Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
http://beowu-fye.com

Overview

General Information

Sample URL:http://beowu-fye.com
Analysis ID:1616901
Infos:

Detection

Score:48
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected non-DNS traffic on DNS port
Stores files to the Windows start menu directory

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 2760 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6720 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1972,i,14031306418187052657,1454622538581178170,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6424 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://beowu-fye.com" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • AV Detection
  • Networking
  • System Summary
  • Boot Survival

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: http://beowu-fye.comAvira URL Cloud: detection malicious, Label: malware
Source: global trafficTCP traffic: 192.168.2.16:56184 -> 1.1.1.1:53
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.77.188
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQi5ys0BCMfRzQEIidPNAQjc080BCMvWzQEI9NbNAQiK180BCKfYzQEI+cDUFRi60s0BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQi5ys0BCMfRzQEIidPNAQjc080BCMvWzQEI9NbNAQiK180BCKfYzQEI+cDUFRi60s0BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQi5ys0BCMfRzQEIidPNAQjc080BCMvWzQEI9NbNAQiK180BCKfYzQEI+cDUFRi60s0BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQi5ys0BCMfRzQEIidPNAQjc080BCMvWzQEI9NbNAQiK180BCKfYzQEI+cDUFRi60s0BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=beowu-fye.com&oit=3&cp=13&pgcl=4&gs_rn=42&psi=M2dVphHf0bJh_egF&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQi5ys0BCMfRzQEIidPNAQjc080BCMvWzQEI9NbNAQiK180BCKfYzQEI+cDUFRi60s0BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: beowu-fye.com
Source: global trafficDNS traffic detected: DNS query: google.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: chromecache_59.1.drString found in binary or memory: http://beowu-fye.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56228 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56228
Source: unknownNetwork traffic detected: HTTP traffic on port 56197 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56456
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56242
Source: unknownNetwork traffic detected: HTTP traffic on port 56242 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56456 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56197
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: classification engineClassification label: mal48.win@34/10@55/3
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1972,i,14031306418187052657,1454622538581178170,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://beowu-fye.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1972,i,14031306418187052657,1454622538581178170,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Google Drive.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder		1
Process Injection		1
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder		1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1616901 URL: http://beowu-fye.com Startdate: 17/02/2025 Architecture: WINDOWS Score: 48 15 beowu-fye.com 2->15 27 Antivirus / Scanner detection for submitted sample 2->27 7 chrome.exe 9 2->7         started        10 chrome.exe 2->10         started        signatures3 process4 dnsIp5 17 192.168.2.16, 138, 443, 49309 unknown unknown 7->17 19 239.255.255.250 unknown Reserved 7->19 12 chrome.exe 7->12         started        process6 dnsIp7 21 www.google.com 172.217.18.4, 443, 49709, 49712 GOOGLEUS United States 12->21 23 google.com 12->23 25 beowu-fye.com 12->25

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
http://beowu-fye.com100%Avira URL Cloudmalware

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
google.com
216.58.206.46
truefalse
    		high
    www.google.com
    		172.217.18.4
    		truefalse
      		high
      beowu-fye.com
      		unknown
      		unknownfalse
        		high

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
          		high
          https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=beowu-fye.com&oit=3&cp=13&pgcl=4&gs_rn=42&psi=M2dVphHf0bJh_egF&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
            		high
            NameSourceMaliciousAntivirus DetectionReputation
            http://beowu-fye.comchromecache_59.1.drfalse
              		high

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              239.255.255.250
              		unknownReserved
              		unknownunknownfalse
              172.217.18.4
              		www.google.comUnited States
              		15169GOOGLEUSfalse

              Private

              IP
              192.168.2.16

              General Information

              Joe Sandbox version:42.0.0 Malachite
              Analysis ID:1616901
              Start date and time:2025-02-17 10:31:28 +01:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 3m 25s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:defaultwindowsinteractivecookbook.jbs
              Sample URL:http://beowu-fye.com
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:13
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Detection:MAL
              Classification:mal48.win@34/10@55/3
              EGA Information:Failed
              HCA Information:
              • Successful, ratio: 100%
              • Number of executed functions: 0
              • Number of non-executed functions: 0
              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
              • Excluded IPs from analysis (whitelisted): 216.58.206.35, 142.250.184.206, 66.102.1.84, 142.250.184.238, 199.232.214.172, 142.250.186.46, 142.250.185.142, 142.250.186.142, 142.250.186.174, 172.217.18.110, 142.250.184.195, 142.250.185.110, 216.58.212.142, 2.19.106.160, 13.107.246.40, 4.175.87.197, 4.245.163.56
              • Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
              • Not all processes where analyzed, report is missing behavior information
              • VT rate limit hit for: http://beowu-fye.com

              Simulations

              Behavior and APIs

              No simulations

              Joe Sandbox View / Context

              IPs

              No context

              Domains

              No context

              ASNs

              No context

              JA3 Fingerprints

              No context

              Dropped Files

              No context

              Created / dropped Files

              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Feb 17 08:32:02 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2673
              Entropy (8bit):3.9838043277605437
              Encrypted:false
              SSDEEP:48:8X97dKT22/uHGidAKZdA1FehwiZUklqehoxy+3:8t07/jzy
              MD5:C9F1A3E2AAE77C161184E06E9A754595
              SHA1:AF816D2B25C13DBB9A725A20FA0AEF6A373127A9
              SHA-256:230E49EB97DEF81F924EBDDB37FAF28C60D30B7A2AFE833E8162B72A7819E2C9
              SHA-512:7DC37E1E9CC7E7DB48792AED1063555EAA7B796BCDEC93734C74043AFB8F963A8922F311CE891A6C03F8DA4C959A6217AB32DCA362DE46F9C4E52A8FBC5F96E6
              Malicious:false
              Reputation:low
              Preview:L..................F.@.. ...$+.,............N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IQZ.K....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VQZ.L....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VQZ.L....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VQZ.L..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VQZ.L...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........4..>.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Feb 17 08:32:02 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2675
              Entropy (8bit):3.998133799173138
              Encrypted:false
              SSDEEP:48:8FcdKT22/uHGidAKZdA1seh/iZUkAQkqehZxy+2:8F97/t9QCy
              MD5:69B472E6C83C0C6B7E7090017E7305E3
              SHA1:D3EF6F8DD95B9DC6D32F7C237961B2E8ECC0BB02
              SHA-256:1EE87A5E21C47B1D972163479F74DFB9F49D3D5044C86D88F16310A6BC7642B7
              SHA-512:8FCAAC35508D58577B9C4EF58CDF89187FC2E45EE5E85E34EAEDEBCDD3125A0ED3ABAC3AA2FA615AE796D3CCA8B80BA3CB959C2FEDD6F9C684FFEE558284CB63
              Malicious:false
              Reputation:low
              Preview:L..................F.@.. ...$+.,....^x......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IQZ.K....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VQZ.L....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VQZ.L....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VQZ.L..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VQZ.L...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........4..>.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2689
              Entropy (8bit):4.003414241795084
              Encrypted:false
              SSDEEP:48:8odKT22AHGidAKZdA14meh7sFiZUkmgqeh7sXxy+BX:8B7Xn3y
              MD5:DBB103226C067E0BAB538E40587189E5
              SHA1:5A541464B2765CCAE8FC152495FF65756AFDC688
              SHA-256:7880E338BE3F062E6ED10937EB2AD57207E7A7558E33DAC2DD054D487254C42F
              SHA-512:B7B91284B433E8660B5DC7B2EA780164D92BADC58A4E2121F4A4EB33F907FEA83D0F853F061AEC4F8BB83D753E0BBC7E08ADB868BCD700331A9A6CCA77D24284
              Malicious:false
              Reputation:low
              Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IQZ.K....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VQZ.L....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VQZ.L....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VQZ.L..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........4..>.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Feb 17 08:32:02 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2677
              Entropy (8bit):3.9993671696276616
              Encrypted:false
              SSDEEP:48:8vdKT22/uHGidAKZdA1TehDiZUkwqehdxy+R:8A7/epy
              MD5:BA704B9E2CB3C3A27FE8EC0DD1B39C21
              SHA1:2214543BDBF580F5D83BF9F29E8F044A649CC3C5
              SHA-256:55BA90101BB28A5D14BF86D062E4470C7701CD595DEAA75C71349C1564D61C40
              SHA-512:F28D2444D0579EFD06C6DF76D6EE8975097DCF4317853519FB33B541D23A3EB5221CE5253EABC96CC52D3105E91F30887C22A48DA962835A9EBED78EC938929A
              Malicious:false
              Reputation:low
              Preview:L..................F.@.. ...$+.,............N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IQZ.K....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VQZ.L....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VQZ.L....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VQZ.L..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VQZ.L...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........4..>.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Feb 17 08:32:02 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2677
              Entropy (8bit):3.9865280449265614
              Encrypted:false
              SSDEEP:48:8fdKT22/uHGidAKZdA1dehBiZUk1W1qehTxy+C:8w7/O9ly
              MD5:574DA1FB4DB1D4680B9FE392E4637E70
              SHA1:1A03D5EEA4961AAE5CA06F67A31F672CF91753A3
              SHA-256:F055B1793C92B1A2226DC0ECA68379DEDFB0C16760C38FE8FA0EDFBADCFAB2C9
              SHA-512:61B0EB7C40F8BE9427F7F5680C7C52C125D9CD87B8BDDBFD06E3194D26386DD4588C9EA4B1B730E4650D6D988DDD57FBC997DFC03F7806368A8314B4A45AE2A3
              Malicious:false
              Reputation:low
              Preview:L..................F.@.. ...$+.,............N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IQZ.K....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VQZ.L....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VQZ.L....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VQZ.L..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VQZ.L...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........4..>.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Feb 17 08:32:02 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2679
              Entropy (8bit):3.9951131779270876
              Encrypted:false
              SSDEEP:48:8YdKT22/uHGidAKZdA1duTeehOuTbbiZUk5OjqehOuTblxy+yT+:8x7/kTfTbxWOvTb3y7T
              MD5:39F894580A729457266CB95BDC94D623
              SHA1:77F4F8D365F09466204EEA2A29603F41CD02137E
              SHA-256:AB15BEA8FC19CB76E5429A8BDD8AC24B71BA60DC801460C6EB032415E5679F3D
              SHA-512:06DA669AE9F76EE371B6BC34DE9D05B1ECA80EAB2739600E8E1F647620475D9DBD0D3D70CB40428305A180F5DB9D884608F16A0E3B728D60000B7322EA869AE2
              Malicious:false
              Reputation:low
              Preview:L..................F.@.. ...$+.,....r.......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IQZ.K....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VQZ.L....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VQZ.L....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VQZ.L..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VQZ.L...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........4..>.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

              Chrome Cache Entry: 58

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:ASCII text, with very long lines (3931)
              Category:downloaded
              Size (bytes):3936
              Entropy (8bit):5.839417614863625
              Encrypted:false
              SSDEEP:96:6D+4liKIN6666W+Fq1V3/h4JXdYBbBEnJHp9z58qgUQffffo:e+uIN6666WUiREoQ9R
              MD5:F02F3D4D2F08880EB4AC4FB26465A03D
              SHA1:789484E4791D3373145243758E165B954E5D8CAB
              SHA-256:EF9A4D7529C5EBCF576925FF6A5DB8A364E5463F64AE7D6DEFFEFB843B42C583
              SHA-512:2157FCBA524109A6D3ACD722C13101ED9EE7BED789F6983C730221521161AE1EF491B0DCCB401F9DF36517751BFD4B1DE1D38E97D8D22BF3993AB13707FEAEA8
              Malicious:false
              Reputation:low
              URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
              Preview:)]}'.["",["volcanic eruption alaska","handmaids","tee times round 3 genesis invitational","united airlines flight emergency landing","nasa asteroid hitting earth 2032","xo kitty season 3 netflix","presidents day 2025 federal holiday","penn state vs ohio state wrestling"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"google:entityinfo":"Cg0vZy8xMWNuNmJ5NXo0EhFUZWxldmlzaW9uIHNlcmllczLvEGRhdGE6aW1hZ2UvanBlZztiYXNlNjQsLzlqLzRBQVFTa1pKUmdBQkFRQUFBUUFCQUFELzJ3Q0VBQWtHQndnSEJna0lCd2dLQ2drTERSWVBEUXdNRFJzVUZSQVdJQjBpSWlBZEh4OGtLRFFzSkNZeEp4OGZMVDB0TVRVM09qbzZJeXMvUkQ4NFF6UTVPamNCQ2dvS0RRd05HZzhQR2pjbEh5VTNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTi8vQUFCRUlBRUFBUUFNQkVRQUNFUUVERVFIL3hBQWFBQUFEQVFFQkFRQUFBQUFBQUFBQUFBQURCQVlGQWdjQi84UUFNaEFBQWdFREF3SURCUWNGQUFBQUFBQUFBUUlEQUFRUkJSSWhNVUVUVVdFR0ZDSnhrUWN5UW9HaDBlRVZJM0xCO

              Chrome Cache Entry: 59

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:ASCII text
              Category:downloaded
              Size (bytes):242
              Entropy (8bit):4.879683162800275
              Encrypted:false
              SSDEEP:6:VwgJdAvAwcvSqW4YNnBHsLrYriFGHLLCwGRVfJJZwGdGD7wWeXFEL13:ucaOvenBHsgriFu3CwuRJZw4m7wzC3
              MD5:A90F5C8EC2EABB39FC3CE5A19F666146
              SHA1:D1C27941FF2FD6DC549892A1B795853F8F60027B
              SHA-256:9EA8CCD467E1020979E6A0837D76E7608E29E87BCDA1B5AFB0455FAAED18F542
              SHA-512:B6BA95FCFDEED3BF6F9084C1116F95DEED0BBF3B3CE293E38F678BAD31BA620F244DC42321BF933554687A1E43C1D06307537CD4FDB034B95E443A43D4F23788
              Malicious:false
              Reputation:low
              URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=beowu-fye.com&oit=3&cp=13&pgcl=4&gs_rn=42&psi=M2dVphHf0bJh_egF&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
              Preview:)]}'.["beowu-fye.com",["http://beowu-fye.com"],[""],[],{"google:clientdata":{"bpc":false,"pre":0,"tlw":false},"google:suggestrelevance":[852],"google:suggestsubtypes":[[44]],"google:suggesttype":["NAVIGATION"],"google:verbatimrelevance":851}]

              Static File Info

              No static file info

              Network Behavior

              Download Network PCAP: filteredfull

              Network Port Distribution

              • Total Packets: 134
              • 443 (HTTPS)
              • 80 (HTTP)
              • 53 (DNS)
              TimestampSource PortDest PortSource IPDest IP
              Feb 17, 2025 10:31:59.869324923 CET49673443192.168.2.16204.79.197.203
              Feb 17, 2025 10:32:00.171982050 CET49673443192.168.2.16204.79.197.203
              Feb 17, 2025 10:32:00.778965950 CET49673443192.168.2.16204.79.197.203
              Feb 17, 2025 10:32:01.984092951 CET49673443192.168.2.16204.79.197.203
              Feb 17, 2025 10:32:03.229052067 CET4969080192.168.2.162.23.77.188
              Feb 17, 2025 10:32:03.229159117 CET4968980192.168.2.16192.229.211.108
              Feb 17, 2025 10:32:04.387902975 CET49673443192.168.2.16204.79.197.203
              Feb 17, 2025 10:32:05.741389036 CET49709443192.168.2.16172.217.18.4
              Feb 17, 2025 10:32:05.741491079 CET44349709172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:05.741626024 CET49709443192.168.2.16172.217.18.4
              Feb 17, 2025 10:32:05.741833925 CET49709443192.168.2.16172.217.18.4
              Feb 17, 2025 10:32:05.741868973 CET44349709172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:06.393188953 CET44349709172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:06.393517971 CET49709443192.168.2.16172.217.18.4
              Feb 17, 2025 10:32:06.393583059 CET44349709172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:06.394670963 CET44349709172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:06.394747019 CET49709443192.168.2.16172.217.18.4
              Feb 17, 2025 10:32:06.395791054 CET49709443192.168.2.16172.217.18.4
              Feb 17, 2025 10:32:06.395868063 CET44349709172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:06.396008015 CET49709443192.168.2.16172.217.18.4
              Feb 17, 2025 10:32:06.439330101 CET44349709172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:06.447015047 CET49709443192.168.2.16172.217.18.4
              Feb 17, 2025 10:32:06.447078943 CET44349709172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:06.494000912 CET49709443192.168.2.16172.217.18.4
              Feb 17, 2025 10:32:06.691704988 CET44349709172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:06.691744089 CET44349709172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:06.691775084 CET44349709172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:06.691791058 CET44349709172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:06.691847086 CET49709443192.168.2.16172.217.18.4
              Feb 17, 2025 10:32:06.691921949 CET44349709172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:06.691987991 CET49709443192.168.2.16172.217.18.4
              Feb 17, 2025 10:32:06.693747044 CET44349709172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:06.693922997 CET49709443192.168.2.16172.217.18.4
              Feb 17, 2025 10:32:06.693995953 CET49709443192.168.2.16172.217.18.4
              Feb 17, 2025 10:32:06.694030046 CET44349709172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:08.039437056 CET49678443192.168.2.1620.189.173.10
              Feb 17, 2025 10:32:08.342267036 CET49678443192.168.2.1620.189.173.10
              Feb 17, 2025 10:32:08.947058916 CET49678443192.168.2.1620.189.173.10
              Feb 17, 2025 10:32:09.201877117 CET49673443192.168.2.16204.79.197.203
              Feb 17, 2025 10:32:09.428186893 CET49712443192.168.2.16172.217.18.4
              Feb 17, 2025 10:32:09.428245068 CET44349712172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:09.428328037 CET49712443192.168.2.16172.217.18.4
              Feb 17, 2025 10:32:09.428661108 CET49712443192.168.2.16172.217.18.4
              Feb 17, 2025 10:32:09.428694963 CET44349712172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:10.056608915 CET44349712172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:10.056929111 CET49712443192.168.2.16172.217.18.4
              Feb 17, 2025 10:32:10.056994915 CET44349712172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:10.057356119 CET44349712172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:10.057687998 CET49712443192.168.2.16172.217.18.4
              Feb 17, 2025 10:32:10.057780981 CET44349712172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:10.057816982 CET49712443192.168.2.16172.217.18.4
              Feb 17, 2025 10:32:10.099366903 CET44349712172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:10.112544060 CET49712443192.168.2.16172.217.18.4
              Feb 17, 2025 10:32:10.159871101 CET49678443192.168.2.1620.189.173.10
              Feb 17, 2025 10:32:10.364692926 CET44349712172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:10.368238926 CET44349712172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:10.368314028 CET49712443192.168.2.16172.217.18.4
              Feb 17, 2025 10:32:10.369424105 CET49712443192.168.2.16172.217.18.4
              Feb 17, 2025 10:32:10.369463921 CET44349712172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:11.950586081 CET5618453192.168.2.161.1.1.1
              Feb 17, 2025 10:32:11.956048965 CET53561841.1.1.1192.168.2.16
              Feb 17, 2025 10:32:11.956134081 CET5618453192.168.2.161.1.1.1
              Feb 17, 2025 10:32:11.962018013 CET53561841.1.1.1192.168.2.16
              Feb 17, 2025 10:32:12.402676105 CET5618453192.168.2.161.1.1.1
              Feb 17, 2025 10:32:12.407885075 CET53561841.1.1.1192.168.2.16
              Feb 17, 2025 10:32:12.407949924 CET5618453192.168.2.161.1.1.1
              Feb 17, 2025 10:32:12.505078077 CET4968080192.168.2.16192.229.211.108
              Feb 17, 2025 10:32:12.568913937 CET49678443192.168.2.1620.189.173.10
              Feb 17, 2025 10:32:12.808901072 CET4968080192.168.2.16192.229.211.108
              Feb 17, 2025 10:32:13.415930986 CET4968080192.168.2.16192.229.211.108
              Feb 17, 2025 10:32:14.602190971 CET56197443192.168.2.16172.217.18.4
              Feb 17, 2025 10:32:14.602229118 CET44356197172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:14.602355003 CET56197443192.168.2.16172.217.18.4
              Feb 17, 2025 10:32:14.602550983 CET56197443192.168.2.16172.217.18.4
              Feb 17, 2025 10:32:14.602555990 CET44356197172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:14.627922058 CET4968080192.168.2.16192.229.211.108
              Feb 17, 2025 10:32:15.230936050 CET44356197172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:15.231210947 CET56197443192.168.2.16172.217.18.4
              Feb 17, 2025 10:32:15.231226921 CET44356197172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:15.231529951 CET44356197172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:15.231847048 CET56197443192.168.2.16172.217.18.4
              Feb 17, 2025 10:32:15.231909037 CET44356197172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:15.231982946 CET56197443192.168.2.16172.217.18.4
              Feb 17, 2025 10:32:15.275336981 CET44356197172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:15.527267933 CET44356197172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:15.527338982 CET44356197172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:15.527391911 CET44356197172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:15.527447939 CET56197443192.168.2.16172.217.18.4
              Feb 17, 2025 10:32:15.527462006 CET44356197172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:15.527519941 CET56197443192.168.2.16172.217.18.4
              Feb 17, 2025 10:32:15.527529001 CET44356197172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:15.529484987 CET44356197172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:15.529563904 CET56197443192.168.2.16172.217.18.4
              Feb 17, 2025 10:32:15.529618025 CET56197443192.168.2.16172.217.18.4
              Feb 17, 2025 10:32:15.529630899 CET44356197172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:17.035893917 CET4968080192.168.2.16192.229.211.108
              Feb 17, 2025 10:32:17.371879101 CET49678443192.168.2.1620.189.173.10
              Feb 17, 2025 10:32:18.808923960 CET49673443192.168.2.16204.79.197.203
              Feb 17, 2025 10:32:19.448879957 CET56228443192.168.2.16172.217.18.4
              Feb 17, 2025 10:32:19.448939085 CET44356228172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:19.454461098 CET56228443192.168.2.16172.217.18.4
              Feb 17, 2025 10:32:19.454571962 CET56228443192.168.2.16172.217.18.4
              Feb 17, 2025 10:32:19.454581976 CET44356228172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:20.083336115 CET44356228172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:20.083600998 CET56228443192.168.2.16172.217.18.4
              Feb 17, 2025 10:32:20.083653927 CET44356228172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:20.084137917 CET44356228172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:20.084594965 CET56228443192.168.2.16172.217.18.4
              Feb 17, 2025 10:32:20.084594965 CET56228443192.168.2.16172.217.18.4
              Feb 17, 2025 10:32:20.084635973 CET44356228172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:20.084703922 CET44356228172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:20.131875992 CET56228443192.168.2.16172.217.18.4
              Feb 17, 2025 10:32:20.396317005 CET44356228172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:20.396379948 CET44356228172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:20.396416903 CET44356228172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:20.396449089 CET56228443192.168.2.16172.217.18.4
              Feb 17, 2025 10:32:20.396466970 CET44356228172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:20.396512032 CET56228443192.168.2.16172.217.18.4
              Feb 17, 2025 10:32:20.397490025 CET44356228172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:20.397593975 CET56228443192.168.2.16172.217.18.4
              Feb 17, 2025 10:32:20.397609949 CET44356228172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:20.397624016 CET44356228172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:20.397655964 CET56228443192.168.2.16172.217.18.4
              Feb 17, 2025 10:32:20.397682905 CET56228443192.168.2.16172.217.18.4
              Feb 17, 2025 10:32:21.651535034 CET56242443192.168.2.16172.217.18.4
              Feb 17, 2025 10:32:21.651582956 CET44356242172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:21.651659966 CET56242443192.168.2.16172.217.18.4
              Feb 17, 2025 10:32:21.651907921 CET56242443192.168.2.16172.217.18.4
              Feb 17, 2025 10:32:21.651922941 CET44356242172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:21.840873003 CET4968080192.168.2.16192.229.211.108
              Feb 17, 2025 10:32:22.340348959 CET44356242172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:22.340656996 CET56242443192.168.2.16172.217.18.4
              Feb 17, 2025 10:32:22.340673923 CET44356242172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:22.341131926 CET44356242172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:22.341490030 CET56242443192.168.2.16172.217.18.4
              Feb 17, 2025 10:32:22.341564894 CET44356242172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:22.341619968 CET56242443192.168.2.16172.217.18.4
              Feb 17, 2025 10:32:22.383336067 CET44356242172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:22.673255920 CET44356242172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:22.673410892 CET44356242172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:22.673573017 CET56242443192.168.2.16172.217.18.4
              Feb 17, 2025 10:32:22.674608946 CET56242443192.168.2.16172.217.18.4
              Feb 17, 2025 10:32:22.674632072 CET44356242172.217.18.4192.168.2.16
              Feb 17, 2025 10:32:26.979868889 CET49678443192.168.2.1620.189.173.10
              Feb 17, 2025 10:32:31.442884922 CET4968080192.168.2.16192.229.211.108
              Feb 17, 2025 10:33:06.203814983 CET56456443192.168.2.16172.217.18.4
              Feb 17, 2025 10:33:06.203866959 CET44356456172.217.18.4192.168.2.16
              Feb 17, 2025 10:33:06.203974009 CET56456443192.168.2.16172.217.18.4
              Feb 17, 2025 10:33:06.204185963 CET56456443192.168.2.16172.217.18.4
              Feb 17, 2025 10:33:06.204201937 CET44356456172.217.18.4192.168.2.16
              Feb 17, 2025 10:33:06.839355946 CET44356456172.217.18.4192.168.2.16
              Feb 17, 2025 10:33:06.839651108 CET56456443192.168.2.16172.217.18.4
              Feb 17, 2025 10:33:06.839682102 CET44356456172.217.18.4192.168.2.16
              Feb 17, 2025 10:33:06.840472937 CET44356456172.217.18.4192.168.2.16
              Feb 17, 2025 10:33:06.840789080 CET56456443192.168.2.16172.217.18.4
              Feb 17, 2025 10:33:06.840867043 CET44356456172.217.18.4192.168.2.16
              Feb 17, 2025 10:33:06.890906096 CET56456443192.168.2.16172.217.18.4
              Feb 17, 2025 10:33:16.738998890 CET44356456172.217.18.4192.168.2.16
              Feb 17, 2025 10:33:16.739070892 CET44356456172.217.18.4192.168.2.16
              Feb 17, 2025 10:33:16.739120960 CET56456443192.168.2.16172.217.18.4
              Feb 17, 2025 10:33:17.562258959 CET56456443192.168.2.16172.217.18.4
              Feb 17, 2025 10:33:17.562289000 CET44356456172.217.18.4192.168.2.16
              TimestampSource PortDest PortSource IPDest IP
              Feb 17, 2025 10:32:01.289757013 CET53504101.1.1.1192.168.2.16
              Feb 17, 2025 10:32:01.308950901 CET53495351.1.1.1192.168.2.16
              Feb 17, 2025 10:32:02.250000000 CET5814553192.168.2.161.1.1.1
              Feb 17, 2025 10:32:02.250134945 CET5771353192.168.2.161.1.1.1
              Feb 17, 2025 10:32:02.257205963 CET53581451.1.1.1192.168.2.16
              Feb 17, 2025 10:32:02.257661104 CET53577131.1.1.1192.168.2.16
              Feb 17, 2025 10:32:02.258263111 CET5831353192.168.2.161.1.1.1
              Feb 17, 2025 10:32:02.265285015 CET53583131.1.1.1192.168.2.16
              Feb 17, 2025 10:32:02.304754972 CET53650651.1.1.1192.168.2.16
              Feb 17, 2025 10:32:02.330696106 CET5878553192.168.2.168.8.8.8
              Feb 17, 2025 10:32:02.331466913 CET6078253192.168.2.161.1.1.1
              Feb 17, 2025 10:32:02.338291883 CET53607821.1.1.1192.168.2.16
              Feb 17, 2025 10:32:02.339685917 CET53587858.8.8.8192.168.2.16
              Feb 17, 2025 10:32:03.341833115 CET5786853192.168.2.161.1.1.1
              Feb 17, 2025 10:32:03.341986895 CET5733053192.168.2.161.1.1.1
              Feb 17, 2025 10:32:03.350718975 CET53578681.1.1.1192.168.2.16
              Feb 17, 2025 10:32:03.351192951 CET53573301.1.1.1192.168.2.16
              Feb 17, 2025 10:32:05.733546972 CET4952453192.168.2.161.1.1.1
              Feb 17, 2025 10:32:05.733897924 CET6460553192.168.2.161.1.1.1
              Feb 17, 2025 10:32:05.740359068 CET53495241.1.1.1192.168.2.16
              Feb 17, 2025 10:32:05.740729094 CET53646051.1.1.1192.168.2.16
              Feb 17, 2025 10:32:07.862629890 CET6007853192.168.2.161.1.1.1
              Feb 17, 2025 10:32:07.862972021 CET4930953192.168.2.161.1.1.1
              Feb 17, 2025 10:32:07.870193005 CET53493091.1.1.1192.168.2.16
              Feb 17, 2025 10:32:07.870222092 CET53600781.1.1.1192.168.2.16
              Feb 17, 2025 10:32:07.870953083 CET5074353192.168.2.161.1.1.1
              Feb 17, 2025 10:32:07.878459930 CET53507431.1.1.1192.168.2.16
              Feb 17, 2025 10:32:07.888360977 CET5571053192.168.2.161.1.1.1
              Feb 17, 2025 10:32:07.888751030 CET5604553192.168.2.168.8.8.8
              Feb 17, 2025 10:32:07.896687031 CET53557101.1.1.1192.168.2.16
              Feb 17, 2025 10:32:07.896702051 CET53560458.8.8.8192.168.2.16
              Feb 17, 2025 10:32:11.801816940 CET5742453192.168.2.161.1.1.1
              Feb 17, 2025 10:32:11.802068949 CET5091253192.168.2.161.1.1.1
              Feb 17, 2025 10:32:11.809462070 CET53574241.1.1.1192.168.2.16
              Feb 17, 2025 10:32:11.809499979 CET53509121.1.1.1192.168.2.16
              Feb 17, 2025 10:32:11.819371939 CET5189653192.168.2.161.1.1.1
              Feb 17, 2025 10:32:11.819566011 CET6186853192.168.2.161.1.1.1
              Feb 17, 2025 10:32:11.826474905 CET53518961.1.1.1192.168.2.16
              Feb 17, 2025 10:32:11.827225924 CET53618681.1.1.1192.168.2.16
              Feb 17, 2025 10:32:11.950196981 CET53648631.1.1.1192.168.2.16
              Feb 17, 2025 10:32:12.846013069 CET5521553192.168.2.161.1.1.1
              Feb 17, 2025 10:32:12.846283913 CET6268553192.168.2.161.1.1.1
              Feb 17, 2025 10:32:12.853538990 CET53626851.1.1.1192.168.2.16
              Feb 17, 2025 10:32:12.854017019 CET53552151.1.1.1192.168.2.16
              Feb 17, 2025 10:32:12.854871035 CET6295353192.168.2.161.1.1.1
              Feb 17, 2025 10:32:12.862123013 CET53629531.1.1.1192.168.2.16
              Feb 17, 2025 10:32:17.879192114 CET6447153192.168.2.161.1.1.1
              Feb 17, 2025 10:32:17.879654884 CET5806953192.168.2.161.1.1.1
              Feb 17, 2025 10:32:17.884769917 CET5709453192.168.2.161.1.1.1
              Feb 17, 2025 10:32:17.885045052 CET5881053192.168.2.161.1.1.1
              Feb 17, 2025 10:32:17.886411905 CET53644711.1.1.1192.168.2.16
              Feb 17, 2025 10:32:17.887092113 CET53580691.1.1.1192.168.2.16
              Feb 17, 2025 10:32:17.887754917 CET5828753192.168.2.161.1.1.1
              Feb 17, 2025 10:32:17.891813040 CET53570941.1.1.1192.168.2.16
              Feb 17, 2025 10:32:17.892919064 CET53588101.1.1.1192.168.2.16
              Feb 17, 2025 10:32:17.895713091 CET53582871.1.1.1192.168.2.16
              Feb 17, 2025 10:32:17.904936075 CET6193453192.168.2.161.1.1.1
              Feb 17, 2025 10:32:17.905075073 CET5077953192.168.2.161.1.1.1
              Feb 17, 2025 10:32:17.911861897 CET53619341.1.1.1192.168.2.16
              Feb 17, 2025 10:32:17.912394047 CET53507791.1.1.1192.168.2.16
              Feb 17, 2025 10:32:17.922029972 CET5272453192.168.2.161.1.1.1
              Feb 17, 2025 10:32:17.922640085 CET6537153192.168.2.168.8.8.8
              Feb 17, 2025 10:32:17.929141998 CET53527241.1.1.1192.168.2.16
              Feb 17, 2025 10:32:17.929594040 CET53653718.8.8.8192.168.2.16
              Feb 17, 2025 10:32:18.941736937 CET5956553192.168.2.161.1.1.1
              Feb 17, 2025 10:32:18.941736937 CET5813253192.168.2.161.1.1.1
              Feb 17, 2025 10:32:18.948785067 CET53581321.1.1.1192.168.2.16
              Feb 17, 2025 10:32:18.949177027 CET53595651.1.1.1192.168.2.16
              Feb 17, 2025 10:32:19.199111938 CET53640481.1.1.1192.168.2.16
              Feb 17, 2025 10:32:23.968303919 CET6277153192.168.2.161.1.1.1
              Feb 17, 2025 10:32:23.968430042 CET6534953192.168.2.161.1.1.1
              Feb 17, 2025 10:32:23.975555897 CET53653491.1.1.1192.168.2.16
              Feb 17, 2025 10:32:23.976241112 CET53627711.1.1.1192.168.2.16
              Feb 17, 2025 10:32:23.976748943 CET6444353192.168.2.161.1.1.1
              Feb 17, 2025 10:32:23.984366894 CET53644431.1.1.1192.168.2.16
              Feb 17, 2025 10:32:38.270242929 CET53585961.1.1.1192.168.2.16
              Feb 17, 2025 10:32:54.005048037 CET5773153192.168.2.161.1.1.1
              Feb 17, 2025 10:32:54.005260944 CET6168253192.168.2.161.1.1.1
              Feb 17, 2025 10:32:54.012897968 CET53616821.1.1.1192.168.2.16
              Feb 17, 2025 10:32:54.013144970 CET53577311.1.1.1192.168.2.16
              Feb 17, 2025 10:32:54.013669968 CET5191853192.168.2.161.1.1.1
              Feb 17, 2025 10:32:54.021089077 CET53519181.1.1.1192.168.2.16
              Feb 17, 2025 10:33:01.165530920 CET53630361.1.1.1192.168.2.16
              Feb 17, 2025 10:33:01.276417017 CET53636681.1.1.1192.168.2.16
              Feb 17, 2025 10:33:04.214052916 CET138138192.168.2.16192.168.2.255
              Feb 17, 2025 10:33:14.370408058 CET6325553192.168.2.161.1.1.1
              Feb 17, 2025 10:33:14.378083944 CET53632551.1.1.1192.168.2.16
              Feb 17, 2025 10:33:14.938445091 CET5125853192.168.2.161.1.1.1
              Feb 17, 2025 10:33:14.938550949 CET5496053192.168.2.161.1.1.1
              Feb 17, 2025 10:33:14.945485115 CET53512581.1.1.1192.168.2.16
              Feb 17, 2025 10:33:14.945566893 CET53549601.1.1.1192.168.2.16
              Feb 17, 2025 10:33:14.946217060 CET5374253192.168.2.161.1.1.1
              Feb 17, 2025 10:33:14.953918934 CET53537421.1.1.1192.168.2.16
              Feb 17, 2025 10:33:14.963490963 CET5676853192.168.2.161.1.1.1
              Feb 17, 2025 10:33:14.963598013 CET5481553192.168.2.161.1.1.1
              Feb 17, 2025 10:33:14.971224070 CET53567681.1.1.1192.168.2.16
              Feb 17, 2025 10:33:14.971295118 CET53548151.1.1.1192.168.2.16
              Feb 17, 2025 10:33:14.979595900 CET5199253192.168.2.161.1.1.1
              Feb 17, 2025 10:33:14.979939938 CET5581553192.168.2.168.8.8.8
              Feb 17, 2025 10:33:14.986752987 CET53519921.1.1.1192.168.2.16
              Feb 17, 2025 10:33:14.986782074 CET53558158.8.8.8192.168.2.16
              Feb 17, 2025 10:33:15.999429941 CET6366753192.168.2.161.1.1.1
              Feb 17, 2025 10:33:15.999584913 CET5266053192.168.2.161.1.1.1
              Feb 17, 2025 10:33:16.006550074 CET53526601.1.1.1192.168.2.16
              Feb 17, 2025 10:33:16.006653070 CET53636671.1.1.1192.168.2.16
              Feb 17, 2025 10:33:21.018713951 CET4980653192.168.2.161.1.1.1
              Feb 17, 2025 10:33:21.018888950 CET5478353192.168.2.161.1.1.1
              Feb 17, 2025 10:33:21.028481007 CET53547831.1.1.1192.168.2.16
              Feb 17, 2025 10:33:21.028925896 CET53498061.1.1.1192.168.2.16
              Feb 17, 2025 10:33:21.029555082 CET6459853192.168.2.161.1.1.1
              Feb 17, 2025 10:33:21.039366961 CET53645981.1.1.1192.168.2.16
              Feb 17, 2025 10:33:30.966094017 CET53525541.1.1.1192.168.2.16
              Feb 17, 2025 10:33:46.053415060 CET5252753192.168.2.161.1.1.1
              Feb 17, 2025 10:33:46.061613083 CET53525271.1.1.1192.168.2.16
              Feb 17, 2025 10:33:51.048289061 CET5209353192.168.2.161.1.1.1
              Feb 17, 2025 10:33:51.048409939 CET4998353192.168.2.161.1.1.1
              Feb 17, 2025 10:33:51.055974960 CET53520931.1.1.1192.168.2.16
              Feb 17, 2025 10:33:51.055991888 CET53499831.1.1.1192.168.2.16
              Feb 17, 2025 10:33:51.056617022 CET5303153192.168.2.161.1.1.1
              Feb 17, 2025 10:33:51.063909054 CET53530311.1.1.1192.168.2.16

              DNS Queries

              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
              Feb 17, 2025 10:32:02.250000000 CET192.168.2.161.1.1.10xdda0Standard query (0)beowu-fye.comA (IP address)IN (0x0001)false
              Feb 17, 2025 10:32:02.250134945 CET192.168.2.161.1.1.10x3a70Standard query (0)beowu-fye.com65IN (0x0001)false
              Feb 17, 2025 10:32:02.258263111 CET192.168.2.161.1.1.10xdc81Standard query (0)beowu-fye.comA (IP address)IN (0x0001)false
              Feb 17, 2025 10:32:02.330696106 CET192.168.2.168.8.8.80xf2f8Standard query (0)google.comA (IP address)IN (0x0001)false
              Feb 17, 2025 10:32:02.331466913 CET192.168.2.161.1.1.10x21d5Standard query (0)google.comA (IP address)IN (0x0001)false
              Feb 17, 2025 10:32:03.341833115 CET192.168.2.161.1.1.10x21e3Standard query (0)beowu-fye.comA (IP address)IN (0x0001)false
              Feb 17, 2025 10:32:03.341986895 CET192.168.2.161.1.1.10xcdcaStandard query (0)beowu-fye.com65IN (0x0001)false
              Feb 17, 2025 10:32:05.733546972 CET192.168.2.161.1.1.10x36abStandard query (0)www.google.comA (IP address)IN (0x0001)false
              Feb 17, 2025 10:32:05.733897924 CET192.168.2.161.1.1.10x93acStandard query (0)www.google.com65IN (0x0001)false
              Feb 17, 2025 10:32:07.862629890 CET192.168.2.161.1.1.10xd4e1Standard query (0)beowu-fye.comA (IP address)IN (0x0001)false
              Feb 17, 2025 10:32:07.862972021 CET192.168.2.161.1.1.10x2398Standard query (0)beowu-fye.com65IN (0x0001)false
              Feb 17, 2025 10:32:07.870953083 CET192.168.2.161.1.1.10xcbd3Standard query (0)beowu-fye.comA (IP address)IN (0x0001)false
              Feb 17, 2025 10:32:07.888360977 CET192.168.2.161.1.1.10x442bStandard query (0)google.comA (IP address)IN (0x0001)false
              Feb 17, 2025 10:32:07.888751030 CET192.168.2.168.8.8.80x1baeStandard query (0)google.comA (IP address)IN (0x0001)false
              Feb 17, 2025 10:32:11.801816940 CET192.168.2.161.1.1.10xd058Standard query (0)beowu-fye.comA (IP address)IN (0x0001)false
              Feb 17, 2025 10:32:11.802068949 CET192.168.2.161.1.1.10xedefStandard query (0)beowu-fye.com65IN (0x0001)false
              Feb 17, 2025 10:32:11.819371939 CET192.168.2.161.1.1.10x19c9Standard query (0)beowu-fye.comA (IP address)IN (0x0001)false
              Feb 17, 2025 10:32:11.819566011 CET192.168.2.161.1.1.10xf001Standard query (0)beowu-fye.com65IN (0x0001)false
              Feb 17, 2025 10:32:12.846013069 CET192.168.2.161.1.1.10x794cStandard query (0)beowu-fye.comA (IP address)IN (0x0001)false
              Feb 17, 2025 10:32:12.846283913 CET192.168.2.161.1.1.10x1a02Standard query (0)beowu-fye.com65IN (0x0001)false
              Feb 17, 2025 10:32:12.854871035 CET192.168.2.161.1.1.10xe274Standard query (0)beowu-fye.comA (IP address)IN (0x0001)false
              Feb 17, 2025 10:32:17.879192114 CET192.168.2.161.1.1.10x29a3Standard query (0)beowu-fye.comA (IP address)IN (0x0001)false
              Feb 17, 2025 10:32:17.879654884 CET192.168.2.161.1.1.10xda12Standard query (0)beowu-fye.com65IN (0x0001)false
              Feb 17, 2025 10:32:17.884769917 CET192.168.2.161.1.1.10x345cStandard query (0)beowu-fye.comA (IP address)IN (0x0001)false
              Feb 17, 2025 10:32:17.885045052 CET192.168.2.161.1.1.10x5887Standard query (0)beowu-fye.com65IN (0x0001)false
              Feb 17, 2025 10:32:17.887754917 CET192.168.2.161.1.1.10xe5a1Standard query (0)beowu-fye.comA (IP address)IN (0x0001)false
              Feb 17, 2025 10:32:17.904936075 CET192.168.2.161.1.1.10x77ddStandard query (0)beowu-fye.comA (IP address)IN (0x0001)false
              Feb 17, 2025 10:32:17.905075073 CET192.168.2.161.1.1.10x3f08Standard query (0)beowu-fye.com65IN (0x0001)false
              Feb 17, 2025 10:32:17.922029972 CET192.168.2.161.1.1.10x5a03Standard query (0)google.comA (IP address)IN (0x0001)false
              Feb 17, 2025 10:32:17.922640085 CET192.168.2.168.8.8.80x6119Standard query (0)google.comA (IP address)IN (0x0001)false
              Feb 17, 2025 10:32:18.941736937 CET192.168.2.161.1.1.10x93dbStandard query (0)beowu-fye.comA (IP address)IN (0x0001)false
              Feb 17, 2025 10:32:18.941736937 CET192.168.2.161.1.1.10x17ecStandard query (0)beowu-fye.com65IN (0x0001)false
              Feb 17, 2025 10:32:23.968303919 CET192.168.2.161.1.1.10x7c52Standard query (0)beowu-fye.comA (IP address)IN (0x0001)false
              Feb 17, 2025 10:32:23.968430042 CET192.168.2.161.1.1.10x72e5Standard query (0)beowu-fye.com65IN (0x0001)false
              Feb 17, 2025 10:32:23.976748943 CET192.168.2.161.1.1.10x2d7fStandard query (0)beowu-fye.comA (IP address)IN (0x0001)false
              Feb 17, 2025 10:32:54.005048037 CET192.168.2.161.1.1.10x9036Standard query (0)beowu-fye.comA (IP address)IN (0x0001)false
              Feb 17, 2025 10:32:54.005260944 CET192.168.2.161.1.1.10x632cStandard query (0)beowu-fye.com65IN (0x0001)false
              Feb 17, 2025 10:32:54.013669968 CET192.168.2.161.1.1.10x4235Standard query (0)beowu-fye.comA (IP address)IN (0x0001)false
              Feb 17, 2025 10:33:14.370408058 CET192.168.2.161.1.1.10xa4a7Standard query (0)beowu-fye.comA (IP address)IN (0x0001)false
              Feb 17, 2025 10:33:14.938445091 CET192.168.2.161.1.1.10x7e5cStandard query (0)beowu-fye.comA (IP address)IN (0x0001)false
              Feb 17, 2025 10:33:14.938550949 CET192.168.2.161.1.1.10x5a70Standard query (0)beowu-fye.com65IN (0x0001)false
              Feb 17, 2025 10:33:14.946217060 CET192.168.2.161.1.1.10xf76Standard query (0)beowu-fye.comA (IP address)IN (0x0001)false
              Feb 17, 2025 10:33:14.963490963 CET192.168.2.161.1.1.10xb2d7Standard query (0)beowu-fye.comA (IP address)IN (0x0001)false
              Feb 17, 2025 10:33:14.963598013 CET192.168.2.161.1.1.10xa032Standard query (0)beowu-fye.com65IN (0x0001)false
              Feb 17, 2025 10:33:14.979595900 CET192.168.2.161.1.1.10xccc2Standard query (0)google.comA (IP address)IN (0x0001)false
              Feb 17, 2025 10:33:14.979939938 CET192.168.2.168.8.8.80xb0bStandard query (0)google.comA (IP address)IN (0x0001)false
              Feb 17, 2025 10:33:15.999429941 CET192.168.2.161.1.1.10xdadcStandard query (0)beowu-fye.comA (IP address)IN (0x0001)false
              Feb 17, 2025 10:33:15.999584913 CET192.168.2.161.1.1.10x2b73Standard query (0)beowu-fye.com65IN (0x0001)false
              Feb 17, 2025 10:33:21.018713951 CET192.168.2.161.1.1.10xf41bStandard query (0)beowu-fye.comA (IP address)IN (0x0001)false
              Feb 17, 2025 10:33:21.018888950 CET192.168.2.161.1.1.10xafbaStandard query (0)beowu-fye.com65IN (0x0001)false
              Feb 17, 2025 10:33:21.029555082 CET192.168.2.161.1.1.10x2174Standard query (0)beowu-fye.comA (IP address)IN (0x0001)false
              Feb 17, 2025 10:33:46.053415060 CET192.168.2.161.1.1.10xdf8cStandard query (0)beowu-fye.comA (IP address)IN (0x0001)false
              Feb 17, 2025 10:33:51.048289061 CET192.168.2.161.1.1.10x7d47Standard query (0)beowu-fye.comA (IP address)IN (0x0001)false
              Feb 17, 2025 10:33:51.048409939 CET192.168.2.161.1.1.10x7c37Standard query (0)beowu-fye.com65IN (0x0001)false
              Feb 17, 2025 10:33:51.056617022 CET192.168.2.161.1.1.10xe60Standard query (0)beowu-fye.comA (IP address)IN (0x0001)false

              DNS Answers

              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
              Feb 17, 2025 10:32:02.338291883 CET1.1.1.1192.168.2.160x21d5No error (0)google.com216.58.206.46A (IP address)IN (0x0001)false
              Feb 17, 2025 10:32:02.339685917 CET8.8.8.8192.168.2.160xf2f8No error (0)google.com142.251.37.14A (IP address)IN (0x0001)false
              Feb 17, 2025 10:32:05.740359068 CET1.1.1.1192.168.2.160x36abNo error (0)www.google.com172.217.18.4A (IP address)IN (0x0001)false
              Feb 17, 2025 10:32:05.740729094 CET1.1.1.1192.168.2.160x93acNo error (0)www.google.com65IN (0x0001)false
              Feb 17, 2025 10:32:07.896687031 CET1.1.1.1192.168.2.160x442bNo error (0)google.com142.250.185.142A (IP address)IN (0x0001)false
              Feb 17, 2025 10:32:07.896702051 CET8.8.8.8192.168.2.160x1baeNo error (0)google.com142.251.37.14A (IP address)IN (0x0001)false
              Feb 17, 2025 10:32:17.929141998 CET1.1.1.1192.168.2.160x5a03No error (0)google.com142.250.186.174A (IP address)IN (0x0001)false
              Feb 17, 2025 10:32:17.929594040 CET8.8.8.8192.168.2.160x6119No error (0)google.com142.251.37.14A (IP address)IN (0x0001)false
              Feb 17, 2025 10:33:14.986752987 CET1.1.1.1192.168.2.160xccc2No error (0)google.com142.250.181.238A (IP address)IN (0x0001)false
              Feb 17, 2025 10:33:14.986782074 CET8.8.8.8192.168.2.160xb0bNo error (0)google.com142.251.37.14A (IP address)IN (0x0001)false

              HTTP Request Dependency Graph

              • www.google.com

              HTTPS Proxied Packets

              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              0192.168.2.1649709172.217.18.44436720C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              2025-02-17 09:32:06 UTC609OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
              Host: www.google.com
              Connection: keep-alive
              X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQi5ys0BCMfRzQEIidPNAQjc080BCMvWzQEI9NbNAQiK180BCKfYzQEI+cDUFRi60s0BGMvYzQEY642lFw==
              Sec-Fetch-Site: none
              Sec-Fetch-Mode: no-cors
              Sec-Fetch-Dest: empty
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              Accept-Encoding: gzip, deflate, br
              Accept-Language: en-US,en;q=0.9
              2025-02-17 09:32:06 UTC1303INHTTP/1.1 200 OK
              Date: Mon, 17 Feb 2025 09:32:06 GMT
              Pragma: no-cache
              Expires: -1
              Cache-Control: no-cache, must-revalidate
              Content-Type: text/javascript; charset=UTF-8
              Strict-Transport-Security: max-age=31536000
              Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-doXV_twQFKoE3y0Hj6HkCA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
              Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
              Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
              Accept-CH: Sec-CH-Prefers-Color-Scheme
              Accept-CH: Downlink
              Accept-CH: RTT
              Accept-CH: Sec-CH-UA-Form-Factors
              Accept-CH: Sec-CH-UA-Platform
              Accept-CH: Sec-CH-UA-Platform-Version
              Accept-CH: Sec-CH-UA-Full-Version
              Accept-CH: Sec-CH-UA-Arch
              Accept-CH: Sec-CH-UA-Model
              Accept-CH: Sec-CH-UA-Bitness
              Accept-CH: Sec-CH-UA-Full-Version-List
              Accept-CH: Sec-CH-UA-WoW64
              Permissions-Policy: unload=()
              Content-Disposition: attachment; filename="f.txt"
              Server: gws
              X-XSS-Protection: 0
              X-Frame-Options: SAMEORIGIN
              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
              Accept-Ranges: none
              Vary: Accept-Encoding
              Connection: close
              Transfer-Encoding: chunked
              2025-02-17 09:32:06 UTC87INData Raw: 66 65 31 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 62 72 69 64 67 65 72 74 6f 6e 20 73 65 61 73 6f 6e 20 34 20 6e 65 74 66 6c 69 78 22 2c 22 64 65 6c 68 69 20 65 61 72 74 68 71 75 61 6b 65 73 22 2c 22 77 69 6e 74 65 72 20 73 74 6f 72 6d 73 22 2c 22 74 6f 74 74 65
              Data Ascii: fe1)]}'["",["bridgerton season 4 netflix","delhi earthquakes","winter storms","totte
              2025-02-17 09:32:06 UTC1390INData Raw: 6e 68 61 6d 20 68 6f 74 73 70 75 72 20 6d 61 6e 63 68 65 73 74 65 72 20 75 6e 69 74 65 64 22 2c 22 6c 69 6e 63 6f 6c 6e 20 77 68 65 61 74 20 70 65 6e 6e 79 22 2c 22 61 6d 61 7a 6f 6e 20 6b 69 6e 64 6c 65 20 62 6f 6f 6b 73 20 64 6f 77 6e 6c 6f 61 64 22 2c 22 63 6f 62 72 61 20 6b 61 69 20 6b 61 72 61 74 65 20 6b 69 64 22 2c 22 6c 61 73 20 76 65 67 61 73 20 77 61 74 65 72 20 68 65 61 74 65 72 20 61 64 76 69 73 6f 72 79 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a
              Data Ascii: nham hotspur manchester united","lincoln wheat penny","amazon kindle books download","cobra kai karate kid","las vegas water heater advisory"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJ
              2025-02-17 09:32:06 UTC1390INData Raw: 36 4d 6d 70 36 51 31 56 51 52 46 4a 34 4d 44 5a 42 56 7a 42 76 5a 58 5a 32 59 6d 4a 47 56 6c 68 47 4c 30 46 73 4d 32 52 50 64 47 5a 43 55 45 31 58 52 6e 5a 79 4d 44 49 32 57 56 42 6f 64 6e 52 30 59 53 74 42 63 57 74 75 65 46 52 51 53 44 6c 4d 53 46 56 31 54 32 74 4d 56 6b 78 34 59 57 39 35 64 6c 67 34 54 55 31 34 54 55 68 45 54 32 74 77 51 30 39 59 57 6d 6c 44 55 6d 4a 5a 57 55 73 30 56 47 56 79 5a 6b 38 35 52 31 67 32 54 32 5a 4e 61 6b 70 36 53 43 38 30 64 32 4a 59 59 54 4e 6c 4d 33 41 33 4e 45 56 72 63 57 39 75 55 58 4a 61 5a 32 55 30 64 47 64 32 61 45 74 50 64 45 39 6c 4d 48 49 31 59 6b 55 77 62 46 4e 7a 5a 30 6c 42 53 44 64 51 55 53 39 70 54 44 52 48 4c 7a 4a 48 5a 48 46 53 4d 32 6c 50 54 6c 5a 72 56 43 74 46 59 57 56 59 54 7a 68 33 62 57 31 74 4d 57
              Data Ascii: 6Mmp6Q1VQRFJ4MDZBVzBvZXZ2YmJGVlhGL0FsM2RPdGZCUE1XRnZyMDI2WVBodnR0YStBcWtueFRQSDlMSFV1T2tMVkx4YW95dlg4TU14TUhET2twQ09YWmlDUmJZWUs0VGVyZk85R1g2T2ZNakp6SC80d2JYYTNlM3A3NEVrcW9uUXJaZ2U0dGd2aEtPdE9lMHI1YkUwbFNzZ0lBSDdQUS9pTDRHLzJHZHFSM2lPTlZrVCtFYWVYTzh3bW1tMW
              2025-02-17 09:32:06 UTC1205INData Raw: 30 46 33 52 6e 52 53 57 6d 56 4a 56 48 63 7a 55 6e 64 61 52 6e 63 72 57 55 56 4b 4d 58 6c 58 61 33 46 77 51 57 51 31 53 48 51 77 53 47 39 76 4e 30 51 33 4f 54 68 55 57 45 4d 78 59 6c 4d 78 5a 45 70 4f 62 46 56 7a 56 58 52 51 53 6b 35 36 53 6b 4a 4c 52 54 4a 61 61 48 4e 4f 54 45 4a 79 5a 33 4a 30 4d 55 63 72 4c 33 5a 6f 56 32 35 36 52 6d 46 78 63 57 64 77 57 57 49 34 62 47 31 43 53 6b 68 6a 4f 57 68 6f 62 44 52 76 63 47 46 69 54 45 39 49 63 44 4e 76 64 33 6c 57 53 31 46 48 54 33 6c 54 5a 6a 6c 70 51 56 4e 6d 59 31 67 32 4b 79 39 33 51 6a 68 4c 53 30 68 5a 62 44 4a 71 63 6a 6c 70 53 30 73 78 61 6a 6c 73 4f 56 5a 47 55 45 4e 74 63 57 46 4b 4e 57 78 56 51 31 52 73 62 54 52 45 56 7a 4e 34 63 45 70 4f 52 6a 52 79 55 32 78 59 51 33 56 75 5a 47 38 35 57 54 46 6d
              Data Ascii: 0F3RnRSWmVJVHczUndaRncrWUVKMXlXa3FwQWQ1SHQwSG9vN0Q3OThUWEMxYlMxZEpObFVzVXRQSk56SkJLRTJaaHNOTEJyZ3J0MUcrL3ZoV256RmFxcWdwWWI4bG1CSkhjOWhobDRvcGFiTE9IcDNvd3lWS1FHT3lTZjlpQVNmY1g2Ky93QjhLS0hZbDJqcjlpS0sxajlsOVZGUENtcWFKNWxVQ1RsbTREVzN4cEpORjRyU2xYQ3VuZG85WTFm
              2025-02-17 09:32:06 UTC5INData Raw: 30 0d 0a 0d 0a
              Data Ascii: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              1192.168.2.1649712172.217.18.44436720C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              2025-02-17 09:32:10 UTC609OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
              Host: www.google.com
              Connection: keep-alive
              X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQi5ys0BCMfRzQEIidPNAQjc080BCMvWzQEI9NbNAQiK180BCKfYzQEI+cDUFRi60s0BGMvYzQEY642lFw==
              Sec-Fetch-Site: none
              Sec-Fetch-Mode: no-cors
              Sec-Fetch-Dest: empty
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              Accept-Encoding: gzip, deflate, br
              Accept-Language: en-US,en;q=0.9
              2025-02-17 09:32:10 UTC1303INHTTP/1.1 200 OK
              Date: Mon, 17 Feb 2025 09:32:10 GMT
              Pragma: no-cache
              Expires: -1
              Cache-Control: no-cache, must-revalidate
              Content-Type: text/javascript; charset=UTF-8
              Strict-Transport-Security: max-age=31536000
              Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-40i-zaAus8101HD3n1XTeg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
              Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
              Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
              Accept-CH: Sec-CH-Prefers-Color-Scheme
              Accept-CH: Downlink
              Accept-CH: RTT
              Accept-CH: Sec-CH-UA-Form-Factors
              Accept-CH: Sec-CH-UA-Platform
              Accept-CH: Sec-CH-UA-Platform-Version
              Accept-CH: Sec-CH-UA-Full-Version
              Accept-CH: Sec-CH-UA-Arch
              Accept-CH: Sec-CH-UA-Model
              Accept-CH: Sec-CH-UA-Bitness
              Accept-CH: Sec-CH-UA-Full-Version-List
              Accept-CH: Sec-CH-UA-WoW64
              Permissions-Policy: unload=()
              Content-Disposition: attachment; filename="f.txt"
              Server: gws
              X-XSS-Protection: 0
              X-Frame-Options: SAMEORIGIN
              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
              Accept-Ranges: none
              Vary: Accept-Encoding
              Connection: close
              Transfer-Encoding: chunked
              2025-02-17 09:32:10 UTC87INData Raw: 33 32 65 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 70 69 20 63 72 79 70 74 6f 63 75 72 72 65 6e 63 79 20 70 72 69 63 65 20 70 72 65 64 69 63 74 69 6f 6e 22 2c 22 69 6f 77 61 20 73 74 61 74 65 20 77 72 65 73 74 6c 69 6e 67 22 2c 22 74 72 61 63 6b 65 72 20 65 70 69
              Data Ascii: 32e)]}'["",["pi cryptocurrency price prediction","iowa state wrestling","tracker epi
              2025-02-17 09:32:10 UTC734INData Raw: 73 6f 64 65 20 39 22 2c 22 6e 61 73 61 20 61 73 74 65 72 6f 69 64 20 68 69 74 74 69 6e 67 20 65 61 72 74 68 20 32 30 32 34 22 2c 22 77 65 61 74 68 65 72 20 66 6f 72 65 63 61 73 74 20 73 6e 6f 77 20 73 74 6f 72 6d 22 2c 22 75 73 73 20 68 61 72 72 79 20 74 72 75 6d 61 6e 20 63 6f 6c 6c 69 73 69 6f 6e 22 2c 22 61 76 6f 77 65 64 20 67 61 6d 65 70 6c 61 79 22 2c 22 6e 69 6e 74 65 6e 64 6f 20 73 77 69 74 63 68 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52
              Data Ascii: sode 9","nasa asteroid hitting earth 2024","weather forecast snow storm","uss harry truman collision","avowed gameplay","nintendo switch"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmR
              2025-02-17 09:32:10 UTC5INData Raw: 30 0d 0a 0d 0a
              Data Ascii: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              2192.168.2.1656197172.217.18.44436720C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              2025-02-17 09:32:15 UTC609OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
              Host: www.google.com
              Connection: keep-alive
              X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQi5ys0BCMfRzQEIidPNAQjc080BCMvWzQEI9NbNAQiK180BCKfYzQEI+cDUFRi60s0BGMvYzQEY642lFw==
              Sec-Fetch-Site: none
              Sec-Fetch-Mode: no-cors
              Sec-Fetch-Dest: empty
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              Accept-Encoding: gzip, deflate, br
              Accept-Language: en-US,en;q=0.9
              2025-02-17 09:32:15 UTC1303INHTTP/1.1 200 OK
              Date: Mon, 17 Feb 2025 09:32:15 GMT
              Pragma: no-cache
              Expires: -1
              Cache-Control: no-cache, must-revalidate
              Content-Type: text/javascript; charset=UTF-8
              Strict-Transport-Security: max-age=31536000
              Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-2XQgyhQ_8d8estLODx812Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
              Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
              Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
              Accept-CH: Sec-CH-Prefers-Color-Scheme
              Accept-CH: Downlink
              Accept-CH: RTT
              Accept-CH: Sec-CH-UA-Form-Factors
              Accept-CH: Sec-CH-UA-Platform
              Accept-CH: Sec-CH-UA-Platform-Version
              Accept-CH: Sec-CH-UA-Full-Version
              Accept-CH: Sec-CH-UA-Arch
              Accept-CH: Sec-CH-UA-Model
              Accept-CH: Sec-CH-UA-Bitness
              Accept-CH: Sec-CH-UA-Full-Version-List
              Accept-CH: Sec-CH-UA-WoW64
              Permissions-Policy: unload=()
              Content-Disposition: attachment; filename="f.txt"
              Server: gws
              X-XSS-Protection: 0
              X-Frame-Options: SAMEORIGIN
              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
              Accept-Ranges: none
              Vary: Accept-Encoding
              Connection: close
              Transfer-Encoding: chunked
              2025-02-17 09:32:15 UTC87INData Raw: 65 64 32 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 77 65 73 74 20 76 69 72 67 69 6e 69 61 20 66 6c 6f 6f 64 69 6e 67 22 2c 22 73 61 6d 20 73 75 6c 65 6b 20 62 6f 64 79 62 75 69 6c 64 69 6e 67 20 63 6f 6d 70 65 74 69 74 69 6f 6e 22 2c 22 63 61 6e 61 64 61 20 75 73
              Data Ascii: ed2)]}'["",["west virginia flooding","sam sulek bodybuilding competition","canada us
              2025-02-17 09:32:15 UTC1390INData Raw: 61 20 68 6f 63 6b 65 79 20 67 61 6d 65 20 34 20 6e 61 74 69 6f 6e 73 22 2c 22 73 68 69 62 61 20 69 6e 75 20 70 72 69 63 65 20 70 72 65 64 69 63 74 69 6f 6e 22 2c 22 65 61 72 74 68 71 75 61 6b 65 20 73 61 6e 74 6f 72 69 6e 69 20 67 72 65 65 63 65 22 2c 22 61 70 70 6c 65 20 69 70 68 6f 6e 65 20 73 65 34 22 2c 22 6a 61 6d 65 73 20 77 65 62 62 20 74 65 6c 65 73 63 6f 70 65 20 6c 65 6f 20 70 20 67 61 6c 61 78 79 22 2c 22 72 6f 62 65 72 74 20 68 61 69 6e 73 65 79 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43
              Data Ascii: a hockey game 4 nations","shiba inu price prediction","earthquake santorini greece","apple iphone se4","james webb telescope leo p galaxy","robert hainsey"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"C
              2025-02-17 09:32:15 UTC1390INData Raw: 55 58 64 49 56 58 4a 76 4e 6c 5a 55 54 47 4e 78 63 57 31 43 63 31 70 4f 55 31 56 48 53 58 6c 35 63 6a 41 77 54 45 70 47 53 58 49 72 62 6d 35 4a 57 57 52 4f 56 6b 56 70 65 6a 42 4d 63 30 52 55 4f 44 42 34 5a 32 70 54 56 33 52 72 61 6b 74 4d 54 57 6b 30 53 55 39 6a 52 44 49 77 64 79 74 4a 57 6d 31 71 4c 7a 52 53 63 57 38 32 64 44 5a 68 63 6e 46 78 5a 48 56 6d 4b 31 4a 35 4d 6b 45 7a 61 6b 45 77 64 6d 73 79 4d 57 52 6d 65 6b 4a 78 54 44 52 57 4d 30 74 61 53 6b 31 5a 65 55 46 6e 52 31 4d 79 5a 6b 67 35 64 53 74 75 53 44 52 6f 4d 44 6c 57 64 48 6c 4c 5a 33 56 6a 5a 30 5a 52 65 58 56 46 56 31 56 42 4f 45 56 69 52 32 4e 46 5a 6d 4a 77 63 48 68 7a 57 47 4d 7a 4e 54 46 47 53 6c 67 78 55 32 78 4b 56 6b 4a 56 4f 45 56 4d 5a 32 52 53 4d 6e 64 4f 56 46 52 78 64 47 68
              Data Ascii: UXdIVXJvNlZUTGNxcW1Cc1pOU1VHSXl5cjAwTEpGSXIrbm5JWWROVkVpejBMc0RUODB4Z2pTV3RraktMTWk0SU9jRDIwdytJWm1qLzRScW82dDZhcnFxZHVmK1J5MkEzakEwdmsyMWRmekJxTDRWM0taSk1ZeUFnR1MyZkg5dStuSDRoMDlWdHlLZ3VjZ0ZReXVFV1VBOEViR2NFZmJwcHhzWGMzNTFGSlgxU2xKVkJVOEVMZ2RSMndOVFRxdGh
              2025-02-17 09:32:15 UTC934INData Raw: 5a 32 4d 44 45 31 61 58 68 43 51 55 38 31 5a 46 4e 75 56 46 4a 57 53 6c 67 35 59 6a 4e 31 4e 48 56 5a 57 43 74 4b 61 30 74 36 56 32 31 70 64 6b 6c 51 65 6c 4a 54 62 57 35 72 5a 6b 68 5a 54 6a 46 56 4c 33 59 77 4b 79 74 76 65 57 31 46 56 54 4e 4e 56 6c 56 6e 57 6c 70 31 63 6b 31 33 65 6d 74 6e 5a 45 35 4e 54 6e 46 59 56 33 45 7a 57 46 70 4f 65 56 64 70 64 57 78 68 5a 57 56 76 63 46 42 70 59 56 70 4e 5a 6b 74 71 65 45 68 50 52 6b 68 30 4d 30 67 33 59 57 77 32 52 6e 59 30 55 6d 70 4b 65 6a 42 50 54 54 5a 30 52 55 74 78 51 57 56 36 61 6d 52 6e 56 30 70 49 53 6a 6c 47 64 57 56 47 65 58 45 72 55 7a 68 6c 55 30 5a 71 4f 56 4a 71 4b 32 31 77 54 79 74 59 65 54 45 77 64 45 70 54 4d 55 4a 70 62 6c 70 75 61 7a 55 77 4d 44 42 6d 5a 55 70 7a 5a 47 4d 31 4f 57 6c 44 5a
              Data Ascii: Z2MDE1aXhCQU81ZFNuVFJWSlg5YjN1NHVZWCtKa0t6V21pdklQelJTbW5rZkhZTjFVL3YwKytveW1FVTNNVlVnWlp1ck13emtnZE5NTnFYV3EzWFpOeVdpdWxhZWVvcFBpYVpNZktqeEhPRkh0M0g3YWw2RnY0UmpKejBPTTZ0RUtxQWV6amRnV0pISjlGdWVGeXErUzhlU0ZqOVJqK21wTytYeTEwdEpTMUJpblpuazUwMDBmZUpzZGM1OWlDZ
              2025-02-17 09:32:15 UTC91INData Raw: 35 35 0d 0a 49 30 4d 6a 51 79 55 6a 35 6e 63 31 39 7a 63 33 41 39 5a 55 70 36 61 6a 52 30 56 6c 41 78 65 6d 4d 77 56 45 52 4e 64 33 4a 71 51 54 4a 79 52 57 38 79 57 56 42 55 61 55 73 34 63 46 42 54 61 54 42 78 56 57 4e 6f 53 58 70 4e 64 33 4a 55 63 54 42 46 51 55 6b 0d 0a
              Data Ascii: 55I0MjQyUj5nc19zc3A9ZUp6ajR0VlAxemMwVERNd3JqQTJyRW8yWVBUaUs4cFBTaTBxVWNoSXpNd3JUcTBFQUk
              2025-02-17 09:32:15 UTC367INData Raw: 31 36 38 0d 0a 35 52 55 4e 6c 61 33 41 47 63 41 63 5c 75 30 30 33 64 22 2c 22 7a 6c 22 3a 31 30 30 30 32 7d 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 65 76 65 6e 74 69 64 22 3a 22 2d 32 39 32 36 36 30 36 36 37 38 33 30 36 30 35 31 33 36 31 22 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 72 65 6c 65 76 61 6e 63 65 22 3a 5b 31 32 35 37 2c 31 32 35 36 2c 31 32 35 35 2c 31 32 35 34 2c 31 32 35 33 2c 31 32 35 32 2c 31 32 35 31 2c 31 32 35 30 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 73 75 62 74 79 70 65 73 22 3a 5b 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31
              Data Ascii: 1685RUNla3AGcAc\u003d","zl":10002}],"google:suggesteventid":"-2926606678306051361","google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,1
              2025-02-17 09:32:15 UTC5INData Raw: 30 0d 0a 0d 0a
              Data Ascii: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              3192.168.2.1656228172.217.18.44436720C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              2025-02-17 09:32:20 UTC609OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
              Host: www.google.com
              Connection: keep-alive
              X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQi5ys0BCMfRzQEIidPNAQjc080BCMvWzQEI9NbNAQiK180BCKfYzQEI+cDUFRi60s0BGMvYzQEY642lFw==
              Sec-Fetch-Site: none
              Sec-Fetch-Mode: no-cors
              Sec-Fetch-Dest: empty
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              Accept-Encoding: gzip, deflate, br
              Accept-Language: en-US,en;q=0.9
              2025-02-17 09:32:20 UTC1303INHTTP/1.1 200 OK
              Date: Mon, 17 Feb 2025 09:32:20 GMT
              Pragma: no-cache
              Expires: -1
              Cache-Control: no-cache, must-revalidate
              Content-Type: text/javascript; charset=UTF-8
              Strict-Transport-Security: max-age=31536000
              Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-2uNzvYIngu5YRwvrfCZ5dA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
              Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
              Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
              Accept-CH: Sec-CH-Prefers-Color-Scheme
              Accept-CH: Downlink
              Accept-CH: RTT
              Accept-CH: Sec-CH-UA-Form-Factors
              Accept-CH: Sec-CH-UA-Platform
              Accept-CH: Sec-CH-UA-Platform-Version
              Accept-CH: Sec-CH-UA-Full-Version
              Accept-CH: Sec-CH-UA-Arch
              Accept-CH: Sec-CH-UA-Model
              Accept-CH: Sec-CH-UA-Bitness
              Accept-CH: Sec-CH-UA-Full-Version-List
              Accept-CH: Sec-CH-UA-WoW64
              Permissions-Policy: unload=()
              Content-Disposition: attachment; filename="f.txt"
              Server: gws
              X-XSS-Protection: 0
              X-Frame-Options: SAMEORIGIN
              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
              Accept-Ranges: none
              Vary: Accept-Encoding
              Connection: close
              Transfer-Encoding: chunked
              2025-02-17 09:32:20 UTC87INData Raw: 66 36 30 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 76 6f 6c 63 61 6e 69 63 20 65 72 75 70 74 69 6f 6e 20 61 6c 61 73 6b 61 22 2c 22 68 61 6e 64 6d 61 69 64 73 22 2c 22 74 65 65 20 74 69 6d 65 73 20 72 6f 75 6e 64 20 33 20 67 65 6e 65 73 69 73 20 69 6e 76 69 74 61
              Data Ascii: f60)]}'["",["volcanic eruption alaska","handmaids","tee times round 3 genesis invita
              2025-02-17 09:32:20 UTC1390INData Raw: 74 69 6f 6e 61 6c 22 2c 22 75 6e 69 74 65 64 20 61 69 72 6c 69 6e 65 73 20 66 6c 69 67 68 74 20 65 6d 65 72 67 65 6e 63 79 20 6c 61 6e 64 69 6e 67 22 2c 22 6e 61 73 61 20 61 73 74 65 72 6f 69 64 20 68 69 74 74 69 6e 67 20 65 61 72 74 68 20 32 30 33 32 22 2c 22 78 6f 20 6b 69 74 74 79 20 73 65 61 73 6f 6e 20 33 20 6e 65 74 66 6c 69 78 22 2c 22 70 72 65 73 69 64 65 6e 74 73 20 64 61 79 20 32 30 32 35 20 66 65 64 65 72 61 6c 20 68 6f 6c 69 64 61 79 22 2c 22 70 65 6e 6e 20 73 74 61 74 65 20 76 73 20 6f 68 69 6f 20 73 74 61 74 65 20 77 72 65 73 74 6c 69 6e 67 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74
              Data Ascii: tional","united airlines flight emergency landing","nasa asteroid hitting earth 2032","xo kitty season 3 netflix","presidents day 2025 federal holiday","penn state vs ohio state wrestling"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"t
              2025-02-17 09:32:20 UTC1390INData Raw: 45 6c 36 63 33 6f 31 54 57 5a 47 62 6e 6c 69 64 33 6b 79 4e 6c 42 43 65 57 56 55 62 57 6f 31 51 30 70 53 64 45 56 69 59 6b 74 79 65 6d 70 33 62 6b 38 30 59 7a 68 6d 64 6c 4e 48 4d 45 31 34 65 47 4a 72 5a 32 4e 76 61 7a 68 56 4e 32 77 31 51 7a 52 56 5a 47 67 76 54 6b 78 54 4d 6d 4a 7a 61 69 74 73 64 6a 68 42 51 55 35 48 54 79 39 5a 4e 45 4e 30 61 6b 74 75 65 6e 42 73 4e 30 31 73 59 55 38 7a 4d 30 6c 53 64 45 78 69 52 44 46 57 64 58 67 76 59 58 46 73 4d 45 31 34 64 48 46 52 65 6b 5a 44 4d 30 4a 35 51 6d 35 75 53 6b 5a 4d 63 7a 4a 6a 52 32 63 7a 64 54 4a 4e 52 6d 70 72 5a 56 6b 32 4d 55 4e 74 62 57 70 54 64 47 4a 52 4e 31 5a 33 4b 32 5a 4a 51 54 56 76 62 33 56 74 52 47 78 6e 62 6b 64 34 64 45 4e 4a 62 48 64 34 53 6a 6c 4c 5a 57 4d 32 55 6b 51 79 4d 43 73 79
              Data Ascii: El6c3o1TWZGbnlid3kyNlBCeWVUbWo1Q0pSdEViYktyemp3bk80YzhmdlNHME14eGJrZ2NvazhVN2w1QzRVZGgvTkxTMmJzaitsdjhBQU5HTy9ZNEN0aktuenBsN01sYU8zM0lSdExiRDFWdXgvYXFsME14dHFRekZDM0J5Qm5uSkZMczJjR2czdTJNRmprZVk2MUNtbWpTdGJRN1Z3K2ZJQTVvb3VtRGxnbkd4dENJbHd4SjlLZWM2UkQyMCsy
              2025-02-17 09:32:20 UTC1076INData Raw: 34 53 6b 4a 47 53 7a 4a 53 59 33 63 76 52 55 49 7a 64 33 64 49 59 57 6c 52 56 56 68 55 4d 6b 4e 31 4e 55 6c 77 59 69 73 7a 61 44 41 76 56 56 64 74 56 6b 52 32 61 33 55 33 63 33 4e 4a 4e 43 39 53 55 57 55 7a 65 58 45 76 64 58 6c 54 59 58 5a 53 55 56 64 75 64 46 64 6b 53 30 4a 4c 64 6d 52 59 61 30 49 30 4f 46 4a 73 51 33 45 7a 4b 30 6b 32 4e 47 39 68 51 6b 56 30 5a 6a 45 72 56 46 5a 30 53 57 74 72 5a 54 46 46 59 56 4a 35 63 56 6c 74 57 6d 5a 70 53 46 68 4b 4b 31 68 55 4e 6c 5a 32 4f 45 46 47 65 48 6c 56 56 7a 4d 77 59 79 39 33 51 58 5a 4d 51 6e 70 54 61 6a 4a 52 4d 43 74 76 65 6e 6c 54 61 48 42 57 55 57 70 79 61 6e 70 76 63 57 46 42 64 55 78 53 61 6e 52 50 59 7a 68 71 54 30 74 48 65 48 46 34 61 6e 56 75 57 47 68 71 55 6a 46 69 51 6c 5a 70 52 47 63 35 51 31
              Data Ascii: 4SkJGSzJSY3cvRUIzd3dIYWlRVVhUMkN1NUlwYiszaDAvVVdtVkR2a3U3c3NJNC9SUWUzeXEvdXlTYXZSUVdudFdkS0JLdmRYa0I0OFJsQ3EzK0k2NG9hQkV0ZjErVFZ0SWtrZTFFYVJ5cVltWmZpSFhKK1hUNlZ2OEFGeHlVVzMwYy93QXZMQnpTajJRMCtvenlTaHBWUWpyanpvcWFBdUxSanRPYzhqT0tHeHF4anVuWGhqUjFiQlZpRGc5Q1
              2025-02-17 09:32:20 UTC5INData Raw: 30 0d 0a 0d 0a
              Data Ascii: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              4192.168.2.1656242172.217.18.44436720C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              2025-02-17 09:32:22 UTC656OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=beowu-fye.com&oit=3&cp=13&pgcl=4&gs_rn=42&psi=M2dVphHf0bJh_egF&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
              Host: www.google.com
              Connection: keep-alive
              X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQi5ys0BCMfRzQEIidPNAQjc080BCMvWzQEI9NbNAQiK180BCKfYzQEI+cDUFRi60s0BGMvYzQEY642lFw==
              Sec-Fetch-Site: none
              Sec-Fetch-Mode: no-cors
              Sec-Fetch-Dest: empty
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              Accept-Encoding: gzip, deflate, br
              Accept-Language: en-US,en;q=0.9
              2025-02-17 09:32:22 UTC1303INHTTP/1.1 200 OK
              Date: Mon, 17 Feb 2025 09:32:22 GMT
              Pragma: no-cache
              Expires: -1
              Cache-Control: no-cache, must-revalidate
              Content-Type: text/javascript; charset=UTF-8
              Strict-Transport-Security: max-age=31536000
              Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-rp33XwkSfX4OTOSmf0MYbQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
              Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
              Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
              Accept-CH: Sec-CH-Prefers-Color-Scheme
              Accept-CH: Downlink
              Accept-CH: RTT
              Accept-CH: Sec-CH-UA-Form-Factors
              Accept-CH: Sec-CH-UA-Platform
              Accept-CH: Sec-CH-UA-Platform-Version
              Accept-CH: Sec-CH-UA-Full-Version
              Accept-CH: Sec-CH-UA-Arch
              Accept-CH: Sec-CH-UA-Model
              Accept-CH: Sec-CH-UA-Bitness
              Accept-CH: Sec-CH-UA-Full-Version-List
              Accept-CH: Sec-CH-UA-WoW64
              Permissions-Policy: unload=()
              Content-Disposition: attachment; filename="f.txt"
              Server: gws
              X-XSS-Protection: 0
              X-Frame-Options: SAMEORIGIN
              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
              Accept-Ranges: none
              Vary: Accept-Encoding
              Connection: close
              Transfer-Encoding: chunked
              2025-02-17 09:32:22 UTC87INData Raw: 66 32 0d 0a 29 5d 7d 27 0a 5b 22 62 65 6f 77 75 2d 66 79 65 2e 63 6f 6d 22 2c 5b 22 68 74 74 70 3a 2f 2f 62 65 6f 77 75 2d 66 79 65 2e 63 6f 6d 22 5d 2c 5b 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a
              Data Ascii: f2)]}'["beowu-fye.com",["http://beowu-fye.com"],[""],[],{"google:clientdata":{"bpc":
              2025-02-17 09:32:22 UTC161INData Raw: 66 61 6c 73 65 2c 22 70 72 65 22 3a 30 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 72 65 6c 65 76 61 6e 63 65 22 3a 5b 38 35 32 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 73 75 62 74 79 70 65 73 22 3a 5b 5b 34 34 5d 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 74 79 70 65 22 3a 5b 22 4e 41 56 49 47 41 54 49 4f 4e 22 5d 2c 22 67 6f 6f 67 6c 65 3a 76 65 72 62 61 74 69 6d 72 65 6c 65 76 61 6e 63 65 22 3a 38 35 31 7d 5d 0d 0a
              Data Ascii: false,"pre":0,"tlw":false},"google:suggestrelevance":[852],"google:suggestsubtypes":[[44]],"google:suggesttype":["NAVIGATION"],"google:verbatimrelevance":851}]
              2025-02-17 09:32:22 UTC5INData Raw: 30 0d 0a 0d 0a
              Data Ascii: 0


              Statistics

              CPU Usage

              050100s020406080100

              Click to jump to process

              Memory Usage

              050100s0.0050100MB

              Click to jump to process

              Behavior

              Click to jump to process

              System Behavior

              General

              Target ID:0
              Start time:04:31:59
              Start date:17/02/2025
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
              Imagebase:0x7ff7f9810000
              File size:3'242'272 bytes
              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:false
              Show Windows behavior

              File Activities

              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              Show Windows behavior

              Process Activities

              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              Show Windows behavior

              Memory Activities

              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              Show Windows behavior

              Process Token Activities


              General

              Target ID:1
              Start time:04:31:59
              Start date:17/02/2025
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1972,i,14031306418187052657,1454622538581178170,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
              Imagebase:0x7ff7f9810000
              File size:3'242'272 bytes
              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:false
              Show Windows behavior

              File Activities

              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              Show Windows behavior

              Memory Activities


              General

              Target ID:3
              Start time:04:32:00
              Start date:17/02/2025
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://beowu-fye.com"
              Imagebase:0x7ff7f9810000
              File size:3'242'272 bytes
              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:true
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

              Disassembly

              No disassembly