: 0
              X-Frame-Options: SAMEORIGIN
              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
              Accept-Ranges: none
              Vary: Accept-Encoding
              Connection: close
              Transfer-Encoding: chunked
              2025-04-08 06:07:15 UTC904INData Raw: 33 38 31 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 6d 6f 6e 73 74 65 72 20 68 75 6e 74 65 72 20 77 69 6c 64 73 20 62 6c 61 63 6b 65 6d 62 65 72 20 6d 61 73 73 22 2c 22 61 72 73 65 6e 61 6c 20 76 73 20 72 65 61 6c 20 6d 61 64 72 69 64 20 63 68 61 6d 70 69 6f 6e 73 20 6c 65 61 67 75 65 22 2c 22 64 61 6e 74 65 20 64 65 76 69 6c 20 6d 61 79 20 63 72 79 20 61 6e 69 6d 65 20 6e 65 74 66 6c 69 78 22 2c 22 62 72 61 7a 69 6c 20 76 69 73 61 20 72 65 71 75 69 72 65 6d 65 6e 74 73 22 2c 22 6c 6f 77 65 73 20 73 74 6f 72 65 73 20 63 6c 6f 73 69 6e 67 22 2c 22 64 69 72 65 20 77 6f 6c 66 20 64 65 20 65 78 74 69 6e 63 74 69 6f 6e 22 2c 22 74 79 70 65 20 72 75 6e 65 20 63 6f 64 65 73 20 72 6f 62 6c 6f 78 22 2c 22 64 65 74 72 6f 69 74 20 74 69 67 65 72 73 20 76 73 20 6e 65 77
              Data Ascii: 381)]}'["",["monster hunter wilds blackember mass","arsenal vs real madrid champions league","dante devil may cry anime netflix","brazil visa requirements","lowes stores closing","dire wolf de extinction","type rune codes roblox","detroit tigers vs new
              2025-04-08 06:07:15 UTC5INData Raw: 30 0d 0a 0d 0a
              Data Ascii: 0


              020406080s020406080100

              Click to jump to process

              020406080s0.0050100MB

              Click to jump to process

              Target ID:0
              Start time:02:07:01
              Start date:08/04/2025
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
              Imagebase:0x7ff7c24c0000
              File size:3'388'000 bytes
              MD5 hash:E81F54E6C1129887AEA47E7D092680BF
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:false

              Target ID:3
              Start time:02:07:04
              Start date:08/04/2025
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2020,i,4875125219528698518,6719171176563428912,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=1988 /prefetch:3
              Imagebase:0x7ff7c24c0000
              File size:3'388'000 bytes
              MD5 hash:E81F54E6C1129887AEA47E7D092680BF
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:false

              Target ID:7
              Start time:02:07:07
              Start date:08/04/2025
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2020,i,4875125219528698518,6719171176563428912,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=4984 /prefetch:8
              Imagebase:0x7ff7c24c0000
              File size:3'388'000 bytes
              MD5 hash:E81F54E6C1129887AEA47E7D092680BF
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:false

              Target ID:10
              Start time:02:07:10
              Start date:08/04/2025
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://e9ccawf5esyyffhp.premilkyway.com"
              Imagebase:0x7ff7c24c0000
              File size:3'388'000 bytes
              MD5 hash:E81F54E6C1129887AEA47E7D092680BF
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:true
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

              No disassembly