Edit tour

Windows Analysis Report
https://kcs-sushi.top

Overview

General Information

Sample URL:https://kcs-sushi.top
Analysis ID:1642967
Tags:tweetfeed
Infos:
Errors
  • URL not reachable

Detection

Score:48
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected non-DNS traffic on DNS port

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • chrome.exe (PID: 6652 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 6984 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2032,i,8337157378305848207,2989372051130994845,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2064 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 7588 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2032,i,8337157378305848207,2989372051130994845,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=4988 /prefetch:8 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 7784 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://kcs-sushi.top" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: https://kcs-sushi.topAvira URL Cloud: detection malicious, Label: phishing
Source: unknownHTTPS traffic detected: 142.250.186.164:443 -> 192.168.2.5:49724 version: TLS 1.2
Source: global trafficTCP traffic: 192.168.2.5:60218 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.5:57329 -> 162.159.36.2:53
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.77.188
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.77.188
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.77.188
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.185.99
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.185.99
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.96.83
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.77.188
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiJo8sBCIWgzQEI9s/OAQiA1s4BCMHYzgEI0uDOAQiv5M4BCOLkzgEIi+XOAQ==Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: kcs-sushi.top
Source: global trafficDNS traffic detected: DNS query: 198.187.3.20.in-addr.arpa
Source: unknownNetwork traffic detected: HTTP traffic on port 60226 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60227 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57337
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57338
Source: unknownNetwork traffic detected: HTTP traffic on port 57338 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57337 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60227
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60226
Source: unknownHTTPS traffic detected: 142.250.186.164:443 -> 192.168.2.5:49724 version: TLS 1.2
Source: classification engineClassification label: mal48.win@25/2@6/3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2032,i,8337157378305848207,2989372051130994845,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2064 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2032,i,8337157378305848207,2989372051130994845,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=4988 /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://kcs-sushi.top"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2032,i,8337157378305848207,2989372051130994845,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2064 /prefetch:3Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2032,i,8337157378305848207,2989372051130994845,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=4988 /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection
1
Process Injection
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer
Traffic DuplicationData Destruction
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1642967 URL: https://kcs-sushi.top Startdate: 19/03/2025 Architecture: WINDOWS Score: 48 17 kcs-sushi.top 2->17 19 198.187.3.20.in-addr.arpa 2->19 27 Antivirus / Scanner detection for submitted sample 2->27 7 chrome.exe 2->7         started        10 chrome.exe 2->10         started        signatures3 process4 dnsIp5 21 192.168.2.5, 443, 49690, 49691 unknown unknown 7->21 12 chrome.exe 7->12         started        15 chrome.exe 7->15         started        process6 dnsIp7 23 www.google.com 142.250.186.164, 443, 49724 GOOGLEUS United States 12->23 25 kcs-sushi.top 107.172.5.158, 443, 49725, 49726 AS-COLOCROSSINGUS United States 12->25

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
https://kcs-sushi.top100%Avira URL Cloudphishing
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
kcs-sushi.top
107.172.5.158
truefalse
    unknown
    www.google.com
    142.250.186.164
    truefalse
      high
      198.187.3.20.in-addr.arpa
      unknown
      unknownfalse
        high
        NameMaliciousAntivirus DetectionReputation
        https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhEfalse
          high
          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs
          IPDomainCountryFlagASNASN NameMalicious
          142.250.186.164
          www.google.comUnited States
          15169GOOGLEUSfalse
          107.172.5.158
          kcs-sushi.topUnited States
          36352AS-COLOCROSSINGUSfalse
          IP
          192.168.2.5
          Joe Sandbox version:42.0.0 Malachite
          Analysis ID:1642967
          Start date and time:2025-03-19 12:56:38 +01:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:0h 2m 30s
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:browseurl.jbs
          Sample URL:https://kcs-sushi.top
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:10
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Detection:MAL
          Classification:mal48.win@25/2@6/3
          EGA Information:Failed
          HCA Information:
          • Successful, ratio: 100%
          • Number of executed functions: 0
          • Number of non-executed functions: 0
          Cookbook Comments:
          • URL browsing timeout or error
          • URL not reachable
          • Exclude process from analysis (whitelisted): audiodg.exe, BackgroundTransferHost.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
          • Excluded IPs from analysis (whitelisted): 23.199.214.10, 142.250.185.195, 142.250.186.46, 142.250.185.142, 66.102.1.84, 216.58.206.46, 142.250.186.110, 142.250.185.110, 172.217.133.233, 142.250.186.163, 20.109.210.53, 20.199.58.43, 150.171.28.10, 20.3.187.198, 4.175.87.197
          • Excluded domains from analysis (whitelisted): r4---sn-4g5edndr.gvt1.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, clientservices.googleapis.com, g.bing.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, e16604.dscf.akamaiedge.net, arc.msn.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, redirector.gvt1.com, r4.sn-4g5edndr.gvt1.com, clients.l.google.com, www.gstatic.com, prod.fs.microsoft.com.akadns.net
          • Not all processes where analyzed, report is missing behavior information
          • Report size getting too big, too many NtOpenFile calls found.
          • VT rate limit hit for: https://kcs-sushi.top
          No simulations
          No context
          No context
          No context
          No context
          No context
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:Unicode text, UTF-8 text, with very long lines (9397)
          Category:downloaded
          Size (bytes):9403
          Entropy (8bit):5.752532981253593
          Encrypted:false
          SSDEEP:192:lG2LN6666VvmQr2gq/hG3tN6666Vy0URZJZN6666mh3GVrB3g+mCHWuE9R:lG2x6666lr2gqYH6666lU7R6666GNpu0
          MD5:AB12D3217CB82F672023B535DB2D3077
          SHA1:F9A8F9D1A83511A7C2D41E56EE19FED0A9633983
          SHA-256:BF77014288D96963C228F5747F13C97D01CA8535665C1B73991D5914152A742C
          SHA-512:8AB419A0E134BFA63C182F01287C8BDB3150D352357A75FE336A3F8664D716CEF406386B1D2047730D98F8EAB368135839C52843857921B7CA629B81385DCEB7
          Malicious:false
          Reputation:low
          URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE
          Preview:)]}'.["",["lkw unfall mittlerer ring m.nchen","creed shadows test","steffi graf","dbv tarifvertrag genossenschaftsbanken","john cena wwe","tennis","steyr motors aktien","becoming led zeppelin"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"CiAIkk4SGwoXVHJlbmRzIGJlaSBTdWNoYW5mcmFnZW4oCg\u003d\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"google:entityinfo":"CgkvbS8wMTV5M3cSGERldXRzY2hlIFRlbm5pc3NwaWVsZXJpbjKvD2RhdGE6aW1hZ2UvanBlZztiYXNlNjQsLzlqLzRBQVFTa1pKUmdBQkFRQUFBUUFCQUFELzJ3Q0VBQWtHQndnSEJna0lCd2dLQ2drTERSWVBEUXdNRFJzVUZSQVdJQjBpSWlBZEh4OGtLRFFzSkNZeEp4OGZMVDB0TVRVM09qbzZJeXMvUkQ4NFF6UTVPamNCQ2dvS0RRd05HZzhQR2pjbEh5VTNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTi8vQUFCRUlBRUFBUUFNQklnQUNFUUVERVFIL3hBQWNBQUFDQWdNQkFRQUFBQUFBQUFBQUFBQUdCd1FGQWdNSUFRRC94QUEyRUFBQ0FRTURBUVlEQndJSEFBQUFBQUFCQWdNRUJSRUFFaUVHRXpGQlVXRnhNb0dSQnhRaUk3SEIwUldoTTFOaWM1TGg4UC9FQUJnQkFBTUJBUUFBQUFBQUFBQUFB
          No static file info

          Download Network PCAP: filteredfull

          • Total Packets: 75
          • 443 (HTTPS)
          • 80 (HTTP)
          • 53 (DNS)
          TimestampSource PortDest PortSource IPDest IP
          Mar 19, 2025 12:57:27.485217094 CET4967980192.168.2.52.23.77.188
          Mar 19, 2025 12:57:28.720057964 CET49676443192.168.2.520.189.173.14
          Mar 19, 2025 12:57:29.032104015 CET49676443192.168.2.520.189.173.14
          Mar 19, 2025 12:57:29.641452074 CET49676443192.168.2.520.189.173.14
          Mar 19, 2025 12:57:29.688330889 CET49672443192.168.2.5204.79.197.203
          Mar 19, 2025 12:57:30.844583988 CET49676443192.168.2.520.189.173.14
          Mar 19, 2025 12:57:32.297765970 CET4967980192.168.2.52.23.77.188
          Mar 19, 2025 12:57:33.251107931 CET49676443192.168.2.520.189.173.14
          Mar 19, 2025 12:57:38.188153982 CET49676443192.168.2.520.189.173.14
          Mar 19, 2025 12:57:39.297774076 CET49672443192.168.2.5204.79.197.203
          Mar 19, 2025 12:57:41.041927099 CET49724443192.168.2.5142.250.186.164
          Mar 19, 2025 12:57:41.041976929 CET44349724142.250.186.164192.168.2.5
          Mar 19, 2025 12:57:41.042092085 CET49724443192.168.2.5142.250.186.164
          Mar 19, 2025 12:57:41.042234898 CET49724443192.168.2.5142.250.186.164
          Mar 19, 2025 12:57:41.042248011 CET44349724142.250.186.164192.168.2.5
          Mar 19, 2025 12:57:41.078036070 CET44349724142.250.186.164192.168.2.5
          Mar 19, 2025 12:57:41.078111887 CET49724443192.168.2.5142.250.186.164
          Mar 19, 2025 12:57:41.079392910 CET49724443192.168.2.5142.250.186.164
          Mar 19, 2025 12:57:41.079646111 CET44349724142.250.186.164192.168.2.5
          Mar 19, 2025 12:57:41.126012087 CET49724443192.168.2.5142.250.186.164
          Mar 19, 2025 12:57:41.907267094 CET4967980192.168.2.52.23.77.188
          Mar 19, 2025 12:57:42.695513010 CET49725443192.168.2.5107.172.5.158
          Mar 19, 2025 12:57:42.695559978 CET44349725107.172.5.158192.168.2.5
          Mar 19, 2025 12:57:42.695838928 CET49726443192.168.2.5107.172.5.158
          Mar 19, 2025 12:57:42.695867062 CET44349726107.172.5.158192.168.2.5
          Mar 19, 2025 12:57:42.695877075 CET49725443192.168.2.5107.172.5.158
          Mar 19, 2025 12:57:42.695930004 CET49726443192.168.2.5107.172.5.158
          Mar 19, 2025 12:57:42.696131945 CET49725443192.168.2.5107.172.5.158
          Mar 19, 2025 12:57:42.696145058 CET44349725107.172.5.158192.168.2.5
          Mar 19, 2025 12:57:42.696315050 CET49726443192.168.2.5107.172.5.158
          Mar 19, 2025 12:57:42.696324110 CET44349726107.172.5.158192.168.2.5
          Mar 19, 2025 12:57:44.066221952 CET6021853192.168.2.51.1.1.1
          Mar 19, 2025 12:57:44.071187019 CET53602181.1.1.1192.168.2.5
          Mar 19, 2025 12:57:44.071290016 CET6021853192.168.2.51.1.1.1
          Mar 19, 2025 12:57:44.071341991 CET6021853192.168.2.51.1.1.1
          Mar 19, 2025 12:57:44.076606989 CET53602181.1.1.1192.168.2.5
          Mar 19, 2025 12:57:44.089463949 CET53602181.1.1.1192.168.2.5
          Mar 19, 2025 12:57:44.133791924 CET6021853192.168.2.51.1.1.1
          Mar 19, 2025 12:57:44.255923033 CET6021853192.168.2.51.1.1.1
          Mar 19, 2025 12:57:44.263060093 CET53602181.1.1.1192.168.2.5
          Mar 19, 2025 12:57:44.263143063 CET6021853192.168.2.51.1.1.1
          Mar 19, 2025 12:57:45.811691999 CET49724443192.168.2.5142.250.186.164
          Mar 19, 2025 12:57:45.852356911 CET44349724142.250.186.164192.168.2.5
          Mar 19, 2025 12:57:45.854021072 CET44349724142.250.186.164192.168.2.5
          Mar 19, 2025 12:57:45.854075909 CET44349724142.250.186.164192.168.2.5
          Mar 19, 2025 12:57:45.854105949 CET44349724142.250.186.164192.168.2.5
          Mar 19, 2025 12:57:45.854134083 CET49724443192.168.2.5142.250.186.164
          Mar 19, 2025 12:57:45.854136944 CET44349724142.250.186.164192.168.2.5
          Mar 19, 2025 12:57:45.854156017 CET44349724142.250.186.164192.168.2.5
          Mar 19, 2025 12:57:45.854178905 CET49724443192.168.2.5142.250.186.164
          Mar 19, 2025 12:57:45.854193926 CET44349724142.250.186.164192.168.2.5
          Mar 19, 2025 12:57:45.854224920 CET44349724142.250.186.164192.168.2.5
          Mar 19, 2025 12:57:45.854235888 CET49724443192.168.2.5142.250.186.164
          Mar 19, 2025 12:57:45.854243040 CET44349724142.250.186.164192.168.2.5
          Mar 19, 2025 12:57:45.854300976 CET49724443192.168.2.5142.250.186.164
          Mar 19, 2025 12:57:45.854305029 CET44349724142.250.186.164192.168.2.5
          Mar 19, 2025 12:57:45.856829882 CET44349724142.250.186.164192.168.2.5
          Mar 19, 2025 12:57:45.856889963 CET49724443192.168.2.5142.250.186.164
          Mar 19, 2025 12:57:45.857599020 CET49724443192.168.2.5142.250.186.164
          Mar 19, 2025 12:57:45.857623100 CET44349724142.250.186.164192.168.2.5
          Mar 19, 2025 12:57:47.789028883 CET49676443192.168.2.520.189.173.14
          Mar 19, 2025 12:57:58.799494982 CET44349726107.172.5.158192.168.2.5
          Mar 19, 2025 12:57:58.799523115 CET44349725107.172.5.158192.168.2.5
          Mar 19, 2025 12:57:58.799590111 CET49726443192.168.2.5107.172.5.158
          Mar 19, 2025 12:57:58.799614906 CET49725443192.168.2.5107.172.5.158
          Mar 19, 2025 12:57:58.799782038 CET49726443192.168.2.5107.172.5.158
          Mar 19, 2025 12:57:58.799803972 CET44349726107.172.5.158192.168.2.5
          Mar 19, 2025 12:57:58.800401926 CET60226443192.168.2.5107.172.5.158
          Mar 19, 2025 12:57:58.800450087 CET44360226107.172.5.158192.168.2.5
          Mar 19, 2025 12:57:58.800559998 CET60226443192.168.2.5107.172.5.158
          Mar 19, 2025 12:57:58.800678015 CET49725443192.168.2.5107.172.5.158
          Mar 19, 2025 12:57:58.800698996 CET44349725107.172.5.158192.168.2.5
          Mar 19, 2025 12:57:58.800899982 CET60227443192.168.2.5107.172.5.158
          Mar 19, 2025 12:57:58.800944090 CET44360227107.172.5.158192.168.2.5
          Mar 19, 2025 12:57:58.801106930 CET60226443192.168.2.5107.172.5.158
          Mar 19, 2025 12:57:58.801119089 CET44360226107.172.5.158192.168.2.5
          Mar 19, 2025 12:57:58.801568031 CET60227443192.168.2.5107.172.5.158
          Mar 19, 2025 12:57:58.801568031 CET60227443192.168.2.5107.172.5.158
          Mar 19, 2025 12:57:58.801601887 CET44360227107.172.5.158192.168.2.5
          Mar 19, 2025 12:58:04.026983976 CET5732953192.168.2.5162.159.36.2
          Mar 19, 2025 12:58:04.032098055 CET5357329162.159.36.2192.168.2.5
          Mar 19, 2025 12:58:04.032716990 CET5732953192.168.2.5162.159.36.2
          Mar 19, 2025 12:58:04.037652016 CET5357329162.159.36.2192.168.2.5
          Mar 19, 2025 12:58:04.049081087 CET5732953192.168.2.5162.159.36.2
          Mar 19, 2025 12:58:04.054574013 CET5357329162.159.36.2192.168.2.5
          Mar 19, 2025 12:58:04.054719925 CET5732953192.168.2.5162.159.36.2
          Mar 19, 2025 12:58:14.848213911 CET44360227107.172.5.158192.168.2.5
          Mar 19, 2025 12:58:14.848432064 CET60227443192.168.2.5107.172.5.158
          Mar 19, 2025 12:58:14.848778009 CET60227443192.168.2.5107.172.5.158
          Mar 19, 2025 12:58:14.848799944 CET44360227107.172.5.158192.168.2.5
          Mar 19, 2025 12:58:14.858038902 CET44360226107.172.5.158192.168.2.5
          Mar 19, 2025 12:58:14.858180046 CET60226443192.168.2.5107.172.5.158
          Mar 19, 2025 12:58:14.882395029 CET60226443192.168.2.5107.172.5.158
          Mar 19, 2025 12:58:14.882426977 CET44360226107.172.5.158192.168.2.5
          Mar 19, 2025 12:58:16.083921909 CET57337443192.168.2.5107.172.5.158
          Mar 19, 2025 12:58:16.083973885 CET44357337107.172.5.158192.168.2.5
          Mar 19, 2025 12:58:16.084033012 CET57337443192.168.2.5107.172.5.158
          Mar 19, 2025 12:58:16.084495068 CET57338443192.168.2.5107.172.5.158
          Mar 19, 2025 12:58:16.084522009 CET44357338107.172.5.158192.168.2.5
          Mar 19, 2025 12:58:16.084570885 CET57338443192.168.2.5107.172.5.158
          Mar 19, 2025 12:58:16.084737062 CET57337443192.168.2.5107.172.5.158
          Mar 19, 2025 12:58:16.084767103 CET44357337107.172.5.158192.168.2.5
          Mar 19, 2025 12:58:16.084856033 CET57338443192.168.2.5107.172.5.158
          Mar 19, 2025 12:58:16.084872007 CET44357338107.172.5.158192.168.2.5
          Mar 19, 2025 12:58:18.862689018 CET4969180192.168.2.5142.250.185.99
          Mar 19, 2025 12:58:18.862886906 CET4969080192.168.2.5199.232.214.172
          Mar 19, 2025 12:58:18.864464045 CET4969280192.168.2.5199.232.214.172
          Mar 19, 2025 12:58:18.870147943 CET8049691142.250.185.99192.168.2.5
          Mar 19, 2025 12:58:18.870166063 CET8049690199.232.214.172192.168.2.5
          Mar 19, 2025 12:58:18.870230913 CET4969180192.168.2.5142.250.185.99
          Mar 19, 2025 12:58:18.870235920 CET4969080192.168.2.5199.232.214.172
          Mar 19, 2025 12:58:18.870413065 CET8049692199.232.214.172192.168.2.5
          Mar 19, 2025 12:58:18.873126030 CET4969280192.168.2.5199.232.214.172
          Mar 19, 2025 12:58:19.947590113 CET49699443192.168.2.52.19.96.83
          Mar 19, 2025 12:58:19.947768927 CET4970080192.168.2.52.23.77.188
          TimestampSource PortDest PortSource IPDest IP
          Mar 19, 2025 12:57:36.760631084 CET53644261.1.1.1192.168.2.5
          Mar 19, 2025 12:57:36.855021000 CET53574731.1.1.1192.168.2.5
          Mar 19, 2025 12:57:36.950193882 CET53611201.1.1.1192.168.2.5
          Mar 19, 2025 12:57:41.033448935 CET5899653192.168.2.51.1.1.1
          Mar 19, 2025 12:57:41.033633947 CET5263453192.168.2.51.1.1.1
          Mar 19, 2025 12:57:41.040740967 CET53526341.1.1.1192.168.2.5
          Mar 19, 2025 12:57:41.040764093 CET53589961.1.1.1192.168.2.5
          Mar 19, 2025 12:57:42.661685944 CET5794753192.168.2.51.1.1.1
          Mar 19, 2025 12:57:42.665462971 CET5752253192.168.2.51.1.1.1
          Mar 19, 2025 12:57:42.675658941 CET53579471.1.1.1192.168.2.5
          Mar 19, 2025 12:57:42.817914963 CET53575221.1.1.1192.168.2.5
          Mar 19, 2025 12:57:44.020482063 CET53544361.1.1.1192.168.2.5
          Mar 19, 2025 12:58:04.026424885 CET5360587162.159.36.2192.168.2.5
          Mar 19, 2025 12:58:04.097851992 CET5948453192.168.2.51.1.1.1
          Mar 19, 2025 12:58:04.108083963 CET53594841.1.1.1192.168.2.5
          Mar 19, 2025 12:58:15.893728018 CET6255953192.168.2.51.1.1.1
          Mar 19, 2025 12:58:16.082468033 CET53625591.1.1.1192.168.2.5
          TimestampSource IPDest IPChecksumCodeType
          Mar 19, 2025 12:57:42.818025112 CET192.168.2.51.1.1.1c224(Port unreachable)Destination Unreachable
          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
          Mar 19, 2025 12:57:41.033448935 CET192.168.2.51.1.1.10xdabaStandard query (0)www.google.comA (IP address)IN (0x0001)false
          Mar 19, 2025 12:57:41.033633947 CET192.168.2.51.1.1.10xff6fStandard query (0)www.google.com65IN (0x0001)false
          Mar 19, 2025 12:57:42.661685944 CET192.168.2.51.1.1.10x3022Standard query (0)kcs-sushi.topA (IP address)IN (0x0001)false
          Mar 19, 2025 12:57:42.665462971 CET192.168.2.51.1.1.10xd2b0Standard query (0)kcs-sushi.top65IN (0x0001)false
          Mar 19, 2025 12:58:04.097851992 CET192.168.2.51.1.1.10xe576Standard query (0)198.187.3.20.in-addr.arpaPTR (Pointer record)IN (0x0001)false
          Mar 19, 2025 12:58:15.893728018 CET192.168.2.51.1.1.10x49cdStandard query (0)kcs-sushi.topA (IP address)IN (0x0001)false
          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
          Mar 19, 2025 12:57:41.040740967 CET1.1.1.1192.168.2.50xff6fNo error (0)www.google.com65IN (0x0001)false
          Mar 19, 2025 12:57:41.040764093 CET1.1.1.1192.168.2.50xdabaNo error (0)www.google.com142.250.186.164A (IP address)IN (0x0001)false
          Mar 19, 2025 12:57:42.675658941 CET1.1.1.1192.168.2.50x3022No error (0)kcs-sushi.top107.172.5.158A (IP address)IN (0x0001)false
          Mar 19, 2025 12:58:04.108083963 CET1.1.1.1192.168.2.50xe576Name error (3)198.187.3.20.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
          Mar 19, 2025 12:58:16.082468033 CET1.1.1.1192.168.2.50x49cdNo error (0)kcs-sushi.top107.172.5.158A (IP address)IN (0x0001)false
          • www.google.com
          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          0192.168.2.549724142.250.186.1644436984C:\Program Files\Google\Chrome\Application\chrome.exe
          TimestampBytes transferredDirectionData
          2025-03-19 11:57:45 UTC575OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1
          Host: www.google.com
          Connection: keep-alive
          X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiJo8sBCIWgzQEI9s/OAQiA1s4BCMHYzgEI0uDOAQiv5M4BCOLkzgEIi+XOAQ==
          Sec-Fetch-Site: none
          Sec-Fetch-Mode: no-cors
          Sec-Fetch-Dest: empty
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
          Accept-Encoding: gzip, deflate, br, zstd
          Accept-Language: en-US,en;q=0.9
          2025-03-19 11:57:45 UTC1303INHTTP/1.1 200 OK
          Date: Wed, 19 Mar 2025 11:57:45 GMT
          Pragma: no-cache
          Expires: -1
          Cache-Control: no-cache, must-revalidate
          Content-Type: text/javascript; charset=UTF-8
          Strict-Transport-Security: max-age=31536000
          Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-DRHg6xo_a3eS8hhYvXAvcg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
          Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
          Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
          Accept-CH: Sec-CH-Prefers-Color-Scheme
          Accept-CH: Downlink
          Accept-CH: RTT
          Accept-CH: Sec-CH-UA-Form-Factors
          Accept-CH: Sec-CH-UA-Platform
          Accept-CH: Sec-CH-UA-Platform-Version
          Accept-CH: Sec-CH-UA-Full-Version
          Accept-CH: Sec-CH-UA-Arch
          Accept-CH: Sec-CH-UA-Model
          Accept-CH: Sec-CH-UA-Bitness
          Accept-CH: Sec-CH-UA-Full-Version-List
          Accept-CH: Sec-CH-UA-WoW64
          Permissions-Policy: unload=()
          Content-Disposition: attachment; filename="f.txt"
          Server: gws
          X-XSS-Protection: 0
          X-Frame-Options: SAMEORIGIN
          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
          Accept-Ranges: none
          Vary: Accept-Encoding
          Connection: close
          Transfer-Encoding: chunked
          2025-03-19 11:57:45 UTC75INData Raw: 31 66 34 35 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 6c 6b 77 20 75 6e 66 61 6c 6c 20 6d 69 74 74 6c 65 72 65 72 20 72 69 6e 67 20 6d c3 bc 6e 63 68 65 6e 22 2c 22 63 72 65 65 64 20 73 68 61 64 6f 77 73 20 74 65 73 74 22 2c 22
          Data Ascii: 1f45)]}'["",["lkw unfall mittlerer ring mnchen","creed shadows test","
          2025-03-19 11:57:45 UTC1378INData Raw: 73 74 65 66 66 69 20 67 72 61 66 22 2c 22 64 62 76 20 74 61 72 69 66 76 65 72 74 72 61 67 20 67 65 6e 6f 73 73 65 6e 73 63 68 61 66 74 73 62 61 6e 6b 65 6e 22 2c 22 6a 6f 68 6e 20 63 65 6e 61 20 77 77 65 22 2c 22 74 65 6e 6e 69 73 22 2c 22 73 74 65 79 72 20 6d 6f 74 6f 72 73 20 61 6b 74 69 65 6e 22 2c 22 62 65 63 6f 6d 69 6e 67 20 6c 65 64 20 7a 65 70 70 65 6c 69 6e 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 69 41 49 6b 6b 34 53 47 77 6f 58 56 48 4a 6c 62 6d 52 7a 49 47 4a 6c 61 53 42 54 64 57 4e 6f
          Data Ascii: steffi graf","dbv tarifvertrag genossenschaftsbanken","john cena wwe","tennis","steyr motors aktien","becoming led zeppelin"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"CiAIkk4SGwoXVHJlbmRzIGJlaSBTdWNo
          2025-03-19 11:57:45 UTC1378INData Raw: 55 5a 31 4a 35 4d 44 51 76 4d 32 4d 76 63 48 42 73 5a 6c 6f 35 4d 55 78 4b 56 6e 42 4d 55 6a 4e 48 64 47 68 73 5a 46 41 34 51 55 52 4c 63 56 5a 44 4c 7a 5a 6a 62 6e 59 34 51 56 51 79 54 33 52 7a 61 33 5a 44 51 53 74 4e 5a 47 39 77 64 54 6c 45 56 44 4e 78 4d 6c 5a 4f 64 58 46 56 57 58 68 36 62 31 5a 4b 64 30 39 45 4e 45 56 6c 65 44 55 78 65 6c 52 6b 59 6c 5a 4f 55 6a 4e 4b 63 55 4e 6b 59 31 5a 47 55 45 39 56 54 32 56 4e 4e 44 45 78 53 6e 5a 71 57 57 74 69 64 56 49 7a 4e 6c 52 6d 4d 6a 4e 58 52 30 6c 57 62 46 42 6b 59 57 4e 7a 63 33 4d 32 62 45 70 42 5a 33 68 6e 63 6a 4e 4f 62 6e 6f 31 64 32 5a 73 62 33 46 57 61 30 68 30 62 30 4e 79 62 45 35 55 56 58 6c 53 63 45 5a 4c 56 6c 6c 69 63 33 5a 47 63 30 56 6d 63 55 52 76 63 7a 5a 4c 56 6c 68 73 54 48 6c 4c 53 6c
          Data Ascii: UZ1J5MDQvM2MvcHBsZlo5MUxKVnBMUjNHdGhsZFA4QURLcVZDLzZjbnY4QVQyT3Rza3ZDQStNZG9wdTlEVDNxMlZOdXFVWXh6b1ZKd09ENEVleDUxelRkYlZOUjNKcUNkY1ZGUE9VT2VNNDExSnZqWWtidVIzNlRmMjNXR0lWbFBkYWNzc3M2bEpBZ3hncjNObno1d2Zsb3FWa0h0b0NybE5UVXlScEZLVllic3ZGc0VmcURvczZLVlhsTHlLSl
          2025-03-19 11:57:45 UTC1378INData Raw: 56 56 52 51 6c 41 32 4d 56 64 34 4e 54 56 61 56 47 74 71 65 6c 5a 32 4b 33 70 78 55 46 64 53 56 45 70 4a 59 30 30 79 55 46 46 68 61 56 64 47 56 6b 4a 4d 55 57 6c 68 64 48 55 78 53 33 4a 78 53 31 4e 4e 59 6e 4e 5a 52 30 4a 78 61 7a 5a 76 56 58 70 58 52 54 67 31 57 6e 42 76 65 57 59 72 55 54 46 75 55 56 56 36 51 31 42 45 63 57 52 34 4e 58 6c 6b 57 6a 4d 30 63 55 74 50 52 30 52 4a 53 6b 31 6e 57 57 6f 79 4e 53 39 59 52 33 55 32 65 58 56 31 64 32 4a 56 64 54 56 52 65 46 68 44 65 58 52 55 65 55 74 54 56 57 70 45 54 47 64 6a 5a 7a 52 43 4d 48 4e 78 65 54 4a 36 55 6c 4d 76 62 55 78 6e 4e 53 74 49 56 45 31 30 4e 31 4a 43 55 57 78 54 4d 30 78 45 62 6b 68 50 54 30 39 4f 56 6d 35 58 56 6d 74 77 4e 47 46 33 64 6a 4a 55 54 58 4a 4a 54 6e 4e 6e 4e 54 67 34 4e 45 68 73
          Data Ascii: VVRQlA2MVd4NTVaVGtqelZ2K3pxUFdSVEpJY00yUFFhaVdGVkJMUWlhdHUxS3JxS1NNYnNZR0JxazZvVXpXRTg1WnBveWYrUTFuUVV6Q1BEcWR4NXlkWjM0cUtPR0RJSk1nWWoyNS9YR3U2eXV1d2JVdTVReFhDeXRUeUtTVWpETGdjZzRCMHNxeTJ6UlMvbUxnNStIVE10N1JCUWxTM0xEbkhPT09OVm5XVmtwNGF3djJUTXJJTnNnNTg4NEhs
          2025-03-19 11:57:45 UTC1378INData Raw: 64 35 4d 6d 51 77 63 32 52 34 64 54 49 34 64 31 4e 6a 4f 48 45 79 64 47 31 36 54 45 70 72 64 44 46 4c 62 46 4e 70 64 31 56 73 57 48 56 47 4d 43 73 77 59 31 56 58 4d 45 56 6e 51 6d 70 35 63 6c 6c 51 61 55 4a 36 4c 33 56 4c 62 7a 42 56 4e 46 4e 33 64 6b 5a 47 63 7a 64 6e 4e 32 56 35 5a 48 4e 71 65 45 74 71 63 44 6c 68 52 6d 49 35 52 45 4e 57 5a 6d 4e 55 59 33 4a 5a 4e 32 6f 7a 61 56 52 35 63 54 5a 44 62 30 46 48 54 57 31 73 56 44 68 76 59 6d 30 79 61 31 46 30 57 58 68 79 52 57 5a 6b 4d 33 70 4c 53 47 4e 6c 61 54 56 35 59 55 74 36 59 58 55 34 62 57 74 30 5a 56 64 54 57 54 4e 71 51 32 51 7a 53 6b 49 35 55 6c 4e 6a 62 32 4a 44 52 6e 6f 33 61 45 63 77 61 47 5a 48 63 30 51 35 63 45 39 74 62 54 49 78 5a 56 52 49 5a 46 56 71 53 54 56 6a 61 6d 31 30 55 6e 4e 79 65
          Data Ascii: d5MmQwc2R4dTI4d1NjOHEydG16TEprdDFLbFNpd1VsWHVGMCswY1VXMEVnQmp5cllQaUJ6L3VLbzBVNFN3dkZGczdnN2V5ZHNqeEtqcDlhRmI5RENWZmNUY3JZN2ozaVR5cTZDb0FHTW1sVDhvYm0ya1F0WXhyRWZkM3pLSGNlaTV5YUt6YXU4bWt0ZVdTWTNqQ2QzSkI5UlNjb2JDRno3aEcwaGZHc0Q5cE9tbTIxZVRIZFVqSTVjam10UnNye
          2025-03-19 11:57:45 UTC1378INData Raw: 51 33 6c 76 54 55 52 57 5a 7a 6c 50 54 45 35 35 63 31 39 4a 56 54 42 6f 54 33 70 56 64 46 56 4c 51 7a 6c 51 51 6c 46 43 62 30 6c 52 5a 7a 4e 77 41 6e 41 47 63 41 63 5c 75 30 30 33 64 22 2c 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 67 6f 6f 67 6c 65 3a 65 6e 74 69 74 79 69 6e 66 6f 22 3a 22 43 67 30 76 5a 79 38 78 4d 58 4a 34 64 6d 77 33 4d 33 42 30 45 67 74 47 61 57 78 74 49 43 67 79 4d 44 49 31 4b 54 4b 7a 45 6d 52 68 64 47 45 36 61 57 31 68 5a 32 55 76 61 6e 42 6c 5a 7a 74 69 59 58 4e 6c 4e 6a 51 73 4c 7a 6c 71 4c 7a 52 42 51 56 46 54 61 31 70 4b 55 6d 64 42 51 6b 46 52 51 55 46 42 55 55 46 43 51 55 46 45 4c 7a 4a 33 51 30 56 42 51 57 74 48 51 6e 64 6e 53 45 4a 6e 61 30 6c 43
          Data Ascii: Q3lvTURWZzlPTE55c19JVTBoT3pVdFVLQzlQQlFCb0lRZzNwAnAGcAc\u003d","zl":10002},{"zl":10002},{"zl":10002},{"google:entityinfo":"Cg0vZy8xMXJ4dmw3M3B0EgtGaWxtICgyMDI1KTKzEmRhdGE6aW1hZ2UvanBlZztiYXNlNjQsLzlqLzRBQVFTa1pKUmdBQkFRQUFBUUFCQUFELzJ3Q0VBQWtHQndnSEJna0lC
          2025-03-19 11:57:45 UTC1048INData Raw: 7a 63 31 6c 79 57 6b 6f 31 4d 47 74 59 55 6b 68 47 52 30 74 71 56 6a 52 54 64 30 4e 72 61 30 31 58 64 6e 45 72 62 6d 5a 5a 52 45 4e 35 5a 56 68 6a 63 58 68 5a 65 44 4a 72 4e 6d 64 50 52 55 46 53 59 32 73 32 57 58 5a 43 53 6b 56 53 52 30 34 76 54 6b 52 36 56 6e 5a 48 55 6a 52 76 65 6c 51 77 4f 55 38 76 51 57 56 50 53 32 70 48 64 56 4a 57 56 31 46 76 52 56 56 42 59 55 51 30 64 57 56 73 61 6d 46 36 59 6b 68 69 51 55 78 72 4e 32 46 58 61 33 6c 61 53 6a 52 77 53 6e 4e 4e 56 45 6f 7a 65 47 6c 52 53 6e 4e 71 53 6a 5a 54 5a 57 4e 35 65 58 4a 53 64 31 4a 4f 51 31 6c 34 53 56 68 4b 52 45 35 4c 4c 30 4a 69 56 6e 4e 69 51 54 4e 58 54 54 64 78 5a 6d 77 34 4e 32 70 43 53 55 6f 79 4e 33 4e 77 54 6e 46 4f 59 6b 52 54 4e 47 31 61 4b 31 45 78 51 31 42 78 5a 44 6b 78 53 47
          Data Ascii: zc1lyWko1MGtYUkhGR0tqVjRTd0Nra01XdnErbmZZREN5ZVhjcXhZeDJrNmdPRUFSY2s2WXZCSkVSR04vTkR6VnZHUjRvelQwOU8vQWVPS2pHdVJWV1FvRVVBYUQ0dWVsamF6YkhiQUxrN2FXa3laSjRwSnNNVEozeGlRSnNqSjZTZWN5eXJSd1JOQ1l4SVhKRE5LL0JiVnNiQTNXTTdxZmw4N2pCSUoyN3NwTnFOYkRTNG1aK1ExQ1BxZDkxSG
          2025-03-19 11:57:45 UTC89INData Raw: 35 33 0d 0a 58 56 7a 4d 7a 5a 68 61 48 41 33 4c 33 64 43 64 47 70 76 4d 55 6c 6f 51 54 67 79 55 47 39 44 55 46 68 42 4d 57 64 4b 4d 31 56 6c 52 55 5a 6c 61 44 41 35 55 30 70 61 52 30 35 51 52 6b 74 35 62 58 63 78 64 53 74 33 4c 32 4a 6c 4e 45 38 76 53 57 64 49 0d 0a
          Data Ascii: 53XVzMzZhaHA3L3dCdGpvMUloQTgyUG9DUFhBMWdKM1VlRUZlaDA5U0paR05QRkt5bXcxdSt3L2JlNE8vSWdI
          2025-03-19 11:57:45 UTC1322INData Raw: 35 32 33 0d 0a 52 45 46 35 64 57 4e 70 52 57 52 6f 61 30 56 4f 62 57 52 69 53 47 78 31 57 46 5a 4f 5a 45 31 4d 65 44 41 34 56 46 4e 46 5a 57 52 6f 5a 54 4d 7a 64 30 4e 5a 52 58 41 32 5a 45 30 78 53 47 68 6e 65 56 5a 52 63 57 5a 4b 53 55 31 72 54 31 51 31 64 47 31 6e 56 31 55 78 4e 57 78 55 54 54 4a 73 55 47 64 4d 56 48 4a 6b 5a 46 5a 36 57 55 74 45 5a 46 51 33 4d 33 68 4a 54 57 6c 45 4d 32 52 6c 61 6c 55 34 55 32 46 79 57 44 42 74 4e 45 56 68 5a 6a 41 76 64 30 46 59 56 6d 63 33 55 56 52 4a 64 6c 70 59 54 6b 56 35 64 58 4a 6e 55 31 64 71 56 6e 52 59 51 32 4e 45 61 47 78 6b 65 58 42 30 65 55 35 30 64 6e 5a 6f 62 6b 45 32 56 6a 55 35 55 47 6c 6c 51 6d 31 57 55 7a 5a 69 54 46 4a 46 4f 46 55 78 57 6c 56 54 56 53 74 5a 55 6a 56 59 53 46 59 77 61 33 56 35 61 55
          Data Ascii: 523REF5dWNpRWRoa0VObWRiSGx1WFZOZE1MeDA4VFNFZWRoZTMzd0NZRXA2ZE0xSGhneVZRcWZKSU1rT1Q1dG1nV1UxNWxUTTJsUGdMVHJkZFZ6WUtEZFQ3M3hJTWlEM2RlalU4U2FyWDBtNEVhZjAvd0FYVmc3UVRJdlpYTkV5dXJnU1dqVnRYQ2NEaGxkeXB0eU50dnZobkE2VjU5UGllQm1WUzZiTFJFOFUxWlVTVStZUjVYSFYwa3V5aU
          2025-03-19 11:57:45 UTC5INData Raw: 30 0d 0a 0d 0a
          Data Ascii: 0


          010203040s020406080100

          Click to jump to process

          010203040s0.0050100MB

          Click to jump to process

          Target ID:0
          Start time:07:57:30
          Start date:19/03/2025
          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
          Imagebase:0x7ff742300000
          File size:3'388'000 bytes
          MD5 hash:E81F54E6C1129887AEA47E7D092680BF
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:false

          Target ID:1
          Start time:07:57:35
          Start date:19/03/2025
          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2032,i,8337157378305848207,2989372051130994845,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2064 /prefetch:3
          Imagebase:0x7ff742300000
          File size:3'388'000 bytes
          MD5 hash:E81F54E6C1129887AEA47E7D092680BF
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:false

          Target ID:2
          Start time:07:57:37
          Start date:19/03/2025
          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2032,i,8337157378305848207,2989372051130994845,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=4988 /prefetch:8
          Imagebase:0x7ff742300000
          File size:3'388'000 bytes
          MD5 hash:E81F54E6C1129887AEA47E7D092680BF
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:false

          Target ID:5
          Start time:07:57:41
          Start date:19/03/2025
          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://kcs-sushi.top"
          Imagebase:0x7ff742300000
          File size:3'388'000 bytes
          MD5 hash:E81F54E6C1129887AEA47E7D092680BF
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:true
          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

          No disassembly