Edit tour

Windows Analysis Report
https://pradeeprunner.com/auth.html

Overview

General Information

Sample URL:	https://pradeeprunner.com/auth.html
Analysis ID:	1467893
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Creates files inside the system directory

Deletes files inside the Windows folder

Detected non-DNS traffic on DNS port

Classification

Process Tree

System is w10x64

chrome.exe (PID: 4544 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 6212 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=2020,i,10851589543596432089,4364161167569099687,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 6472 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://pradeeprunner.com/auth.html" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://pradeeprunner.com/auth.html	Avira URL Cloud: detection malicious, Label: malware
Source: https://pradeeprunner.com/auth.html	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social usering

Antivirus detection for URL or domain

Source: https://pradeeprunner.com/files_meta/EuclidCircularB-Bold-WebXL.ttf	Avira URL Cloud: Label: phishing
Source: https://pradeeprunner.com/files_meta/EuclidCircularB-Regular-WebXL.ttf	Avira URL Cloud: Label: phishing
Source: https://pradeeprunner.com/files_meta/EuclidCircularB-Medium.ttf	Avira URL Cloud: Label: phishing
Source: https://pradeeprunner.com/files_meta/first_style.css	Avira URL Cloud: Label: phishing
Source: https://pradeeprunner.com/files_meta/MetaMask_Fox.svg.png	Avira URL Cloud: Label: phishing
Source: https://pradeeprunner.com/files_meta/Roboto-Regular.ttf	Avira URL Cloud: Label: phishing
Source: https://pradeeprunner.com/metamask-fox.svg	Avira URL Cloud: Label: phishing
Source: https://pradeeprunner.com/images/icons/arrow-down.svg	Avira URL Cloud: Label: phishing

Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49746 version: TLS 1.2

Source: global traffic

TCP traffic: 192.168.2.6:63241 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /auth.html HTTP/1.1Host: pradeeprunner.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /files_meta/first_style.css HTTP/1.1Host: pradeeprunner.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://pradeeprunner.com/auth.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /files_meta/react-gallery/carousel.min.css HTTP/1.1Host: pradeeprunner.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://pradeeprunner.com/files_meta/first_style.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /files_meta/script.js HTTP/1.1Host: pradeeprunner.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pradeeprunner.com/auth.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /metamask-fox.svg HTTP/1.1Host: pradeeprunner.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pradeeprunner.com/auth.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/icons/arrow-down.svg HTTP/1.1Host: pradeeprunner.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://pradeeprunner.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: imageReferer: https://pradeeprunner.com/auth.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /files_meta/EuclidCircularB-Regular-WebXL.ttf HTTP/1.1Host: pradeeprunner.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://pradeeprunner.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://pradeeprunner.com/files_meta/first_style.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /files_meta/EuclidCircularB-Bold-WebXL.ttf HTTP/1.1Host: pradeeprunner.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://pradeeprunner.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://pradeeprunner.com/files_meta/first_style.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /files_meta/EuclidCircularB-Medium.ttf HTTP/1.1Host: pradeeprunner.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://pradeeprunner.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://pradeeprunner.com/files_meta/first_style.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /metamask-fox.svg HTTP/1.1Host: pradeeprunner.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /files_meta/Roboto-Regular.ttf HTTP/1.1Host: pradeeprunner.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://pradeeprunner.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://pradeeprunner.com/files_meta/first_style.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /files_meta/MetaMask_Fox.svg.png HTTP/1.1Host: pradeeprunner.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pradeeprunner.com/auth.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /files_meta/MetaMask_Fox.svg.png HTTP/1.1Host: pradeeprunner.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: pradeeprunner.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Thu, 04 Jul 2024 22:38:27 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Thu, 04 Jul 2024 22:38:28 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: close

Source: chromecache_52.2.dr	String found in binary or memory: http://meyerweb.com/eric/tools/css/reset/
Source: chromecache_59.2.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: chromecache_59.2.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0Font
Source: chromecache_52.2.dr	String found in binary or memory: http://www.creativebloq.com/web-design/manage-large-css-projects-itcss-101517528
Source: chromecache_56.2.dr, chromecache_55.2.dr, chromecache_61.2.dr	String found in binary or memory: http://www.swisstypefaces.com/licensing/#retail-font-software-licence
Source: chromecache_56.2.dr	String found in binary or memory: http://www.swisstypefaces.com/licensing/#retail-font-software-licenceCopyright
Source: chromecache_56.2.dr	String found in binary or memory: http://www.swisstypefaces.com/licensing/#retail-font-software-licenceEuclid
Source: chromecache_56.2.dr, chromecache_55.2.dr, chromecache_61.2.dr	String found in binary or memory: http://www.swisstypefaces.comPlease
Source: sets.json.0.dr	String found in binary or memory: https://24.hu
Source: sets.json.0.dr	String found in binary or memory: https://aajtak.in
Source: sets.json.0.dr	String found in binary or memory: https://abczdrowie.pl
Source: sets.json.0.dr	String found in binary or memory: https://alice.tw
Source: sets.json.0.dr	String found in binary or memory: https://ambitionbox.com
Source: sets.json.0.dr	String found in binary or memory: https://autobild.de
Source: sets.json.0.dr	String found in binary or memory: https://baomoi.com
Source: sets.json.0.dr	String found in binary or memory: https://bild.de
Source: sets.json.0.dr	String found in binary or memory: https://blackrock.com
Source: sets.json.0.dr	String found in binary or memory: https://blackrockadvisorelite.it
Source: sets.json.0.dr	String found in binary or memory: https://bluradio.com
Source: sets.json.0.dr	String found in binary or memory: https://bolasport.com
Source: sets.json.0.dr	String found in binary or memory: https://bonvivir.com
Source: sets.json.0.dr	String found in binary or memory: https://bumbox.com
Source: sets.json.0.dr	String found in binary or memory: https://businessinsider.com.pl
Source: sets.json.0.dr	String found in binary or memory: https://businesstoday.in
Source: sets.json.0.dr	String found in binary or memory: https://cachematrix.com
Source: sets.json.0.dr	String found in binary or memory: https://cafemedia.com
Source: sets.json.0.dr	String found in binary or memory: https://caracoltv.com
Source: sets.json.0.dr	String found in binary or memory: https://carcostadvisor.be
Source: sets.json.0.dr	String found in binary or memory: https://carcostadvisor.com
Source: sets.json.0.dr	String found in binary or memory: https://carcostadvisor.fr
Source: sets.json.0.dr	String found in binary or memory: https://cardsayings.net
Source: sets.json.0.dr	String found in binary or memory: https://chatbot.com
Source: sets.json.0.dr	String found in binary or memory: https://chennien.com
Source: sets.json.0.dr	String found in binary or memory: https://citybibleforum.org
Source: sets.json.0.dr	String found in binary or memory: https://clarosports.com
Source: sets.json.0.dr	String found in binary or memory: https://clmbtech.com
Source: sets.json.0.dr	String found in binary or memory: https://clubelpais.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://cmxd.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://cognitive-ai.ru
Source: sets.json.0.dr	String found in binary or memory: https://cognitiveai.ru
Source: sets.json.0.dr	String found in binary or memory: https://commentcamarche.com
Source: sets.json.0.dr	String found in binary or memory: https://commentcamarche.net
Source: sets.json.0.dr	String found in binary or memory: https://computerbild.de
Source: sets.json.0.dr	String found in binary or memory: https://cookreactor.com
Source: sets.json.0.dr	String found in binary or memory: https://cricbuzz.com
Source: sets.json.0.dr	String found in binary or memory: https://deere.com
Source: sets.json.0.dr	String found in binary or memory: https://desimartini.com
Source: sets.json.0.dr	String found in binary or memory: https://dewarmsteweek.be
Source: sets.json.0.dr	String found in binary or memory: https://economictimes.com
Source: sets.json.0.dr	String found in binary or memory: https://een.be
Source: sets.json.0.dr	String found in binary or memory: https://efront.com
Source: sets.json.0.dr	String found in binary or memory: https://eleconomista.net
Source: sets.json.0.dr	String found in binary or memory: https://elfinancierocr.com
Source: sets.json.0.dr	String found in binary or memory: https://elgrafico.com
Source: sets.json.0.dr	String found in binary or memory: https://ella.sv
Source: sets.json.0.dr	String found in binary or memory: https://elpais.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://elpais.uy
Source: sets.json.0.dr	String found in binary or memory: https://etfacademy.it
Source: sets.json.0.dr	String found in binary or memory: https://eworkbookcloud.com
Source: sets.json.0.dr	String found in binary or memory: https://eworkbookrequest.com
Source: sets.json.0.dr	String found in binary or memory: https://fakt.pl
Source: sets.json.0.dr	String found in binary or memory: https://finn.no
Source: sets.json.0.dr	String found in binary or memory: https://firstlook.biz
Source: chromecache_52.2.dr	String found in binary or memory: https://fontawesome.com
Source: chromecache_52.2.dr	String found in binary or memory: https://fontawesome.com/license/free
Source: sets.json.0.dr	String found in binary or memory: https://gallito.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://geforcenow.com
Source: sets.json.0.dr	String found in binary or memory: https://gettalkdesk.com
Source: chromecache_52.2.dr	String found in binary or memory: https://github.com/MetaMask/metamask-extension/issues/17670
Source: sets.json.0.dr	String found in binary or memory: https://gliadomain.com
Source: sets.json.0.dr	String found in binary or memory: https://gnttv.com
Source: sets.json.0.dr	String found in binary or memory: https://grid.id
Source: sets.json.0.dr	String found in binary or memory: https://gridgames.app
Source: sets.json.0.dr	String found in binary or memory: https://growthrx.in
Source: sets.json.0.dr	String found in binary or memory: https://grupolpg.sv
Source: sets.json.0.dr	String found in binary or memory: https://gujaratijagran.com
Source: sets.json.0.dr	String found in binary or memory: https://hapara.com
Source: sets.json.0.dr	String found in binary or memory: https://hazipatika.com
Source: sets.json.0.dr	String found in binary or memory: https://hc1.com
Source: sets.json.0.dr	String found in binary or memory: https://hc1.global
Source: sets.json.0.dr	String found in binary or memory: https://hc1cas.com
Source: sets.json.0.dr	String found in binary or memory: https://hc1cas.global
Source: sets.json.0.dr	String found in binary or memory: https://healthshots.com
Source: sets.json.0.dr	String found in binary or memory: https://hearty.app
Source: sets.json.0.dr	String found in binary or memory: https://hearty.gift
Source: sets.json.0.dr	String found in binary or memory: https://hearty.me
Source: sets.json.0.dr	String found in binary or memory: https://heartymail.com
Source: sets.json.0.dr	String found in binary or memory: https://helpdesk.com
Source: sets.json.0.dr	String found in binary or memory: https://hindustantimes.com
Source: sets.json.0.dr	String found in binary or memory: https://hj.rs
Source: sets.json.0.dr	String found in binary or memory: https://hjck.com
Source: sets.json.0.dr	String found in binary or memory: https://human-talk.org
Source: sets.json.0.dr	String found in binary or memory: https://idbs-cloud.com
Source: sets.json.0.dr	String found in binary or memory: https://idbs-dev.com
Source: sets.json.0.dr	String found in binary or memory: https://idbs-eworkbook.com
Source: sets.json.0.dr	String found in binary or memory: https://idbs-staging.com
Source: sets.json.0.dr	String found in binary or memory: https://indiatimes.com
Source: sets.json.0.dr	String found in binary or memory: https://indiatoday.in
Source: sets.json.0.dr	String found in binary or memory: https://indiatodayne.in
Source: sets.json.0.dr	String found in binary or memory: https://infoedgeindia.com
Source: sets.json.0.dr	String found in binary or memory: https://intoday.in
Source: sets.json.0.dr	String found in binary or memory: https://iolam.it
Source: sets.json.0.dr	String found in binary or memory: https://ishares.com
Source: sets.json.0.dr	String found in binary or memory: https://jagran.com
Source: sets.json.0.dr	String found in binary or memory: https://johndeere.com
Source: sets.json.0.dr	String found in binary or memory: https://journaldesfemmes.com
Source: sets.json.0.dr	String found in binary or memory: https://journaldesfemmes.fr
Source: sets.json.0.dr	String found in binary or memory: https://journaldunet.com
Source: sets.json.0.dr	String found in binary or memory: https://journaldunet.fr
Source: sets.json.0.dr	String found in binary or memory: https://joyreactor.cc
Source: sets.json.0.dr	String found in binary or memory: https://joyreactor.com
Source: sets.json.0.dr	String found in binary or memory: https://kaksya.in
Source: sets.json.0.dr	String found in binary or memory: https://knowledgebase.com
Source: sets.json.0.dr	String found in binary or memory: https://kompas.com
Source: sets.json.0.dr	String found in binary or memory: https://kompas.tv
Source: sets.json.0.dr	String found in binary or memory: https://kompasiana.com
Source: sets.json.0.dr	String found in binary or memory: https://lanacion.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://landyrev.com
Source: sets.json.0.dr	String found in binary or memory: https://landyrev.ru
Source: sets.json.0.dr	String found in binary or memory: https://laprensagrafica.com
Source: sets.json.0.dr	String found in binary or memory: https://lateja.cr
Source: sets.json.0.dr	String found in binary or memory: https://libero.it
Source: sets.json.0.dr	String found in binary or memory: https://linternaute.com
Source: sets.json.0.dr	String found in binary or memory: https://linternaute.fr
Source: sets.json.0.dr	String found in binary or memory: https://livechat.com
Source: sets.json.0.dr	String found in binary or memory: https://livechatinc.com
Source: sets.json.0.dr	String found in binary or memory: https://livehindustan.com
Source: sets.json.0.dr	String found in binary or memory: https://livemint.com
Source: sets.json.0.dr	String found in binary or memory: https://max.auto
Source: sets.json.0.dr	String found in binary or memory: https://medonet.pl
Source: sets.json.0.dr	String found in binary or memory: https://meo.pt
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.cl
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.co.cr
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.bo
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.co
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.do
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ec
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.gt
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.hn
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ni
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.pa
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.pe
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.py
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.sv
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ve
Source: sets.json.0.dr	String found in binary or memory: https://mercadolivre.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadolivre.com.br
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.cl
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.br
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.co
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.ec
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.pe
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.ve
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.cl
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.br
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.co
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.mx
Source: chromecache_52.2.dr	String found in binary or memory: https://metamask.github.io/metamask-storybook/?path=/docs/components-componentlibrary-text--default-
Source: sets.json.0.dr	String found in binary or memory: https://mighty-app.appspot.com
Source: sets.json.0.dr	String found in binary or memory: https://mightytext.net
Source: sets.json.0.dr	String found in binary or memory: https://mittanbud.no
Source: sets.json.0.dr	String found in binary or memory: https://money.pl
Source: sets.json.0.dr	String found in binary or memory: https://mystudentdashboard.com
Source: sets.json.0.dr	String found in binary or memory: https://nacion.com
Source: sets.json.0.dr	String found in binary or memory: https://naukri.com
Source: sets.json.0.dr	String found in binary or memory: https://nidhiacademyonline.com
Source: sets.json.0.dr	String found in binary or memory: https://nien.co
Source: sets.json.0.dr	String found in binary or memory: https://nien.com
Source: sets.json.0.dr	String found in binary or memory: https://nien.org
Source: sets.json.0.dr	String found in binary or memory: https://nlc.hu
Source: sets.json.0.dr	String found in binary or memory: https://nosalty.hu
Source: sets.json.0.dr	String found in binary or memory: https://noticiascaracol.com
Source: sets.json.0.dr	String found in binary or memory: https://nourishingpursuits.com
Source: sets.json.0.dr	String found in binary or memory: https://nvidia.com
Source: sets.json.0.dr	String found in binary or memory: https://o2.pl
Source: sets.json.0.dr	String found in binary or memory: https://ocdn.eu
Source: sets.json.0.dr	String found in binary or memory: https://onet.pl
Source: sets.json.0.dr	String found in binary or memory: https://ottplay.com
Source: sets.json.0.dr	String found in binary or memory: https://p106.net
Source: sets.json.0.dr	String found in binary or memory: https://p24.hu
Source: sets.json.0.dr	String found in binary or memory: https://paula.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://pdmp-apis.no
Source: sets.json.0.dr	String found in binary or memory: https://phonandroid.com
Source: sets.json.0.dr	String found in binary or memory: https://player.pl
Source: sets.json.0.dr	String found in binary or memory: https://plejada.pl
Source: sets.json.0.dr	String found in binary or memory: https://poalim.site
Source: sets.json.0.dr	String found in binary or memory: https://poalim.xyz
Source: sets.json.0.dr	String found in binary or memory: https://portalinmobiliario.com
Source: sets.json.0.dr	String found in binary or memory: https://prisjakt.no
Source: sets.json.0.dr	String found in binary or memory: https://pudelek.pl
Source: sets.json.0.dr	String found in binary or memory: https://punjabijagran.com
Source: sets.json.0.dr	String found in binary or memory: https://radio1.be
Source: sets.json.0.dr	String found in binary or memory: https://radio2.be
Source: sets.json.0.dr	String found in binary or memory: https://reactor.cc
Source: sets.json.0.dr	String found in binary or memory: https://repid.org
Source: sets.json.0.dr	String found in binary or memory: https://reshim.org
Source: sets.json.0.dr	String found in binary or memory: https://rws1nvtvt.com
Source: sets.json.0.dr	String found in binary or memory: https://rws2nvtvt.com
Source: sets.json.0.dr	String found in binary or memory: https://rws3nvtvt.com
Source: sets.json.0.dr	String found in binary or memory: https://sackrace.ai
Source: sets.json.0.dr	String found in binary or memory: https://salemoveadvisor.com
Source: sets.json.0.dr	String found in binary or memory: https://salemovefinancial.com
Source: sets.json.0.dr	String found in binary or memory: https://salemovetravel.com
Source: sets.json.0.dr	String found in binary or memory: https://samayam.com
Source: sets.json.0.dr	String found in binary or memory: https://sapo.io
Source: sets.json.0.dr	String found in binary or memory: https://sapo.pt
Source: sets.json.0.dr	String found in binary or memory: https://shock.co
Source: sets.json.0.dr	String found in binary or memory: https://smoney.vn
Source: sets.json.0.dr	String found in binary or memory: https://smpn106jkt.sch.id
Source: chromecache_62.2.dr	String found in binary or memory: https://snapbuilder.com
Source: sets.json.0.dr	String found in binary or memory: https://socket-to-me.vip
Source: sets.json.0.dr	String found in binary or memory: https://songshare.com
Source: sets.json.0.dr	String found in binary or memory: https://songstats.com
Source: sets.json.0.dr	String found in binary or memory: https://sporza.be
Source: sets.json.0.dr	String found in binary or memory: https://standardsandpraiserepurpose.com
Source: sets.json.0.dr	String found in binary or memory: https://startlap.hu
Source: sets.json.0.dr	String found in binary or memory: https://startupislandtaiwan.com
Source: sets.json.0.dr	String found in binary or memory: https://startupislandtaiwan.net
Source: sets.json.0.dr	String found in binary or memory: https://startupislandtaiwan.org
Source: sets.json.0.dr	String found in binary or memory: https://stripe.com
Source: sets.json.0.dr	String found in binary or memory: https://stripe.network
Source: sets.json.0.dr	String found in binary or memory: https://stripecdn.com
Source: sets.json.0.dr	String found in binary or memory: https://supereva.it
Source: sets.json.0.dr	String found in binary or memory: https://talkdeskqaid.com
Source: sets.json.0.dr	String found in binary or memory: https://talkdeskstgid.com
Source: sets.json.0.dr	String found in binary or memory: https://teacherdashboard.com
Source: sets.json.0.dr	String found in binary or memory: https://technology-revealed.com
Source: sets.json.0.dr	String found in binary or memory: https://text.com
Source: sets.json.0.dr	String found in binary or memory: https://textyserver.appspot.com
Source: sets.json.0.dr	String found in binary or memory: https://thirdspace.org.au
Source: sets.json.0.dr	String found in binary or memory: https://timesinternet.in
Source: sets.json.0.dr	String found in binary or memory: https://timesofindia.com
Source: sets.json.0.dr	String found in binary or memory: https://tolteck.app
Source: sets.json.0.dr	String found in binary or memory: https://tolteck.com
Source: sets.json.0.dr	String found in binary or memory: https://tribunnews.com
Source: sets.json.0.dr	String found in binary or memory: https://trytalkdesk.com
Source: sets.json.0.dr	String found in binary or memory: https://tucarro.com
Source: sets.json.0.dr	String found in binary or memory: https://tucarro.com.co
Source: sets.json.0.dr	String found in binary or memory: https://tucarro.com.ve
Source: sets.json.0.dr	String found in binary or memory: https://tvid.in
Source: sets.json.0.dr	String found in binary or memory: https://tvn.pl
Source: sets.json.0.dr	String found in binary or memory: https://tvn24.pl
Source: sets.json.0.dr	String found in binary or memory: https://unotv.com
Source: sets.json.0.dr	String found in binary or memory: https://victorymedium.com
Source: sets.json.0.dr	String found in binary or memory: https://vrt.be
Source: sets.json.0.dr	String found in binary or memory: https://vwo.com
Source: sets.json.0.dr	String found in binary or memory: https://welt.de
Source: sets.json.0.dr	String found in binary or memory: https://wieistmeineip.de
Source: sets.json.0.dr	String found in binary or memory: https://wildix.com
Source: sets.json.0.dr	String found in binary or memory: https://wildixin.com
Source: sets.json.0.dr	String found in binary or memory: https://wingify.com
Source: sets.json.0.dr	String found in binary or memory: https://wordle.at
Source: sets.json.0.dr	String found in binary or memory: https://wp.pl
Source: sets.json.0.dr	String found in binary or memory: https://wpext.pl
Source: sets.json.0.dr	String found in binary or memory: https://www.asadcdn.com
Source: chromecache_52.2.dr	String found in binary or memory: https://www.xfive.co/blog/itcss-scalable-maintainable-css-architecture/
Source: sets.json.0.dr	String found in binary or memory: https://ya.ru
Source: sets.json.0.dr	String found in binary or memory: https://zalo.me
Source: sets.json.0.dr	String found in binary or memory: https://zdrowietvn.pl
Source: sets.json.0.dr	String found in binary or memory: https://zingmp3.vn

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63243
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63246
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63246 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63243 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49746 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4544_90434983	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4544_90434983\sets.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4544_90434983\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4544_90434983\LICENSE	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4544_90434983\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4544_90434983\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4544_90434983\manifest.fingerprint	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\chrome_BITS_4544_1424611059

Jump to behavior

Source: classification engine

Classification label: mal56.win@17/25@6/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=2020,i,10851589543596432089,4364161167569099687,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://pradeeprunner.com/auth.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=2020,i,10851589543596432089,4364161167569099687,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://pradeeprunner.com/auth.html	100%	Avira URL Cloud	malware
https://pradeeprunner.com/auth.html	100%	SlashNext	Credential Stealing type: Phishing & Social usering

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://wieistmeineip.de	0%	URL Reputation	safe
https://mercadoshops.com.co	0%	URL Reputation	safe
https://gliadomain.com	0%	URL Reputation	safe
https://poalim.xyz	0%	URL Reputation	safe
https://mercadolivre.com	0%	URL Reputation	safe
https://reshim.org	0%	URL Reputation	safe
https://nourishingpursuits.com	0%	URL Reputation	safe
https://medonet.pl	0%	URL Reputation	safe
https://unotv.com	0%	URL Reputation	safe
https://mercadoshops.com.br	0%	URL Reputation	safe
https://zdrowietvn.pl	0%	URL Reputation	safe
https://fontawesome.com	0%	URL Reputation	safe
https://songstats.com	0%	URL Reputation	safe
https://baomoi.com	0%	URL Reputation	safe
https://supereva.it	0%	URL Reputation	safe
https://elfinancierocr.com	0%	URL Reputation	safe
https://bolasport.com	0%	URL Reputation	safe
https://rws1nvtvt.com	0%	URL Reputation	safe
https://desimartini.com	0%	URL Reputation	safe
https://hearty.app	0%	URL Reputation	safe
https://hearty.gift	0%	URL Reputation	safe
https://mercadoshops.com	0%	URL Reputation	safe
https://heartymail.com	0%	URL Reputation	safe
https://p106.net	0%	URL Reputation	safe
https://radio2.be	0%	URL Reputation	safe
https://finn.no	0%	URL Reputation	safe
https://hc1.com	0%	URL Reputation	safe
https://kompas.tv	0%	URL Reputation	safe
https://mystudentdashboard.com	0%	URL Reputation	safe
https://songshare.com	0%	URL Reputation	safe
https://mercadopago.com.mx	0%	URL Reputation	safe
https://p24.hu	0%	URL Reputation	safe
https://talkdeskqaid.com	0%	URL Reputation	safe
https://mercadopago.com.pe	0%	URL Reputation	safe
https://cardsayings.net	0%	URL Reputation	safe
https://mightytext.net	0%	URL Reputation	safe
https://pudelek.pl	0%	URL Reputation	safe
https://hazipatika.com	0%	URL Reputation	safe
https://joyreactor.com	0%	URL Reputation	safe
https://cookreactor.com	0%	URL Reputation	safe
https://wildixin.com	0%	URL Reputation	safe
https://eworkbookcloud.com	0%	URL Reputation	safe
https://cognitiveai.ru	0%	URL Reputation	safe
https://nacion.com	0%	URL Reputation	safe
https://chennien.com	0%	URL Reputation	safe
https://mercadopago.cl	0%	URL Reputation	safe
https://talkdeskstgid.com	0%	URL Reputation	safe
https://bonvivir.com	0%	URL Reputation	safe
https://carcostadvisor.be	0%	URL Reputation	safe
https://salemovetravel.com	0%	URL Reputation	safe
https://sapo.io	0%	URL Reputation	safe
https://wpext.pl	0%	URL Reputation	safe
https://welt.de	0%	URL Reputation	safe
https://poalim.site	0%	URL Reputation	safe
https://blackrockadvisorelite.it	0%	URL Reputation	safe
https://pradeeprunner.com/files_meta/EuclidCircularB-Bold-WebXL.ttf	100%	Avira URL Cloud	phishing
https://cognitive-ai.ru	0%	URL Reputation	safe
https://cafemedia.com	0%	URL Reputation	safe
https://thirdspace.org.au	0%	URL Reputation	safe
https://johndeere.com	0%	Avira URL Cloud	safe
https://pradeeprunner.com/files_meta/EuclidCircularB-Regular-WebXL.ttf	100%	Avira URL Cloud	phishing
https://pradeeprunner.com/files_meta/EuclidCircularB-Medium.ttf	100%	Avira URL Cloud	phishing
https://joyreactor.cc	0%	Avira URL Cloud	safe
https://mercadoshops.com.ar	0%	URL Reputation	safe
https://smpn106jkt.sch.id	0%	URL Reputation	safe
https://pradeeprunner.com/files_meta/first_style.css	100%	Avira URL Cloud	phishing
https://elpais.uy	0%	URL Reputation	safe
https://landyrev.com	0%	URL Reputation	safe
http://www.swisstypefaces.com/licensing/#retail-font-software-licenceEuclid	0%	Avira URL Cloud	safe
https://commentcamarche.com	0%	URL Reputation	safe
https://tucarro.com.ve	0%	URL Reputation	safe
https://rws3nvtvt.com	0%	URL Reputation	safe
https://pradeeprunner.com/files_meta/MetaMask_Fox.svg.png	100%	Avira URL Cloud	phishing
https://eleconomista.net	0%	URL Reputation	safe
https://clmbtech.com	0%	URL Reputation	safe
https://nlc.hu	0%	Avira URL Cloud	safe
https://standardsandpraiserepurpose.com	0%	URL Reputation	safe
https://salemovefinancial.com	0%	URL Reputation	safe
https://mercadopago.com.br	0%	URL Reputation	safe
https://commentcamarche.net	0%	URL Reputation	safe
http://www.swisstypefaces.comPlease	0%	Avira URL Cloud	safe
https://etfacademy.it	0%	URL Reputation	safe
https://mighty-app.appspot.com	0%	URL Reputation	safe
https://fontawesome.com/license/free	0%	URL Reputation	safe
https://hj.rs	0%	URL Reputation	safe
https://hearty.me	0%	URL Reputation	safe
https://mercadolibre.com.gt	0%	URL Reputation	safe
https://timesinternet.in	0%	URL Reputation	safe
https://indiatodayne.in	0%	URL Reputation	safe
https://24.hu	0%	Avira URL Cloud	safe
http://www.apache.org/licenses/LICENSE-2.0Font	0%	Avira URL Cloud	safe
https://naukri.com	0%	Avira URL Cloud	safe
https://text.com	0%	Avira URL Cloud	safe
https://infoedgeindia.com	0%	Avira URL Cloud	safe
https://pradeeprunner.com/files_meta/Roboto-Regular.ttf	100%	Avira URL Cloud	phishing
https://snapbuilder.com	0%	Avira URL Cloud	safe
https://mercadolivre.com.br	0%	Avira URL Cloud	safe
https://pradeeprunner.com/metamask-fox.svg	100%	Avira URL Cloud	phishing
https://helpdesk.com	0%	Avira URL Cloud	safe
https://pradeeprunner.com/images/icons/arrow-down.svg	100%	Avira URL Cloud	phishing

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.214.172	true	false	unknown
www.google.com	216.58.212.132	true	false	unknown
pradeeprunner.com	91.215.85.65	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://pradeeprunner.com/files_meta/EuclidCircularB-Medium.ttf	true	Avira URL Cloud: phishing	unknown
https://pradeeprunner.com/files_meta/EuclidCircularB-Bold-WebXL.ttf	true	Avira URL Cloud: phishing	unknown
https://pradeeprunner.com/files_meta/EuclidCircularB-Regular-WebXL.ttf	true	Avira URL Cloud: phishing	unknown
https://pradeeprunner.com/files_meta/first_style.css	true	Avira URL Cloud: phishing	unknown
https://pradeeprunner.com/files_meta/MetaMask_Fox.svg.png	true	Avira URL Cloud: phishing	unknown
https://pradeeprunner.com/files_meta/Roboto-Regular.ttf	false	Avira URL Cloud: phishing	unknown
https://pradeeprunner.com/metamask-fox.svg	false	Avira URL Cloud: phishing	unknown
https://pradeeprunner.com/images/icons/arrow-down.svg	false	Avira URL Cloud: phishing	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://wieistmeineip.de	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mercadoshops.com.co	sets.json.0.dr	false	URL Reputation: safe	unknown
https://gliadomain.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://poalim.xyz	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mercadolivre.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://reshim.org	sets.json.0.dr	false	URL Reputation: safe	unknown
https://nourishingpursuits.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://medonet.pl	sets.json.0.dr	false	URL Reputation: safe	unknown
https://unotv.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mercadoshops.com.br	sets.json.0.dr	false	URL Reputation: safe	unknown
https://joyreactor.cc	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://zdrowietvn.pl	sets.json.0.dr	false	URL Reputation: safe	unknown
https://johndeere.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://fontawesome.com	chromecache_52.2.dr	false	URL Reputation: safe	unknown
https://songstats.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://baomoi.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://supereva.it	sets.json.0.dr	false	URL Reputation: safe	unknown
https://elfinancierocr.com	sets.json.0.dr	false	URL Reputation: safe	unknown
http://www.swisstypefaces.com/licensing/#retail-font-software-licenceEuclid	chromecache_56.2.dr	false	Avira URL Cloud: safe	unknown
https://bolasport.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://rws1nvtvt.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://desimartini.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://hearty.app	sets.json.0.dr	false	URL Reputation: safe	unknown
https://hearty.gift	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mercadoshops.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://heartymail.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://nlc.hu	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://p106.net	sets.json.0.dr	false	URL Reputation: safe	unknown
http://www.swisstypefaces.comPlease	chromecache_56.2.dr, chromecache_55.2.dr, chromecache_61.2.dr	false	Avira URL Cloud: safe	unknown
https://radio2.be	sets.json.0.dr	false	URL Reputation: safe	unknown
https://finn.no	sets.json.0.dr	false	URL Reputation: safe	unknown
https://hc1.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://kompas.tv	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mystudentdashboard.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://songshare.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mercadopago.com.mx	sets.json.0.dr	false	URL Reputation: safe	unknown
https://p24.hu	sets.json.0.dr	false	URL Reputation: safe	unknown
https://talkdeskqaid.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://24.hu	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://mercadopago.com.pe	sets.json.0.dr	false	URL Reputation: safe	unknown
https://cardsayings.net	sets.json.0.dr	false	URL Reputation: safe	unknown
https://text.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://mightytext.net	sets.json.0.dr	false	URL Reputation: safe	unknown
https://pudelek.pl	sets.json.0.dr	false	URL Reputation: safe	unknown
https://hazipatika.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://joyreactor.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://cookreactor.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://wildixin.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://eworkbookcloud.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://cognitiveai.ru	sets.json.0.dr	false	URL Reputation: safe	unknown
https://nacion.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://chennien.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mercadopago.cl	sets.json.0.dr	false	URL Reputation: safe	unknown
https://talkdeskstgid.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://naukri.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://bonvivir.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://carcostadvisor.be	sets.json.0.dr	false	URL Reputation: safe	unknown
http://www.apache.org/licenses/LICENSE-2.0Font	chromecache_59.2.dr	false	Avira URL Cloud: safe	unknown
https://salemovetravel.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://sapo.io	sets.json.0.dr	false	URL Reputation: safe	unknown
https://wpext.pl	sets.json.0.dr	false	URL Reputation: safe	unknown
https://welt.de	sets.json.0.dr	false	URL Reputation: safe	unknown
https://poalim.site	sets.json.0.dr	false	URL Reputation: safe	unknown
https://infoedgeindia.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://blackrockadvisorelite.it	sets.json.0.dr	false	URL Reputation: safe	unknown
https://cognitive-ai.ru	sets.json.0.dr	false	URL Reputation: safe	unknown
https://cafemedia.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://thirdspace.org.au	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mercadoshops.com.ar	sets.json.0.dr	false	URL Reputation: safe	unknown
https://smpn106jkt.sch.id	sets.json.0.dr	false	URL Reputation: safe	unknown
https://elpais.uy	sets.json.0.dr	false	URL Reputation: safe	unknown
https://landyrev.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://commentcamarche.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://tucarro.com.ve	sets.json.0.dr	false	URL Reputation: safe	unknown
https://rws3nvtvt.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://eleconomista.net	sets.json.0.dr	false	URL Reputation: safe	unknown
https://helpdesk.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://snapbuilder.com	chromecache_62.2.dr	false	Avira URL Cloud: safe	unknown
https://mercadolivre.com.br	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://clmbtech.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://standardsandpraiserepurpose.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://salemovefinancial.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mercadopago.com.br	sets.json.0.dr	false	URL Reputation: safe	unknown
https://commentcamarche.net	sets.json.0.dr	false	URL Reputation: safe	unknown
https://etfacademy.it	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mighty-app.appspot.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://fontawesome.com/license/free	chromecache_52.2.dr	false	URL Reputation: safe	unknown
https://hj.rs	sets.json.0.dr	false	URL Reputation: safe	unknown
https://hearty.me	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mercadolibre.com.gt	sets.json.0.dr	false	URL Reputation: safe	unknown
https://timesinternet.in	sets.json.0.dr	false	URL Reputation: safe	unknown
https://indiatodayne.in	sets.json.0.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
216.58.212.132	www.google.com	United States	15169	GOOGLEUS	false
91.215.85.65	pradeeprunner.com	Russian Federation	34665	PINDC-ASRU	false

Private

IP
192.168.2.4
192.168.2.6

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1467893
Start date and time:	2024-07-05 00:37:31 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 9s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://pradeeprunner.com/auth.html
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.win@17/25@6/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.184.195, 64.233.166.84, 172.217.23.110, 34.104.35.123, 13.85.23.86, 192.229.221.95, 52.165.164.15, 93.184.221.240, 20.166.126.56, 142.250.186.163
Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://pradeeprunner.com/auth.html

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Input	Output
URL: https://pradeeprunner.com/auth.html Model: Perplexity: mixtral-8x7b-instruct	{"loginform": false,"urgency": false,"captcha": false,"reasons": ["The title 'MetaMask' does not contain any sensitive information request.","The text 'METAMASK English Let's get started Trusted by millions, MetaMask is a secure wallet making the world of web3 accessible to all. Create a new wallet Import an existing wallet' does not create a sense of urgency.","There is no CAPTCHA or anti-robot detection mechanism found in the webpage."]}
Title: MetaMask OCR: METAMASK English Let's get started Trusted by millions, MetaMask is a secure wallet making the world of web3 accessible to all. Create a new wallet Import an existing wallet

Input

Output

URL: https://pradeeprunner.com/auth.html Model: Perplexity: mixtral-8x7b-instruct

{"loginform": false,"urgency": false,"captcha": false,"reasons": ["The title 'MetaMask' does not contain any sensitive information request.","The text 'METAMASK English Let's get started Trusted by millions, MetaMask is a secure wallet making the world of web3 accessible to all. Create a new wallet Import an existing wallet' does not create a sense of urgency.","There is no CAPTCHA or anti-robot detection mechanism found in the webpage."]}

Title: MetaMask OCR: METAMASK English Let's get started Trusted by millions, MetaMask is a secure wallet making the world of web3 accessible to all. Create a new wallet Import an existing wallet

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4544_90434983\LICENSE

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1558
Entropy (8bit):	5.11458514637545
Encrypted:	false
SSDEEP:	48:OBOCrYJ4rYJVwUCLHDy43HV713XEyMmZ3teTHn:LCrYJ4rYJVwUCHZ3Z13XtdUTH
MD5:	EE002CB9E51BB8DFA89640A406A1090A
SHA1:	49EE3AD535947D8821FFDEB67FFC9BC37D1EBBB2
SHA-256:	3DBD2C90050B652D63656481C3E5871C52261575292DB77D4EA63419F187A55B
SHA-512:	D1FDCC436B8CA8C68D4DC7077F84F803A535BF2CE31D9EB5D0C466B62D6567B2C59974995060403ED757E92245DB07E70C6BDDBF1C3519FED300CC5B9BF9177C
Malicious:	false
Reputation:	low
Preview:	// Copyright 2015 The Chromium Authors. All rights reserved..//.// Redistribution and use in source and binary forms, with or without.// modification, are permitted provided that the following conditions are.// met:.//.// * Redistributions of source code must retain the above copyright.// notice, this list of conditions and the following disclaimer..// * Redistributions in binary form must reproduce the above.// copyright notice, this list of conditions and the following disclaimer.// in the documentation and/or other materials provided with the.// distribution..// * Neither the name of Google Inc. nor the names of its.// contributors may be used to endorse or promote products derived from.// this software without specific prior written permission..//.// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS.// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT.// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR.// A PARTICULAR

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4544_90434983\_metadata\verified_contents.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1864
Entropy (8bit):	6.0157277397082884
Encrypted:	false
SSDEEP:	48:p/hUI15ul1AdIj7ak+wsdrtra1cuUX0eYDAA98gkXhVdEXeXF:RnQQIj7aL11ayjgDzUSXYF
MD5:	4CBD807685B88243CC9EA3E4B60FE8FD
SHA1:	B02FB2A85ECBEA61424F9F14A32590FA2041C068
SHA-256:	8E9B53C9DCD85F58E64164CEAF4E327B52B88C98946EF1067B112B3C9BDC5FEE
SHA-512:	61B4E345BB2AE6BD8907C1D23582709D21089504B23497EC0906D489C096CE981F31CE0D2A2FB5B97E3E5B8D71B36ECC1B0393F55AE9007D36D790FA0B7C4161
Malicious:	false
Reputation:	low
Preview:	[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJMSUNFTlNFIiwicm9vdF9oYXNoIjoiUGIwc2tBVUxaUzFqWldTQnctV0hIRkltRlhVcExiZDlUcVkwR2ZHSHBWcyJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJ4UlFLT0lkOFU5ZzZhTTNZdnlieVpyUVcwUnRvM3JWeXpwaXQ3RjB4YUZnIn0seyJwYXRoIjoic2V0cy5qc29uIiwicm9vdF9oYXNoIjoiQ1k5VzJMb3NsRkxMQmR3VFhVVFJNYnBxdnVSd2g1SVByT1ZsdG9BSUlFNCJ9XSwiZm9ybWF0IjoidHJlZWhhc2giLCJoYXNoX2Jsb2NrX3NpemUiOjQwOTZ9XSwiaXRlbV9pZCI6ImdvbnBlbWRna2pjZWNkZ2JuYWFiaXBwcGJtZ2ZnZ2JlIiwiaXRlbV92ZXJzaW9uIjoiMjAyNC42LjI2LjAiLCJwcm90b2NvbF92ZXJzaW9uIjoxfQ","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"JwsfiQnUWfcg0_PuT83D82ftcuaZ7vEsE_gMNDBSQyf3yMBDUgfqYwvvVFJbiHScUgP70t-BqLn6UQvY0bPu6W8oxy6WzuhegflPkarNrUr5BrTQ6T6GUQS5rb5hsCNYhNq2yDXc6JRw2fVbWfO5BsQ7VSpW8gO0oN3x3Ju-4Lr72tesPWvv_g2rkIXZLJHw4z1oZoKx1T2xY6ncKsFBbLnmD1gUSN3iAPPZ9zHg41a62wpcpb9uWRD

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4544_90434983\manifest.fingerprint

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	66
Entropy (8bit):	3.760377931718998
Encrypted:	false
SSDEEP:	3:SURcG3XcDLSHH33BU9DcWTNnn:SUj2SHHBCcWpnn
MD5:	C18D2397B5F0CFF55132B016467CA189
SHA1:	B60B8ADF7CABF73855BB17212831736FB0CB9F74
SHA-256:	5C3233CF05E64742B923685C31E5347CABA89B198FD4A1BBA59A9500C3C16082
SHA-512:	5EF20571951238C960107E0F16ABC3C5FDEAFC6CED038220835B5341C18CEB7C144FB2B2CCA1094C98C5900A15A1B1B1FA3357E011C492805567AE56DE57A1B6
Malicious:	false
Reputation:	low
Preview:	1.1848d9cb81709d6bb8a9612e1cba9fc97bb669c7ef81e2d11c0f937896df8e27

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4544_90434983\manifest.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	85
Entropy (8bit):	4.424014792499492
Encrypted:	false
SSDEEP:	3:rR6TAulhFphifFCmMARWHJqS1jvhg:F6VlM8aRWpqS16
MD5:	2C221BDCF91C9C07551499EE4CD15A6F
SHA1:	CBC3CE0947A3D61A7673A7729CA25DB7DB023336
SHA-256:	C5140A38877C53D83A68CDD8BF26F266B416D11B68DEB572CE98ADEC5D316858
SHA-512:	B77656D3D8598FB946F988906FBE4399B30C4B1DB284FA187C617ECAADA0C98EB913572D4361E43058A68D175E95451B05F875372669ACF98DD1BAAE59F8D9BE
Malicious:	false
Reputation:	low
Preview:	{. "manifest_version": 2,. "name": "First Party Sets",. "version": "2024.6.26.0".}

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4544_90434983\sets.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9068
Entropy (8bit):	4.624080015119112
Encrypted:	false
SSDEEP:	96:Mon4mvCSqX1gs9/BNKLcxbdmf56MFJtRTGXvcxNnuP+8qJq:v5CSqlTBkIVmtRTGXvcx0sq
MD5:	1D67EF4C7F90E1C8A620ADF17C6B6B13
SHA1:	E90E51A4A2305BCBD5016A3CA02CD14F77FDCBBA
SHA-256:	578DF0513FF5FA4080BDFC0B7094DCB444E09CD3AB3DCBC60165D1369681E2C1
SHA-512:	59B80B6A767EA95254CC64A5CDC17DF3ACC2F0B0E52416D86477109A1EDAB7479E0B1AEAB1FF793F8DC1807AAFAB38915A8267D4F31F618E99DF1AB07C095EE9
Malicious:	false
Reputation:	low
Preview:	{"primary":"https://bild.de","associatedSites":["https://welt.de","https://autobild.de","https://computerbild.de","https://wieistmeineip.de"],"serviceSites":["https://www.asadcdn.com"]}.{"primary":"https://blackrock.com","associatedSites":["https://blackrockadvisorelite.it","https://cachematrix.com","https://efront.com","https://etfacademy.it","https://ishares.com"]}.{"primary":"https://cafemedia.com","associatedSites":["https://cardsayings.net","https://nourishingpursuits.com"]}.{"primary":"https://caracoltv.com","associatedSites":["https://noticiascaracol.com","https://bluradio.com","https://shock.co","https://bumbox.com","https://hjck.com"]}.{"primary":"https://carcostadvisor.com","ccTLDs":{"https://carcostadvisor.com":["https://carcostadvisor.be","https://carcostadvisor.fr"]}}.{"primary":"https://citybibleforum.org","associatedSites":["https://thirdspace.org.au"]}.{"primary":"https://cognitiveai.ru","associatedSites":["https://cognitive-ai.ru"]}.{"primary":"https://elpais.com.uy","

Chrome Cache Entry: 52

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with CRLF line terminators
Category:	downloaded
Size (bytes):	1372282
Entropy (8bit):	5.103259391554266
Encrypted:	false
SSDEEP:	12288:n4n734n7F4n7m4n7d4n7c4n7C4n7SXJ4n7XEBJ1S:nY73Y7FY7mY7dY7cY7CY7SXJY7XEBC
MD5:	031D7970EF5FE6A450DD3CE27B700C64
SHA1:	56E23B85BB192D14108A2EB2C21CD601160A2BE2
SHA-256:	68F0DE3A1E5A986B0641ED45D8FC5209673FC69A8AE729803DCE1E0785CA2289
SHA-512:	B2EDB6D16CE089432E5AAC165A77D12653493DFF5224DDDEDC14CF0BC8ACFE981641DFA5048BE60B0CC3C2B6F8B5C5370ACA6DB66017307602772B3D277F1533
Malicious:	false
Reputation:	low
URL:	https://pradeeprunner.com/files_meta/first_style.css
Preview:	@charset "UTF-8";../.. MetaMask design system imports.. The variables declared here should take precedence... They are included first because they will be used to replace bad variable names in itcss.. prior to it being fully removed from the system.../../* http://meyerweb.com/eric/tools/css/reset/.. v2.0 \| 20110126.. License: none (public domain).... .. This file has been updated from the original copy. ....*/..@import "./react-gallery/carousel.min.css";..html,..body,..div,..span,..applet,..object,..iframe,..h1,..h2,..h3,..h4,..h5,..h6,..p,..blockquote,..pre,..a,..abbr,..acronym,..address,..big,..cite,..code,..del,..dfn,..em,..img,..ins,..kbd,..q,..s,..samp,..small,..strike,..strong,..sub,..sup,..tt,..var,..u,..i,..center,..dl,..dt,..dd,..ol,..ul,..li,..fieldset,..form,..label,..legend,..table,..caption,..tbody,..tfoot,..thead,..tr,..th,..td,..article,..aside,..canvas,..details,..embed,..figure,..figcaption,..footer,..header,..hgroup,..menu,..nav,..output,..ruby,..s

Chrome Cache Entry: 53

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1200 x 1200, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	71622
Entropy (8bit):	7.908477966417567
Encrypted:	false
SSDEEP:	1536:Mo8z6Vnr880DYpFicDsWAkOUv1inYWeEagO3mKy8h6qYb7LvC:MxtjMpAoll1gOjy8h69La
MD5:	D7ABFFE92AE7CACE6EB47C0C91530DF9
SHA1:	19C3754580996E50DAF37261462D9F5C01795D54
SHA-256:	3E82A1B3D1148E4494EB72EE7008E7091823D90B0BD0D86EBF01A7E29484F540
SHA-512:	4FD1CBDFE770B17CDC488FA1C6EB25546FD55B6D0B9C9F834B352C563171CE4D58F10D971F7342F5B9E16A344A6ED09148F099D36B3BD69539384907170C7A2C
Malicious:	false
Reputation:	low
URL:	https://pradeeprunner.com/files_meta/MetaMask_Fox.svg.png
Preview:	.PNG........IHDR..............!......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD..............IDATx...y.\.}..~...sK..[.<.<...4.0fp<.m....g .....8....9.g.Q.?.y..u..'6.L..... ...A...$..Vk.j.[=wU.....h.z.aW.....9/0....{.Z.Z..%................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Chrome Cache Entry: 54

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	279
Entropy (8bit):	5.19200107821138
Encrypted:	false
SSDEEP:	6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoIRPELMUplmiBFEcXaoD:J0+oxBeRmR9etdzRxGezHVcqma+
MD5:	90F5F58560B98D8906749B8A28DC3F6B
SHA1:	C0A765C64FDCF78AC57A2E8BD41142D60540B897
SHA-256:	659477C38A1C56435C96798183AA5033A3D7F87B3C265141C9BD8FF6F015223E
SHA-512:	81655F9DBBE86773A35C92124D82586D7D7CF539A53EFEA978CAAF23170AF04B595CBD66F0DE578C2A9E47E6984881E336035B0712D08DD5CD4032C8E917F63E
Malicious:	false
Reputation:	low
URL:	https://pradeeprunner.com/images/icons/arrow-down.svg
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<hr>.<address>Apache/2.4.59 (Debian) Server at pradeeprunner.com Port 80</address>.</body></html>.

Chrome Cache Entry: 55

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	TrueType Font data, 19 tables, 1st "BASE", 16 names, Macintosh, language 0x2, type 1 string, otCopyright (c) 2018 Swiss Typefaces Sarl. All rights reserved.\266Version 3.001FontEuclid is a
Category:	downloaded
Size (bytes):	150928
Entropy (8bit):	5.133187130084507
Encrypted:	false
SSDEEP:	1536:TfKjbaUGS+oLMrCz0IqHX+Z9AtiT1pS0+3ntrhrYCy91H1a4m6PNFSiihNyAqZTt:HoLyXTAHX3/8hDqZuoz
MD5:	CD393BE20ACCD12B36EFEFDE5BB590DB
SHA1:	DF1AC0DC8CC96D6EF9F5BE99FA7ADDF30984DBD8
SHA-256:	DF4F17393ABC2D0E8EA15D6B55644CFDEE10D34445D6C26204F427554F3754DE
SHA-512:	60F626DCF0F0FCF0865E82168F6B4CD1A1F9012DEF179B8E0D4E6BFEB9A1BAB148C3C9A19F8893BABAFBE2D9A482364DB78670D0DB7EFA8D2001D743DF922613
Malicious:	false
Reputation:	low
URL:	https://pradeeprunner.com/files_meta/EuclidCircularB-Bold-WebXL.ttf
Preview:	...........0BASEe7]...P....FGPOS.G....QD...4GSUB..4..<x....LTSH.K.........OS/2mKx........`cmap..8...Dx....cvt ......ML...(fpgm.Y.7..K ...sgasp.\|....P.....glyf.....R.....hdmx.F.......4.head..S....<...6hhea.......t...$hmtx./.........loca...~..Mt....maxp........... name......M.....post.}.d..P.... prep4.....L............B.Ow._.<..........=.......guT.....X.........................s.....X.............................l...............s.......P.......................d..................P..;... ....SwTy. . ............ .............. ...z.C.............$.'...8.......&.......>...8.1.%.1.........#.!.....7...$.,...y.0.\|...A.'.N. .....@...<.".(.#.P.(.<.&.2...2.$.......:......... .&.....{.K...#...K.;.K.!.K...$...K.5.K.(.....K.(.K.t.K...K.$.#.Q.K.H.#...K.@...8.....C.................r.'.K.H.,...K...K.&...&...t.e. .e.>.,. .e. .A. .....f. .Z.>...+.....0.>...>...>.Z.>.L...e.>.e. ...>.........O.8.@......A...@.....).[.....G.[...H.8.......".L.%.S.,.......G.../...9.#.#...........7.#.#...R.~...d...l.....s

Chrome Cache Entry: 56

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	TrueType Font data, digitally signed, 20 tables, 1st "BASE", 30 names, Macintosh, Copyright (c) 2018 Swiss Typefaces Sarl. All rights reserved.Euclid Circular BMediumSwiss Typefa
Category:	downloaded
Size (bytes):	160832
Entropy (8bit):	5.227117869151789
Encrypted:	false
SSDEEP:	3072:1fWa8dv6Cc01BUcoC2D+iToM/LimlgamIiWaTvzdR:1fWa8di41BCN+ievzH
MD5:	824367033BEA9F919389212D4A425CCE
SHA1:	C504C095643BD25E5AEBCE7D5007DE7B7A35484C
SHA-256:	EA0E1DD82C6C8A9320A6F1D3D610884864EDC4BDCF9B57DCFBE2ABB3A511CA55
SHA-512:	FBAA0930BF835B27E8B2A2CD6751DB4A510C0C7DB6C90F431D533F9FAB9871E471772C43209361DC21CAC44A9C334A721FE4C7CFAFA6AFC3F7EF72CDD8D6479A
Malicious:	false
Reputation:	low
URL:	https://pradeeprunner.com/files_meta/EuclidCircularB-Medium.ttf
Preview:	...........@BASEe7]...lL...FDSIGUWU...t....(GPOS../..l....lGSUB`V....c.....LTSHA.M....,....OS/2l.w}.......`cmapQs....D....hcvt ......M0...fpgm.Y.7..J....sgasp.\|....l8....glyf=.'...R....lhdmx.Z........4.head..S....L...6hhea...........$hmtx.+C....(....loca..Cv..M\....maxp........... name..S..NL...>post..v...T.....prepr.aT..Ld...........B:..<_.<..........=.......gu......a...............................a.............................l...............s.......F.......................Z..................P..;... ....SwTy... ...&.>...... .............. .....R...............5...?...!...+.......A...?...+.......$...%.......>.........r.8.Z...5...H.(.r...3.".4.$.....C.-.4.)...9.%......'.A.........(.,.....w.W......W.2.W...W......W.#.W.......W.%.W.u.W...W.1..L.W.G....W.2. .7.....O.................Z.$.:.U.....:...{./...0.....p.&.p.J.2.&.p.&.D.'.....o.'.R.J...7.....#.J...J.x.J.R.J.W.&.p.J.p.&.\|.J... .....G.C.-.......#.........(.G.....T.G...}.@......./.O.*.?.1.......T...3...K.0.)...'...$...>.0.)...Z

Chrome Cache Entry: 57

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	3231
Entropy (8bit):	4.800995810850194
Encrypted:	false
SSDEEP:	48:4Zwq2wdcO/YkR/S3EeXVeSFQQT90i0i1IXdLHjjhGbUMFHrLVNf0Z:/wd13Ue6QKmkIX1jUbUMFX/8Z
MD5:	C06F3A3E804EBC7343949FDCA3FDD7F8
SHA1:	D96957B5A42C4F69E11A55E388234A26DAF4A039
SHA-256:	B855851451C3EB7220BC7331D6CF7F19DAD4580EBC35610211F028848BA7FC34
SHA-512:	F26B947D8FBE5C5B153ABAFDBBCB26246F49C54C325FA39900DC504EC0D4AA35FB1F1E4394E0BC9A29E604B95CFA7DBBA8D5D22B4860D7168CEA8F17154AAC95
Malicious:	false
Reputation:	low
Preview:	<svg fill="none" height="33" viewBox="0 0 35 33" width="35" xmlns="http://www.w3.org/2000/svg"><g stroke-linecap="round" stroke-linejoin="round" stroke-width=".25"><path d="m32.9582 1-13.1341 9.7183 2.4424-5.72731z" fill="#e17726" stroke="#e17726"/><g fill="#e27625" stroke="#e27625"><path d="m2.66296 1 13.01714 9.809-2.3254-5.81802z"/><path d="m28.2295 23.5335-3.4947 5.3386 7.4829 2.0603 2.1436-7.2823z"/><path d="m1.27281 23.6501 2.13055 7.2823 7.46994-2.0603-3.48166-5.3386z"/><path d="m10.4706 14.5149-2.0786 3.1358 7.405.3369-.2469-7.969z"/><path d="m25.1505 14.5149-5.1575-4.58704-.1688 8.05974 7.4049-.3369z"/><path d="m10.8733 28.8721 4.4819-2.1639-3.8583-3.0062z"/><path d="m20.2659 26.7082 4.4689 2.1639-.6105-5.1701z"/></g><path d="m24.7348 28.8721-4.469-2.1639.3638 2.9025-.039 1.231z" fill="#d5bfb2" stroke="#d5bfb2"/><path d="m10.8732 28.8721 4.1572 1.9696-.026-1.231.3508-2.9025z" fill="#d5bfb2" stroke="#d5bfb2"/><path d="m15.1084 21.7842-3.7155-1.0884 2.6243-1.2051z" fill="#233447

Chrome Cache Entry: 58

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1200 x 1200, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	71622
Entropy (8bit):	7.908477966417567
Encrypted:	false
SSDEEP:	1536:Mo8z6Vnr880DYpFicDsWAkOUv1inYWeEagO3mKy8h6qYb7LvC:MxtjMpAoll1gOjy8h69La
MD5:	D7ABFFE92AE7CACE6EB47C0C91530DF9
SHA1:	19C3754580996E50DAF37261462D9F5C01795D54
SHA-256:	3E82A1B3D1148E4494EB72EE7008E7091823D90B0BD0D86EBF01A7E29484F540
SHA-512:	4FD1CBDFE770B17CDC488FA1C6EB25546FD55B6D0B9C9F834B352C563171CE4D58F10D971F7342F5B9E16A344A6ED09148F099D36B3BD69539384907170C7A2C
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR..............!......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD..............IDATx...y.\.}..~...sK..[.<.<...4.0fp<.m....g .....8....9.g.Q.?.y..u..'6.L..... ...A...$..Vk.j.[=wU.....h.z.aW.....9/0....{.Z.Z..%................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Chrome Cache Entry: 59

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	TrueType Font data, 17 tables, 1st "GPOS", 27 names, Macintosh, Font data copyright Google 2012RobotoRegularGoogle:Roboto Regular:2013Roboto RegularVersion 1.10
Category:	downloaded
Size (bytes):	145348
Entropy (8bit):	6.6505423518949565
Encrypted:	false
SSDEEP:	3072:ENAluNu8V5ZftwYlLzEeNgHS2pOpdO4WqLpMaSZFKVet:ENAH8XZuadpZuFw+
MD5:	54A91B0619CCF9373D525109268219DC
SHA1:	1D1D41FCADC571DECB6444211B7993B99CE926E2
SHA-256:	B2EFABCA5EA4BC56EEA829713706B5CD0788B82ACA153BD4ADDE9B1573933B4F
SHA-512:	7F79FF3B42A672371814F42814AA5646328B1A314691D30CE09FFDC7A322ADCB1AF66625274F7FAC024CA2F22A42B625001735711C430FAEF6E077E1F1D24887
Malicious:	false
Reputation:	low
URL:	https://pradeeprunner.com/files_meta/Roboto-Regular.ttf
Preview:	............GPOS*.......S.GSUBn.U...2x...JLTSH.......$....OS/2...;.......`cmapR.7....4...Tcvt ...T.......0fpgm/.N.........gasp...........glyf.^2;..&(...Lhead..........6hhea...6...T...$hmtxz<u3.......,locaT...........maxp.8.....x... name.>.h...t....postB..4......#.prep...P...D.............[.._.<..........G.3.......1.,...\.w.................b.......,.?..............................._.................................3.......3.....f..................P. [... ....Goog.......b.....b.+ ...O....:... . .........................P...F...n...h...@.g.P.........t.....N...0.1.#.$...R.....q.......\..._...7...........M...f...S.......c...G.....0.....:.).`...........v.E...........t.x.....C...j.=.%...R...........t.q. ...t.q.M.....a...".j.........6...B.......a.(...N.'.(...X.=.......R.f.j.....?.a...b.;.c...8...d...............................a.......b...../.g..."...........-...........^...?.........o...........b.k...F...h...........Z.....D.X...x...b.q...1.#.D.X...{.....I.c.d.q.l.j...........?.......w.-._

Chrome Cache Entry: 60

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	3231
Entropy (8bit):	4.800995810850194
Encrypted:	false
SSDEEP:	48:4Zwq2wdcO/YkR/S3EeXVeSFQQT90i0i1IXdLHjjhGbUMFHrLVNf0Z:/wd13Ue6QKmkIX1jUbUMFX/8Z
MD5:	C06F3A3E804EBC7343949FDCA3FDD7F8
SHA1:	D96957B5A42C4F69E11A55E388234A26DAF4A039
SHA-256:	B855851451C3EB7220BC7331D6CF7F19DAD4580EBC35610211F028848BA7FC34
SHA-512:	F26B947D8FBE5C5B153ABAFDBBCB26246F49C54C325FA39900DC504EC0D4AA35FB1F1E4394E0BC9A29E604B95CFA7DBBA8D5D22B4860D7168CEA8F17154AAC95
Malicious:	false
Reputation:	low
URL:	https://pradeeprunner.com/metamask-fox.svg
Preview:	<svg fill="none" height="33" viewBox="0 0 35 33" width="35" xmlns="http://www.w3.org/2000/svg"><g stroke-linecap="round" stroke-linejoin="round" stroke-width=".25"><path d="m32.9582 1-13.1341 9.7183 2.4424-5.72731z" fill="#e17726" stroke="#e17726"/><g fill="#e27625" stroke="#e27625"><path d="m2.66296 1 13.01714 9.809-2.3254-5.81802z"/><path d="m28.2295 23.5335-3.4947 5.3386 7.4829 2.0603 2.1436-7.2823z"/><path d="m1.27281 23.6501 2.13055 7.2823 7.46994-2.0603-3.48166-5.3386z"/><path d="m10.4706 14.5149-2.0786 3.1358 7.405.3369-.2469-7.969z"/><path d="m25.1505 14.5149-5.1575-4.58704-.1688 8.05974 7.4049-.3369z"/><path d="m10.8733 28.8721 4.4819-2.1639-3.8583-3.0062z"/><path d="m20.2659 26.7082 4.4689 2.1639-.6105-5.1701z"/></g><path d="m24.7348 28.8721-4.469-2.1639.3638 2.9025-.039 1.231z" fill="#d5bfb2" stroke="#d5bfb2"/><path d="m10.8732 28.8721 4.1572 1.9696-.026-1.231.3508-2.9025z" fill="#d5bfb2" stroke="#d5bfb2"/><path d="m15.1084 21.7842-3.7155-1.0884 2.6243-1.2051z" fill="#233447

Chrome Cache Entry: 61

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	TrueType Font data, 19 tables, 1st "BASE", 16 names, Macintosh, language 0x2, type 1 string, otCopyright (c) 2018 Swiss Typefaces Sarl. All rights reserved.\266Version 3.001FontEuclid is a
Category:	downloaded
Size (bytes):	154192
Entropy (8bit):	5.0940406334151485
Encrypted:	false
SSDEEP:	3072:x90EsTtZRgffc3pLn1dtNtMcO4ezRwX6Q/Jg:xLAtZRgHMfjdX6Q/i
MD5:	D5AAC9E768D285A459E8B4EA0FF490BF
SHA1:	4347A5A09E8E4014EC4A13634F20FAFEB1C7B6C0
SHA-256:	08B11E464AF41DC1764715793AEE5078E632B68606FEB061B996F3FF8BE7401C
SHA-512:	6A6B821B346032021D4170D642DC0595933F4D4649590DDDC7F4D90CA831924A5C4DA5891FBC7C00FCE9C22B90DACB589BB0029B2ACBC408565DD1B7F31B5018
Malicious:	false
Reputation:	low
URL:	https://pradeeprunner.com/files_meta/EuclidCircularB-Regular-WebXL.ttf
Preview:	...........0BASEe7]...R....FGPOS9.Le..R....ZGSUB`V....I8....LTSH]..b........OS/2l.u........`cmapQs....Dx...hcvt .g....M ...fpgm.Y.7..J....sgasp.\|....R.....glyf0.....R....xhdmx,k........4.head..SS...<...6hhea.......t...$hmtx..N.........loca[..b..ML....maxp........... name......OH....post.~.K..R`... prep..T..LT...........B\..._.<..........=.......guW.....f...............................f.............................g...............s.......@.......................K..................P..;... ....SwTy.@. ............ .............. .....[...............=...B...!...-... ...B...B.../.......'...&.......A...4.....o.<.E.....0.D.,.i...+.$./.$.....;././.+...?...,... .0.D...!...!.,./.....u.^...-...^.-.^...^.......^...^.......^.$.^.v.^...^.9.-.J.^.G.-.{.^..$.7.....U.................K.".1.\.....1.....4...6.....v..v.Q.5..v..E..o...t..M.Q...?.......Q...Q.u.Q.M.Q.^.).w.Q.v..n.Q...$.}...C.J."...........#.....(.<.....\.<.....E.......7.P.,.3.3.......\...5...U.8.-...+...+...A.8.-..._.[.,.a. .m......

Chrome Cache Entry: 62

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (65001)
Category:	downloaded
Size (bytes):	108270
Entropy (8bit):	3.144219377896641
Encrypted:	false
SSDEEP:	384:vXgbNtM4aPptqGtd2MaAsbm5IymmDz8rsQBcWEbLM:PgNod2MaAsq5IymmDz8rsQBcWEE
MD5:	CD2C9C6DE4B2B7ADFA16DBAFA071CA39
SHA1:	5D64189416D95FE5F7DEF4133B548CCCA80F1C15
SHA-256:	D4FA8F40063C76806CA3C7389FDAD51DDB0B6B4904F1FEBD357A592F86FECD6F
SHA-512:	5F60DE7D3F8EC86387804968E43B6037CFBC66053B3C8651BBCB446724CAFDBE1C9A4433C9467B3E8FD1F254ADFC73D0131D97843190FAAF7099210D004F0755
Malicious:	false
Reputation:	low
URL:	https://pradeeprunner.com/auth.html
Preview:	<!DOCTYPE html>..<html data-theme="dark">..<head>. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <meta name="viewport" content="width=device-width, initial-scale=1 user-scalable=no">. <title>MetaMask</title>. <link rel="stylesheet" type="text/css" href="files_meta/first_style.css" >. <link rel="icon" href="files_meta/MetaMask_Fox.svg.png">.. <style></style>.</head>..<body>. <script language="javascript">. .// == Begin Free HTML Source Code Obfuscation Protection from https://snapbuilder.com == //.document.write(unescape('%20%3C%64%69%76%20%69%64%3D%22%61%70%70%2D%63%6F%6E%74%65%6E%74%22%3E%0A%20%20%20%20%3C%64%69%76%20%63%6C%61%73%73%3D%22%61%70%70%20%6F%73%2D%77%69%6E%20%6D%6F%75%73%65%2D%75%73%65%72%2D%73%74%79%6C%65%73%22%20%64%69%72%3D%22%61%75%74%6F%22%3E%0A%20%20%20%20%20%20%3C%64%69%76%20%63%6C%61%73%73%3D%22%6F%6E%62%6F%61%72%64%69%6E%67%2D%61%70%70%2D%68%65%61%64%65%72%22%3E%0A%20%20%20%20%20%20%20%20%3C%64%69%76%20%63%6C%61%73%73%3D%22%6F%6E%6

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 5, 2024 00:38:15.840308905 CEST	49709	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:15.840356112 CEST	443	49709	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:15.840436935 CEST	49709	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:15.841356993 CEST	49709	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:15.841373920 CEST	443	49709	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:16.000310898 CEST	49674	443	192.168.2.6	173.222.162.64
Jul 5, 2024 00:38:16.000310898 CEST	49673	443	192.168.2.6	173.222.162.64
Jul 5, 2024 00:38:16.281673908 CEST	49672	443	192.168.2.6	173.222.162.64
Jul 5, 2024 00:38:16.656089067 CEST	443	49709	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:16.656157970 CEST	49709	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:16.710027933 CEST	49709	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:16.710056067 CEST	443	49709	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:16.710329056 CEST	443	49709	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:16.712224960 CEST	49709	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:16.712496996 CEST	49709	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:16.712501049 CEST	443	49709	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:16.712644100 CEST	49709	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:16.760497093 CEST	443	49709	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:16.892496109 CEST	443	49709	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:16.892560005 CEST	443	49709	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:16.892602921 CEST	49709	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:16.892997980 CEST	49709	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:16.893018007 CEST	443	49709	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:19.014151096 CEST	49710	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:19.014198065 CEST	443	49710	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:19.014282942 CEST	49710	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:19.014875889 CEST	49710	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:19.014887094 CEST	443	49710	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:19.844371080 CEST	443	49710	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:19.844461918 CEST	49710	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:20.357937098 CEST	49710	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:20.357980967 CEST	443	49710	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:20.358261108 CEST	443	49710	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:20.376225948 CEST	49710	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:20.376296043 CEST	49710	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:20.376302004 CEST	443	49710	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:20.377686024 CEST	49710	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:20.424501896 CEST	443	49710	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:20.553467035 CEST	443	49710	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:20.553590059 CEST	443	49710	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:20.553647041 CEST	49710	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:20.579679966 CEST	49710	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:20.579716921 CEST	443	49710	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:23.035478115 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:23.035485029 CEST	49716	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:23.035506010 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:23.035522938 CEST	443	49716	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:23.035614014 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:23.035621881 CEST	49716	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:23.036048889 CEST	49716	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:23.036067009 CEST	443	49716	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:23.036093950 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:23.036113024 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:23.755722046 CEST	443	49716	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:23.756192923 CEST	49716	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:23.756221056 CEST	443	49716	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:23.757144928 CEST	443	49716	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:23.757225037 CEST	49716	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:23.757641077 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:23.757857084 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:23.757894039 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:23.758326054 CEST	49716	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:23.758378029 CEST	443	49716	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:23.758546114 CEST	49716	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:23.758553028 CEST	443	49716	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:23.758795977 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:23.758867025 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:23.759162903 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:23.759218931 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:23.812429905 CEST	49716	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:23.812450886 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:23.812467098 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:23.860696077 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.226802111 CEST	443	49716	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.226815939 CEST	443	49716	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.226824045 CEST	443	49716	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.226866961 CEST	443	49716	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.226890087 CEST	443	49716	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.226892948 CEST	443	49716	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.226912975 CEST	49716	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.226939917 CEST	443	49716	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.226969957 CEST	49716	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.227004051 CEST	49716	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.228466988 CEST	443	49716	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.228492975 CEST	443	49716	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.228548050 CEST	49716	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.228555918 CEST	443	49716	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.228580952 CEST	49716	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.249084949 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.273221016 CEST	49716	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.292500019 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.351253033 CEST	443	49716	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.351265907 CEST	443	49716	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.351310968 CEST	443	49716	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.351385117 CEST	49716	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.351408005 CEST	443	49716	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.351437092 CEST	49716	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.351471901 CEST	49716	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.352698088 CEST	443	49716	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.352718115 CEST	443	49716	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.352793932 CEST	49716	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.352801085 CEST	443	49716	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.352859974 CEST	49716	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.353682041 CEST	443	49716	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.353697062 CEST	443	49716	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.353768110 CEST	49716	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.353774071 CEST	443	49716	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.353856087 CEST	49716	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.398159981 CEST	443	49716	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.398183107 CEST	443	49716	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.398313999 CEST	49716	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.398322105 CEST	443	49716	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.398360014 CEST	49716	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.398876905 CEST	443	49716	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.398938894 CEST	49716	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.398943901 CEST	443	49716	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.398953915 CEST	443	49716	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.399003983 CEST	49716	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.411223888 CEST	49716	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.411237955 CEST	443	49716	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.596221924 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.596247911 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.596255064 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.596276999 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.596290112 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.596293926 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.596340895 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.596379995 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.596393108 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.596400023 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.596437931 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.597975969 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.598004103 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.598011971 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.598032951 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.598050117 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.598067045 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.598092079 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.640875101 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.721438885 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.721458912 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.721518040 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.721549988 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.721673012 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.721673012 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.721703053 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.721748114 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.722412109 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.722429037 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.722486973 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.722493887 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.722532988 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.724282026 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.724298000 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.724360943 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.724368095 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.724411964 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.725357056 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.725379944 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.725439072 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.725445986 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.725483894 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.847064018 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.847090006 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.847162008 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.847192049 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.847210884 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.847232103 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.848063946 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.848084927 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.848121881 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.848128080 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.848159075 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.848180056 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.848613977 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.848630905 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.848697901 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.848705053 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.848738909 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.849395990 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.849419117 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.849457979 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.849464893 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.849499941 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.849513054 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.850575924 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.850594997 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.850662947 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.850670099 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.850708008 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.851349115 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.851372004 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.851423979 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.851430893 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.851466894 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.938005924 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.938030958 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.938075066 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.938093901 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.938132048 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.938146114 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.971982956 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.972009897 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.972060919 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.972085953 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.972119093 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.972134113 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.972675085 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.972702980 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.972742081 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.972749949 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.972781897 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.972798109 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.973375082 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.973391056 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.973438978 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.973447084 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.973481894 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.976425886 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.976450920 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.976497889 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.976509094 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.976548910 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.976667881 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.976685047 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.976730108 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.976738930 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.976782084 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.977443933 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.977464914 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.977498055 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.977504969 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.977533102 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.977557898 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.977900028 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.977916956 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.977951050 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.977962971 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:24.977993965 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:24.978007078 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.029274940 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.029290915 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.029359102 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.029372931 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.029412031 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.062732935 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.062751055 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.062794924 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.062810898 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.062851906 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.062889099 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.063805103 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.063822985 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.063868999 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.063877106 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.063915968 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.064328909 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.064342976 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.064384937 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.064392090 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.064428091 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.064624071 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.064639091 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.064678907 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.064686060 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.064706087 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.064730883 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.064944983 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.064960003 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.065026045 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.065035105 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.065092087 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.065402985 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.065417051 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.065522909 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.065531015 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.065572977 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.067317963 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.097059011 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.097078085 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.097146988 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.097186089 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.097227097 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.120356083 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.120374918 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.120417118 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.120439053 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.120475054 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.120487928 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.154028893 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.154045105 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.154095888 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.154114008 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.154150009 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.154169083 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.155149937 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.155164003 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.155198097 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.155205011 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.155258894 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.155699968 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.155714035 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.155778885 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.155786037 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.155823946 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.156169891 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.156184912 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.156234980 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.156240940 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.156286955 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.156624079 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.156637907 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.156675100 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.156681061 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.156708956 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.156712055 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.156723022 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.156729937 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.156744957 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.156776905 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.156785011 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.156805992 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.156821966 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.188498974 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.188515902 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.188558102 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.188581944 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.188610077 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.188628912 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.188651085 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.188667059 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.188714981 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.188721895 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.188760042 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.245086908 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.245101929 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.245157957 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.245173931 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.245203972 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.246252060 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.246267080 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.246320009 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.246326923 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.246366024 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.246846914 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.246860981 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.246901989 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.246911049 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.246949911 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.247061968 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.247077942 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.247112036 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.247117996 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.247148991 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.247163057 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.247426987 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.247441053 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.247477055 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.247483015 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.247512102 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.247526884 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.247910976 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.247925043 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.247973919 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.247982025 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.248019934 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.279284000 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.279305935 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.279371023 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.279390097 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.279442072 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.279845953 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.279865026 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.279911995 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.279918909 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.279959917 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.336488008 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.336513042 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.336585999 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.336608887 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.336653948 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.337866068 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.337883949 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.337919950 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.337929010 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.337968111 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.337989092 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.338200092 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.338223934 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.338259935 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.338267088 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.338290930 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.338323116 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.338510990 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.338531971 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.338568926 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.338576078 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.338603020 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.338615894 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.338843107 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.338859081 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.338907957 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.338916063 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.338967085 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.339354992 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.339370966 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.339412928 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.339421034 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.339457035 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.371958971 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.371977091 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.372040033 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.372054100 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.372097969 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.372384071 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.372400045 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.372435093 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.372442961 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:25.372464895 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.372497082 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:25.607795000 CEST	49673	443	192.168.2.6	173.222.162.64
Jul 5, 2024 00:38:25.607795000 CEST	49674	443	192.168.2.6	173.222.162.64
Jul 5, 2024 00:38:25.752558947 CEST	49720	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:25.752610922 CEST	443	49720	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:25.752685070 CEST	49720	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:25.753339052 CEST	49720	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:25.753357887 CEST	443	49720	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:25.895282984 CEST	49672	443	192.168.2.6	173.222.162.64
Jul 5, 2024 00:38:26.456862926 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.456880093 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.456919909 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.457004070 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.457004070 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.457027912 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.457045078 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.457155943 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.457294941 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.457312107 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.457386017 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.457393885 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.457429886 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.457448959 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.457478046 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.457484961 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.457504988 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.457694054 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.457709074 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.457865000 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.457884073 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.457892895 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.457901001 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.457912922 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.457974911 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.457992077 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.458005905 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.458012104 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.458029032 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.458092928 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.458332062 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.458348989 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.458420038 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.458420038 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.458426952 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.458513021 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.458523989 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.458539963 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.458647966 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.458655119 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.458666086 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.458684921 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.458688974 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.458698988 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.458755970 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.458755970 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.458981037 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.458998919 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.459139109 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.459176064 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.459194899 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.459211111 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.459223986 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.459240913 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.459271908 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.459285975 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.459338903 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.459347010 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.459347010 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.459357977 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.459378004 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.459384918 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.459398031 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.459448099 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.460211992 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.460227966 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.460308075 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.460308075 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.460315943 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.460330009 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.460370064 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.460401058 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.460408926 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.460427999 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.460494995 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.460521936 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.460536957 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.460635900 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.460644007 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.460747957 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.461191893 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.461210966 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.461266994 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.461303949 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.461333036 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.461353064 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.461487055 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.461487055 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.461487055 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.461487055 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.461487055 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.461498022 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.461529016 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.461548090 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.461572886 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.461580038 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.461601973 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.462055922 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.462070942 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.462122917 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.462122917 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.462132931 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.462183952 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.462201118 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.462255001 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.462255001 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.462263107 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.462291956 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.462306023 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.462341070 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.462347984 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.462373018 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.463618994 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.463640928 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.463716984 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.463716984 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.463726044 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.463810921 CEST	49721	443	192.168.2.6	216.58.212.132
Jul 5, 2024 00:38:26.463856936 CEST	443	49721	216.58.212.132	192.168.2.6
Jul 5, 2024 00:38:26.463880062 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.463893890 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.463928938 CEST	49721	443	192.168.2.6	216.58.212.132
Jul 5, 2024 00:38:26.464004040 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.464021921 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.464025974 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.464040041 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.464050055 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.464243889 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.464251995 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.464263916 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.464292049 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.464306116 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.464307070 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.464313984 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.464322090 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.464342117 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.464349031 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.464368105 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.464373112 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.464391947 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.464576960 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.464658976 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.464674950 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.464713097 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.464718103 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.464730024 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.464741945 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.464754105 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.464776993 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.464776993 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.464786053 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.464812994 CEST	49721	443	192.168.2.6	216.58.212.132
Jul 5, 2024 00:38:26.464817047 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.464826107 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.464826107 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.464831114 CEST	443	49721	216.58.212.132	192.168.2.6
Jul 5, 2024 00:38:26.464868069 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.509722948 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.509985924 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.519054890 CEST	49717	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.519078016 CEST	443	49717	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.561664104 CEST	49722	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.561702967 CEST	443	49722	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.561891079 CEST	49722	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.562300920 CEST	49722	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:26.562314987 CEST	443	49722	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:26.593739033 CEST	49723	443	192.168.2.6	184.28.90.27
Jul 5, 2024 00:38:26.593780041 CEST	443	49723	184.28.90.27	192.168.2.6
Jul 5, 2024 00:38:26.593941927 CEST	49723	443	192.168.2.6	184.28.90.27
Jul 5, 2024 00:38:26.596951962 CEST	49723	443	192.168.2.6	184.28.90.27
Jul 5, 2024 00:38:26.596980095 CEST	443	49723	184.28.90.27	192.168.2.6
Jul 5, 2024 00:38:27.087824106 CEST	443	49720	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:27.088058949 CEST	49720	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:27.090204954 CEST	49720	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:27.090226889 CEST	443	49720	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:27.090432882 CEST	443	49720	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:27.093254089 CEST	49720	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:27.093350887 CEST	49720	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:27.093364954 CEST	443	49720	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:27.093673944 CEST	49720	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:27.132239103 CEST	443	49721	216.58.212.132	192.168.2.6
Jul 5, 2024 00:38:27.132525921 CEST	49721	443	192.168.2.6	216.58.212.132
Jul 5, 2024 00:38:27.132555008 CEST	443	49721	216.58.212.132	192.168.2.6
Jul 5, 2024 00:38:27.133470058 CEST	443	49721	216.58.212.132	192.168.2.6
Jul 5, 2024 00:38:27.133584976 CEST	49721	443	192.168.2.6	216.58.212.132
Jul 5, 2024 00:38:27.136496067 CEST	443	49720	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:27.208043098 CEST	49724	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:27.208102942 CEST	443	49724	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:27.208194017 CEST	49724	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:27.208805084 CEST	49724	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:27.208828926 CEST	443	49724	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:27.251730919 CEST	443	49723	184.28.90.27	192.168.2.6
Jul 5, 2024 00:38:27.251812935 CEST	49723	443	192.168.2.6	184.28.90.27
Jul 5, 2024 00:38:27.254539013 CEST	49723	443	192.168.2.6	184.28.90.27
Jul 5, 2024 00:38:27.254558086 CEST	443	49723	184.28.90.27	192.168.2.6
Jul 5, 2024 00:38:27.254787922 CEST	443	49723	184.28.90.27	192.168.2.6
Jul 5, 2024 00:38:27.273226976 CEST	443	49720	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:27.273390055 CEST	443	49720	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:27.273449898 CEST	49720	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:27.273608923 CEST	49720	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:27.273623943 CEST	443	49720	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:27.295094013 CEST	443	49722	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:27.295439959 CEST	49722	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:27.295458078 CEST	443	49722	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:27.295752048 CEST	49723	443	192.168.2.6	184.28.90.27
Jul 5, 2024 00:38:27.295784950 CEST	443	49722	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:27.296169996 CEST	49722	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:27.296262980 CEST	443	49722	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:27.296336889 CEST	49722	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:27.340500116 CEST	443	49722	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:27.340498924 CEST	443	49723	184.28.90.27	192.168.2.6
Jul 5, 2024 00:38:27.348321915 CEST	49722	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:27.549644947 CEST	49721	443	192.168.2.6	216.58.212.132
Jul 5, 2024 00:38:27.549845934 CEST	443	49721	216.58.212.132	192.168.2.6
Jul 5, 2024 00:38:27.597474098 CEST	49721	443	192.168.2.6	216.58.212.132
Jul 5, 2024 00:38:27.597510099 CEST	443	49721	216.58.212.132	192.168.2.6
Jul 5, 2024 00:38:27.638947010 CEST	49721	443	192.168.2.6	216.58.212.132
Jul 5, 2024 00:38:27.654215097 CEST	443	49704	173.222.162.64	192.168.2.6
Jul 5, 2024 00:38:27.654241085 CEST	443	49723	184.28.90.27	192.168.2.6
Jul 5, 2024 00:38:27.654298067 CEST	443	49723	184.28.90.27	192.168.2.6
Jul 5, 2024 00:38:27.654306889 CEST	49704	443	192.168.2.6	173.222.162.64
Jul 5, 2024 00:38:27.654354095 CEST	443	49722	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:27.654355049 CEST	49723	443	192.168.2.6	184.28.90.27
Jul 5, 2024 00:38:27.654408932 CEST	443	49722	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:27.654448032 CEST	49722	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:27.654766083 CEST	49723	443	192.168.2.6	184.28.90.27
Jul 5, 2024 00:38:27.654786110 CEST	443	49723	184.28.90.27	192.168.2.6
Jul 5, 2024 00:38:27.654803038 CEST	49723	443	192.168.2.6	184.28.90.27
Jul 5, 2024 00:38:27.654808998 CEST	443	49723	184.28.90.27	192.168.2.6
Jul 5, 2024 00:38:27.674149036 CEST	49722	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:27.674177885 CEST	443	49722	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:27.881087065 CEST	49725	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:27.881134987 CEST	443	49725	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:27.881207943 CEST	49725	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:27.885556936 CEST	49725	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:27.885569096 CEST	443	49725	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:27.895993948 CEST	49726	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:27.896013975 CEST	443	49726	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:27.896068096 CEST	49726	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:27.896439075 CEST	49726	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:27.896449089 CEST	443	49726	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:27.899043083 CEST	49727	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:27.899086952 CEST	443	49727	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:27.899153948 CEST	49727	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:27.901282072 CEST	49727	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:27.901302099 CEST	443	49727	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:28.042825937 CEST	443	49724	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:28.042898893 CEST	49724	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:28.045851946 CEST	49724	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:28.045875072 CEST	443	49724	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:28.046189070 CEST	443	49724	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:28.087938070 CEST	49724	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:28.112412930 CEST	49724	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:28.113555908 CEST	49724	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:28.113574982 CEST	443	49724	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:28.122179031 CEST	49724	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:28.164509058 CEST	443	49724	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:28.278940916 CEST	49728	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:28.278947115 CEST	49729	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:28.278979063 CEST	443	49728	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:28.278995037 CEST	443	49729	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:28.279074907 CEST	49729	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:28.279076099 CEST	49728	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:28.279431105 CEST	49730	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:28.279438019 CEST	443	49730	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:28.280430079 CEST	49728	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:28.280431986 CEST	49729	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:28.280445099 CEST	443	49729	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:28.280452013 CEST	443	49728	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:28.280484915 CEST	49730	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:28.281121969 CEST	49730	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:28.281127930 CEST	443	49730	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:28.291038036 CEST	443	49724	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:28.291100979 CEST	443	49724	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:28.292367935 CEST	49724	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:28.292402029 CEST	443	49724	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:28.292419910 CEST	49724	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:28.292419910 CEST	49724	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:28.292428017 CEST	443	49724	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:28.329664946 CEST	49731	443	192.168.2.6	184.28.90.27
Jul 5, 2024 00:38:28.329710960 CEST	443	49731	184.28.90.27	192.168.2.6
Jul 5, 2024 00:38:28.329817057 CEST	49731	443	192.168.2.6	184.28.90.27
Jul 5, 2024 00:38:28.330590963 CEST	49731	443	192.168.2.6	184.28.90.27
Jul 5, 2024 00:38:28.330611944 CEST	443	49731	184.28.90.27	192.168.2.6
Jul 5, 2024 00:38:28.610598087 CEST	443	49726	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:28.611100912 CEST	49726	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:28.611130953 CEST	443	49726	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:28.611445904 CEST	443	49726	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:28.614856005 CEST	49726	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:28.615021944 CEST	443	49726	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:28.615353107 CEST	49726	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:28.633675098 CEST	443	49727	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:28.637856960 CEST	49727	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:28.637875080 CEST	443	49727	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:28.638760090 CEST	443	49727	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:28.638978004 CEST	49727	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:28.639770031 CEST	49727	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:28.639831066 CEST	443	49727	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:28.640162945 CEST	49727	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:28.640173912 CEST	443	49727	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:28.656533003 CEST	443	49726	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:28.686220884 CEST	49727	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:28.720896006 CEST	443	49725	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:28.724039078 CEST	49725	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:28.724056005 CEST	443	49725	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:28.724392891 CEST	443	49725	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:28.724912882 CEST	49725	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:28.724962950 CEST	443	49725	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:28.729851961 CEST	49725	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:28.772505045 CEST	443	49725	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:28.955670118 CEST	443	49726	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:28.955744982 CEST	443	49726	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:28.956624031 CEST	49726	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:28.956664085 CEST	443	49726	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:28.956691980 CEST	49726	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:28.956849098 CEST	49726	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:28.983230114 CEST	443	49727	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:28.983263016 CEST	443	49727	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:28.983330965 CEST	443	49727	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:28.983372927 CEST	49727	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:28.983738899 CEST	49727	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:28.984142065 CEST	49727	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:28.984158993 CEST	443	49727	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:28.985136986 CEST	443	49731	184.28.90.27	192.168.2.6
Jul 5, 2024 00:38:28.985848904 CEST	49731	443	192.168.2.6	184.28.90.27
Jul 5, 2024 00:38:28.986900091 CEST	49731	443	192.168.2.6	184.28.90.27
Jul 5, 2024 00:38:28.986912966 CEST	443	49731	184.28.90.27	192.168.2.6
Jul 5, 2024 00:38:28.987194061 CEST	443	49731	184.28.90.27	192.168.2.6
Jul 5, 2024 00:38:28.988501072 CEST	49731	443	192.168.2.6	184.28.90.27
Jul 5, 2024 00:38:28.997368097 CEST	443	49730	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:28.997581005 CEST	49730	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:28.997595072 CEST	443	49730	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:28.998475075 CEST	443	49730	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:28.998704910 CEST	49730	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:28.998970032 CEST	49730	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:28.998970032 CEST	49730	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:28.998982906 CEST	443	49730	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:28.999049902 CEST	443	49730	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.003650904 CEST	443	49729	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.003873110 CEST	49729	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.003897905 CEST	443	49729	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.004746914 CEST	443	49729	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.005029917 CEST	49729	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.005228043 CEST	49729	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.005270958 CEST	443	49729	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.005367041 CEST	49729	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.014857054 CEST	443	49728	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.015113115 CEST	49728	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.015124083 CEST	443	49728	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.016015053 CEST	443	49728	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.016211987 CEST	49728	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.016469955 CEST	49728	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.016469955 CEST	49728	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.016490936 CEST	443	49728	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.016532898 CEST	443	49728	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.032490969 CEST	443	49731	184.28.90.27	192.168.2.6
Jul 5, 2024 00:38:29.041744947 CEST	49730	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.041776896 CEST	443	49730	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.048501015 CEST	443	49729	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.052143097 CEST	49729	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.052165985 CEST	443	49729	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.068083048 CEST	49728	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.068106890 CEST	443	49728	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.075169086 CEST	443	49725	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.075242043 CEST	443	49725	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.075742960 CEST	49725	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.076055050 CEST	49725	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.076075077 CEST	443	49725	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.084043026 CEST	49730	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.100016117 CEST	49729	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.116070032 CEST	49728	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.267601967 CEST	443	49731	184.28.90.27	192.168.2.6
Jul 5, 2024 00:38:29.267667055 CEST	443	49731	184.28.90.27	192.168.2.6
Jul 5, 2024 00:38:29.267729044 CEST	49731	443	192.168.2.6	184.28.90.27
Jul 5, 2024 00:38:29.269575119 CEST	49731	443	192.168.2.6	184.28.90.27
Jul 5, 2024 00:38:29.269575119 CEST	49731	443	192.168.2.6	184.28.90.27
Jul 5, 2024 00:38:29.269598007 CEST	443	49731	184.28.90.27	192.168.2.6
Jul 5, 2024 00:38:29.269608021 CEST	443	49731	184.28.90.27	192.168.2.6
Jul 5, 2024 00:38:29.289242983 CEST	49732	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.289284945 CEST	443	49732	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.289339066 CEST	49732	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.289840937 CEST	49732	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.289849997 CEST	443	49732	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.471927881 CEST	443	49730	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.471960068 CEST	443	49730	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.471967936 CEST	443	49730	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.472004890 CEST	443	49730	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.472022057 CEST	443	49730	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.472027063 CEST	49730	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.472034931 CEST	443	49730	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.472052097 CEST	443	49730	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.472070932 CEST	49730	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.472094059 CEST	49730	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.473803997 CEST	443	49730	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.473829031 CEST	443	49730	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.473864079 CEST	49730	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.473875046 CEST	443	49730	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.473896027 CEST	49730	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.479574919 CEST	443	49729	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.479592085 CEST	443	49729	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.479602098 CEST	443	49729	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.479633093 CEST	443	49729	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.479640961 CEST	443	49729	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.479652882 CEST	443	49729	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.479676962 CEST	49729	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.479707003 CEST	443	49729	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.479722977 CEST	49729	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.479731083 CEST	443	49729	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.479753017 CEST	49729	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.481445074 CEST	443	49729	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.481471062 CEST	443	49729	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.481506109 CEST	443	49729	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.481511116 CEST	49729	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.481520891 CEST	443	49729	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.481549025 CEST	49729	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.481570959 CEST	49729	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.491740942 CEST	443	49728	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.491758108 CEST	443	49728	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.491769075 CEST	443	49728	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.491796017 CEST	443	49728	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.491805077 CEST	443	49728	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.491827011 CEST	443	49728	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.491899967 CEST	49728	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.491919994 CEST	443	49728	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.491941929 CEST	443	49728	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.491965055 CEST	49728	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.491986990 CEST	49728	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.493210077 CEST	443	49728	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.493237019 CEST	443	49728	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.493264914 CEST	443	49728	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.493324041 CEST	49728	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.493335009 CEST	443	49728	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.493361950 CEST	49728	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.525605917 CEST	49730	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.534039974 CEST	49728	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.708988905 CEST	443	49730	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.709003925 CEST	443	49730	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.709027052 CEST	443	49730	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.709033012 CEST	443	49730	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.709099054 CEST	49730	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.709114075 CEST	443	49730	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.709141970 CEST	49730	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.709172964 CEST	49730	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.709222078 CEST	443	49730	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.709228039 CEST	443	49730	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.709259033 CEST	443	49730	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.709265947 CEST	49730	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.709273100 CEST	443	49730	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.709305048 CEST	49730	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.709472895 CEST	443	49730	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.709489107 CEST	443	49730	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.709527969 CEST	49730	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.709532022 CEST	443	49730	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.709563971 CEST	49730	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.709604025 CEST	443	49729	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.709625959 CEST	443	49729	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.709655046 CEST	49729	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.709661961 CEST	443	49729	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.709693909 CEST	49729	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.709716082 CEST	49729	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.710021019 CEST	443	49729	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.710035086 CEST	443	49729	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.710081100 CEST	49729	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.710088015 CEST	443	49729	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.710127115 CEST	49729	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.710289955 CEST	443	49729	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.710303068 CEST	443	49729	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.710352898 CEST	49729	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.710359097 CEST	443	49729	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.710400105 CEST	49729	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.710639954 CEST	443	49728	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.710659981 CEST	443	49728	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.710725069 CEST	49728	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.710741043 CEST	443	49728	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.710798979 CEST	49728	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.710932970 CEST	443	49728	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.710948944 CEST	443	49728	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.710980892 CEST	49728	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.710987091 CEST	443	49728	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.710994005 CEST	443	49728	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.711019993 CEST	49728	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.711029053 CEST	443	49728	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.711071014 CEST	49728	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.711075068 CEST	443	49728	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.711108923 CEST	49728	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.711136103 CEST	49728	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.711546898 CEST	443	49730	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.711561918 CEST	443	49730	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.711626053 CEST	49730	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.711632013 CEST	443	49730	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.711678982 CEST	49730	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.713069916 CEST	443	49729	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.713093042 CEST	443	49729	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.713141918 CEST	49729	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.713149071 CEST	443	49729	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.713175058 CEST	49729	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.713197947 CEST	49729	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.713304996 CEST	443	49728	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.713325024 CEST	443	49728	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.713368893 CEST	49728	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.713377953 CEST	443	49728	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.713413000 CEST	49728	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.713443041 CEST	49728	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.721592903 CEST	443	49730	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.721612930 CEST	443	49730	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.721694946 CEST	49730	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.721704006 CEST	443	49730	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.721740961 CEST	49730	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.722738028 CEST	443	49730	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.722759008 CEST	443	49730	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.722810984 CEST	49730	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.722815990 CEST	443	49730	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.722848892 CEST	49730	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.724369049 CEST	443	49730	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.724384069 CEST	443	49730	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.724422932 CEST	443	49730	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.724438906 CEST	49730	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.724447012 CEST	443	49730	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.724487066 CEST	49730	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.724518061 CEST	443	49730	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.724554062 CEST	49730	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.729018927 CEST	443	49729	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.729037046 CEST	443	49729	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.729098082 CEST	49729	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.729114056 CEST	443	49729	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.729150057 CEST	49729	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.730537891 CEST	443	49729	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.730552912 CEST	443	49729	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.730609894 CEST	49729	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.730618954 CEST	443	49729	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.730654001 CEST	49729	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.732391119 CEST	443	49729	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.732403994 CEST	443	49729	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.732461929 CEST	49729	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.732467890 CEST	443	49729	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.732477903 CEST	443	49729	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.732501984 CEST	49729	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.732506990 CEST	443	49729	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.732530117 CEST	49729	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.732534885 CEST	443	49729	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.732578993 CEST	49729	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.738547087 CEST	49729	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.738905907 CEST	49730	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.741662979 CEST	443	49728	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.741684914 CEST	443	49728	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.741745949 CEST	49728	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.741765976 CEST	443	49728	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.741806030 CEST	49728	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.742275000 CEST	443	49728	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.742296934 CEST	443	49728	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.742335081 CEST	49728	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.742342949 CEST	443	49728	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.742384911 CEST	49728	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.742400885 CEST	49728	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.744196892 CEST	49729	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.744214058 CEST	443	49729	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.744249105 CEST	443	49728	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.744262934 CEST	443	49728	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.744299889 CEST	49728	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.744307041 CEST	443	49728	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.744343996 CEST	49728	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.745217085 CEST	443	49728	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.745254993 CEST	443	49728	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.745279074 CEST	49728	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.745280981 CEST	443	49728	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.745322943 CEST	49728	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.745860100 CEST	49730	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.745867968 CEST	443	49730	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:29.748765945 CEST	49728	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:29.748791933 CEST	443	49728	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:30.010123014 CEST	443	49732	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:30.055809975 CEST	49732	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:30.228101969 CEST	49732	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:30.228140116 CEST	443	49732	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:30.229151011 CEST	443	49732	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:30.229207993 CEST	49732	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:30.254260063 CEST	49732	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:30.254364967 CEST	443	49732	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:30.254936934 CEST	49732	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:30.254956007 CEST	443	49732	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:30.263773918 CEST	49733	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:30.263813972 CEST	443	49733	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:30.263931990 CEST	49733	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:30.264074087 CEST	49733	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:30.264089108 CEST	443	49733	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:30.297998905 CEST	49732	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:30.478504896 CEST	443	49732	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:30.478534937 CEST	443	49732	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:30.478583097 CEST	49732	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:30.478599072 CEST	443	49732	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:30.478634119 CEST	49732	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:30.479584932 CEST	49732	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:30.479605913 CEST	443	49732	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:30.974931955 CEST	443	49733	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:30.975405931 CEST	49733	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:30.975428104 CEST	443	49733	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:30.975733995 CEST	443	49733	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:30.976538897 CEST	49733	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:30.976597071 CEST	443	49733	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:30.976705074 CEST	49733	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:31.020507097 CEST	443	49733	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:31.447803974 CEST	443	49733	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:31.447824955 CEST	443	49733	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:31.447839022 CEST	443	49733	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:31.447977066 CEST	49733	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:31.447997093 CEST	443	49733	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:31.448118925 CEST	49733	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:31.449109077 CEST	443	49733	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:31.449125051 CEST	443	49733	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:31.449414015 CEST	49733	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:31.449423075 CEST	443	49733	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:31.500619888 CEST	49733	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:31.571008921 CEST	443	49733	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:31.571027994 CEST	443	49733	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:31.571206093 CEST	49733	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:31.571218014 CEST	443	49733	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:31.571266890 CEST	49733	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:31.572232008 CEST	443	49733	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:31.572247028 CEST	443	49733	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:31.572339058 CEST	49733	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:31.572339058 CEST	49733	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:31.572346926 CEST	443	49733	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:31.572659016 CEST	49733	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:31.573451996 CEST	443	49733	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:31.573467016 CEST	443	49733	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:31.573664904 CEST	49733	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:31.573678017 CEST	443	49733	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:31.573731899 CEST	49733	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:31.611754894 CEST	443	49733	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:31.611777067 CEST	443	49733	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:31.611968040 CEST	49733	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:31.611979008 CEST	443	49733	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:31.612034082 CEST	49733	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:31.694315910 CEST	443	49733	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:31.694345951 CEST	443	49733	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:31.694566011 CEST	49733	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:31.694577932 CEST	443	49733	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:31.694859982 CEST	49733	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:31.695322990 CEST	443	49733	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:31.695339918 CEST	443	49733	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:31.695431948 CEST	49733	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:31.695431948 CEST	49733	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:31.695439100 CEST	443	49733	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:31.695503950 CEST	49733	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:31.696182966 CEST	443	49733	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:31.696235895 CEST	443	49733	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:31.696269989 CEST	443	49733	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:31.696269989 CEST	49733	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:31.696296930 CEST	49733	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:31.696392059 CEST	49733	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:31.696794033 CEST	49733	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:31.696806908 CEST	443	49733	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:31.717705011 CEST	49736	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:31.717750072 CEST	443	49736	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:31.717813015 CEST	49736	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:31.721848011 CEST	49736	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:31.721869946 CEST	443	49736	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:32.459395885 CEST	443	49736	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:32.459806919 CEST	49736	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:32.459836006 CEST	443	49736	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:32.461263895 CEST	443	49736	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:32.461682081 CEST	49736	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:32.461803913 CEST	49736	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:32.461813927 CEST	443	49736	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:32.461890936 CEST	443	49736	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:32.514858007 CEST	49736	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:32.932337046 CEST	443	49736	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:32.932423115 CEST	443	49736	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:32.932446957 CEST	443	49736	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:32.932466984 CEST	443	49736	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:32.932501078 CEST	49736	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:32.932574987 CEST	443	49736	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:32.932665110 CEST	443	49736	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:32.932667971 CEST	49736	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:32.932702065 CEST	443	49736	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:32.932737112 CEST	49736	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:32.932760000 CEST	443	49736	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:32.932785034 CEST	49736	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:32.934123993 CEST	443	49736	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:32.934175014 CEST	443	49736	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:32.934195995 CEST	49736	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:32.934209108 CEST	443	49736	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:32.934250116 CEST	49736	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:32.983624935 CEST	49736	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:33.056715012 CEST	443	49736	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:33.056739092 CEST	443	49736	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:33.056807041 CEST	49736	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:33.056837082 CEST	443	49736	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:33.056868076 CEST	49736	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:33.056890011 CEST	49736	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:33.058140039 CEST	443	49736	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:33.058155060 CEST	443	49736	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:33.058231115 CEST	49736	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:33.058252096 CEST	443	49736	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:33.058279037 CEST	49736	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:33.058305979 CEST	49736	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:33.058680058 CEST	443	49736	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:33.058748960 CEST	443	49736	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:33.058763027 CEST	49736	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:33.058798075 CEST	49736	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:33.059025049 CEST	49736	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:33.059060097 CEST	443	49736	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:33.064762115 CEST	49737	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:33.064793110 CEST	443	49737	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:33.064846992 CEST	49737	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:33.065099955 CEST	49737	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:33.065109968 CEST	443	49737	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:33.789525986 CEST	443	49737	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:33.790280104 CEST	49737	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:33.790294886 CEST	443	49737	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:33.791476011 CEST	443	49737	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:33.794598103 CEST	49737	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:33.794795036 CEST	443	49737	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:33.795109034 CEST	49737	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:33.836543083 CEST	443	49737	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:34.253124952 CEST	443	49737	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:34.253149986 CEST	443	49737	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:34.253165007 CEST	443	49737	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:34.253293991 CEST	49737	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:34.253313065 CEST	443	49737	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:34.253441095 CEST	49737	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:34.255153894 CEST	443	49737	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:34.255175114 CEST	443	49737	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:34.255568027 CEST	49737	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:34.255577087 CEST	443	49737	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:34.295931101 CEST	49737	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:34.375988960 CEST	443	49737	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:34.376008987 CEST	443	49737	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:34.376063108 CEST	49737	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:34.376085043 CEST	443	49737	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:34.376122952 CEST	49737	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:34.377302885 CEST	443	49737	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:34.377316952 CEST	443	49737	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:34.377350092 CEST	49737	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:34.377363920 CEST	443	49737	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:34.377383947 CEST	49737	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:34.377405882 CEST	49737	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:34.377476931 CEST	443	49737	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:34.377523899 CEST	49737	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:34.377531052 CEST	443	49737	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:34.377557039 CEST	443	49737	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:34.377563000 CEST	49737	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:34.377600908 CEST	49737	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:34.378952026 CEST	49737	443	192.168.2.6	91.215.85.65
Jul 5, 2024 00:38:34.378973961 CEST	443	49737	91.215.85.65	192.168.2.6
Jul 5, 2024 00:38:37.032560110 CEST	443	49721	216.58.212.132	192.168.2.6
Jul 5, 2024 00:38:37.032627106 CEST	443	49721	216.58.212.132	192.168.2.6
Jul 5, 2024 00:38:37.032727957 CEST	49721	443	192.168.2.6	216.58.212.132
Jul 5, 2024 00:38:38.188735008 CEST	49721	443	192.168.2.6	216.58.212.132
Jul 5, 2024 00:38:38.188783884 CEST	443	49721	216.58.212.132	192.168.2.6
Jul 5, 2024 00:38:46.872127056 CEST	49742	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:46.872159004 CEST	443	49742	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:46.872234106 CEST	49742	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:46.872824907 CEST	49742	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:46.872839928 CEST	443	49742	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:47.809252024 CEST	443	49742	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:47.809340000 CEST	49742	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:47.814590931 CEST	49742	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:47.814599991 CEST	443	49742	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:47.814793110 CEST	443	49742	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:47.816095114 CEST	49742	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:47.816198111 CEST	49742	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:47.816204071 CEST	443	49742	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:47.816325903 CEST	49742	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:47.856540918 CEST	443	49742	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:47.999301910 CEST	443	49742	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:47.999403954 CEST	443	49742	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:47.999656916 CEST	49742	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:47.999897957 CEST	49742	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:47.999913931 CEST	443	49742	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:47.999923944 CEST	49742	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:48.395715952 CEST	49743	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:48.395755053 CEST	443	49743	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:48.396066904 CEST	49743	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:48.396403074 CEST	49743	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:48.396419048 CEST	443	49743	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:49.221379042 CEST	443	49743	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:49.221498013 CEST	49743	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:49.223113060 CEST	49743	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:49.223125935 CEST	443	49743	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:49.223337889 CEST	443	49743	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:49.225054026 CEST	49743	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:49.225164890 CEST	49743	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:49.225169897 CEST	443	49743	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:49.225281954 CEST	49743	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:49.272500992 CEST	443	49743	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:49.418481112 CEST	443	49743	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:49.418543100 CEST	443	49743	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:49.418925047 CEST	49743	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:49.418925047 CEST	49743	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:38:49.418951988 CEST	443	49743	40.113.110.67	192.168.2.6
Jul 5, 2024 00:38:49.418982983 CEST	49743	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:39:14.454194069 CEST	49745	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:39:14.454231024 CEST	443	49745	40.113.110.67	192.168.2.6
Jul 5, 2024 00:39:14.454305887 CEST	49745	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:39:14.454804897 CEST	49745	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:39:14.454818964 CEST	443	49745	40.113.110.67	192.168.2.6
Jul 5, 2024 00:39:15.602152109 CEST	443	49745	40.113.110.67	192.168.2.6
Jul 5, 2024 00:39:15.602235079 CEST	49745	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:39:15.604933023 CEST	49745	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:39:15.604945898 CEST	443	49745	40.113.110.67	192.168.2.6
Jul 5, 2024 00:39:15.605258942 CEST	443	49745	40.113.110.67	192.168.2.6
Jul 5, 2024 00:39:15.607064009 CEST	49745	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:39:15.607459068 CEST	49745	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:39:15.607465029 CEST	443	49745	40.113.110.67	192.168.2.6
Jul 5, 2024 00:39:15.607594013 CEST	49745	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:39:15.652499914 CEST	443	49745	40.113.110.67	192.168.2.6
Jul 5, 2024 00:39:15.860291004 CEST	443	49745	40.113.110.67	192.168.2.6
Jul 5, 2024 00:39:15.860553980 CEST	443	49745	40.113.110.67	192.168.2.6
Jul 5, 2024 00:39:15.860619068 CEST	49745	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:39:15.860724926 CEST	49745	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:39:15.860743046 CEST	443	49745	40.113.110.67	192.168.2.6
Jul 5, 2024 00:39:19.852792978 CEST	49746	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:39:19.852854967 CEST	443	49746	40.113.110.67	192.168.2.6
Jul 5, 2024 00:39:19.852929115 CEST	49746	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:39:19.853502989 CEST	49746	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:39:19.853519917 CEST	443	49746	40.113.110.67	192.168.2.6
Jul 5, 2024 00:39:20.665290117 CEST	443	49746	40.113.110.67	192.168.2.6
Jul 5, 2024 00:39:20.665364027 CEST	49746	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:39:20.667200089 CEST	49746	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:39:20.667212009 CEST	443	49746	40.113.110.67	192.168.2.6
Jul 5, 2024 00:39:20.667438030 CEST	443	49746	40.113.110.67	192.168.2.6
Jul 5, 2024 00:39:20.669138908 CEST	49746	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:39:20.669209957 CEST	49746	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:39:20.669214964 CEST	443	49746	40.113.110.67	192.168.2.6
Jul 5, 2024 00:39:20.669342041 CEST	49746	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:39:20.716491938 CEST	443	49746	40.113.110.67	192.168.2.6
Jul 5, 2024 00:39:21.014631033 CEST	443	49746	40.113.110.67	192.168.2.6
Jul 5, 2024 00:39:21.014707088 CEST	443	49746	40.113.110.67	192.168.2.6
Jul 5, 2024 00:39:21.014779091 CEST	49746	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:39:21.014936924 CEST	49746	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:39:21.014955044 CEST	443	49746	40.113.110.67	192.168.2.6
Jul 5, 2024 00:39:23.433321953 CEST	63241	53	192.168.2.6	1.1.1.1
Jul 5, 2024 00:39:23.438283920 CEST	53	63241	1.1.1.1	192.168.2.6
Jul 5, 2024 00:39:23.438383102 CEST	63241	53	192.168.2.6	1.1.1.1
Jul 5, 2024 00:39:23.440398932 CEST	63241	53	192.168.2.6	1.1.1.1
Jul 5, 2024 00:39:23.445703030 CEST	53	63241	1.1.1.1	192.168.2.6
Jul 5, 2024 00:39:23.916878939 CEST	53	63241	1.1.1.1	192.168.2.6
Jul 5, 2024 00:39:23.918982029 CEST	63241	53	192.168.2.6	1.1.1.1
Jul 5, 2024 00:39:23.924531937 CEST	53	63241	1.1.1.1	192.168.2.6
Jul 5, 2024 00:39:23.924602985 CEST	63241	53	192.168.2.6	1.1.1.1
Jul 5, 2024 00:39:26.131449938 CEST	63243	443	192.168.2.6	216.58.212.132
Jul 5, 2024 00:39:26.131515026 CEST	443	63243	216.58.212.132	192.168.2.6
Jul 5, 2024 00:39:26.131649971 CEST	63243	443	192.168.2.6	216.58.212.132
Jul 5, 2024 00:39:26.131916046 CEST	63243	443	192.168.2.6	216.58.212.132
Jul 5, 2024 00:39:26.131942034 CEST	443	63243	216.58.212.132	192.168.2.6
Jul 5, 2024 00:39:26.796277046 CEST	443	63243	216.58.212.132	192.168.2.6
Jul 5, 2024 00:39:26.796659946 CEST	63243	443	192.168.2.6	216.58.212.132
Jul 5, 2024 00:39:26.796696901 CEST	443	63243	216.58.212.132	192.168.2.6
Jul 5, 2024 00:39:26.797027111 CEST	443	63243	216.58.212.132	192.168.2.6
Jul 5, 2024 00:39:26.798054934 CEST	63243	443	192.168.2.6	216.58.212.132
Jul 5, 2024 00:39:26.798134089 CEST	443	63243	216.58.212.132	192.168.2.6
Jul 5, 2024 00:39:26.842298985 CEST	63243	443	192.168.2.6	216.58.212.132
Jul 5, 2024 00:39:36.725496054 CEST	443	63243	216.58.212.132	192.168.2.6
Jul 5, 2024 00:39:36.725567102 CEST	443	63243	216.58.212.132	192.168.2.6
Jul 5, 2024 00:39:36.725640059 CEST	63243	443	192.168.2.6	216.58.212.132
Jul 5, 2024 00:39:38.193988085 CEST	63243	443	192.168.2.6	216.58.212.132
Jul 5, 2024 00:39:38.194019079 CEST	443	63243	216.58.212.132	192.168.2.6
Jul 5, 2024 00:39:48.095782042 CEST	63246	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:39:48.095824957 CEST	443	63246	40.113.110.67	192.168.2.6
Jul 5, 2024 00:39:48.096014023 CEST	63246	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:39:48.096704960 CEST	63246	443	192.168.2.6	40.113.110.67
Jul 5, 2024 00:39:48.096723080 CEST	443	63246	40.113.110.67	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 5, 2024 00:38:21.938571930 CEST	53	57217	1.1.1.1	192.168.2.6
Jul 5, 2024 00:38:22.001904964 CEST	53	50938	1.1.1.1	192.168.2.6
Jul 5, 2024 00:38:22.987648964 CEST	57279	53	192.168.2.6	1.1.1.1
Jul 5, 2024 00:38:22.987977982 CEST	55936	53	192.168.2.6	1.1.1.1
Jul 5, 2024 00:38:23.025969982 CEST	53	57279	1.1.1.1	192.168.2.6
Jul 5, 2024 00:38:23.047142982 CEST	53	54245	1.1.1.1	192.168.2.6
Jul 5, 2024 00:38:23.189919949 CEST	53	55936	1.1.1.1	192.168.2.6
Jul 5, 2024 00:38:26.044609070 CEST	61569	53	192.168.2.6	1.1.1.1
Jul 5, 2024 00:38:26.044902086 CEST	51558	53	192.168.2.6	1.1.1.1
Jul 5, 2024 00:38:26.462440968 CEST	53	61569	1.1.1.1	192.168.2.6
Jul 5, 2024 00:38:26.462455988 CEST	53	51558	1.1.1.1	192.168.2.6
Jul 5, 2024 00:38:29.237000942 CEST	61089	53	192.168.2.6	1.1.1.1
Jul 5, 2024 00:38:29.237000942 CEST	60523	53	192.168.2.6	1.1.1.1
Jul 5, 2024 00:38:29.275567055 CEST	53	60523	1.1.1.1	192.168.2.6
Jul 5, 2024 00:38:29.286560059 CEST	53	61089	1.1.1.1	192.168.2.6
Jul 5, 2024 00:38:40.366785049 CEST	53	50235	1.1.1.1	192.168.2.6
Jul 5, 2024 00:38:59.080672026 CEST	53	62949	1.1.1.1	192.168.2.6
Jul 5, 2024 00:39:21.430879116 CEST	53	65492	1.1.1.1	192.168.2.6
Jul 5, 2024 00:39:21.466419935 CEST	53	63980	1.1.1.1	192.168.2.6
Jul 5, 2024 00:39:23.432840109 CEST	53	52978	1.1.1.1	192.168.2.6

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Jul 5, 2024 00:38:23.190001011 CEST	192.168.2.6	1.1.1.1	c22b	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jul 5, 2024 00:38:22.987648964 CEST	192.168.2.6	1.1.1.1	0xfb72	Standard query (0)	pradeeprunner.com	A (IP address)	IN (0x0001)	false
Jul 5, 2024 00:38:22.987977982 CEST	192.168.2.6	1.1.1.1	0x51e9	Standard query (0)	pradeeprunner.com	65	IN (0x0001)	false
Jul 5, 2024 00:38:26.044609070 CEST	192.168.2.6	1.1.1.1	0x143	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jul 5, 2024 00:38:26.044902086 CEST	192.168.2.6	1.1.1.1	0x9a62	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jul 5, 2024 00:38:29.237000942 CEST	192.168.2.6	1.1.1.1	0x9978	Standard query (0)	pradeeprunner.com	A (IP address)	IN (0x0001)	false
Jul 5, 2024 00:38:29.237000942 CEST	192.168.2.6	1.1.1.1	0x4070	Standard query (0)	pradeeprunner.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jul 5, 2024 00:38:23.025969982 CEST	1.1.1.1	192.168.2.6	0xfb72	No error (0)	pradeeprunner.com		91.215.85.65	A (IP address)	IN (0x0001)	false
Jul 5, 2024 00:38:26.462440968 CEST	1.1.1.1	192.168.2.6	0x143	No error (0)	www.google.com		216.58.212.132	A (IP address)	IN (0x0001)	false
Jul 5, 2024 00:38:26.462455988 CEST	1.1.1.1	192.168.2.6	0x9a62	No error (0)	www.google.com			65	IN (0x0001)	false
Jul 5, 2024 00:38:29.286560059 CEST	1.1.1.1	192.168.2.6	0x9978	No error (0)	pradeeprunner.com		91.215.85.65	A (IP address)	IN (0x0001)	false
Jul 5, 2024 00:38:37.304656982 CEST	1.1.1.1	192.168.2.6	0x36f	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 5, 2024 00:38:37.304656982 CEST	1.1.1.1	192.168.2.6	0x36f	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Jul 5, 2024 00:39:36.556677103 CEST	1.1.1.1	192.168.2.6	0x9eae	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Jul 5, 2024 00:39:36.556677103 CEST	1.1.1.1	192.168.2.6	0x9eae	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

pradeeprunner.com

https:

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.6	49708	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2024-07-04 22:38:12 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 73 51 59 4a 4f 77 66 36 7a 30 61 55 45 62 71 69 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 31 35 31 37 35 33 33 38 66 63 35 64 30 66 61 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: sQYJOwf6z0aUEbqi.1Context: 515175338fc5d0fa
2024-07-04 22:38:12 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-07-04 22:38:12 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 73 51 59 4a 4f 77 66 36 7a 30 61 55 45 62 71 69 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 31 35 31 37 35 33 33 38 66 63 35 64 30 66 61 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 54 6b 55 56 64 72 73 65 4b 34 67 32 65 6c 43 73 4b 72 64 78 70 31 56 58 58 70 4a 64 72 56 4a 33 75 74 42 49 37 37 43 32 78 4a 63 6d 79 5a 6c 46 37 42 45 4b 4d 38 32 79 35 78 33 63 76 45 78 55 48 33 42 76 66 70 37 72 6b 54 44 36 4e 37 7a 36 4e 4a 49 2f 2f 6a 55 57 7a 6c 46 63 45 65 35 6c 66 65 4f 67 6b 6c 38 4c 2f 50 73 44 51 Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: sQYJOwf6z0aUEbqi.2Context: 515175338fc5d0fa<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAATkUVdrseK4g2elCsKrdxp1VXXpJdrVJ3utBI77C2xJcmyZlF7BEKM82y5x3cvExUH3Bvfp7rkTD6N7z6NJI//jUWzlFcEe5lfeOgkl8L/PsDQ
2024-07-04 22:38:12 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 73 51 59 4a 4f 77 66 36 7a 30 61 55 45 62 71 69 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 31 35 31 37 35 33 33 38 66 63 35 64 30 66 61 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: sQYJOwf6z0aUEbqi.3Context: 515175338fc5d0fa
2024-07-04 22:38:12 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-07-04 22:38:12 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 55 34 45 75 64 33 4c 42 7a 30 79 65 76 4d 4b 64 6c 36 7a 53 4c 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: U4Eud3LBz0yevMKdl6zSLQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.6	49709	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-07-04 22:38:16 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 74 73 59 63 52 56 4f 2b 65 55 43 51 50 4d 2b 77 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 36 30 38 64 31 31 31 39 61 37 66 37 33 36 66 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: tsYcRVO+eUCQPM+w.1Context: d608d1119a7f736f
2024-07-04 22:38:16 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-07-04 22:38:16 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 74 73 59 63 52 56 4f 2b 65 55 43 51 50 4d 2b 77 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 36 30 38 64 31 31 31 39 61 37 66 37 33 36 66 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 54 6b 55 56 64 72 73 65 4b 34 67 32 65 6c 43 73 4b 72 64 78 70 31 56 58 58 70 4a 64 72 56 4a 33 75 74 42 49 37 37 43 32 78 4a 63 6d 79 5a 6c 46 37 42 45 4b 4d 38 32 79 35 78 33 63 76 45 78 55 48 33 42 76 66 70 37 72 6b 54 44 36 4e 37 7a 36 4e 4a 49 2f 2f 6a 55 57 7a 6c 46 63 45 65 35 6c 66 65 4f 67 6b 6c 38 4c 2f 50 73 44 51 Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: tsYcRVO+eUCQPM+w.2Context: d608d1119a7f736f<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAATkUVdrseK4g2elCsKrdxp1VXXpJdrVJ3utBI77C2xJcmyZlF7BEKM82y5x3cvExUH3Bvfp7rkTD6N7z6NJI//jUWzlFcEe5lfeOgkl8L/PsDQ
2024-07-04 22:38:16 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 74 73 59 63 52 56 4f 2b 65 55 43 51 50 4d 2b 77 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 36 30 38 64 31 31 31 39 61 37 66 37 33 36 66 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: tsYcRVO+eUCQPM+w.3Context: d608d1119a7f736f
2024-07-04 22:38:16 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-07-04 22:38:16 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 4a 35 47 76 56 34 73 7a 4b 6b 43 78 57 65 45 67 6a 53 5a 68 6c 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: J5GvV4szKkCxWeEgjSZhlQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
2	192.168.2.6	49710	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-07-04 22:38:20 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 64 34 39 69 4e 30 54 71 48 45 69 6c 49 6d 38 36 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 34 33 32 34 61 39 66 63 63 34 35 39 34 30 33 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: d49iN0TqHEilIm86.1Context: 14324a9fcc459403
2024-07-04 22:38:20 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-07-04 22:38:20 UTC	1076	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 35 33 0d 0a 4d 53 2d 43 56 3a 20 64 34 39 69 4e 30 54 71 48 45 69 6c 49 6d 38 36 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 34 33 32 34 61 39 66 63 63 34 35 39 34 30 33 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 58 7a 55 45 6b 33 4e 66 59 68 39 44 37 4a 45 5a 56 62 6c 51 70 7a 62 55 68 49 35 31 6e 4c 71 31 6c 79 78 73 49 65 70 6c 50 58 6f 72 4f 79 52 49 56 48 6e 75 53 2b 51 69 6e 32 63 6a 51 38 47 78 6c 52 66 65 2f 66 72 53 38 6e 4e 35 33 45 6b 50 56 49 67 5a 54 76 4c 63 7a 43 74 4b 2f 74 4b 78 6b 4e 6c 45 66 39 33 48 61 4b 43 39 4b Data Ascii: ATH 2 CON\DEVICE 1053MS-CV: d49iN0TqHEilIm86.2Context: 14324a9fcc459403<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAXzUEk3NfYh9D7JEZVblQpzbUhI51nLq1lyxsIeplPXorOyRIVHnuS+Qin2cjQ8GxlRfe/frS8nN53EkPVIgZTvLczCtK/tKxkNlEf93HaKC9K
2024-07-04 22:38:20 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 64 34 39 69 4e 30 54 71 48 45 69 6c 49 6d 38 36 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 34 33 32 34 61 39 66 63 63 34 35 39 34 30 33 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: d49iN0TqHEilIm86.3Context: 14324a9fcc459403<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-07-04 22:38:20 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-07-04 22:38:20 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 6d 44 62 31 7a 33 44 70 75 55 2b 6e 45 6a 6b 42 4a 57 57 6a 56 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: mDb1z3DpuU+nEjkBJWWjVg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49716	91.215.85.65	443	6212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-04 22:38:23 UTC	669	OUT	GET /auth.html HTTP/1.1 Host: pradeeprunner.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-04 22:38:24 UTC	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Thu, 04 Jul 2024 22:38:23 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Strict-Transport-Security: max-age=31536000;
2024-07-04 22:38:24 UTC	16165	IN	Data Raw: 31 65 65 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 74 68 65 6d 65 3d 22 64 61 72 6b 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 4d 65 74 61 4d 61 73 6b 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 Data Ascii: 1eec<!DOCTYPE html><html data-theme="dark"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1 user-scalable=no"> <title>MetaMask</title> <link rel="s
2024-07-04 22:38:24 UTC	16384	IN	Data Raw: 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 33 43 25 37 30 25 36 31 25 37 34 25 36 38 25 32 30 25 36 34 25 33 44 25 32 32 25 36 44 25 33 35 25 33 37 25 32 30 25 33 33 25 32 45 25 33 33 25 32 44 25 33 35 25 32 45 25 33 33 25 32 30 25 33 32 25 33 39 25 32 45 25 33 33 25 32 30 25 33 36 25 32 45 25 33 37 25 32 30 25 33 33 25 33 34 25 32 45 25 33 36 25 32 30 25 33 31 25 32 45 25 33 35 25 32 44 25 33 34 25 33 35 25 32 45 25 33 36 25 37 41 25 32 32 25 33 45 25 33 43 25 32 46 25 37 30 25 36 31 25 37 34 25 36 38 25 33 45 25 30 41 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 33 43 25 37 30 25 Data Ascii: 20%20%20%20%20%20%20%20%20%3C%70%61%74%68%20%64%3D%22%6D%35%37%20%33%2E%33%2D%35%2E%33%20%32%39%2E%33%20%36%2E%37%20%33%34%2E%36%20%31%2E%35%2D%34%35%2E%36%7A%22%3E%3C%2F%70%61%74%68%3E%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%3C%70%
2024-07-04 22:38:24 UTC	16384	IN	Data Raw: 33 30 25 32 32 25 32 30 25 36 31 25 37 32 25 36 39 25 36 31 25 32 44 25 36 43 25 36 31 25 36 32 25 36 35 25 36 43 25 33 44 25 32 32 25 37 33 25 36 43 25 36 39 25 36 34 25 36 35 25 32 30 25 36 39 25 37 34 25 36 35 25 36 44 25 32 30 25 33 32 25 32 32 25 33 45 25 33 43 25 32 46 25 36 43 25 36 39 25 33 45 25 30 41 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 33 43 25 36 43 25 36 39 25 32 30 25 36 33 25 36 43 25 36 31 25 37 33 25 37 33 25 33 44 25 32 32 25 36 34 25 36 46 25 37 34 25 32 32 25 32 30 25 37 36 25 36 31 25 36 43 25 37 35 25 36 35 25 33 44 25 32 32 25 33 32 25 32 32 25 32 30 25 37 32 25 36 46 25 36 43 25 36 35 25 Data Ascii: 30%22%20%61%72%69%61%2D%6C%61%62%65%6C%3D%22%73%6C%69%64%65%20%69%74%65%6D%20%32%22%3E%3C%2F%6C%69%3E%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%3C%6C%69%20%63%6C%61%73%73%3D%22%64%6F%74%22%20%76%61%6C%75%65%3D%22%32%22%20%72%6F%6C%65%
2024-07-04 22:38:24 UTC	16384	IN	Data Raw: 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 33 43 25 37 30 25 36 46 25 36 43 25 37 39 25 36 37 25 36 46 25 36 45 25 32 30 25 36 36 25 36 39 25 36 43 25 36 43 25 33 44 25 32 32 25 37 32 25 36 37 25 36 32 25 32 38 25 33 31 25 33 31 25 33 39 25 32 43 25 33 35 25 33 37 25 32 43 25 33 30 25 32 39 25 32 32 25 32 30 25 37 33 25 37 34 25 37 32 25 36 46 25 36 42 25 36 35 25 33 44 25 32 32 25 37 32 25 36 37 25 36 32 25 32 38 25 33 31 25 33 31 25 33 39 25 32 43 25 33 35 25 33 37 25 32 43 25 33 30 25 32 39 25 32 32 25 32 30 25 37 30 25 36 46 25 36 39 25 36 45 25 37 34 25 37 33 25 33 44 25 32 32 25 33 31 25 33 36 25 33 39 25 Data Ascii: 20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%3C%70%6F%6C%79%67%6F%6E%20%66%69%6C%6C%3D%22%72%67%62%28%31%31%39%2C%35%37%2C%30%29%22%20%73%74%72%6F%6B%65%3D%22%72%67%62%28%31%31%39%2C%35%37%2C%30%29%22%20%70%6F%69%6E%74%73%3D%22%31%36%39%
2024-07-04 22:38:24 UTC	16384	IN	Data Raw: 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 33 43 25 37 30 25 36 46 25 36 43 25 37 39 25 36 37 25 36 46 25 36 45 25 32 30 25 36 36 25 36 39 25 36 43 25 36 43 25 33 44 25 32 32 25 37 32 25 36 37 25 36 32 25 32 38 25 33 31 25 33 31 25 33 39 25 32 43 25 33 35 25 33 37 25 32 43 25 33 30 25 32 39 25 32 32 25 32 30 25 37 33 25 37 34 25 37 32 25 36 46 25 36 42 25 36 35 25 33 44 25 32 32 25 37 32 25 36 37 25 36 32 25 32 38 25 33 31 25 33 31 25 33 39 25 32 43 25 33 35 25 33 37 25 32 43 25 33 30 25 32 39 25 32 32 25 32 30 25 37 30 25 36 46 25 36 39 25 36 45 25 37 34 25 37 33 25 33 44 25 32 32 25 33 36 25 33 38 25 32 45 25 33 33 25 33 30 25 33 37 25 33 33 25 33 38 25 33 31 25 33 31 25 33 32 25 33 33 25 Data Ascii: 20%20%20%20%20%20%20%20%20%20%20%20%3C%70%6F%6C%79%67%6F%6E%20%66%69%6C%6C%3D%22%72%67%62%28%31%31%39%2C%35%37%2C%30%29%22%20%73%74%72%6F%6B%65%3D%22%72%67%62%28%31%31%39%2C%35%37%2C%30%29%22%20%70%6F%69%6E%74%73%3D%22%36%38%2E%33%30%37%33%38%31%31%32%33%
2024-07-04 22:38:24 UTC	16384	IN	Data Raw: 30 41 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 33 43 25 37 30 25 36 46 25 36 43 25 37 39 25 36 37 25 36 46 25 36 45 25 32 30 25 36 36 25 36 39 25 36 43 25 36 43 25 33 44 25 32 32 25 37 32 25 36 37 25 36 32 25 32 38 25 33 32 25 33 30 25 33 35 25 32 43 25 33 39 25 33 38 25 32 43 25 33 30 25 32 39 25 32 32 25 32 30 25 37 33 25 37 34 25 37 32 25 36 46 25 36 42 25 36 35 25 33 44 25 32 32 25 37 32 25 36 37 25 36 32 25 32 38 25 33 32 25 33 30 25 33 35 25 32 43 25 33 39 25 33 38 25 32 43 25 33 30 25 32 39 25 32 32 25 Data Ascii: 0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%3C%70%6F%6C%79%67%6F%6E%20%66%69%6C%6C%3D%22%72%67%62%28%32%30%35%2C%39%38%2C%30%29%22%20%73%74%72%6F%6B%65%3D%22%72%67%62%28%32%30%35%2C%39%38%2C%30%29%22%
2024-07-04 22:38:24 UTC	10278	IN	Data Raw: 45 25 33 30 25 33 37 25 33 39 25 33 36 25 33 36 25 33 32 25 33 33 25 33 36 25 33 37 25 33 37 25 33 30 25 33 31 25 33 35 25 33 33 25 32 43 25 33 31 25 33 35 25 33 35 25 32 45 25 33 30 25 33 32 25 33 34 25 33 36 25 33 38 25 33 38 25 33 36 25 33 39 25 33 30 25 33 39 25 33 30 25 33 30 25 33 38 25 32 32 25 33 45 25 33 43 25 32 46 25 37 30 25 36 46 25 36 43 25 37 39 25 36 37 25 36 46 25 36 45 25 33 45 25 30 41 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 32 30 25 33 43 25 37 30 25 36 46 25 36 43 25 37 39 25 36 37 25 36 46 25 36 Data Ascii: E%30%37%39%36%36%32%33%36%37%37%30%31%35%33%2C%31%35%35%2E%30%32%34%36%38%38%36%39%30%39%30%30%38%22%3E%3C%2F%70%6F%6C%79%67%6F%6E%3E%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%3C%70%6F%6C%79%67%6F%6

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49717	91.215.85.65	443	6212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-04 22:38:24 UTC	568	OUT	GET /files_meta/first_style.css HTTP/1.1 Host: pradeeprunner.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://pradeeprunner.com/auth.html Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-04 22:38:24 UTC	285	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Thu, 04 Jul 2024 22:38:24 GMT Content-Type: text/css Content-Length: 1372282 Last-Modified: Sun, 30 Jun 2024 17:52:51 GMT Connection: close ETag: "66819b73-14f07a" Strict-Transport-Security: max-age=31536000; Accept-Ranges: bytes
2024-07-04 22:38:24 UTC	16099	IN	Data Raw: 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 0d 0a 2f 2a 0d 0a 20 20 4d 65 74 61 4d 61 73 6b 20 64 65 73 69 67 6e 20 73 79 73 74 65 6d 20 69 6d 70 6f 72 74 73 0d 0a 20 20 54 68 65 20 76 61 72 69 61 62 6c 65 73 20 64 65 63 6c 61 72 65 64 20 68 65 72 65 20 73 68 6f 75 6c 64 20 74 61 6b 65 20 70 72 65 63 65 64 65 6e 63 65 2e 0d 0a 20 20 54 68 65 79 20 61 72 65 20 69 6e 63 6c 75 64 65 64 20 66 69 72 73 74 20 62 65 63 61 75 73 65 20 74 68 65 79 20 77 69 6c 6c 20 62 65 20 75 73 65 64 20 74 6f 20 72 65 70 6c 61 63 65 20 62 61 64 20 76 61 72 69 61 62 6c 65 20 6e 61 6d 65 73 20 69 6e 20 69 74 63 73 73 0d 0a 20 20 70 72 69 6f 72 20 74 6f 20 69 74 20 62 65 69 6e 67 20 66 75 6c 6c 79 20 72 65 6d 6f 76 65 64 20 66 72 6f 6d 20 74 68 65 20 73 79 73 74 65 6d 2e 0d Data Ascii: @charset "UTF-8";/* MetaMask design system imports The variables declared here should take precedence. They are included first because they will be used to replace bad variable names in itcss prior to it being fully removed from the system.
2024-07-04 22:38:24 UTC	16384	IN	Data Raw: 63 6f 6e 74 65 6e 74 3a 20 22 ef 87 b5 22 3b 0d 0a 7d 0d 0a 0d 0a 2e 66 61 2d 63 63 2d 76 69 73 61 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 ef 87 b0 22 3b 0d 0a 7d 0d 0a 0d 0a 2e 66 61 2d 63 65 6e 74 65 72 63 6f 64 65 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 ef 8e 80 22 3b 0d 0a 7d 0d 0a 0d 0a 2e 66 61 2d 63 65 6e 74 6f 73 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 ef 9e 89 22 3b 0d 0a 7d 0d 0a 0d 0a 2e 66 61 2d 63 65 72 74 69 66 69 63 61 74 65 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 ef 82 a3 22 3b 0d 0a 7d 0d 0a 0d 0a 2e 66 61 2d 63 68 61 69 72 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 ef 9b 80 22 3b 0d 0a 7d 0d 0a 0d Data Ascii: content: "";}.fa-cc-visa:before { content: "";}.fa-centercode:before { content: "";}.fa-centos:before { content: "";}.fa-certificate:before { content: "";}.fa-chair:before { content: "";}
2024-07-04 22:38:24 UTC	16384	IN	Data Raw: 20 63 6f 6e 74 65 6e 74 3a 20 22 ef 8a 96 22 3b 0d 0a 7d 0d 0a 0d 0a 2e 66 61 2d 67 69 74 74 65 72 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 ef 90 a6 22 3b 0d 0a 7d 0d 0a 0d 0a 2e 66 61 2d 67 6c 61 73 73 2d 63 68 65 65 72 73 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 ef 9e 9f 22 3b 0d 0a 7d 0d 0a 0d 0a 2e 66 61 2d 67 6c 61 73 73 2d 6d 61 72 74 69 6e 69 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 ef 80 80 22 3b 0d 0a 7d 0d 0a 0d 0a 2e 66 61 2d 67 6c 61 73 73 2d 6d 61 72 74 69 6e 69 2d 61 6c 74 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 ef 95 bb 22 3b 0d 0a 7d 0d 0a 0d 0a 2e 66 61 2d 67 6c 61 73 73 2d 77 68 69 73 6b 65 79 3a 62 65 66 6f 72 65 20 7b 0d 0a Data Ascii: content: "";}.fa-gitter:before { content: "";}.fa-glass-cheers:before { content: "";}.fa-glass-martini:before { content: "";}.fa-glass-martini-alt:before { content: "";}.fa-glass-whiskey:before {
2024-07-04 22:38:24 UTC	16384	IN	Data Raw: 70 61 67 65 34 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 ef 8f 97 22 3b 0d 0a 7d 0d 0a 0d 0a 2e 66 61 2d 70 61 67 65 6c 69 6e 65 73 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 ef 86 8c 22 3b 0d 0a 7d 0d 0a 0d 0a 2e 66 61 2d 70 61 67 65 72 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 ef a0 95 22 3b 0d 0a 7d 0d 0a 0d 0a 2e 66 61 2d 70 61 69 6e 74 2d 62 72 75 73 68 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 ef 87 bc 22 3b 0d 0a 7d 0d 0a 0d 0a 2e 66 61 2d 70 61 69 6e 74 2d 72 6f 6c 6c 65 72 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 ef 96 aa 22 3b 0d 0a 7d 0d 0a 0d 0a 2e 66 61 2d 70 61 6c 65 74 74 65 3a 62 65 66 6f 72 65 20 7b 0d 0a Data Ascii: page4:before { content: "";}.fa-pagelines:before { content: "";}.fa-pager:before { content: "";}.fa-paint-brush:before { content: "";}.fa-paint-roller:before { content: "";}.fa-palette:before {
2024-07-04 22:38:24 UTC	16384	IN	Data Raw: 98 ae 22 3b 0d 0a 7d 0d 0a 0d 0a 2e 66 61 2d 74 65 65 74 68 2d 6f 70 65 6e 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 ef 98 af 22 3b 0d 0a 7d 0d 0a 0d 0a 2e 66 61 2d 74 65 6c 65 67 72 61 6d 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 ef 8b 86 22 3b 0d 0a 7d 0d 0a 0d 0a 2e 66 61 2d 74 65 6c 65 67 72 61 6d 2d 70 6c 61 6e 65 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 ef 8f be 22 3b 0d 0a 7d 0d 0a 0d 0a 2e 66 61 2d 74 65 6d 70 65 72 61 74 75 72 65 2d 68 69 67 68 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 ef 9d a9 22 3b 0d 0a 7d 0d 0a 0d 0a 2e 66 61 2d 74 65 6d 70 65 72 61 74 75 72 65 2d 6c 6f 77 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 63 6f 6e 74 65 6e 74 3a Data Ascii: ";}.fa-teeth-open:before { content: "";}.fa-telegram:before { content: "";}.fa-telegram-plane:before { content: "";}.fa-temperature-high:before { content: "";}.fa-temperature-low:before { content:
2024-07-04 22:38:24 UTC	16384	IN	Data Raw: 3a 2d 6d 73 2d 69 6e 70 75 74 2d 70 6c 61 63 65 68 6f 6c 64 65 72 20 7b 0d 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 31 30 30 3b 0d 0a 20 20 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 63 6f 6c 6f 72 2d 74 65 78 74 2d 6d 75 74 65 64 29 3b 0d 0a 7d 0d 0a 69 6e 70 75 74 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 3a 2d 6d 6f 7a 2d 70 6c 61 63 65 68 6f 6c 64 65 72 20 7b 0d 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 31 30 30 3b 0d 0a 20 20 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 63 6f 6c 6f 72 2d 74 65 78 74 2d 6d 75 74 65 64 29 3b 0d 0a 7d 0d 0a 69 6e 70 75 74 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 2d 2d 65 72 72 6f 72 20 7b 0d 0a 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 76 61 72 28 2d 2d 63 6f 6c 6f 72 2d 65 72 72 6f 72 2d 64 65 66 61 75 Data Ascii: :-ms-input-placeholder { font-weight: 100; color: var(--color-text-muted);}input.form-control:-moz-placeholder { font-weight: 100; color: var(--color-text-muted);}input.form-control--error { border: 1px solid var(--color-error-defau
2024-07-04 22:38:24 UTC	16384	IN	Data Raw: 62 65 66 6f 72 65 20 7b 0d 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 ef 89 a8 22 3b 0d 0a 7d 0d 0a 0d 0a 2e 66 61 2d 63 68 72 6f 6d 65 63 61 73 74 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 ef a0 b8 22 3b 0d 0a 7d 0d 0a 0d 0a 2e 66 61 2d 63 68 75 72 63 68 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 ef 94 9d 22 3b 0d 0a 7d 0d 0a 0d 0a 2e 66 61 2d 63 69 72 63 6c 65 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 ef 84 91 22 3b 0d 0a 7d 0d 0a 0d 0a 2e 66 61 2d 63 69 72 63 6c 65 2d 6e 6f 74 63 68 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 ef 87 8e 22 3b 0d 0a 7d 0d 0a 0d 0a 2e 66 61 2d 63 69 74 79 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 Data Ascii: before { content: "";}.fa-chromecast:before { content: "";}.fa-church:before { content: "";}.fa-circle:before { content: "";}.fa-circle-notch:before { content: "";}.fa-city:before { content: "
2024-07-04 22:38:24 UTC	16384	IN	Data Raw: 96 83 22 3b 0d 0a 7d 0d 0a 0d 0a 2e 66 61 2d 67 72 69 6e 2d 68 65 61 72 74 73 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 ef 96 84 22 3b 0d 0a 7d 0d 0a 0d 0a 2e 66 61 2d 67 72 69 6e 2d 73 71 75 69 6e 74 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 ef 96 85 22 3b 0d 0a 7d 0d 0a 0d 0a 2e 66 61 2d 67 72 69 6e 2d 73 71 75 69 6e 74 2d 74 65 61 72 73 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 ef 96 86 22 3b 0d 0a 7d 0d 0a 0d 0a 2e 66 61 2d 67 72 69 6e 2d 73 74 61 72 73 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 ef 96 87 22 3b 0d 0a 7d 0d 0a 0d 0a 2e 66 61 2d 67 72 69 6e 2d 74 65 61 72 73 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 ef 96 Data Ascii: ";}.fa-grin-hearts:before { content: "";}.fa-grin-squint:before { content: "";}.fa-grin-squint-tears:before { content: "";}.fa-grin-stars:before { content: "";}.fa-grin-tears:before { content: "
2024-07-04 22:38:24 UTC	16384	IN	Data Raw: 63 6f 6e 74 65 6e 74 3a 20 22 ef 9d 96 22 3b 0d 0a 7d 0d 0a 0d 0a 2e 66 61 2d 70 68 61 62 72 69 63 61 74 6f 72 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 ef 8f 9b 22 3b 0d 0a 7d 0d 0a 0d 0a 2e 66 61 2d 70 68 6f 65 6e 69 78 2d 66 72 61 6d 65 77 6f 72 6b 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 ef 8f 9c 22 3b 0d 0a 7d 0d 0a 0d 0a 2e 66 61 2d 70 68 6f 65 6e 69 78 2d 73 71 75 61 64 72 6f 6e 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 ef 94 91 22 3b 0d 0a 7d 0d 0a 0d 0a 2e 66 61 2d 70 68 6f 6e 65 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 ef 82 95 22 3b 0d 0a 7d 0d 0a 0d 0a 2e 66 61 2d 70 68 6f 6e 65 2d 61 6c 74 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 63 6f Data Ascii: content: "";}.fa-phabricator:before { content: "";}.fa-phoenix-framework:before { content: "";}.fa-phoenix-squadron:before { content: "";}.fa-phone:before { content: "";}.fa-phone-alt:before { co
2024-07-04 22:38:24 UTC	16384	IN	Data Raw: 74 65 6e 74 3a 20 22 ef 88 85 22 3b 0d 0a 7d 0d 0a 0d 0a 2e 66 61 2d 74 6f 69 6c 65 74 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 ef 9f 98 22 3b 0d 0a 7d 0d 0a 0d 0a 2e 66 61 2d 74 6f 69 6c 65 74 2d 70 61 70 65 72 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 ef 9c 9e 22 3b 0d 0a 7d 0d 0a 0d 0a 2e 66 61 2d 74 6f 69 6c 65 74 2d 70 61 70 65 72 2d 73 6c 61 73 68 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 ef a5 b2 22 3b 0d 0a 7d 0d 0a 0d 0a 2e 66 61 2d 74 6f 6f 6c 62 6f 78 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 ef 95 92 22 3b 0d 0a 7d 0d 0a 0d 0a 2e 66 61 2d 74 6f 6f 6c 73 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 ef 9f 99 22 3b Data Ascii: tent: "";}.fa-toilet:before { content: "";}.fa-toilet-paper:before { content: "";}.fa-toilet-paper-slash:before { content: "";}.fa-toolbox:before { content: "";}.fa-tools:before { content: "";

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.6	49720	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-07-04 22:38:27 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 57 56 74 38 6d 35 30 4b 62 30 65 4c 55 32 37 52 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 33 64 34 66 38 65 32 33 30 66 31 37 62 65 31 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: WVt8m50Kb0eLU27R.1Context: a3d4f8e230f17be1
2024-07-04 22:38:27 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-07-04 22:38:27 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 57 56 74 38 6d 35 30 4b 62 30 65 4c 55 32 37 52 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 33 64 34 66 38 65 32 33 30 66 31 37 62 65 31 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 54 6b 55 56 64 72 73 65 4b 34 67 32 65 6c 43 73 4b 72 64 78 70 31 56 58 58 70 4a 64 72 56 4a 33 75 74 42 49 37 37 43 32 78 4a 63 6d 79 5a 6c 46 37 42 45 4b 4d 38 32 79 35 78 33 63 76 45 78 55 48 33 42 76 66 70 37 72 6b 54 44 36 4e 37 7a 36 4e 4a 49 2f 2f 6a 55 57 7a 6c 46 63 45 65 35 6c 66 65 4f 67 6b 6c 38 4c 2f 50 73 44 51 Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: WVt8m50Kb0eLU27R.2Context: a3d4f8e230f17be1<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAATkUVdrseK4g2elCsKrdxp1VXXpJdrVJ3utBI77C2xJcmyZlF7BEKM82y5x3cvExUH3Bvfp7rkTD6N7z6NJI//jUWzlFcEe5lfeOgkl8L/PsDQ
2024-07-04 22:38:27 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 57 56 74 38 6d 35 30 4b 62 30 65 4c 55 32 37 52 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 33 64 34 66 38 65 32 33 30 66 31 37 62 65 31 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: WVt8m50Kb0eLU27R.3Context: a3d4f8e230f17be1<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-07-04 22:38:27 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-07-04 22:38:27 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 6c 4c 78 39 52 35 56 4b 7a 6b 79 47 4c 39 45 64 39 30 74 42 54 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: lLx9R5VKzkyGL9Ed90tBTA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49723	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-07-04 22:38:27 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-07-04 22:38:27 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0758) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=30335 Date: Thu, 04 Jul 2024 22:38:27 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	49722	91.215.85.65	443	6212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-04 22:38:27 UTC	600	OUT	GET /files_meta/react-gallery/carousel.min.css HTTP/1.1 Host: pradeeprunner.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://pradeeprunner.com/files_meta/first_style.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-04 22:38:27 UTC	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Thu, 04 Jul 2024 22:38:27 GMT Content-Type: text/html; charset=iso-8859-1 Transfer-Encoding: chunked Connection: close
2024-07-04 22:38:27 UTC	291	IN	Data Raw: 31 31 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 39 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 70 72 61 64 65 65 70 72 75 6e 6e 65 72 2e 63 6f 6d 20 50 6f 72 74 Data Ascii: 117<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.59 (Debian) Server at pradeeprunner.com Port

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.6	49724	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-07-04 22:38:28 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 36 73 77 65 6a 42 2b 73 37 30 61 67 61 49 71 56 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 33 35 36 30 39 33 64 30 32 62 65 36 36 37 61 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 6swejB+s70agaIqV.1Context: 8356093d02be667a
2024-07-04 22:38:28 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-07-04 22:38:28 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 36 73 77 65 6a 42 2b 73 37 30 61 67 61 49 71 56 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 33 35 36 30 39 33 64 30 32 62 65 36 36 37 61 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 54 6b 55 56 64 72 73 65 4b 34 67 32 65 6c 43 73 4b 72 64 78 70 31 56 58 58 70 4a 64 72 56 4a 33 75 74 42 49 37 37 43 32 78 4a 63 6d 79 5a 6c 46 37 42 45 4b 4d 38 32 79 35 78 33 63 76 45 78 55 48 33 42 76 66 70 37 72 6b 54 44 36 4e 37 7a 36 4e 4a 49 2f 2f 6a 55 57 7a 6c 46 63 45 65 35 6c 66 65 4f 67 6b 6c 38 4c 2f 50 73 44 51 Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: 6swejB+s70agaIqV.2Context: 8356093d02be667a<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAATkUVdrseK4g2elCsKrdxp1VXXpJdrVJ3utBI77C2xJcmyZlF7BEKM82y5x3cvExUH3Bvfp7rkTD6N7z6NJI//jUWzlFcEe5lfeOgkl8L/PsDQ
2024-07-04 22:38:28 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 36 73 77 65 6a 42 2b 73 37 30 61 67 61 49 71 56 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 33 35 36 30 39 33 64 30 32 62 65 36 36 37 61 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: 6swejB+s70agaIqV.3Context: 8356093d02be667a
2024-07-04 22:38:28 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-07-04 22:38:28 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 43 50 47 78 4b 35 71 53 56 55 65 6c 56 72 6c 45 53 43 77 59 39 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: CPGxK5qSVUelVrlESCwY9Q.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.6	49726	91.215.85.65	443	6212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-04 22:38:28 UTC	548	OUT	GET /files_meta/script.js HTTP/1.1 Host: pradeeprunner.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://pradeeprunner.com/auth.html Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-04 22:38:28 UTC	288	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Thu, 04 Jul 2024 22:38:28 GMT Content-Type: application/javascript Content-Length: 0 Last-Modified: Sun, 30 Jun 2024 17:52:51 GMT Connection: close ETag: "66819b73-0" Strict-Transport-Security: max-age=31536000; Accept-Ranges: bytes

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.6	49727	91.215.85.65	443	6212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-04 22:38:28 UTC	604	OUT	GET /metamask-fox.svg HTTP/1.1 Host: pradeeprunner.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pradeeprunner.com/auth.html Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-04 22:38:28 UTC	284	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Thu, 04 Jul 2024 22:38:28 GMT Content-Type: image/svg+xml Content-Length: 3231 Last-Modified: Sun, 30 Jun 2024 17:52:51 GMT Connection: close ETag: "66819b73-c9f" Strict-Transport-Security: max-age=31536000; Accept-Ranges: bytes
2024-07-04 22:38:28 UTC	3231	IN	Data Raw: 3c 73 76 67 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 68 65 69 67 68 74 3d 22 33 33 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 33 35 20 33 33 22 20 77 69 64 74 68 3d 22 33 35 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 3e 3c 67 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3d 22 72 6f 75 6e 64 22 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 6a 6f 69 6e 3d 22 72 6f 75 6e 64 22 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 2e 32 35 22 3e 3c 70 61 74 68 20 64 3d 22 6d 33 32 2e 39 35 38 32 20 31 2d 31 33 2e 31 33 34 31 20 39 2e 37 31 38 33 20 32 2e 34 34 32 34 2d 35 2e 37 32 37 33 31 7a 22 20 66 69 6c 6c 3d 22 23 65 31 37 37 32 36 22 20 73 74 72 6f 6b 65 3d 22 23 65 31 37 37 32 36 22 2f 3e 3c 67 20 66 69 6c Data Ascii: <svg fill="none" height="33" viewBox="0 0 35 33" width="35" xmlns="http://www.w3.org/2000/svg"><g stroke-linecap="round" stroke-linejoin="round" stroke-width=".25"><path d="m32.9582 1-13.1341 9.7183 2.4424-5.72731z" fill="#e17726" stroke="#e17726"/><g fil

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.6	49725	91.215.85.65	443	6212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-04 22:38:28 UTC	647	OUT	GET /images/icons/arrow-down.svg HTTP/1.1 Host: pradeeprunner.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://pradeeprunner.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: image Referer: https://pradeeprunner.com/auth.html Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-04 22:38:29 UTC	177	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Thu, 04 Jul 2024 22:38:28 GMT Content-Type: text/html; charset=iso-8859-1 Transfer-Encoding: chunked Connection: close
2024-07-04 22:38:29 UTC	291	IN	Data Raw: 31 31 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 39 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 70 72 61 64 65 65 70 72 75 6e 6e 65 72 2e 63 6f 6d 20 50 6f 72 74 Data Ascii: 117<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.59 (Debian) Server at pradeeprunner.com Port

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.6	49731	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-07-04 22:38:28 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-07-04 22:38:29 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=30354 Date: Thu, 04 Jul 2024 22:38:29 GMT Content-Length: 55 Connection: close X-CID: 2
2024-07-04 22:38:29 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.6	49730	91.215.85.65	443	6212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-04 22:38:28 UTC	619	OUT	GET /files_meta/EuclidCircularB-Regular-WebXL.ttf HTTP/1.1 Host: pradeeprunner.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://pradeeprunner.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://pradeeprunner.com/files_meta/first_style.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-04 22:38:29 UTC	288	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Thu, 04 Jul 2024 22:38:29 GMT Content-Type: font/ttf Content-Length: 154192 Connection: close Last-Modified: Sun, 30 Jun 2024 17:52:51 GMT ETag: "25a50-61c1f26398294" Accept-Ranges: bytes Strict-Transport-Security: max-age=31536000;
2024-07-04 22:38:29 UTC	16096	IN	Data Raw: 00 01 00 00 00 13 01 00 00 04 00 30 42 41 53 45 65 37 5d bd 00 01 52 94 00 00 00 46 47 50 4f 53 39 91 4c 65 00 01 52 dc 00 00 f6 5a 47 53 55 42 60 56 7f f3 00 02 49 38 00 00 11 18 4c 54 53 48 5d a9 c4 62 00 00 0d 1c 00 00 02 c5 4f 53 2f 32 6c 1f 75 9e 00 00 01 b8 00 00 00 60 63 6d 61 70 51 73 02 97 00 00 44 78 00 00 06 68 63 76 74 20 01 67 09 f4 00 00 4d 20 00 00 00 2a 66 70 67 6d 06 59 9c 37 00 00 4a e0 00 00 01 73 67 61 73 70 00 7c 00 2e 00 01 52 80 00 00 00 14 67 6c 79 66 30 8c 83 a7 00 00 52 d0 00 00 fc 78 68 64 6d 78 2c 6b f3 1c 00 00 0f e4 00 00 34 94 68 65 61 64 11 d1 53 53 00 00 01 3c 00 00 00 36 68 68 65 61 07 e8 05 d3 00 00 01 74 00 00 00 24 68 6d 74 78 a9 17 4e c5 00 00 02 18 00 00 0b 04 6c 6f 63 61 5b b6 95 62 00 00 4d 4c 00 00 05 84 6d 61 78 Data Ascii: 0BASEe7]RFGPOS9LeRZGSUB`VI8LTSH]bOS/2lu`cmapQsDxhcvt gM *fpgmY7Jsgasp\|.Rglyf0Rxhdmx,k4headSS<6hheat$hmtxNloca[bMLmax
2024-07-04 22:38:29 UTC	16384	IN	Data Raw: 17 1e 25 25 1a 13 18 1e 16 18 21 19 22 17 18 00 2e 41 1f 00 0b 0b 0c 13 22 18 2e 22 0a 0d 0d 14 17 0c 12 0c 17 1d 0f 1a 1b 1c 1a 1a 17 1a 1a 0d 0d 14 1a 14 17 25 21 1d 23 21 1a 18 23 23 0d 18 1f 19 29 25 26 1b 27 1d 19 1a 21 20 2c 1f 1f 1b 0e 17 0e 13 18 00 1d 1d 1a 1d 1b 11 1d 1b 0b 0c 19 0b 29 1b 1c 1d 1d 11 15 12 1b 19 23 18 19 16 0f 0c 0f 13 0b 0c 1b 1a 1f 0c 15 00 26 13 16 12 26 00 10 10 11 00 1d 0c 00 0b 12 16 24 24 2a 17 21 21 21 21 21 21 2a 23 1a 1a 1a 1a 0d 0d 0d 0d 22 25 26 26 26 26 26 17 26 21 21 21 21 1f 1b 1a 1d 1d 1d 1d 1d 1d 29 1a 1b 1b 1b 1b 0b 0b 0b 0b 1c 1b 1c 1c 1c 1c 1c 1c 1b 1b 1b 1b 19 1d 19 21 21 21 23 23 23 23 21 22 1a 1a 1a 1a 1a 23 23 23 23 24 23 0d 0d 0d 0d 0d 0d 18 1f 19 19 19 19 19 1a 25 25 25 25 35 26 26 26 26 1d 1d 1d 19 19 Data Ascii: %%!".A"."%!#!##)%&'! ,)#&&$$!!!!!!#"%&&&&&&!!!!)!!!####!"####$#%%%%5&&&&
2024-07-04 22:38:29 UTC	16384	IN	Data Raw: 42 5a 34 39 5e 19 a3 26 3e 2d 19 19 2d 3e 26 26 3e 2d 19 19 2d 3e d1 02 c5 4d 24 33 29 47 5e 36 36 5e 47 29 33 24 fe e2 01 16 1c 31 42 26 26 42 31 1c 1c 31 42 26 26 42 31 1c 00 00 00 02 00 2a ff 2f 02 25 01 fe 00 14 00 28 00 57 00 b8 00 00 45 58 b8 00 12 2f 1b b9 00 12 00 0d 3e 59 b8 00 00 45 58 b8 00 0e 2f 1b b9 00 0e 00 0d 3e 59 b8 00 00 45 58 b8 00 14 2f 1b b9 00 14 00 0b 3e 59 b8 00 00 45 58 b8 00 04 2f 1b b9 00 04 00 09 3e 59 b9 00 15 00 02 f4 b8 00 0e 10 b9 00 1f 00 02 f4 30 31 05 11 0e 01 23 22 2e 02 35 34 3e 02 33 32 16 17 35 33 11 03 32 3e 02 35 34 2e 02 23 22 0e 02 15 14 1e 02 01 cf 19 5e 39 35 59 42 25 25 42 59 35 39 5e 19 56 f9 26 3e 2d 19 19 2d 3e 26 26 3f 2d 19 19 2d 3f d1 01 1e 24 33 29 47 5e 36 36 5e 47 29 33 24 4d fd 3b 01 16 1c 31 42 26 Data Ascii: BZ49^&>-->&&>-->M$3)G^66^G)3$1B&&B11B&&B1*/%(WEX/>YEX/>YEX/>YEX/>Y01#".54>32532>54.#"^95YB%%BY59^V&>-->&&?--?$3)G^66^G)3$M;1B&
2024-07-04 22:38:29 UTC	16384	IN	Data Raw: 00 08 10 b8 00 2f d0 30 31 01 23 26 06 15 14 16 3b 01 15 35 23 22 2e 02 35 34 3e 02 3b 01 35 33 15 33 32 1e 02 15 14 0e 02 2b 01 15 37 32 36 35 34 26 07 23 11 01 84 06 7b 7b 7a 7c 06 05 4f 7e 59 2f 2f 59 7e 4f 05 5c 06 4f 7e 58 2f 2f 59 7e 4e 06 06 7c 7b 7c 7b 06 02 38 01 71 61 62 71 b2 5d 29 4c 6e 45 45 6d 4c 28 57 57 28 4c 6d 45 45 6e 4c 29 5d b2 71 62 61 71 01 fe 5c 00 01 00 04 00 00 02 9a 02 c6 00 0b 00 47 00 b8 00 00 45 58 b8 00 02 2f 1b b9 00 02 00 0f 3e 59 b8 00 00 45 58 b8 00 05 2f 1b b9 00 05 00 0f 3e 59 b8 00 00 45 58 b8 00 08 2f 1b b9 00 08 00 09 3e 59 b8 00 00 45 58 b8 00 0b 2f 1b b9 00 0b 00 09 3e 59 30 31 33 09 01 33 1b 01 33 09 01 23 0b 01 04 01 12 fe f9 6f d1 d1 6f fe fa 01 11 71 da d9 01 67 01 5f fe eb 01 15 fe a1 fe 99 01 1c fe e4 00 00 Data Ascii: /01#&;5#".54>;5332+72654&#{{z\|O~Y//Y~O\O~X//Y~N\|{\|{8qabq])LnEEmL(WW(LmEEnL)]qbaq\GEX/>YEX/>YEX/>YEX/>Y01333#ooqg_
2024-07-04 22:38:29 UTC	16384	IN	Data Raw: 06 23 16 15 14 23 16 15 14 23 22 35 06 23 16 15 14 23 22 35 06 23 16 15 14 23 22 35 06 23 16 15 14 23 22 35 06 23 16 15 14 23 22 35 06 23 16 15 14 23 22 35 06 23 16 15 14 23 22 35 06 23 16 15 14 23 22 35 06 23 16 15 14 23 22 35 06 23 16 15 14 23 22 35 06 07 32 15 14 23 22 35 06 07 32 15 14 23 22 35 34 33 26 35 34 33 32 15 34 33 26 35 34 37 22 35 34 33 32 15 34 37 22 35 34 33 32 17 34 37 22 35 34 33 32 17 34 37 22 35 34 33 32 17 34 37 22 35 34 33 32 15 34 37 22 35 34 33 32 15 34 37 22 35 34 37 22 35 34 33 32 15 34 37 22 35 34 33 32 17 34 37 22 35 34 33 32 17 34 37 22 35 34 33 32 15 34 37 22 35 34 33 32 15 34 37 22 35 34 37 22 35 34 33 32 17 34 37 22 35 34 33 32 15 34 37 22 35 34 33 32 15 34 37 22 35 34 33 32 15 34 37 22 35 34 33 32 15 34 37 22 35 34 37 22 Data Ascii: ###"5##"5##"5##"5##"5##"5##"5##"5##"5##"52#"52#"543&543243&547"543247"543247"543247"543247"543247"543247"547"543247"543247"543247"543247"543247"547"543247"543247"543247"543247"543247"547"
2024-07-04 22:38:29 UTC	16384	IN	Data Raw: 23 23 18 0a 11 08 66 00 00 01 ff a3 03 02 00 5d 03 9f 00 03 00 0b 00 b8 00 00 2f b8 00 02 dc 30 31 13 27 33 17 15 72 6c 4e 03 02 9d 9d 00 00 00 00 02 ff 58 03 02 00 a7 03 9f 00 03 00 07 00 17 00 b8 00 06 2f b8 00 04 dc b8 00 00 d0 b8 00 06 10 b8 00 02 d0 30 31 13 33 07 23 27 33 07 23 44 63 6d 3b 62 63 6d 3b 03 9f 9d 9d 9d 00 01 ff 5f 03 25 00 a1 03 6a 00 03 00 0d 00 b8 00 02 2f b9 00 01 00 04 f4 30 31 03 21 15 21 a1 01 42 fe be 03 6a 45 00 00 01 ff a8 ff 25 00 58 00 00 00 15 00 2f 00 b8 00 00 45 58 b8 00 00 2f 1b b9 00 00 00 0b 3e 59 b8 00 00 45 58 b8 00 08 2f 1b b9 00 08 00 09 3e 59 b8 00 00 10 b9 00 0f 00 03 f4 30 31 17 22 26 35 34 3e 02 37 33 0e 01 15 14 16 33 32 36 37 15 0e 01 07 28 37 10 18 1d 0e 5d 31 2b 16 0e 12 1b 0b 0d 27 db 32 27 16 27 20 1a 0b Data Ascii: ##f]/01'3rlNX/013#'3#Dcm;bcm;_%j/01!!BjE%X/EX/>YEX/>Y01"&54>733267(7]1+'2''
2024-07-04 22:38:29 UTC	16384	IN	Data Raw: 00 08 00 60 00 08 01 58 00 12 01 5c 00 00 01 66 00 03 01 70 00 12 01 8e 00 12 01 99 00 0b 01 9d 00 00 01 a5 ff ce 01 b1 00 0a 01 c5 ff db 01 c9 ff ce 01 cf ff ce 01 d0 00 0b 01 f0 00 23 01 f1 00 23 02 8a 00 02 02 8c 00 00 02 8e 00 06 02 ae 00 0b 02 b6 ff dd 02 b9 00 11 02 bc 00 0b 00 29 00 03 ff e5 00 0c 00 0b 00 0f 00 2b 00 1e 00 1a 00 40 00 0e 00 60 00 0e 01 52 00 0a 01 56 00 0b 01 58 00 1a 01 5c 00 0b 01 66 00 0d 01 6e ff ea 01 70 00 19 01 91 00 0d 01 97 00 00 01 98 ff df 01 99 00 12 01 9d 00 04 01 a5 ff c5 01 a6 ff df 01 a7 00 06 01 b1 00 12 01 c5 ff df 01 c9 ff c5 01 cd ff c5 01 cf ff c5 01 d0 00 12 01 d3 00 06 01 f0 00 2b 01 f1 00 2b 02 86 ff db 02 88 ff db 02 8a 00 0e 02 8c 00 0c 02 8e 00 0d 02 ae 00 13 02 b3 00 0a 02 b6 ff dd 02 b9 00 19 02 bc 00 Data Ascii: `X\fp##)+@`RVX\fnp++
2024-07-04 22:38:29 UTC	16384	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 ff db ff de ff ce 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff eb ff fd ff e6 ff e8 00 00 ff fe ff de 00 00 ff ef 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ef 00 00 00 00 00 00 00 00 00 00 00 00 ff e9 00 00 00 05 00 08 ff de ff db ff ee 00 07 ff ae 00 07 ff ef ff eb 00 04 ff c1 ff ce ff e0 00 01 00 00 00 Data Ascii:
2024-07-04 22:38:29 UTC	16384	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff f7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff fe 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff fe 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff f1 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2024-07-04 22:38:29 UTC	7024	IN	Data Raw: 00 7b 00 5f 00 4c 00 95 00 4d 00 96 00 97 00 0a 00 00 00 0c 00 00 00 7a 00 14 00 00 00 00 00 00 00 00 00 00 00 00 00 63 00 00 00 68 00 6c 00 63 00 00 00 11 00 00 00 00 00 00 00 00 00 21 00 00 00 00 00 00 00 6a 00 00 00 00 00 00 00 24 00 4e 00 4e 00 4e 00 4e 00 4e 00 4e 00 51 00 4f 00 51 00 51 00 51 00 51 00 53 00 53 00 53 00 53 00 50 00 53 00 57 00 57 00 57 00 57 00 57 00 00 00 57 00 5b 00 5b 00 5b 00 5b 00 5d 00 03 00 19 00 5f 00 5f 00 5f 00 5f 00 5f 00 5f 00 65 00 61 00 65 00 65 00 65 00 65 00 6e 00 6e 00 6e 00 6e 00 13 00 72 00 73 00 73 00 73 00 73 00 73 00 73 00 5f 00 5f 00 5f 00 5f 00 96 00 60 00 96 00 4e 00 4e 00 4e 00 4f 00 4f 00 4f 00 4f 00 50 00 50 00 51 00 51 00 51 00 51 00 51 00 52 00 52 00 52 00 52 00 53 00 53 00 53 00 53 00 53 00 53 00 53 00 Data Ascii: {_LMzchlc!j$NNNNNNQOQQQQSSSSPSWWWWWW[[[[]______eaeeeennnnrssssss____`NNNOOOOPPQQQQQRRRRSSSSSSS

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.6	49729	91.215.85.65	443	6212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-04 22:38:29 UTC	616	OUT	GET /files_meta/EuclidCircularB-Bold-WebXL.ttf HTTP/1.1 Host: pradeeprunner.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://pradeeprunner.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://pradeeprunner.com/files_meta/first_style.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-04 22:38:29 UTC	288	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Thu, 04 Jul 2024 22:38:29 GMT Content-Type: font/ttf Content-Length: 150928 Connection: close Last-Modified: Sun, 30 Jun 2024 17:52:51 GMT ETag: "24d90-61c1f263972f4" Accept-Ranges: bytes Strict-Transport-Security: max-age=31536000;
2024-07-04 22:38:29 UTC	16096	IN	Data Raw: 00 01 00 00 00 13 01 00 00 04 00 30 42 41 53 45 65 37 5d bd 00 01 50 fc 00 00 00 46 47 50 4f 53 c6 47 02 f5 00 01 51 44 00 00 eb 34 47 53 55 42 17 88 34 2a 00 02 3c 78 00 00 11 18 4c 54 53 48 d2 be 4b a0 00 00 0d 1c 00 00 02 c5 4f 53 2f 32 6d 4b 78 a7 00 00 01 b8 00 00 00 60 63 6d 61 70 80 da 38 b0 00 00 44 78 00 00 06 a8 63 76 74 20 0a c3 01 ea 00 00 4d 4c 00 00 00 28 66 70 67 6d 06 59 9c 37 00 00 4b 20 00 00 01 73 67 61 73 70 00 7c 00 2e 00 01 50 e8 00 00 00 14 67 6c 79 66 b6 d4 e5 bf 00 00 52 f8 00 00 fa b8 68 64 6d 78 92 46 f1 93 00 00 0f e4 00 00 34 94 68 65 61 64 11 b7 53 0f 00 00 01 3c 00 00 00 36 68 68 65 61 07 cd 05 b3 00 00 01 74 00 00 00 24 68 6d 74 78 cf ac 2f cc 00 00 02 18 00 00 0b 04 6c 6f 63 61 87 f0 ce 7e 00 00 4d 74 00 00 05 84 6d 61 78 Data Ascii: 0BASEe7]PFGPOSGQD4GSUB4*<xLTSHKOS/2mKx`cmap8Dxcvt ML(fpgmY7K sgasp\|.PglyfRhdmxF4headS<6hheat$hmtx/loca~Mtmax
2024-07-04 22:38:29 UTC	16384	IN	Data Raw: 18 1b 17 00 18 13 1a 20 16 23 17 17 19 15 20 00 2e 40 1d 00 0a 0a 0d 14 21 19 2d 24 0b 0e 0e 17 17 0d 13 0d 1a 1d 11 1b 1b 1e 1b 1a 19 1b 1a 0e 0e 17 19 17 18 25 23 1d 23 21 1a 19 23 23 0e 19 20 19 29 24 25 1b 27 1e 1b 1a 21 21 2c 20 20 1d 0f 1a 0f 0f 18 00 1c 1c 1a 1c 1b 14 1c 1c 0d 0d 1a 0d 29 1c 1b 1c 1c 13 15 14 1b 1b 25 1b 1b 17 10 0c 10 0f 0a 0d 1b 1b 22 0c 15 00 25 12 19 13 25 00 12 10 11 00 1f 0e 00 0b 11 19 26 26 2a 18 23 23 23 23 23 23 2c 23 1a 1a 1a 1a 0e 0e 0e 0e 22 24 25 25 25 25 25 17 25 21 21 21 21 20 1c 1b 1c 1c 1c 1c 1c 1c 29 1a 1b 1b 1b 1b 0d 0d 0d 0d 1b 1c 1b 1b 1b 1b 1b 1b 1b 1b 1b 1b 1b 1c 1b 23 23 23 23 23 23 23 21 22 1a 1a 1a 1a 1a 23 23 23 23 24 23 0e 0e 0e 0e 0e 0e 19 20 19 19 19 1a 1a 1b 24 24 24 24 33 25 25 25 25 1e 1e 1e 1b 1b Data Ascii: # .@!-$%##!## )$%'!!, )%"%%&&*######,#"$%%%%%%!!!! )#######!"####$# $$$$3%%%%
2024-07-04 22:38:29 UTC	16384	IN	Data Raw: 12 16 0a fe fd 01 4f 46 36 36 46 46 36 36 46 00 00 02 00 20 ff 2f 02 27 01 ff 00 18 00 24 00 57 00 b8 00 00 45 58 b8 00 16 2f 1b b9 00 16 00 0c 3e 59 b8 00 00 45 58 b8 00 10 2f 1b b9 00 10 00 0c 3e 59 b8 00 00 45 58 b8 00 18 2f 1b b9 00 18 00 0a 3e 59 b8 00 00 45 58 b8 00 06 2f 1b b9 00 06 00 08 3e 59 b9 00 19 00 02 f4 b8 00 10 10 b9 00 1f 00 02 f4 30 31 05 11 0e 03 23 22 2e 02 35 34 3e 02 33 32 1e 02 17 35 33 11 03 32 36 35 34 26 23 22 06 15 14 16 01 90 08 19 23 2b 19 31 55 3e 24 24 3e 55 31 19 2b 23 19 08 97 fd 33 3f 3f 33 33 3f 3f d1 01 03 0a 16 12 0b 2a 47 5f 35 35 5f 47 2a 0b 12 16 0a 32 fd 3b 01 4f 46 36 36 46 46 36 36 46 00 01 00 3e 00 00 01 7d 01 fa 00 11 00 40 00 b8 00 00 45 58 b8 00 05 2f 1b b9 00 05 00 0c 3e 59 b8 00 00 45 58 b8 00 00 2f 1b b9 Data Ascii: OF66FF66F /'$WEX/>YEX/>YEX/>YEX/>Y01#".54>32532654&#"#+1U>$$>U1+#3??33??G_55_G2;OF66FF66F>}@EX/>YEX/
2024-07-04 22:38:29 UTC	16384	IN	Data Raw: 34 33 32 15 34 37 22 35 34 33 32 17 34 37 22 35 34 33 32 15 34 37 22 35 34 33 32 17 34 37 22 35 34 33 32 17 34 37 22 35 34 37 22 35 34 33 32 15 34 37 22 35 34 33 32 15 34 37 22 35 34 33 32 15 34 37 22 35 34 33 32 15 34 37 22 35 34 33 32 15 34 37 22 35 34 37 22 35 34 33 32 15 34 37 22 35 34 33 32 17 34 37 22 35 34 33 32 17 34 37 22 35 34 33 32 17 34 37 22 35 34 33 32 15 34 37 22 35 34 33 32 17 34 37 22 35 34 37 22 35 34 27 32 17 34 37 22 35 34 37 22 35 34 33 32 15 14 23 16 17 34 33 32 15 14 23 16 17 34 33 32 15 14 23 16 15 14 23 22 35 06 23 16 15 14 23 16 15 14 23 22 35 06 23 16 15 14 23 22 35 06 23 16 15 14 23 16 15 14 23 22 35 06 23 16 15 14 23 16 15 14 23 22 35 06 23 16 15 14 23 16 15 14 23 22 35 06 23 16 15 14 23 22 35 06 23 16 15 14 23 16 15 14 23 22 Data Ascii: 43247"543247"543247"543247"543247"547"543247"543247"543247"543247"543247"547"543247"543247"543247"543247"543247"543247"547"54'247"547"5432#432#432##"5###"5##"5###"5###"5###"5##"5###"
2024-07-04 22:38:29 UTC	16384	IN	Data Raw: f1 13 21 2b 19 19 2b 21 13 13 21 2b 19 19 2b 21 13 41 20 17 17 20 20 17 17 20 00 00 00 01 ff 3f 03 08 00 c0 03 9a 00 1d 00 27 00 b8 00 14 2f b8 00 1c d0 b8 00 19 dc b9 00 05 00 04 f4 b8 00 14 10 b9 00 0a 00 04 f4 b8 00 05 10 b8 00 0d d0 30 31 03 3e 03 33 32 1e 02 33 32 36 37 33 07 0e 03 23 22 2e 02 23 22 06 07 23 bd 04 17 21 28 15 17 27 20 1b 0c 14 12 06 53 04 04 18 21 28 15 17 27 20 1b 0b 14 12 07 52 03 24 1c 2c 1e 0f 0f 11 0f 19 17 1c 1d 2b 1e 0f 0f 11 0f 19 17 00 01 ff 51 01 21 00 b0 01 ab 00 03 00 0d 00 bb 00 01 00 02 00 02 00 04 2b 30 31 03 21 15 21 af 01 5f fe a1 01 ab 8a 00 00 01 fe 8a ff ee 01 74 02 d8 00 03 00 0b 00 b8 00 02 2f b8 00 00 2f 30 31 05 27 01 17 fe e3 59 02 91 59 12 5a 02 90 5a 00 01 ff 4c 00 d5 00 b4 02 1f 00 03 00 0b 00 b8 00 02 2f Data Ascii: !++!!++!A ?'/01>3232673#".#"#!(' S!(' R$,+Q!+01!!_t//01'YYZZL/
2024-07-04 22:38:29 UTC	16384	IN	Data Raw: 13 0b d9 20 20 83 1f 02 11 fe ea 1f 38 4e 2e 2e 51 3c 22 02 2e fe c5 7b 84 03 02 93 02 01 0a 1b 31 26 01 c1 00 01 00 14 ff f4 01 e2 02 c6 00 13 00 2b 00 b8 00 00 45 58 b8 00 0d 2f 1b b9 00 0d 00 0e 3e 59 b8 00 00 45 58 b8 00 00 2f 1b b9 00 00 00 08 3e 59 b9 00 09 00 01 f4 30 31 17 22 2e 02 35 33 14 16 33 32 36 35 11 33 11 14 0e 02 fa 2d 53 40 26 9d 2a 1f 1d 2c 9f 26 40 54 0c 19 36 53 3a 24 24 22 22 01 fa fd fc 36 4e 32 18 00 00 ff ff ff ff ff 2f 02 45 01 f4 02 26 02 81 00 00 00 07 02 ab 01 21 00 00 ff ff 00 4b 00 00 02 0d 03 a1 02 26 02 29 00 00 00 07 02 0a 01 2b 00 00 ff ff 00 4b 00 00 01 f4 03 9f 02 26 02 63 00 00 00 07 02 05 01 66 00 00 00 01 00 16 ff f4 02 ec 02 c6 00 25 00 62 00 b8 00 00 45 58 b8 00 1f 2f 1b b9 00 1f 00 0e 3e 59 b8 00 00 45 58 b8 00 Data Ascii: 8N..Q<".{1&+EX/>YEX/>Y01".5332653-S@&*,&@T6S:$$""6N2/E&!K&)+K&cf%bEX/>YEX
2024-07-04 22:38:29 UTC	16384	IN	Data Raw: ff fc 02 4f ff fc 02 53 ff eb 02 55 ff b1 02 58 ff fc 02 71 ff fb 02 92 ff f9 02 b7 ff f9 02 be ff f9 00 04 02 38 00 33 02 3f 00 33 02 42 00 32 02 59 ff ad 00 0e 00 09 ff f6 00 0c ff e2 00 0d ff f3 00 22 ff f4 00 3f ff d5 00 40 ff ea 00 60 ff ea 02 1a ff f9 02 1f ff f5 02 55 ff b1 02 92 ff f8 02 b7 ff f5 02 bd ff f8 02 be ff f6 00 0e 00 09 ff f5 00 0c ff e1 00 0d ff ef 00 22 ff ef 00 3f ff cf 00 40 ff e9 00 60 ff e9 02 1a ff f0 02 1f ff f4 02 55 ff ac 02 92 ff f8 02 b7 ff f4 02 bd ff f8 02 be ff f5 00 05 00 09 ff f1 00 0c ff f0 00 3f ff e7 02 27 ff f4 02 55 ff ba 00 01 02 88 ff b3 00 10 00 0c ff ee 00 12 ff f0 00 22 ff f5 02 1a ff de 02 1f ff f3 02 44 ff fb 02 51 ff f3 02 55 ff f3 02 6a ff f9 02 6c ff fa 02 88 ff f4 02 8b ff f7 02 92 ff f3 02 b7 ff f3 02 Data Ascii: OSUXq83?3B2Y"?@`U"?@`U?'U"DQUjl
2024-07-04 22:38:29 UTC	16384	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ec ff de ff e8 ff d8 ff de ff f2 ff ea ff f6 ff ee ff c8 ff f6 ff f7 ff f9 00 00 ff fa 00 00 00 00 ff fa 00 00 00 00 00 00 ff fa ff fa ff fa 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2024-07-04 22:38:29 UTC	16384	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff f6 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff f4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0b 00 0b 00 00 00 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2024-07-04 22:38:29 UTC	3760	IN	Data Raw: 66 72 61 63 03 ca 66 72 61 63 03 ca 66 72 61 63 03 ca 66 72 61 63 03 ca 66 72 61 63 03 ca 66 72 61 63 03 ca 66 72 61 63 03 ca 66 72 61 63 03 ca 66 72 61 63 03 ca 6c 69 67 61 03 e8 6c 69 67 61 03 e8 6c 69 67 61 03 e8 6c 69 67 61 03 e8 6c 69 67 61 03 e8 6c 69 67 61 03 e8 6c 69 67 61 03 e8 6c 69 67 61 03 e8 6c 69 67 61 03 e8 6c 6e 75 6d 03 ee 6c 6e 75 6d 03 ee 6c 6e 75 6d 03 ee 6c 6e 75 6d 03 ee 6c 6e 75 6d 03 ee 6c 6e 75 6d 03 ee 6c 6e 75 6d 03 ee 6c 6e 75 6d 03 ee 6c 6e 75 6d 03 ee 6c 6f 63 6c 03 f4 6c 6f 63 6c 03 fa 6c 6f 63 6c 04 00 6c 6f 63 6c 04 06 6c 6f 63 6c 04 0c 6e 75 6d 72 04 12 6e 75 6d 72 04 12 6e 75 6d 72 04 12 6e 75 6d 72 04 12 6e 75 6d 72 04 12 6e 75 6d 72 04 12 6e 75 6d 72 04 12 6e 75 6d 72 04 12 6e 75 6d 72 04 12 6f 6e 75 6d 04 18 6f 6e 75 Data Ascii: fracfracfracfracfracfracfracfracfracligaligaligaligaligaligaligaligaligalnumlnumlnumlnumlnumlnumlnumlnumlnumloclloclloclloclloclnumrnumrnumrnumrnumrnumrnumrnumrnumronumonu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.6	49728	91.215.85.65	443	6212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-04 22:38:29 UTC	612	OUT	GET /files_meta/EuclidCircularB-Medium.ttf HTTP/1.1 Host: pradeeprunner.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://pradeeprunner.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://pradeeprunner.com/files_meta/first_style.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-04 22:38:29 UTC	288	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Thu, 04 Jul 2024 22:38:29 GMT Content-Type: font/ttf Content-Length: 160832 Connection: close Last-Modified: Sun, 30 Jun 2024 17:52:51 GMT ETag: "27440-61c1f26398294" Accept-Ranges: bytes Strict-Transport-Security: max-age=31536000;
2024-07-04 22:38:29 UTC	16096	IN	Data Raw: 00 01 00 00 00 14 01 00 00 04 00 40 42 41 53 45 65 37 5d bd 00 01 6c 4c 00 00 00 46 44 53 49 47 55 57 55 8b 00 02 74 18 00 00 00 28 47 50 4f 53 cb ef b5 2f 00 01 6c 94 00 00 f6 6c 47 53 55 42 60 56 7f f3 00 02 63 00 00 00 11 18 4c 54 53 48 41 a2 4d ab 00 00 0d 2c 00 00 02 c5 4f 53 2f 32 6c cd 77 7d 00 00 01 c8 00 00 00 60 63 6d 61 70 51 73 02 97 00 00 44 88 00 00 06 68 63 76 74 20 01 8a 0a 14 00 00 4d 30 00 00 00 2a 66 70 67 6d 06 59 9c 37 00 00 4a f0 00 00 01 73 67 61 73 70 00 7c 00 2e 00 01 6c 38 00 00 00 14 67 6c 79 66 3d 0e 27 9b 00 00 52 e0 00 00 fb 6c 68 64 6d 78 e1 5a 95 ed 00 00 0f f4 00 00 34 94 68 65 61 64 11 c7 53 8a 00 00 01 4c 00 00 00 36 68 68 65 61 07 de 05 c8 00 00 01 84 00 00 00 24 68 6d 74 78 b7 2b 43 b9 00 00 02 28 00 00 0b 04 6c 6f 63 Data Ascii: @BASEe7]lLFDSIGUWUt(GPOS/llGSUB`VcLTSHAM,OS/2lw}`cmapQsDhcvt M0*fpgmY7Jsgasp\|.l8glyf='RlhdmxZ4headSL6hhea$hmtx+C(loc
2024-07-04 22:38:29 UTC	16384	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 27 14 1b 19 15 17 1f 25 25 1a 13 18 1f 17 18 22 19 22 17 18 00 2e 41 1f 00 0b 0b 0d 13 22 18 2d 23 0a 0d 0d 15 17 0c 12 0c 18 1d 10 1a 1b 1d 1a 1a 18 1b 1a 0d 0d 15 19 15 18 25 22 1d 23 21 1a 19 23 23 0d 19 1f 19 29 24 26 1b 27 1e 1a 1a 21 21 2c 1f 1f 1c 0e 18 0e 11 18 00 1d 1d 1a 1d 1b 12 1d 1b 0c 0c 19 0c 29 1b 1c 1d 1d 11 15 13 1b 1a 24 19 1a 17 0f 0c 0f 12 0b 0c 1b 1a 20 0c 15 00 26 13 17 12 26 00 11 10 11 00 1e 0d 00 0b 12 17 25 25 2a 17 22 22 22 22 22 22 2b 23 1a 1a 1a 1a 0d 0d 0d 0d 22 24 26 26 26 26 26 17 26 21 21 21 21 1f 1b 1b 1d 1d 1d 1d 1d 1d 29 1a 1b 1b 1b 1b 0c 0c 0c 0c 1c 1b 1c 1c 1c 1c 1c 1c 1b 1b 1b 1b 1a 1d 1a 22 22 22 23 23 23 23 21 22 1a 1a 1a 1a 1a 23 23 23 23 24 23 0d 0d 0d 0d 0d 0d 19 1f 19 19 19 1a Data Ascii: '%%"".A"-#%"#!##)$&'!!,)$ &&%%*""""""+#"$&&&&&&!!!!)"""####!"####$#
2024-07-04 22:38:29 UTC	16384	IN	Data Raw: 02 23 22 26 27 11 13 32 3e 02 35 34 2e 02 23 22 0e 02 15 14 1e 02 4a 6e 15 56 36 33 59 40 25 25 40 59 33 36 56 15 8d 21 37 27 16 16 27 37 21 21 38 27 16 16 27 38 d1 02 c5 43 1e 2f 29 47 5e 36 36 5e 47 29 2f 1e fe ec 01 2b 19 2b 3a 22 22 3a 2b 19 19 2b 3a 22 22 3a 2b 19 00 00 00 02 00 26 ff 2f 02 25 01 fe 00 14 00 28 00 57 00 b8 00 00 45 58 b8 00 12 2f 1b b9 00 12 00 0d 3e 59 b8 00 00 45 58 b8 00 0e 2f 1b b9 00 0e 00 0d 3e 59 b8 00 00 45 58 b8 00 14 2f 1b b9 00 14 00 0b 3e 59 b8 00 00 45 58 b8 00 04 2f 1b b9 00 04 00 09 3e 59 b9 00 15 00 02 f4 b8 00 0e 10 b9 00 1f 00 02 f4 30 31 05 11 0e 01 23 22 2e 02 35 34 3e 02 33 32 16 17 35 33 11 03 32 3e 02 35 34 2e 02 23 22 0e 02 15 14 1e 02 01 b7 15 55 36 33 59 40 25 25 40 59 33 36 55 15 6e fa 21 37 27 16 16 27 37 Data Ascii: #"&'2>54.#"JnV63Y@%%@Y36V!7''7!!8''8C/)G^66^G)/++:"":++:"":+&/%(WEX/>YEX/>YEX/>YEX/>Y01#".54>32532>54.#"U63Y@%%@Y36Un!7''7
2024-07-04 22:38:29 UTC	16384	IN	Data Raw: c6 5b 28 4c 6f 47 46 6e 4c 28 55 55 28 4c 6e 46 47 6f 4c 28 5b c6 69 56 56 69 01 fe 83 00 00 00 00 01 ff ff 00 00 02 ac 02 c6 00 0b 00 47 00 b8 00 00 45 58 b8 00 02 2f 1b b9 00 02 00 0f 3e 59 b8 00 00 45 58 b8 00 05 2f 1b b9 00 05 00 0f 3e 59 b8 00 00 45 58 b8 00 08 2f 1b b9 00 08 00 09 3e 59 b8 00 00 45 58 b8 00 0b 2f 1b b9 00 0b 00 09 3e 59 30 31 23 09 01 33 1b 01 33 09 01 23 0b 01 01 01 0f fe fe 8a bf c0 8a fe fe 01 0f 8c ca ca 01 68 01 5e fe fd 01 03 fe a1 fe 99 01 0a fe f6 00 00 00 00 01 00 57 ff 6c 02 db 02 c6 00 0b 00 44 00 b8 00 01 2f b8 00 00 45 58 b8 00 05 2f 1b b9 00 05 00 0f 3e 59 b8 00 00 45 58 b8 00 09 2f 1b b9 00 09 00 0f 3e 59 b8 00 00 45 58 b8 00 03 2f 1b b9 00 03 00 09 3e 59 b9 00 00 00 01 f4 b8 00 08 d0 30 31 25 11 23 35 21 11 33 11 21 Data Ascii: [(LoGFnL(UU(LnFGoL([iVViGEX/>YEX/>YEX/>YEX/>Y01#33#h^WlD/EX/>YEX/>YEX/>Y01%#5!3!
2024-07-04 22:38:29 UTC	16384	IN	Data Raw: 34 37 22 35 34 33 32 15 34 37 22 35 34 37 22 35 34 33 32 15 34 37 22 35 34 33 32 17 34 37 22 35 34 33 32 17 34 37 22 35 34 33 32 15 34 37 22 35 34 33 32 15 34 37 22 35 34 37 22 35 34 33 32 17 34 37 22 35 34 33 32 15 34 37 22 35 34 33 32 15 34 37 22 35 34 33 32 15 34 37 22 35 34 33 32 15 34 37 22 35 34 37 22 35 34 33 32 15 34 37 22 35 34 33 32 17 34 37 22 35 34 33 32 15 34 37 22 35 34 33 32 15 34 37 22 35 34 33 32 15 34 37 22 35 34 33 32 15 34 37 22 35 34 37 22 35 34 33 32 15 34 37 22 35 34 33 32 17 34 37 22 35 34 33 32 15 34 37 22 35 34 33 32 17 34 37 22 35 34 33 32 17 34 37 22 35 34 37 22 35 34 33 32 15 34 37 22 35 34 33 32 15 34 37 22 35 34 33 32 15 34 37 22 35 34 33 32 15 34 37 22 35 34 33 32 15 34 37 22 35 34 37 22 35 34 33 32 15 34 37 22 35 34 33 32 Data Ascii: 47"543247"547"543247"543247"543247"543247"543247"547"543247"543247"543247"543247"543247"547"543247"543247"543247"543247"543247"543247"547"543247"543247"543247"543247"543247"547"543247"543247"543247"543247"543247"547"543247"5432
2024-07-04 22:38:29 UTC	16384	IN	Data Raw: 01 06 2d 3a 30 1c 75 2d 2c 16 0e 11 1b 09 0c 2e db 34 2a 29 3e 16 19 35 17 10 0d 0b 08 51 0a 11 00 02 ff 87 02 f1 00 7a 03 e1 00 13 00 1f 00 13 00 b8 00 00 2f b8 00 14 dc b8 00 0a dc b8 00 1a dc 30 31 11 22 2e 02 35 34 3e 02 33 32 1e 02 15 14 0e 02 27 32 36 35 34 26 23 22 06 15 14 16 19 2c 21 13 13 21 2c 19 19 2c 21 14 14 21 2c 19 1c 26 26 1c 1a 26 26 02 f1 13 21 2b 19 19 2b 21 13 13 21 2b 19 19 2b 21 13 38 25 1b 1a 27 27 1a 1b 25 00 00 00 00 01 ff 4c 03 0e 00 b4 03 8b 00 19 00 27 00 b8 00 10 2f b8 00 18 d0 b8 00 15 dc b9 00 03 00 04 f4 b8 00 10 10 b9 00 08 00 04 f4 b8 00 03 10 b8 00 0b d0 30 31 03 3e 01 33 32 1e 02 33 32 36 37 33 07 0e 01 23 22 2e 02 23 22 06 07 23 b1 08 3f 29 15 24 21 1c 0c 12 14 05 48 03 08 3f 29 15 25 21 1b 0c 12 14 06 47 03 24 30 37 Data Ascii: -:0u-,.4*)>5Qz/01".54>32'2654&#",!!,,!!,&&&&!++!!++!8%''%L'/01>3232673#".#"#?)$!H?)%!G$07
2024-07-04 22:38:29 UTC	16384	IN	Data Raw: ff e8 01 1d 00 27 01 1e 00 2a 01 20 00 2c 01 22 ff e8 01 23 00 13 01 35 ff f7 01 3a ff e3 00 1d 00 09 ff e6 00 0d ff f7 00 17 ff e7 00 19 ff f1 00 22 ff fc 00 23 ff e1 00 3b 00 02 00 3f 00 07 00 42 00 11 00 59 ff ce 00 75 ff d5 00 a4 ff f6 00 aa 00 2e 00 ac 00 0c 00 ad 00 22 00 ae ff d8 00 b5 ff db 00 de ff fc 01 07 ff d2 01 1d 00 2f 01 1e 00 30 01 20 00 13 01 23 00 08 01 2a ff e6 01 51 ff e1 01 f3 ff e9 01 f7 00 22 02 8e 00 02 02 91 ff c9 00 20 00 9d ff d4 00 9e ff 92 00 a2 ff 90 00 a6 ff 9d 00 a9 ff 9c 00 aa 00 2e 00 ab ff c4 00 ac 00 11 00 ad 00 23 00 b0 ff 9e 00 b3 ff 8a 00 b4 ff 9c 00 b6 ff b0 00 b9 ff b0 01 0c ff 94 01 11 ff 94 01 12 ff 95 01 16 ff 92 01 1a ff f5 01 1c ff ac 01 1d 00 2e 01 1e 00 2f 01 20 00 18 01 22 ff ac 01 23 00 09 01 30 ff 95 01 Data Ascii: '* ,"#5:"#;?BYu."/0 #*Q" .#./ "#0
2024-07-04 22:38:29 UTC	16384	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff f7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff fa ff e2 ff e8 ff d6 ff fa 00 00 00 00 00 00 00 Data Ascii:
2024-07-04 22:38:29 UTC	16384	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff be ff dc ff ad 00 00 ff e4 ff ce 00 00 00 00 00 00 00 00 00 00 ff dc ff f3 ff ea ff db 00 00 ff fa ff e7 ff f0 ff f5 00 00 ff f3 ff e9 00 00 ff f5 ff e5 ff d7 ff f4 00 00 ff e0 ff f6 ff c5 ff f2 ff ce ff e9 ff ce 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff Data Ascii:
2024-07-04 22:38:29 UTC	13664	IN	Data Raw: 00 00 00 00 00 00 ff cd 00 00 00 00 ff a7 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff db 00 00 ff ef ff d2 ff c7 00 00 00 00 ff ed 00 00 00 05 00 00 ff f5 00 00 00 00 00 00 00 00 ff d9 00 00 00 00 00 02 00 00 00 00 ff d8 ff cf 00 00 ff bd 00 00 ff cf 00 00 00 00 00 00 ff e1 00 00 ff fd 00 00 00 00 00 00 00 00 00 00 00 00 ff e6 ff f7 ff e1 00 07 ff e9 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff d5 ff c9 ff fc 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff fd ff da ff ec ff d6 ff d2 00 00 00 00 00 00 ff c9 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.6	49732	91.215.85.65	443	6212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-04 22:38:30 UTC	357	OUT	GET /metamask-fox.svg HTTP/1.1 Host: pradeeprunner.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-04 22:38:30 UTC	284	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Thu, 04 Jul 2024 22:38:30 GMT Content-Type: image/svg+xml Content-Length: 3231 Last-Modified: Sun, 30 Jun 2024 17:52:51 GMT Connection: close ETag: "66819b73-c9f" Strict-Transport-Security: max-age=31536000; Accept-Ranges: bytes
2024-07-04 22:38:30 UTC	3231	IN	Data Raw: 3c 73 76 67 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 68 65 69 67 68 74 3d 22 33 33 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 33 35 20 33 33 22 20 77 69 64 74 68 3d 22 33 35 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 3e 3c 67 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3d 22 72 6f 75 6e 64 22 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 6a 6f 69 6e 3d 22 72 6f 75 6e 64 22 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 2e 32 35 22 3e 3c 70 61 74 68 20 64 3d 22 6d 33 32 2e 39 35 38 32 20 31 2d 31 33 2e 31 33 34 31 20 39 2e 37 31 38 33 20 32 2e 34 34 32 34 2d 35 2e 37 32 37 33 31 7a 22 20 66 69 6c 6c 3d 22 23 65 31 37 37 32 36 22 20 73 74 72 6f 6b 65 3d 22 23 65 31 37 37 32 36 22 2f 3e 3c 67 20 66 69 6c Data Ascii: <svg fill="none" height="33" viewBox="0 0 35 33" width="35" xmlns="http://www.w3.org/2000/svg"><g stroke-linecap="round" stroke-linejoin="round" stroke-width=".25"><path d="m32.9582 1-13.1341 9.7183 2.4424-5.72731z" fill="#e17726" stroke="#e17726"/><g fil

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.6	49733	91.215.85.65	443	6212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-04 22:38:30 UTC	604	OUT	GET /files_meta/Roboto-Regular.ttf HTTP/1.1 Host: pradeeprunner.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://pradeeprunner.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://pradeeprunner.com/files_meta/first_style.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-04 22:38:31 UTC	288	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Thu, 04 Jul 2024 22:38:31 GMT Content-Type: font/ttf Content-Length: 145348 Connection: close Last-Modified: Sun, 30 Jun 2024 17:52:51 GMT ETag: "237c4-61c1f26399234" Accept-Ranges: bytes Strict-Transport-Security: max-age=31536000;
2024-07-04 22:38:31 UTC	16096	IN	Data Raw: 00 01 00 00 00 11 01 00 00 04 00 10 47 50 4f 53 2a cb e6 87 00 01 de bc 00 00 53 ba 47 53 55 42 6e 02 55 a6 00 02 32 78 00 00 05 4a 4c 54 53 48 a6 14 a2 1d 00 00 12 24 00 00 04 0f 4f 53 2f 32 b9 c7 01 3b 00 00 01 98 00 00 00 60 63 6d 61 70 52 7f 37 d3 00 00 16 34 00 00 04 54 63 76 74 20 1e e0 02 54 00 00 1d e0 00 00 00 30 66 70 67 6d 2f e6 4e ab 00 00 1a 88 00 00 01 bc 67 61 73 70 00 08 00 13 00 01 de b0 00 00 00 0c 67 6c 79 66 cd 5e 32 3b 00 00 26 28 00 01 90 4c 68 65 61 64 ff 11 cf ae 00 00 01 1c 00 00 00 36 68 68 65 61 0d 13 0a 36 00 00 01 54 00 00 00 24 68 6d 74 78 7a 3c 75 33 00 00 01 f8 00 00 10 2c 6c 6f 63 61 54 05 b7 aa 00 00 1e 10 00 00 08 18 6d 61 78 70 06 38 03 93 00 00 01 78 00 00 00 20 6e 61 6d 65 96 3e a7 68 00 01 b6 74 00 00 04 83 70 6f 73 Data Ascii: GPOS*SGSUBnU2xJLTSH$OS/2;`cmapR74Tcvt T0fpgm/Ngaspglyf^2;&(Lhead6hhea6T$hmtxz<u3,locaTmaxp8x name>htpos
2024-07-04 22:38:31 UTC	16384	IN	Data Raw: 00 01 00 b4 00 00 05 01 05 b0 00 0b 00 78 00 b0 00 45 58 b0 06 2f 1b b1 06 0c 3e 59 b0 00 45 58 b0 0a 2f 1b b1 0a 0c 3e 59 b0 00 45 58 b0 00 2f 1b b1 00 06 3e 59 b0 00 45 58 b0 04 2f 1b b1 04 06 3e 59 b0 06 10 b0 02 d0 b2 4b 02 01 5d b2 5c 02 01 5d 40 09 6b 02 7b 02 8b 02 9b 02 04 5d b2 39 02 01 5d b0 00 10 b0 08 d0 b2 36 08 01 5d 40 0d 44 08 54 08 64 08 74 08 84 08 94 08 06 5d b2 54 09 01 5d 30 31 21 23 01 07 11 23 11 33 01 37 11 33 05 01 c5 fd 43 06 c5 c5 02 bd 06 c5 04 66 02 fb 9c 05 b0 fb 9c 02 04 62 00 00 00 02 00 71 ff eb 05 02 05 c5 00 0d 00 1b 00 3b 00 b0 00 45 58 b0 0a 2f 1b b1 0a 0c 3e 59 b0 00 45 58 b0 03 2f 1b b1 03 06 3e 59 b0 0a 10 b1 11 03 b0 0a 2b 58 21 d8 1b f4 59 b0 03 10 b1 18 03 b0 0a 2b 58 21 d8 1b f4 59 30 31 01 10 00 21 22 00 11 11 Data Ascii: xEX/>YEX/>YEX/>YEX/>YK]\]@k{]9]6]@DTdt]T]01!##373Cfbq;EX/>YEX/>Y+X!Y+X!Y01!"
2024-07-04 22:38:31 UTC	16384	IN	Data Raw: 01 72 b4 df 1a ef 1a 02 71 b2 5f 1a 01 72 b4 2f 1a 3f 1a 02 72 30 31 00 ff ff 00 14 00 00 05 1a 06 fa 02 26 00 24 00 00 01 07 00 71 00 b4 01 4a 00 06 00 b0 0c 2f 30 31 ff ff 00 6a ff eb 03 f3 05 b8 02 26 00 44 00 00 00 06 00 71 4d 08 00 00 ff ff 00 14 00 00 05 1a 07 4e 02 26 00 24 00 00 01 07 01 54 00 eb 01 9e 00 10 00 b0 00 45 58 b0 10 2f 1b b1 10 12 3e 59 30 31 00 00 ff ff 00 6a ff eb 03 f3 06 0c 02 26 00 44 00 00 01 06 01 54 7f 5c 00 36 00 b2 00 30 01 71 b2 b0 30 01 71 b2 00 30 01 72 b2 8f 30 01 71 b2 20 30 01 72 b4 d0 30 e0 30 02 71 b2 90 30 01 71 b6 60 30 70 30 80 30 03 5d b2 20 30 01 5d 30 31 00 00 ff ff 00 14 fe 50 05 51 05 b0 02 26 00 24 00 00 00 07 01 57 03 7e 00 00 ff ff 00 6a fe 50 04 2a 04 4e 02 26 00 44 00 00 00 07 01 57 02 57 00 00 ff ff 00 Data Ascii: rq_r/?r01&$qJ/01j&DqMN&$TEX/>Y01j&DT\60q0q0r0q 0r00q0q`0p00] 0]01PQ&$W~jP*N&DWW
2024-07-04 22:38:31 UTC	16384	IN	Data Raw: 3e 59 b1 04 02 b0 0a 2b 58 21 d8 1b f4 59 30 31 01 11 14 16 33 32 36 35 26 02 27 33 16 12 15 14 02 23 22 26 35 11 01 52 8a 75 89 87 03 42 37 ce 33 40 de ed dd f1 04 3a fd 9c af a2 fd b0 7e 01 02 88 6b fe fd 9a ff fe b8 f2 fb 02 62 00 00 00 00 02 00 53 fe 22 05 57 04 3a 00 18 00 21 00 54 00 b0 07 2f b0 00 45 58 b0 00 2f 1b b1 00 0a 3e 59 b0 00 45 58 b0 0f 2f 1b b1 0f 0a 3e 59 b0 00 45 58 b0 09 2f 1b b1 09 06 3e 59 b0 06 d0 b0 09 10 b1 16 03 b0 0a 2b 58 21 d8 1b f4 59 b0 00 10 b1 1c 03 b0 0a 2b 58 21 d8 1b f4 59 b0 16 10 b0 1e d0 30 31 01 32 00 15 14 00 05 11 23 11 24 00 35 34 12 37 33 06 02 07 14 16 17 37 11 01 26 26 07 07 11 17 36 36 03 2e e4 01 45 fe f1 fe e6 c5 fe ee fe fc 40 34 ce 39 42 02 a3 a8 06 02 29 04 ba a0 06 06 b1 ad 04 3a fe bf ed da fe d5 17 Data Ascii: >Y+X!Y013265&'3#"&5RuB73@:~kbS"W:!T/EX/>YEX/>YEX/>Y+X!Y+X!Y012#$54737&&66.E@49B):
2024-07-04 22:38:31 UTC	16384	IN	Data Raw: 55 1e 7f 2f a4 6f 81 80 95 77 85 86 9b 03 a5 94 12 f5 f3 14 00 02 00 49 fe 44 03 79 06 1a 00 2c 00 35 00 c4 00 b0 2c 2f b0 1d 2f b0 00 45 58 b0 08 2f 1b b1 08 0a 3e 59 b0 00 45 58 b0 16 2f 1b b1 16 06 3e 59 b0 08 10 b1 07 02 b0 0a 2b 58 21 d8 1b f4 59 b2 5f 2c 01 5d b4 bf 2c cf 2c 02 5d b4 2f 2c 3f 2c 02 71 b2 9f 2c 01 71 b2 ff 2c 01 71 b2 0f 2c 01 72 b2 3f 2c 01 72 b4 cf 2c df 2c 02 71 b2 6f 2c 01 71 b2 ff 2c 01 5d b2 9f 2c 01 5d b2 2f 2c 01 5d b4 6f 2c 7f 2c 02 72 b0 2c 10 b1 2b 02 b0 0a 2b 58 21 d8 1b f4 59 b2 0f 2b 2c 11 12 39 b0 16 10 b1 23 02 b0 0a 2b 58 21 d8 1b f4 59 b0 08 10 b0 32 b0 0a 2b 58 d8 1b dc 59 b0 2d b0 0a 2b 58 d8 1b dc 59 b0 2e b0 0a 2b 58 d8 1b dc 59 b0 35 d0 30 31 01 32 36 35 34 26 23 21 35 21 32 16 15 14 06 07 16 16 15 14 06 23 23 Data Ascii: U/owIDy,5,//EX/>YEX/>Y+X!Y_,],,]/,?,q,q,q,r?,r,,qo,q,],]/,]o,,r,++X!Y+,9#+X!Y2+XY-+XY.+XY5012654&#!5!2##
2024-07-04 22:38:31 UTC	16384	IN	Data Raw: 1b f4 59 b0 16 10 b1 15 02 b0 0a 2b 58 21 d8 1b f4 59 b2 1d 0c 0d 11 12 39 b0 03 10 b1 22 04 b0 0a 2b 58 21 d8 1b f4 59 30 31 25 03 23 13 23 26 26 35 35 34 26 23 23 35 33 32 36 35 34 26 23 21 35 21 32 16 15 14 06 07 16 16 1d 02 33 03 d1 96 75 39 3d 29 15 89 74 dc a2 a7 95 8f 98 fe ee 01 12 ef fc 75 6f 77 69 88 2e fe ce 01 04 23 83 47 84 76 91 9a 7f 82 7a 88 9b d4 cb 70 a6 30 28 b0 80 88 10 00 00 01 00 7b fe e8 03 c1 04 3a 00 22 00 54 00 b0 0c 2f b0 00 45 58 b0 16 2f 1b b1 16 0a 3e 59 b0 00 45 58 b0 04 2f 1b b1 04 06 3e 59 b0 0c 10 b1 0d 02 b0 0a 2b 58 21 d8 1b f4 59 b0 16 10 b1 15 02 b0 0a 2b 58 21 d8 1b f4 59 b2 1d 0c 0d 11 12 39 b0 04 10 b1 21 04 b0 0a 2b 58 21 d8 1b f4 59 30 31 25 03 23 13 23 26 26 35 35 34 26 23 23 35 33 32 36 35 34 26 23 21 35 21 32 Data Ascii: Y+X!Y9"+X!Y01%##&&554&##532654&#!5!23u9=)tuowi.#Gvzp0({:"T/EX/>YEX/>Y+X!Y+X!Y9!+X!Y01%##&&554&##532654&#!5!2
2024-07-04 22:38:31 UTC	16384	IN	Data Raw: 3e 59 b0 00 45 58 b0 12 2f 1b b1 12 06 3e 59 b2 bf 00 01 71 b2 2f 00 01 71 b2 20 00 01 5d b0 00 10 b1 1b 02 b0 0a 2b 58 21 d8 1b f4 59 b2 0a 00 1b 11 12 39 b0 03 10 b1 22 02 b0 0a 2b 58 21 d8 1b f4 59 30 31 01 11 23 11 21 32 16 15 14 06 07 16 16 15 15 14 16 17 15 23 26 26 35 35 34 26 23 25 21 32 36 35 34 26 23 21 01 5e c5 01 cd cd e1 63 60 68 5b 0b 0d cb 0c 06 68 62 fe d9 01 08 78 70 71 77 fe f8 01 df fe 21 04 8d b4 a2 59 7e 27 1e 90 69 76 2d 56 16 13 17 62 34 74 5a 64 9a 5e 58 5c 69 00 00 02 00 70 ff 8a 04 9a 04 9d 00 13 00 21 00 42 00 b0 00 45 58 b0 10 2f 1b b1 10 0e 3e 59 b0 00 45 58 b0 09 2f 1b b1 09 06 3e 59 b2 03 09 10 11 12 39 b0 10 10 b1 17 02 b0 0a 2b 58 21 d8 1b f4 59 b0 09 10 b1 1e 02 b0 0a 2b 58 21 d8 1b f4 59 30 31 01 14 06 07 17 07 27 06 06 Data Ascii: >YEX/>Yq/q ]+X!Y9"+X!Y01#!2#&&554&#%!2654&#!^c`h[hbxpqw!Y~'iv-Vb4tZd^X\ip!BEX/>YEX/>Y9+X!Y+X!Y01'
2024-07-04 22:38:31 UTC	16384	IN	Data Raw: 02 0a 02 0b 02 0c 02 0d 02 0e 02 0f 02 10 02 11 02 12 02 13 02 14 02 15 02 16 02 17 02 18 02 19 02 1a 02 1b 02 1c 02 1d 02 1e 02 1f 02 20 02 21 02 22 02 23 02 24 02 25 02 26 02 27 02 28 02 29 02 2a 02 2b 02 2c 02 2d 02 2e 02 2f 02 30 02 31 02 32 02 33 02 34 02 35 02 36 02 37 02 38 02 39 02 3a 02 3b 02 3c 02 3d 02 3e 02 3f 02 40 02 41 02 42 02 43 02 44 02 45 02 46 02 47 02 48 02 49 02 4a 02 4b 02 4c 02 4d 02 4e 02 4f 02 50 02 51 02 52 02 53 02 54 02 55 02 56 02 57 02 58 02 59 02 5a 02 5b 02 5c 02 5d 02 5e 02 5f 02 60 02 61 02 62 02 63 02 64 02 65 02 66 02 67 02 68 02 69 02 6a 02 6b 02 6c 02 6d 02 6e 02 6f 02 70 02 71 02 72 02 73 02 74 02 75 02 76 02 77 02 78 02 79 02 7a 02 7b 02 7c 02 7d 02 7e 02 7f 02 80 02 81 02 82 02 83 02 84 02 85 02 86 02 87 02 88 02 Data Ascii: !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{\|}~
2024-07-04 22:38:31 UTC	14564	IN	Data Raw: ff df 01 85 ff df 01 ae ff e0 01 b0 ff e8 01 b5 00 10 01 b7 ff e0 01 bc 00 10 01 c0 00 14 01 c7 00 10 01 ca ff e8 01 cd ff e8 01 ce ff e0 01 d3 ff e1 01 d8 ff e0 01 e0 00 13 01 e7 00 10 01 f3 ff e0 02 05 00 10 02 0c ff e8 02 12 00 10 02 1e ff e8 02 20 ff e0 02 22 ff e0 02 24 ff e8 02 26 ff e8 02 28 ff e8 02 2a ff e8 02 2c ff e8 02 4b ff e0 02 53 ff e8 02 55 ff e8 02 57 ff e0 02 59 ff df 02 5b ff df 02 5f ff e0 02 61 ff e1 02 62 ff e0 02 63 ff e1 02 64 ff e0 02 68 ff e1 02 70 00 10 02 71 00 10 02 76 ff e1 02 77 ff e0 02 7b 00 10 02 7d 00 10 02 83 ff e9 02 91 ff e8 02 93 ff e8 02 95 ff e8 02 9f ff e1 02 a0 ff e0 02 af ff df 02 b1 ff de 02 b3 00 10 02 b7 ff e8 02 b9 ff df 02 bb ff f2 02 bd 00 10 02 be 00 10 02 bf 00 10 02 c9 00 10 02 cb 00 10 02 cd 00 10 02 Data Ascii: "$&(*,KSUWY[_abcdhpqvw{}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.6	49736	91.215.85.65	443	6212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-04 22:38:32 UTC	619	OUT	GET /files_meta/MetaMask_Fox.svg.png HTTP/1.1 Host: pradeeprunner.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pradeeprunner.com/auth.html Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-04 22:38:32 UTC	283	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Thu, 04 Jul 2024 22:38:32 GMT Content-Type: image/png Content-Length: 71622 Last-Modified: Sun, 30 Jun 2024 17:52:51 GMT Connection: close ETag: "66819b73-117c6" Strict-Transport-Security: max-age=31536000; Accept-Ranges: bytes
2024-07-04 22:38:32 UTC	16101	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 04 b0 00 00 04 b0 08 06 00 00 00 eb 21 b3 cf 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 20 63 48 52 4d 00 00 7a 26 00 00 80 84 00 00 fa 00 00 00 80 e8 00 00 75 30 00 00 ea 60 00 00 3a 98 00 00 17 70 9c ba 51 3c 00 00 00 06 62 4b 47 44 00 ff 00 ff 00 ff a0 bd a7 93 00 00 80 00 49 44 41 54 78 da ec fd 79 9c 5c d5 7d ef fd 7e d7 de d5 73 4b ad a9 5b f3 3c 82 3c 86 d8 18 34 18 30 66 70 3c 80 6d e1 18 1b 1c 67 20 af e7 dc eb dc 38 09 0d c9 b9 e7 39 ba 67 b0 51 0b 3f ce 79 f2 e4 75 12 12 27 36 c4 4c c2 d8 06 db 80 cc 20 d4 12 98 41 c6 12 08 24 b5 c6 56 6b e8 6a a9 5b 3d 77 55 ed bd d7 fd a3 04 68 e8 96 7a a8 61 57 ed cf fb f5 ca 39 2f 30 88 ee ef de 7b d5 5a bf 5a bf b5 25 00 00 00 00 00 00 00 Data Ascii: PNGIHDR!gAMAa cHRMz&u0`:pQ<bKGDIDATxy\}~sK[<<40fp<mg 89gQ?yu'6L A$Vkj[=wUhzaW9/0{ZZ%
2024-07-04 22:38:32 UTC	16384	IN	Data Raw: 59 bc 4a fa d2 33 4d 9e 9e dd 47 f1 0a 40 b4 58 cb 1a 15 ef a3 80 85 33 06 07 ce c1 02 10 2d 7e 20 6d 3e e0 eb 57 bb 7d 25 fc e2 5b f5 f2 36 42 44 4d 31 be c0 a0 ad c7 ea 91 1d 9e 9a 4e 70 50 3b 80 e8 31 0e 6b 54 bc 8f 02 16 de 63 65 39 1c 0f 40 24 ed 6d 0f f4 d0 76 4f c7 7b 8a 6b 81 98 4c 0d fe 56 46 a0 18 05 36 7d ce 5d f1 cc cb a4 ed c7 03 6d d8 e9 a9 73 80 27 19 40 54 c7 76 de 40 88 f7 51 c0 c2 7b 0e 4d 8b ef 94 d4 4b 12 00 a2 a8 2b 21 fd e4 ad 74 4b 61 b1 2c 15 ad 95 52 ec c2 42 44 24 8a a8 7d 30 e9 5b 3d bd c7 57 e3 01 5f 01 67 b5 03 88 ae be 6a 37 fe 36 31 e0 5d 14 b0 f0 9e 0d 1b e4 4b 7a 83 24 00 44 95 6f d3 2d 85 bf dc ed 69 a0 48 ce 8f 4a f0 36 42 44 44 b1 dc eb ad 3d 56 0f 6f f7 b4 ef 24 95 2b 00 91 f7 db b5 9b c4 89 9e 78 0f 05 2c 9c c5 88 43 Data Ascii: YJ3MG@X3-~ m>W}%[6BDM1NpP;1kTce9@$mvO{kLVF6}]ms'@Tv@Q{MK+!tKa,RBD$}0[=W_gj761]Kz$Do-iHJ6BDD=Vo$+x,C
2024-07-04 22:38:33 UTC	16384	IN	Data Raw: a4 55 0b cc 44 2f 2b 57 4b 3a 88 37 1a a3 e6 d7 1b b7 03 91 9f 64 18 a9 b7 9b 38 24 c9 68 41 aa 92 c0 42 0c c6 2e 4a 09 d1 28 81 95 f6 8e 58 3d 3e 58 2f 37 dc 33 62 65 6d 33 ee 5b f3 d9 9b 1e de 7b 3d 11 47 ac c7 67 42 80 b8 7b df 05 cb 4e 09 8c fd 9e a4 25 f3 fd 5e 1d 69 e9 d4 25 f5 5e 56 eb 16 3b ca 7a c4 17 8d 45 e9 20 e2 66 61 37 b3 8d d8 0f 5a 47 5c df 91 71 a9 56 23 2c 88 3e 4a 09 d1 2c c3 45 e9 a9 7d 81 9e de 6f f5 c4 60 a0 8a df 88 a1 d8 3e d8 31 b4 f4 f2 fe 9f fd 8c fd fb 88 35 86 64 24 c2 7b d6 2f b9 d0 04 e6 01 49 99 59 bd 41 8c b4 bc bb 5e 16 78 c6 12 a3 e5 dd 34 60 47 73 d1 00 19 71 d3 db 2d c6 cd 04 39 48 02 1e 31 42 29 21 9a ad ea 4b cf 0e 5b 3d 31 10 e8 97 03 81 86 8b 73 5a d0 ff bc ec 56 ce ff 9b 07 87 87 89 28 e2 8e 29 25 12 e3 86 8b 96 Data Ascii: UD/+WK:7d8$hAB.J(X=>X/73bem3[{=GgB{N%^i%^V;zE fa7ZG\qV#,>J,E}o`>15d${/IYA^x4`Gsq-9H1B)!K[=1sZV()%
2024-07-04 22:38:33 UTC	16384	IN	Data Raw: a5 8c 30 c1 78 0c 25 7a 66 69 af 22 08 00 da 3b 0e 11 82 58 5d 4e c3 ae ba f8 af 1b 66 fe a5 24 a8 01 00 4d f0 b2 e2 87 56 9c 44 18 92 89 04 56 42 8d f6 2f 5b 2a 99 f3 89 04 00 a0 91 66 d5 f3 88 fc 46 f4 cc a2 6f 1d 09 2c 00 40 33 9e 44 56 0e 1b 31 12 8a 04 56 52 2f 7c 2a f5 26 49 b4 56 05 00 34 d4 ac 7a 1e b1 03 2f 7a 66 71 79 e9 89 06 00 68 0a 23 ca 08 13 8a 04 56 52 df f3 41 f0 56 a2 00 00 68 b4 59 ed ba 21 bf 11 6b 34 70 07 00 34 c9 f9 e3 1f 3e 69 05 61 48 1e 12 58 09 34 fe e1 c5 2b ac 63 2e 20 12 00 80 46 f3 3c 62 10 67 76 86 59 47 63 24 97 1d 76 00 80 e6 30 95 4a f5 43 84 21 79 48 60 25 50 ad 98 7a 31 73 4a 00 40 53 66 94 c6 ca 99 e9 ec 82 87 51 04 2f f0 cc be 6c d6 27 52 02 00 30 ab f9 86 79 21 51 48 1e 12 58 09 d4 fd 1b bb 1f a8 d6 4c 99 48 00 00 Data Ascii: 0x%zfi";X]Nf$MVDVB/[fFo,@3DV1VR/\|&IV4z/zfqyh#VRAVhY!k4p4>iaHX4+c. F<bgvYGc$v0JC!yH`%Pz1sJ@SfQ/l'R0y!QHXLH
2024-07-04 22:38:33 UTC	6369	IN	Data Raw: 9e e5 0e 8b b7 5d fd 2b f3 76 4c e7 1d 51 6e f8 52 a2 92 f0 85 bf b1 ff b5 ef a6 5d 7f 4f 24 10 e9 fb 98 10 20 ea 76 bf 7f f9 12 df 77 f7 88 23 87 93 66 5c 46 df b5 81 b9 2b 65 ab 77 2c ff f8 de 5f 13 92 e4 b9 fb ee bf cd e4 8b 5d ff 47 b2 d7 b6 eb 35 b8 ae ab 7c 36 a7 5c 36 27 13 83 a7 2a 09 2c 84 85 eb ba 5a dc bb 30 fa bf 88 95 4a 95 92 c6 0b 05 d5 7c bf 65 3f f3 f8 59 be fd d7 b4 df f5 f6 f3 ae b9 86 37 78 02 6d ff c0 49 2b bc 6a ed d5 72 74 85 ac 36 4a ea 25 2a c9 e2 05 b5 53 98 2f 23 ea 48 60 21 16 76 dc d0 f7 7d 49 bf 49 24 62 ed 70 59 a0 02 6d 1d ee ec 7d f8 ac fe 9f 55 08 0b 24 e9 a1 7f fb ec 1f 58 e9 ef 25 79 ed 7a 0d 8e 71 94 cb 65 95 cf e5 e4 98 e8 e6 d3 47 c7 c7 55 28 16 b8 a9 d0 fe c5 96 e7 6a d1 82 e8 26 b0 ac b5 2a 96 4a 2a 14 8b f2 03 bf Data Ascii: ]+vLQnR]O$ vw#f\F+ew,_]G5\|6\6',Z0J\|e?Y7xmI+jrt6J%S/#H`!v}II$bpYm}U$X%yzqeGU(j&J

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.6	49737	91.215.85.65	443	6212	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-04 22:38:33 UTC	372	OUT	GET /files_meta/MetaMask_Fox.svg.png HTTP/1.1 Host: pradeeprunner.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-04 22:38:34 UTC	283	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Thu, 04 Jul 2024 22:38:34 GMT Content-Type: image/png Content-Length: 71622 Last-Modified: Sun, 30 Jun 2024 17:52:51 GMT Connection: close ETag: "66819b73-117c6" Strict-Transport-Security: max-age=31536000; Accept-Ranges: bytes
2024-07-04 22:38:34 UTC	16101	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 04 b0 00 00 04 b0 08 06 00 00 00 eb 21 b3 cf 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 20 63 48 52 4d 00 00 7a 26 00 00 80 84 00 00 fa 00 00 00 80 e8 00 00 75 30 00 00 ea 60 00 00 3a 98 00 00 17 70 9c ba 51 3c 00 00 00 06 62 4b 47 44 00 ff 00 ff 00 ff a0 bd a7 93 00 00 80 00 49 44 41 54 78 da ec fd 79 9c 5c d5 7d ef fd 7e d7 de d5 73 4b ad a9 5b f3 3c 82 3c 86 d8 18 34 18 30 66 70 3c 80 6d e1 18 1b 1c 67 20 af e7 dc eb dc 38 09 0d c9 b9 e7 39 ba 67 b0 51 0b 3f ce 79 f2 e4 75 12 12 27 36 c4 4c c2 d8 06 db 80 cc 20 d4 12 98 41 c6 12 08 24 b5 c6 56 6b e8 6a a9 5b 3d 77 55 ed bd d7 fd a3 04 68 e8 96 7a a8 61 57 ed cf fb f5 ca 39 2f 30 88 ee ef de 7b d5 5a bf 5a bf b5 25 00 00 00 00 00 00 00 Data Ascii: PNGIHDR!gAMAa cHRMz&u0`:pQ<bKGDIDATxy\}~sK[<<40fp<mg 89gQ?yu'6L A$Vkj[=wUhzaW9/0{ZZ%
2024-07-04 22:38:34 UTC	16384	IN	Data Raw: 59 bc 4a fa d2 33 4d 9e 9e dd 47 f1 0a 40 b4 58 cb 1a 15 ef a3 80 85 33 06 07 ce c1 02 10 2d 7e 20 6d 3e e0 eb 57 bb 7d 25 fc e2 5b f5 f2 36 42 44 4d 31 be c0 a0 ad c7 ea 91 1d 9e 9a 4e 70 50 3b 80 e8 31 0e 6b 54 bc 8f 02 16 de 63 65 39 1c 0f 40 24 ed 6d 0f f4 d0 76 4f c7 7b 8a 6b 81 98 4c 0d fe 56 46 a0 18 05 36 7d ce 5d f1 cc cb a4 ed c7 03 6d d8 e9 a9 73 80 27 19 40 54 c7 76 de 40 88 f7 51 c0 c2 7b 0e 4d 8b ef 94 d4 4b 12 00 a2 a8 2b 21 fd e4 ad 74 4b 61 b1 2c 15 ad 95 52 ec c2 42 44 24 8a a8 7d 30 e9 5b 3d bd c7 57 e3 01 5f 01 67 b5 03 88 ae be 6a 37 fe 36 31 e0 5d 14 b0 f0 9e 0d 1b e4 4b 7a 83 24 00 44 95 6f d3 2d 85 bf dc ed 69 a0 48 ce 8f 4a f0 36 42 44 44 b1 dc eb ad 3d 56 0f 6f f7 b4 ef 24 95 2b 00 91 f7 db b5 9b c4 89 9e 78 0f 05 2c 9c c5 88 43 Data Ascii: YJ3MG@X3-~ m>W}%[6BDM1NpP;1kTce9@$mvO{kLVF6}]ms'@Tv@Q{MK+!tKa,RBD$}0[=W_gj761]Kz$Do-iHJ6BDD=Vo$+x,C
2024-07-04 22:38:34 UTC	16384	IN	Data Raw: a4 55 0b cc 44 2f 2b 57 4b 3a 88 37 1a a3 e6 d7 1b b7 03 91 9f 64 18 a9 b7 9b 38 24 c9 68 41 aa 92 c0 42 0c c6 2e 4a 09 d1 28 81 95 f6 8e 58 3d 3e 58 2f 37 dc 33 62 65 6d 33 ee 5b f3 d9 9b 1e de 7b 3d 11 47 ac c7 67 42 80 b8 7b df 05 cb 4e 09 8c fd 9e a4 25 f3 fd 5e 1d 69 e9 d4 25 f5 5e 56 eb 16 3b ca 7a c4 17 8d 45 e9 20 e2 66 61 37 b3 8d d8 0f 5a 47 5c df 91 71 a9 56 23 2c 88 3e 4a 09 d1 2c c3 45 e9 a9 7d 81 9e de 6f f5 c4 60 a0 8a df 88 a1 d8 3e d8 31 b4 f4 f2 fe 9f fd 8c fd fb 88 35 86 64 24 c2 7b d6 2f b9 d0 04 e6 01 49 99 59 bd 41 8c b4 bc bb 5e 16 78 c6 12 a3 e5 dd 34 60 47 73 d1 00 19 71 d3 db 2d c6 cd 04 39 48 02 1e 31 42 29 21 9a ad ea 4b cf 0e 5b 3d 31 10 e8 97 03 81 86 8b 73 5a d0 ff bc ec 56 ce ff 9b 07 87 87 89 28 e2 8e 29 25 12 e3 86 8b 96 Data Ascii: UD/+WK:7d8$hAB.J(X=>X/73bem3[{=GgB{N%^i%^V;zE fa7ZG\qV#,>J,E}o`>15d${/IYA^x4`Gsq-9H1B)!K[=1sZV()%
2024-07-04 22:38:34 UTC	16384	IN	Data Raw: a5 8c 30 c1 78 0c 25 7a 66 69 af 22 08 00 da 3b 0e 11 82 58 5d 4e c3 ae ba f8 af 1b 66 fe a5 24 a8 01 00 4d f0 b2 e2 87 56 9c 44 18 92 89 04 56 42 8d f6 2f 5b 2a 99 f3 89 04 00 a0 91 66 d5 f3 88 fc 46 f4 cc a2 6f 1d 09 2c 00 40 33 9e 44 56 0e 1b 31 12 8a 04 56 52 2f 7c 2a f5 26 49 b4 56 05 00 34 d4 ac 7a 1e b1 03 2f 7a 66 71 79 e9 89 06 00 68 0a 23 ca 08 13 8a 04 56 52 df f3 41 f0 56 a2 00 00 68 b4 59 ed ba 21 bf 11 6b 34 70 07 00 34 c9 f9 e3 1f 3e 69 05 61 48 1e 12 58 09 34 fe e1 c5 2b ac 63 2e 20 12 00 80 46 f3 3c 62 10 67 76 86 59 47 63 24 97 1d 76 00 80 e6 30 95 4a f5 43 84 21 79 48 60 25 50 ad 98 7a 31 73 4a 00 40 53 66 94 c6 ca 99 e9 ec 82 87 51 04 2f f0 cc be 6c d6 27 52 02 00 30 ab f9 86 79 21 51 48 1e 12 58 09 d4 fd 1b bb 1f a8 d6 4c 99 48 00 00 Data Ascii: 0x%zfi";X]Nf$MVDVB/[fFo,@3DV1VR/\|&IV4z/zfqyh#VRAVhY!k4p4>iaHX4+c. F<bgvYGc$v0JC!yH`%Pz1sJ@SfQ/l'R0y!QHXLH
2024-07-04 22:38:34 UTC	6369	IN	Data Raw: 9e e5 0e 8b b7 5d fd 2b f3 76 4c e7 1d 51 6e f8 52 a2 92 f0 85 bf b1 ff b5 ef a6 5d 7f 4f 24 10 e9 fb 98 10 20 ea 76 bf 7f f9 12 df 77 f7 88 23 87 93 66 5c 46 df b5 81 b9 2b 65 ab 77 2c ff f8 de 5f 13 92 e4 b9 fb ee bf cd e4 8b 5d ff 47 b2 d7 b6 eb 35 b8 ae ab 7c 36 a7 5c 36 27 13 83 a7 2a 09 2c 84 85 eb ba 5a dc bb 30 fa bf 88 95 4a 95 92 c6 0b 05 d5 7c bf 65 3f f3 f8 59 be fd d7 b4 df f5 f6 f3 ae b9 86 37 78 02 6d ff c0 49 2b bc 6a ed d5 72 74 85 ac 36 4a ea 25 2a c9 e2 05 b5 53 98 2f 23 ea 48 60 21 16 76 dc d0 f7 7d 49 bf 49 24 62 ed 70 59 a0 02 6d 1d ee ec 7d f8 ac fe 9f 55 08 0b 24 e9 a1 7f fb ec 1f 58 e9 ef 25 79 ed 7a 0d 8e 71 94 cb 65 95 cf e5 e4 98 e8 e6 d3 47 c7 c7 55 28 16 b8 a9 d0 fe c5 96 e7 6a d1 82 e8 26 b0 ac b5 2a 96 4a 2a 14 8b f2 03 bf Data Ascii: ]+vLQnR]O$ vw#f\F+ew,_]G5\|6\6',Z0J\|e?Y7xmI+jrt6J%S/#H`!v}II$bpYm}U$X%yzqeGU(j&J

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.6	49742	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-07-04 22:38:47 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 37 78 52 4e 67 43 52 67 2f 45 6d 66 5a 63 58 4a 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 61 34 34 65 30 34 61 30 30 62 63 32 35 35 61 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 7xRNgCRg/EmfZcXJ.1Context: 7a44e04a00bc255a
2024-07-04 22:38:47 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-07-04 22:38:47 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 37 78 52 4e 67 43 52 67 2f 45 6d 66 5a 63 58 4a 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 61 34 34 65 30 34 61 30 30 62 63 32 35 35 61 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 54 6b 55 56 64 72 73 65 4b 34 67 32 65 6c 43 73 4b 72 64 78 70 31 56 58 58 70 4a 64 72 56 4a 33 75 74 42 49 37 37 43 32 78 4a 63 6d 79 5a 6c 46 37 42 45 4b 4d 38 32 79 35 78 33 63 76 45 78 55 48 33 42 76 66 70 37 72 6b 54 44 36 4e 37 7a 36 4e 4a 49 2f 2f 6a 55 57 7a 6c 46 63 45 65 35 6c 66 65 4f 67 6b 6c 38 4c 2f 50 73 44 51 Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: 7xRNgCRg/EmfZcXJ.2Context: 7a44e04a00bc255a<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAATkUVdrseK4g2elCsKrdxp1VXXpJdrVJ3utBI77C2xJcmyZlF7BEKM82y5x3cvExUH3Bvfp7rkTD6N7z6NJI//jUWzlFcEe5lfeOgkl8L/PsDQ
2024-07-04 22:38:47 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 37 78 52 4e 67 43 52 67 2f 45 6d 66 5a 63 58 4a 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 61 34 34 65 30 34 61 30 30 62 63 32 35 35 61 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: 7xRNgCRg/EmfZcXJ.3Context: 7a44e04a00bc255a
2024-07-04 22:38:47 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-07-04 22:38:47 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 33 38 72 35 50 6d 68 6b 47 55 69 30 5a 39 58 49 36 6a 50 6e 49 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 38r5PmhkGUi0Z9XI6jPnIQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.6	49743	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-07-04 22:38:49 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4d 44 50 73 68 49 32 57 78 6b 6d 71 42 39 56 78 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 36 34 65 34 34 63 62 63 31 66 30 64 32 33 39 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: MDPshI2WxkmqB9Vx.1Context: 864e44cbc1f0d239
2024-07-04 22:38:49 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-07-04 22:38:49 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 4d 44 50 73 68 49 32 57 78 6b 6d 71 42 39 56 78 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 36 34 65 34 34 63 62 63 31 66 30 64 32 33 39 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 54 6b 55 56 64 72 73 65 4b 34 67 32 65 6c 43 73 4b 72 64 78 70 31 56 58 58 70 4a 64 72 56 4a 33 75 74 42 49 37 37 43 32 78 4a 63 6d 79 5a 6c 46 37 42 45 4b 4d 38 32 79 35 78 33 63 76 45 78 55 48 33 42 76 66 70 37 72 6b 54 44 36 4e 37 7a 36 4e 4a 49 2f 2f 6a 55 57 7a 6c 46 63 45 65 35 6c 66 65 4f 67 6b 6c 38 4c 2f 50 73 44 51 Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: MDPshI2WxkmqB9Vx.2Context: 864e44cbc1f0d239<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAATkUVdrseK4g2elCsKrdxp1VXXpJdrVJ3utBI77C2xJcmyZlF7BEKM82y5x3cvExUH3Bvfp7rkTD6N7z6NJI//jUWzlFcEe5lfeOgkl8L/PsDQ
2024-07-04 22:38:49 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 4d 44 50 73 68 49 32 57 78 6b 6d 71 42 39 56 78 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 36 34 65 34 34 63 62 63 31 66 30 64 32 33 39 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: MDPshI2WxkmqB9Vx.3Context: 864e44cbc1f0d239<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-07-04 22:38:49 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-07-04 22:38:49 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 2f 55 36 43 51 39 4a 79 38 30 32 64 35 2b 70 4c 34 72 43 7a 34 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: /U6CQ9Jy802d5+pL4rCz4A.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.6	49745	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-07-04 22:39:15 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 34 34 70 42 37 42 62 49 6d 55 53 38 73 4c 70 36 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 62 36 65 66 37 36 66 36 35 30 34 30 34 64 37 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 44pB7BbImUS8sLp6.1Context: 5b6ef76f650404d7
2024-07-04 22:39:15 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-07-04 22:39:15 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 34 34 70 42 37 42 62 49 6d 55 53 38 73 4c 70 36 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 62 36 65 66 37 36 66 36 35 30 34 30 34 64 37 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 54 6b 55 56 64 72 73 65 4b 34 67 32 65 6c 43 73 4b 72 64 78 70 31 56 58 58 70 4a 64 72 56 4a 33 75 74 42 49 37 37 43 32 78 4a 63 6d 79 5a 6c 46 37 42 45 4b 4d 38 32 79 35 78 33 63 76 45 78 55 48 33 42 76 66 70 37 72 6b 54 44 36 4e 37 7a 36 4e 4a 49 2f 2f 6a 55 57 7a 6c 46 63 45 65 35 6c 66 65 4f 67 6b 6c 38 4c 2f 50 73 44 51 Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: 44pB7BbImUS8sLp6.2Context: 5b6ef76f650404d7<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAATkUVdrseK4g2elCsKrdxp1VXXpJdrVJ3utBI77C2xJcmyZlF7BEKM82y5x3cvExUH3Bvfp7rkTD6N7z6NJI//jUWzlFcEe5lfeOgkl8L/PsDQ
2024-07-04 22:39:15 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 34 34 70 42 37 42 62 49 6d 55 53 38 73 4c 70 36 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 62 36 65 66 37 36 66 36 35 30 34 30 34 64 37 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: 44pB7BbImUS8sLp6.3Context: 5b6ef76f650404d7
2024-07-04 22:39:15 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-07-04 22:39:15 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 47 2b 71 58 35 43 2f 54 72 30 53 32 73 6f 41 7a 32 43 78 34 6f 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: G+qX5C/Tr0S2soAz2Cx4oA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.6	49746	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-07-04 22:39:20 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 49 76 4c 53 76 52 59 77 35 30 2b 45 66 6b 4d 4f 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 34 61 32 31 34 66 64 62 32 64 61 63 63 63 61 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: IvLSvRYw50+EfkMO.1Context: 94a214fdb2daccca
2024-07-04 22:39:20 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-07-04 22:39:20 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 49 76 4c 53 76 52 59 77 35 30 2b 45 66 6b 4d 4f 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 34 61 32 31 34 66 64 62 32 64 61 63 63 63 61 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 54 6b 55 56 64 72 73 65 4b 34 67 32 65 6c 43 73 4b 72 64 78 70 31 56 58 58 70 4a 64 72 56 4a 33 75 74 42 49 37 37 43 32 78 4a 63 6d 79 5a 6c 46 37 42 45 4b 4d 38 32 79 35 78 33 63 76 45 78 55 48 33 42 76 66 70 37 72 6b 54 44 36 4e 37 7a 36 4e 4a 49 2f 2f 6a 55 57 7a 6c 46 63 45 65 35 6c 66 65 4f 67 6b 6c 38 4c 2f 50 73 44 51 Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: IvLSvRYw50+EfkMO.2Context: 94a214fdb2daccca<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAATkUVdrseK4g2elCsKrdxp1VXXpJdrVJ3utBI77C2xJcmyZlF7BEKM82y5x3cvExUH3Bvfp7rkTD6N7z6NJI//jUWzlFcEe5lfeOgkl8L/PsDQ
2024-07-04 22:39:20 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 49 76 4c 53 76 52 59 77 35 30 2b 45 66 6b 4d 4f 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 34 61 32 31 34 66 64 62 32 64 61 63 63 63 61 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: IvLSvRYw50+EfkMO.3Context: 94a214fdb2daccca<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-07-04 22:39:21 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-07-04 22:39:21 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 49 71 71 77 5a 4c 4f 6e 75 30 47 71 75 72 32 57 74 4b 62 2f 69 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: IqqwZLOnu0Gqur2WtKb/iA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.6	63246	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-07-04 22:39:49 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 6f 52 37 41 65 4e 59 43 55 45 47 75 70 69 34 6c 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 35 32 66 62 65 35 65 63 36 66 65 64 37 32 63 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: oR7AeNYCUEGupi4l.1Context: 752fbe5ec6fed72c
2024-07-04 22:39:49 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-07-04 22:39:49 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 6f 52 37 41 65 4e 59 43 55 45 47 75 70 69 34 6c 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 35 32 66 62 65 35 65 63 36 66 65 64 37 32 63 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 54 6b 55 56 64 72 73 65 4b 34 67 32 65 6c 43 73 4b 72 64 78 70 31 56 58 58 70 4a 64 72 56 4a 33 75 74 42 49 37 37 43 32 78 4a 63 6d 79 5a 6c 46 37 42 45 4b 4d 38 32 79 35 78 33 63 76 45 78 55 48 33 42 76 66 70 37 72 6b 54 44 36 4e 37 7a 36 4e 4a 49 2f 2f 6a 55 57 7a 6c 46 63 45 65 35 6c 66 65 4f 67 6b 6c 38 4c 2f 50 73 44 51 Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: oR7AeNYCUEGupi4l.2Context: 752fbe5ec6fed72c<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAATkUVdrseK4g2elCsKrdxp1VXXpJdrVJ3utBI77C2xJcmyZlF7BEKM82y5x3cvExUH3Bvfp7rkTD6N7z6NJI//jUWzlFcEe5lfeOgkl8L/PsDQ
2024-07-04 22:39:49 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 6f 52 37 41 65 4e 59 43 55 45 47 75 70 69 34 6c 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 35 32 66 62 65 35 65 63 36 66 65 64 37 32 63 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: oR7AeNYCUEGupi4l.3Context: 752fbe5ec6fed72c
2024-07-04 22:39:49 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-07-04 22:39:49 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 6b 45 2b 2f 6f 57 38 47 37 55 53 6e 35 6e 6d 65 4e 39 50 2b 4d 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: kE+/oW8G7USn5nmeN9P+MQ.0Payload parsing failed.

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 4544, Parent PID: 5728

General

Target ID:	0
Start time:	18:38:16
Start date:	04/07/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6212, Parent PID: 4544

General

Target ID:	2
Start time:	18:38:20
Start date:	04/07/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=2020,i,10851589543596432089,4364161167569099687,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6472, Parent PID: 5728

General

Target ID:	3
Start time:	18:38:22
Start date:	04/07/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://pradeeprunner.com/auth.html"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://pradeeprunner.com/auth.html

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4544_90434983\LICENSE

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4544_90434983\_metadata\verified_contents.json

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4544_90434983\manifest.fingerprint

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4544_90434983\manifest.json

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4544_90434983\sets.json

Chrome Cache Entry: 52

Chrome Cache Entry: 53

Chrome Cache Entry: 54

Chrome Cache Entry: 55

Chrome Cache Entry: 56

Chrome Cache Entry: 57

Chrome Cache Entry: 58

Chrome Cache Entry: 59

Chrome Cache Entry: 60

Chrome Cache Entry: 61

Chrome Cache Entry: 62

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Windows Analysis Report
https://pradeeprunner.com/auth.html