Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://corporativoentornomedico.com/natwes/natwest3/details.php

Overview

General Information

Sample URL:http://corporativoentornomedico.com/natwes/natwest3/details.php
Analysis ID:1448161
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected non-DNS traffic on DNS port
HTML body contains low number of good links
Invalid T&C link found
No HTML title found
None HTTPS page querying sensitive user data (password, username or email)
Submit button contains javascript call
Suspicious form URL found

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 2064 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • chrome.exe (PID: 3728 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 --field-trial-handle=2256,i,8095886379097499911,17251423474886775732,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • chrome.exe (PID: 2052 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://corporativoentornomedico.com/natwes/natwest3/details.php" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: http://corporativoentornomedico.com/natwes/natwest3/details.phpAvira URL Cloud: detection malicious, Label: phishing
Antivirus detection for URL or domain
Source: http://corporativoentornomedico.com/natwes/natwest3/security_files/exit-icon-white.svgAvira URL Cloud: Label: phishing
Source: http://corporativoentornomedico.com/natwes/natwest3/security_files/logo.pngAvira URL Cloud: Label: phishing
Source: http://corporativoentornomedico.com/natwes/natwest3/security_files/favicon.icoAvira URL Cloud: Label: phishing
Source: http://corporativoentornomedico.com/natwes/natwest3/security_files/RNHouseSansW03-Bold.woffAvira URL Cloud: Label: phishing
Source: http://corporativoentornomedico.com/natwes/natwest3/security_files/alert-icon.pngAvira URL Cloud: Label: phishing
Source: http://corporativoentornomedico.com/natwes/natwest3/security_files/overlayPrompt.cssAvira URL Cloud: Label: phishing
Source: http://corporativoentornomedico.com/natwes/natwest3/security_files/master.cssAvira URL Cloud: Label: phishing
Source: http://corporativoentornomedico.com/natwes/natwest3/security_files/datePicker.cssAvira URL Cloud: Label: phishing
Source: http://corporativoentornomedico.com/natwes/natwest3/security_files/npc.cssAvira URL Cloud: Label: phishing
Source: http://corporativoentornomedico.com/natwes/natwest3/security_files/jspostcode.jsAvira URL Cloud: Label: phishing
Source: http://corporativoentornomedico.com/natwes/natwest3/security_files/NPC_auralstyle.cssAvira URL Cloud: Label: phishing
Source: http://corporativoentornomedico.com/natwes/natwest3/security_files/master_print.cssAvira URL Cloud: Label: phishing
Source: http://corporativoentornomedico.com/natwes/natwest3/security_files/RNHouseSansW03-Regular.woffAvira URL Cloud: Label: phishing
Source: http://corporativoentornomedico.com/natwes/natwest3/security_files/overlayPromptMaster.cssAvira URL Cloud: Label: phishing
Source: http://corporativoentornomedico.com/natwes/natwest3/security_files/details.phpHTTP Parser: Number of links: 0
Source: http://corporativoentornomedico.com/natwes/natwest3/security_files/details.phpHTTP Parser: Invalid link: Legal Info
Source: http://corporativoentornomedico.com/natwes/natwest3/security_files/details.phpHTTP Parser: Invalid link: Privacy & Cookies
Source: http://corporativoentornomedico.com/natwes/natwest3/security_files/details.phpHTTP Parser: Invalid link: Accessibility
Source: http://corporativoentornomedico.com/natwes/natwest3/security_files/details.phpHTTP Parser: HTML title missing
Source: http://corporativoentornomedico.com/natwes/natwest3/security_files/details.phpHTTP Parser: Has password / email / username input fields
Source: http://corporativoentornomedico.com/natwes/natwest3/security_files/details.phpHTTP Parser: On click: logOutSession()
Source: http://corporativoentornomedico.com/natwes/natwest3/security_files/details.phpHTTP Parser: On click: JavaScript: timeOutWarningClose(); __doPostBack('ctl00$timeoutWarningBox$ctl00$TimeoutLightBox$ctl00$StaySignedButton','')
Source: http://corporativoentornomedico.com/natwes/natwest3/security_files/details.phpHTTP Parser: Form action: ../complete.php?&sessionid=e4579bf7e153343f515ad6d0e7f9a486&securessl=true
Source: http://corporativoentornomedico.com/natwes/natwest3/security_files/details.phpHTTP Parser: No favicon
Source: http://corporativoentornomedico.com/natwes/natwest3/security_files/details.phpHTTP Parser: No <meta name="author".. found
Source: http://corporativoentornomedico.com/natwes/natwest3/security_files/details.phpHTTP Parser: No <meta name="copyright".. found
Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49709 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49728 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:55905 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:55908 version: TLS 1.2
Source: global trafficTCP traffic: 192.168.2.6:55900 -> 162.159.36.2:53
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 27 May 2024 22:31:13 GMTServer: ApacheExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheSet-Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34; path=/Upgrade: h2,h2cConnection: Upgrade, Keep-AliveVary: Accept-EncodingContent-Encoding: gzipAccept-Ranges: noneContent-Length: 529Keep-Alive: timeout=5, max=75Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 95 52 5d 6f d3 30 14 7d a6 bf e2 ce 0f d3 86 9a b8 d5 84 44 59 5d 09 da 55 20 0d 98 20 d3 d8 53 e5 26 6e 63 cd 89 83 7d d3 74 ff 9e 1b 27 9d 0a dd 0b 79 88 7c bf ce 39 f7 63 30 3d 5b 7c 9f 27 8f 77 37 90 63 61 e0 ee fe d3 ed 97 39 b0 88 f3 87 ab 39 e7 8b 64 01 bf 3e 27 5f 6f 61 1c 8f 60 e9 64 a1 bc 42 ce 6f be 31 60 39 62 f5 81 f3 a6 69 e2 e6 2a b6 6e cb 93 1f 7c df e2 8c db c2 fe 19 6d fa aa 38 c3 8c cd 06 83 69 60 da 17 a6 f4 e2 15 8c f1 64 32 e9 4a d9 6c 9a 2b 99 cd a6 85 42 09 6d 66 a4 7e d7 7a 27 d8 dc 96 a8 4a 8c 92 e7 4a 31 48 3b 4b 30 54 7b e4 6d e5 35 a4 b9 74 c4 29 ee 93 65 f4 3e b0 fa d4 e9 0a e9 85 b9 f6 31 da 2a 36 36 95 a8 6d 09 67 42 40 f0 be 78 ce cf e1 e2 34 ef 9f ac cb 6b 82 e5 2f b8 40 df a9 d4 07 5d 66 b6 89 50 ba ad c2 23 ad 2b 42 26 5d a1 68 2d bd 82 dc a9 8d 60 31 83 2e f5 ef 0c d4 68 d4 8c da de 68 57 c0 a3 ad 1d 2c 88 49 1b 3f e5 5d ec 88 be a4 79 0b b6 d3 aa a9 ac 23 4e 9d 91 55 25 72 7b 44 df e8 0c 73 91 a9 9d 4e 55 14 8c 21 e8 52 a3 96 26 f2 a9 34 4a d0 c2 87 50 c8 bd 2e ea a2 77 bd 1b 42 ed 95 0b 96 5c b7 39 bd be 8e dc e8 f2 e9 d0 06 f7 2a ad 9d c6 e7 d5 46 1b e5 f9 46 12 93 2d 63 fa 31 70 ca 08 e6 73 12 97 d6 08 ad 9f ba a6 55 0a a6 0b b9 55 7c 1f 05 df 6c f0 e6 3f 31 4f a1 da 18 e1 d0 9e c2 29 d1 c2 0e e7 08 b6 34 56 d2 68 3c 0d 1c 97 6e 9e ab f4 c9 5f 5c 32 0a d4 7d 28 73 b6 fa 58 63 de 7a 53 6b e8 5e df 0e 47 ec b0 eb 80 14 a6 9b a2 19 8d 56 24 2f b8 48 41 bb 12 c1 7e f6 7a 61 d9 b9 43 74 6d 5d a6 9c 60 23 06 de a5 af b4 95 75 8b 8d ab fc b0 7e 52 7f 50 dd 76 10 4e 7c f6 07 3c a3 90 08 bb 03 00 00 Data Ascii: R]o0}DY]U S&nc}t'y|9c0=[|'w7ca99d>'_oa`dBo1`9bi*n|m8i`d2Jl+Bmf~z'JJ1H;K0T{m5t)e>1*66mgB@x4k/@]fP#+B&]h-`1.hhW,I?]y#NU%r{DsNU!R&4JP.wB\9*FF-c1psUU|l?1O)4Vh<n_\2}(sXczSk^GV$/HA~zaCtm]`#u~RPvN|<
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 27 May 2024 22:31:14 GMTServer: ApacheVary: Accept-EncodingContent-Encoding: gzipAccept-Ranges: noneContent-Length: 8419Keep-Alive: timeout=5, max=74Connection: Keep-AliveContent-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 dd 72 ed 72 db 48 b2 e5 6f f1 29 72 d0 d3 6a b9 a3 f9 21 7f b6 f9 75 d7 a2 e8 b1 67 28 59 2b ab ed 3b b1 b1 c1 28 a0 92 60 8d 0a 55 70 55 41 24 3d dd 11 fb 34 1b b1 4f b0 ff ef a3 ec 93 6c 16 00 52 24 45 91 94 3f e6 c6 2e 22 44 a1 0a 99 27 cf 39 79 2a ed 3f 9d be eb 5d fd fd a2 0f 63 97 48 b8 f8 ed 64 f0 b6 07 41 b5 5e ff f8 a4 57 af 9f 5e 9d c2 bf bf b9 3a 1b c0 71 ad 01 57 86 29 2b 9c d0 8a c9 7a bd 7f 1e 40 30 76 2e 6d d6 eb 93 c9 a4 36 79 52 d3 26 ae 5f 5d d6 a7 1e eb d8 37 97 af 55 b7 d4 59 e3 8e 07 dd 4a a5 9d 4f 9c 26 52 d9 ce 06 9c e3 97 2f 5f 16 ed 01 70 e6 58 35 b3 68 58 8c ca 75 82 33 fd 59 48 c9 ea cf 88 d4 d1 47 a1 b8 9e 58 38 bf 82 e7 b5 e3 16 d0 f9 f9 d3 16 4c 9f 3f 7d 04 af d2 54 e2 47 0c ff 26 5c fd d9 93 17 b5 27 cf e1 e8 6f 5e cf 2f 20 c5 35 c2 5f 30 ba d6 8f a0 37 36 3a c1 fa f3 e7 b5 46 ed c9 93 67 2f 6b c7 4f 5e c2 7b 36 62 46 94 6d 41 b7 3d 46 c6 3d ed 04 1d 03 cf b7 8a 9f 32 71 d3 09 7a 5a 39 a2 55 bd 9a a5 18 40 54 9c 3a 81 c3 a9 ab 7b fe 2d 88 c6 cc 58 74 9d df ae 5e 57 7f cd b5 db c8 88 d4 75 2b a3 4c 45 de 16 c0 24 75 b3 a3 47 f0 cf 4a 05 e8 b9 61 06 a6 ad fc 75 0a 1d e0 3a ca 12 42 ad c5 e8 fa 12 fd eb c9 ec 2d 3f 0a 46 99 94 43 c5 12 0c 1e d5 6e 98 cc b0 e8 11 23 38 a2 be 0e 04 81 87 84 f2 d9 0b c6 ba 99 44 9a 19 84 da 70 34 d5 48 4b 6d 9a 06 79 d0 aa 1c 1c ec 86 18 a2 31 da 2c 03 71 61 53 c9 66 4d 08 a5 8e ae 83 d6 82 8f 41 97 19 05 23 26 6d 49 fc 8f ca 41 e5 60 5f f1 8c 73 83 d6 7e 9d f4 5b 90 2f 14 5e 02 fc eb 64 47 c2 cd be 4e 73 89 f0 85 82 7d f7 bf 4e 6d aa ad 8b 34 ff ca 80 2f a1 7c a1 ea 39 c2 b7 51 ae 70 72 41 80 3d 02 24 88 68 8c d1 f5 fc 7c 74 1f 85 9f e6 14 7e 2a ad 78 d4 f2 70 de 8a 25 38 6f c7 41 65 9b 19 77 70 88 c1 12 40 ab 6c ff a3 fc 8f c4 7e 81 f9 9d 4d 16 8a 08 09 3e fc b6 66 ef 13 b3 44 87 42 e2 50 65 49 88 e6 eb b2 b6 0e f5 85 5e ac c0 fc eb 8c c0 84 09 f9 75 06 cc 21 be 50 78 de fe 95 82 2b 7f 54 da 75 1b 19 91 ba 6e a5 d2 9e bf 8d 32 15 39 a1 15 44 63 a6 62 3c f2 72 0a 6b ca 4e dc 66 cd 28 93 72 a8 58 82 77 ed 41 f8 53 e1 cf 3f 2b 07 5b bd 59 c6 58 48 db ee c7 a2 65 8b 27 4a 2b f4 28 7f ec af 86 71 6e d0 da af d0 72 8b b0 a7 92 b2 e1 db ea 88 84 9b 7d 85 88 b2 7d 4f 05 be fa db d2 4f b5 75 91 e6 5f 93 a9 25 88 3d 65 cc 3b f6 97 a2 70 72 41 4d 3d 6a a2 b2 68 8c d1 f5 fc 7c 74 df 98 9f e6 63 7e 2a b5 3d 22 bc ca 81 d7 b6 04 f7 08 fe e9 6f b7 29 bc 03 44 14 96 10 0a cb be b1 45 42 d1 24 c1 87 0f b0 2a a7 f1 80 d5 27 3a 14 12 87 2a 4b 42 34 5f b1 ff 75 9c 3d 15 ae b4 7d db 50 63 c2 84 fc 0a 45 f3 fe 3d 95 e4 e5 fb 29 a8 fc 51 a9 b4 eb 36 32 22 75 5d 7a 2d de c0 9a a8 13 d4 ea ff b0 f3 75 d7 fe 61 83 ee 72 61 82 8e 81 e0 9d 20 72 b2 d1 18 de a4 57 2c 0e 40 b1 04 3b c1 8d c0 49 aa 8d 0b 20 d2 ca 11 ad 4e 30 11
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 27 May 2024 22:31:14 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, Keep-AliveLast-Modified: Sat, 07 Jul 2018 04:46:44 GMTAccept-Ranges: noneVary: Accept-EncodingContent-Encoding: gzipContent-Length: 1879Keep-Alive: timeout=5, max=75Content-Type: application/javascriptData Raw: 1f 8b 08 00 00 00 00 00 00 03 b5 52 7f 4f 1b 49 12 fd 1f 89 ef 50 b2 22 61 07 b0 b1 4d b8 4d 38 74 32 4e 88 d8 db 0b 56 42 56 a7 04 56 6a cf d4 78 7a e9 e9 ee ed ee b1 f1 22 be fb 55 f7 fc b0 07 3b e1 72 a7 1d 84 3d ae ee 7a ef d5 ab d7 7b 79 f6 97 3f bb 3b bb 3b 23 ad 05 8f 98 e3 4a be 01 80 cf 8e 0b ee 96 70 91 cb c8 d7 e8 42 ee 52 65 fc 59 78 7e 56 a9 84 f7 cc c4 12 8d ef ff 15 8d 2d 7b fd f3 6b bf 7b b4 bb f3 96 39 ac 3b 00 fa 3f b9 14 3e a8 39 66 53 34 30 38 3a 1a d2 15 b4 91 e1 ba e6 b5 18 83 53 10 a5 18 dd 81 4b 11 e6 4c f0 d8 4b 51 09 30 f8 fc 4f d0 ca ba 48 c5 b8 8d 75 b0 85 d5 93 fe 8b 99 28 f5 8c af 36 18 cf 2f 26 57 35 a6 05 9e 69 81 19 4a 87 71 77 77 07 9a cf 35 e9 31 b9 a0 6b 91 92 11 1a c9 e5 0c 16 29 27 6c 26 74 ca a6 e8 78 44 da 99 61 91 23 69 c0 0c d2 89 50 0b 9a 8a cb f2 aa 66 c6 f9 69 fc 74 1b 14 95 12 58 20 f5 66 8a 3e ac 33 c4 43 92 c4 72 25 af 50 b7 e9 c0 f0 1b 0e 8c f2 59 6e dd 76 0b 3e e5 5a 2b d2 94 28 03 57 73 02 44 66 e1 1a 8d e1 4e 19 4e d3 b2 38 a6 01 9e 3e df 12 d0 df 10 30 18 9a 78 b5 83 9f 36 04 4c 8c 9a d2 58 e4 aa 31 48 ce c5 e4 14 8d 3f 5d 16 db 5f 99 22 95 03 83 2e 37 12 e3 03 60 32 86 bd f3 b7 83 21 bc fd f7 1e 2c 48 34 97 a1 81 8c da 30 d6 19 64 1e 99 6e f9 1e 18 fa 9e b6 4b 99 bc b3 30 41 5a 17 bc 37 6c 8e b6 f3 fd f9 8e b7 18 fc 37 32 f8 2a 72 aa 8c f5 eb 8d 01 c7 55 24 60 08 78 ef 50 c6 45 cc 43 36 60 4f 67 d2 cc ef 97 2b 3d 74 f4 33 8b 14 d0 c8 ef 8d 52 ae e3 95 6c d3 d2 df 98 d3 2f fb 13 6a 87 59 a1 a6 bf 79 65 7d df 23 39 cb b9 10 0c 54 b5 78 57 2e 7e b9 5a fb 06 c2 a6 94 57 df c8 dd 07 c2 ad 94 0c 36 95 68 8c 78 c2 23 b0 a5 a4 82 d2 0b 93 b8 80 f3 8b c9 55 bd 7c bb 11 bd 09 99 9a f9 cd d9 40 ea d4 38 c5 e8 0e 0e eb 16 b2 71 8a 10 f9 2a c6 dd 60 e1 75 ca 2d 24 b9 8c fc 6a 8a 23 1a 39 45 9f b4 1c 41 25 e1 87 ae 90 83 14 f6 34 86 54 cc 98 eb c2 35 5d b5 9a 45 48 34 6e 81 28 43 f3 ee 0e 97 0b 46 89 27 14 17 42 ea ab 2a 77 ab 22 69 50 21 1c 4c 50 8c 85 4b 55 3e 4b 7d 95 4b 8b c6 c7 94 27 21 ec d4 69 d0 67 96 87 a6 d0 5c 6a dc dd 51 09 59 c7 99 a8 85 75 fd 84 97 e5 08 95 58 3f af ca 65 c8 1b b9 c1 65 3d 4f 31 c6 41 b8 5e 5b 62 d0 e5 46 da 26 86 36 4a a3 11 4b 22 2d 9a bc c4 36 41 45 4c 73 c7 84 85 05 a7 65 af cf 19 fa aa e1 4b 43 42 cd a2 77 d7 03 4c 29 62 85 7f 5d b8 ac 86 5a d7 1d 23 66 b8 12 1e 29 63 30 72 85 fe 62 59 09 71 87 ab 85 6c da 72 11 8d 77 f7 2c d3 82 76 cf 84 78 53 94 c0 7b da 0e 1b 9f 10 c7 d8 73 b4 b3 65 f5 de e9 c0 43 91 4f 26 68 05 d0 6e 4d 2a 25 29 f9 df f4 ac d5 f1 57 1f 03 2a 7a 05 0f 5b 9b b8 6c 36 3d 9e 16 0c 4f 9f dd 9d c3 bf fc 79 d9 f3 e1 a8 d7 fc c4 07 a7 c6 be 10 3c f0 1a 7b 3d 98 a0 c9 78 58 b4 40 fa 32 7e 1d 1a 69 a1 b9 56 21 e8 dc f8 80 f0 00 c7 6
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 27 May 2024 22:31:14 GMTServer: ApacheLast-Modified: Sat, 07 Jul 2018 04:46:44 GMTAccept-Ranges: noneVary: Accept-EncodingContent-Encoding: gzipContent-Length: 85Keep-Alive: timeout=5, max=73Connection: Keep-AliveContent-Type: text/cssData Raw: 1f 8b 08 00 00 00 00 00 00 03 d3 0b f1 0f 08 d1 51 d0 f3 04 52 0a d5 0a 49 f9 45 29 a9 45 ba c9 f9 39 f9 45 56 0a ca 89 96 89 49 c9 29 d6 0a b5 bc 5c 7a 20 85 0a 19 46 7a 19 46 6e 39 89 c5 19 40 c5 30 55 86 6e 86 ae 66 86 d6 b5 00 ea eb 67 fb 4c 00 00 00 Data Ascii: QRIE)E9EVI)\z FzFn9@0UnfgL
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 27 May 2024 22:31:14 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, Keep-AliveLast-Modified: Sat, 07 Jul 2018 04:46:46 GMTAccept-Ranges: noneVary: Accept-EncodingContent-Encoding: gzipContent-Length: 623Keep-Alive: timeout=5, max=75Content-Type: text/cssData Raw: 1f 8b 08 00 00 00 00 00 00 03 cd 92 d1 4f db 30 10 c6 9f 87 c4 ff 70 13 9a d8 80 a4 69 ab 4e 5b f2 06 02 a9 4f 4c 82 f7 c9 49 ae b1 87 63 67 67 87 64 54 fd df 77 4e a1 45 a3 85 69 4f 6b 15 29 b1 ef fb fc dd f9 17 df 5e 7f bb 05 58 42 a7 4a 2f 53 98 26 93 a6 cf a0 11 65 a9 4c 95 c2 38 09 9f b5 a0 4a 99 14 12 ac 79 cf 3a e5 95 e5 4f 42 2d bc ba c7 0c 72 51 dc 55 64 5b 53 a6 70 b4 18 7e 19 ac 0e 0f e2 60 7f 78 b0 3c 3c 78 97 5b 2a 91 d8 b1 e9 c1 59 ad 4a c8 35 ab 32 de 8a 6a fb 10 e5 b6 8f 9c 14 a5 ed 38 05 d7 84 27 9c 0e 47 49 92 64 30 3a 81 2b 45 b8 b0 3d 9c 8c 82 a6 c3 fc 4e f9 bf 90 dd 88 85 20 05 c2 94 70 21 c9 d6 b8 36 78 5b 78 dd 20 09 5e 8b 67 a7 67 b0 68 7d 4b 08 39 d9 ce 21 b9 c1 6e 7e f9 f9 14 5a c7 83 e2 d7 e8 e2 e6 66 fa 98 6d dd 4f e8 37 22 51 aa d6 a5 30 0b 73 fc b3 89 4d 0f 3b 4b f7 06 df 59 fd 5a da b3 c1 c4 d8 0e 84 76 16 e6 c6 23 19 f4 70 d9 37 da 12 12 ec ec 23 fc df e5 28 c5 bd b2 7c 71 2d e9 8f e7 c4 46 6e f4 e3 e7 77 57 90 6a bc 1b 29 8c 0a e7 a6 b1 f4 c5 a7 21 c7 ad 54 0e 34 7a c7 5e 70 17 ce f4 16 0a a1 35 78 89 b0 96 81 35 10 56 50 63 8d 86 4b 3b a9 0a 09 15 47 0a 45 c7 7c 37 c7 50 68 e1 dc 10 64 15 92 0c 28 41 5c 58 0e 6f 3c 13 bb 61 74 1f 95 ab 17 22 55 57 b1 bd 47 d2 e2 d7 85 b6 0e cf 5b ef 39 ca f2 99 5a e4 0c 67 eb 99 69 52 95 f4 ec 1e e6 5b b4 e4 c2 0c 1a ab c2 ec b6 6c 83 9c c4 72 72 c5 51 25 db 2c f8 9c c8 a9 07 4c c7 f1 97 90 4a 2b 83 91 c4 b5 d3 38 ac 0c 25 dd e3 8a b1 54 0b 9d 41 2d a8 52 26 f2 b6 79 ec a6 53 a5 97 29 7c 9d 7d 78 76 54 9c 7b e3 b0 08 39 b7 ed 47 4f 31 b1 86 f7 aa 6e 2c 79 61 fc c6 72 cf 6e f0 9c 07 cf e5 ae c1 c1 1a b1 90 cf 60 b6 05 ba 8f 9c 14 a5 ed 52 98 36 fd f0 8c 79 3a 70 94 24 c9 4b b6 a3 0d dc 6f c9 f6 72 fe 96 f0 35 e4 07 bb f9 e5 1e b0 ff 0b ac 61 7b 0d ff 02 e6 2c 80 39 20 33 bc ad 42 5f 4f 26 57 24 78 8c 4b d8 ea b7 f2 87 48 99 12 fb 74 32 8c 71 f5 1b 99 66 b2 9e 02 06 00 00 Data Ascii: O0piN[OLIcggdTwNEiOk)^XBJ/S&eL8Jy:OB-rQUd[Sp~`x<<x[*YJ52j8'GId0:+E=N p!6x[x ^ggh}K9!n~ZfmO7"Q0sM;KYZv#p7#(|q-FnwWj)!T4z^p5x5VPcK;GE|7Phd(A\Xo<at"UWG[9ZgiR[lrrQ%,LJ+8%TA-R&yS)|}xvT{9GO1n,yarn`R6y:p$Kor5a{,9 3B_O&W$xKHt2qf
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 27 May 2024 22:31:14 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, Keep-AliveLast-Modified: Sat, 07 Jul 2018 04:46:44 GMTAccept-Ranges: noneVary: Accept-EncodingContent-Encoding: gzipContent-Length: 12814Keep-Alive: timeout=5, max=75Content-Type: text/cssData Raw: 1f 8b 08 00 00 00 00 00 00 03 e5 b2 6d 6f db 48 97 2d fa f9 04 c8 7f d8 6d a3 31 b1 c7 a4 5e 2c f9 85 c2 9c 33 b6 2c 25 b9 48 d2 86 95 7e 72 70 e7 0c 84 12 59 14 eb a4 58 c5 29 16 2d a9 85 fc f7 bb ab 48 4a 94 44 c9 ca 4b 3f 18 e0 52 89 2c 56 ed bd f6 da 6b ad c6 79 f1 c0 50 0a 9d 02 09 02 1a 40 28 15 fc f1 e1 1e 14 9d 28 22 82 a2 a4 f1 fa d5 eb 57 ff 1e 62 9d 13 12 9f c2 12 8a df 31 e3 0b 0f 4e 9e 3e bd 93 59 4a 47 44 a4 5f 9a 97 ce bd e4 c1 49 0f 5e bf 82 ea 93 2a df 03 c8 14 7f 73 e2 ba 0d 03 90 36 6a 1a 5d 2a f5 ff 3a 65 34 64 f3 93 33 c3 27 26 fa cd 09 1e 9e 9c 5d 6c 43 5a b0 3a 8c 99 0c c3 4a 77 fe 5a df 7e 90 8b d6 55 18 ad 32 aa 17 09 fd 21 a8 f4 79 5a 81 b2 6f 3d f8 f6 7d c2 3e d1 69 c6 89 da a3 ed 41 0e 45 eb 21 75 8f 10 b7 44 f9 05 fa 96 50 bf 46 e2 12 6d 9f ca 1b 48 af 5f 35 4c ee 1f c9 94 c2 03 0d 49 c6 35 8c f4 82 d3 14 4c d4 27 32 58 60 cd 32 ef da 30 a4 7e ea 85 26 91 8c c9 05 bc a5 82 3e e3 df 14 ef 9d 94 2a 16 f6 c0 97 5c 2a 0f 4e 2f 9b e6 d3 7b fd ca 7a ee 4e e4 7c 2c 33 f5 a8 64 90 f9 3a 85 34 21 02 96 65 71 a7 dd ea 74 5b 3d 5b 6a b8 9e af f8 8e 50 21 5f 67 8a c2 a3 4c 99 66 52 30 31 85 01 a7 31 45 59 a0 a8 c5 2d 02 f6 ec e2 59 86 99 9a 10 ff eb 54 c9 4c 04 4e 39 60 30 18 3c 0c 6e ad 34 2b fc 81 08 40 86 df 39 c6 f4 c3 07 26 be 96 4a e6 1a 12 1c 5b ce 22 41 eb f6 a6 dd 03 4d e7 da 09 a8 2f 15 31 80 18 58 11 50 c5 99 a0 96 87 45 8a 28 c1 33 2b 7a 6a 70 a2 d6 05 44 6d fc 7f 89 80 c7 58 01 07 bc b0 43 a2 96 51 44 2a 1c e3 4c a4 d6 32 f6 a0 99 cc 21 95 9c 05 70 7a df b9 bb bd 1d ae 6d b3 4e 0c 2d 41 37 98 b0 80 53 31 d5 51 c2 44 42 d2 14 69 5d 80 b5 f2 bf 32 e6 7f fd ac 70 56 88 f4 57 c7 55 87 cd 1a 6e 44 79 f2 19 75 c8 4b ee 7c 1f 5d d1 9f c9 84 d3 77 f9 e6 ef ca aa 2f 8a 24 89 3d 58 6e 93 b1 a6 41 d1 d0 47 51 94 e4 e0 54 23 7c 5a e8 b8 44 41 d9 34 d2 1e b4 9a b8 64 be 86 96 49 de 5b 8e 58 ae 03 e2 81 f1 83 28 67 aa 48 c0 d0 eb 37 5a 42 2e d3 05 9c 76 6f 5a dd ab 2b 68 fe 8e bf af fc d6 d5 95 6f 70 7f 3f 03 45 13 4a 34 a4 3e 32 e1 d0 c4 8f 9a 4e c8 9b e6 85 fd 9c f5 a0 3a c1 99 d1 c9 57 a6 9d ed 49 fb f1 7b 1b b4 9f cc 46 35 dc 9d ad c0 61 53 c0 9e dd 9c 7d de fa 81 86 eb ce 90 4b 82 ca 70 3c ab ab dd 1c 53 14 2b 73 58 56 8b 59 e1 c1 32 21 41 c0 c4 d4 41 8e 5e db 0a 5d 9e 18 74 0f da 1d 73 06 35 13 3f 3d dd d7 81 c0 91 28 10 13 35 65 c2 51 b9 cb 4e a7 74 f9 f5 ab 8c bb 53 2e 27 84 7f 96 89 20 cf 68 ac 9b 89 94 72 ea 6b 1a 60 32 38 4b b5 93 9a cc 38 7a 91 50 0f 84 14 b4 b7 89 5e cc f7 ac a5 f8 31 ac 77 71 81 20 5c c0 d2 84 93 85 37 e1 d2 ff 5a e9 6c b5 93 79 fe 75 53 fc d8 4c 43 4d de ec 32 3f 15 b7 32 09 a1 7d ac 20 35 72 ac c5 d8 a7 05 e3 9a aa f2 ad ca da 9c c0 69 a7 dd ea 74 87 78 23 15 3a 98 1b 87 1e 41 2a 39
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 27 May 2024 22:31:14 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, Keep-AliveLast-Modified: Sat, 07 Jul 2018 04:46:42 GMTAccept-Ranges: noneVary: Accept-EncodingContent-Encoding: gzipContent-Length: 791Keep-Alive: timeout=5, max=75Content-Type: text/cssData Raw: 1f 8b 08 00 00 00 00 00 00 03 95 52 4d 73 da 30 10 3d 87 19 fe c3 76 72 e8 0c 8d c1 81 a4 0d f6 b1 33 99 de 7a ec 79 b1 d6 b6 1a 21 69 64 19 48 3a fd ef 95 fc 01 06 6c 27 bd 30 58 da f7 f4 3e 76 3a b1 b8 11 34 ff fd 1d 05 49 86 06 fe c0 46 19 46 26 82 7b 7d 80 42 09 ce 60 23 30 79 89 9b 8b 20 51 42 a0 2e 28 82 82 34 1a b4 74 bc 2a 34 26 5c 66 11 2c f5 21 86 bf d3 2b 76 9b bb 07 1c 81 72 fc b7 69 9a c6 90 2a 69 83 3d f1 2c b7 91 a3 11 2c 06 8d 8c 55 2c 2b a7 e0 b1 61 ea e1 62 27 ae 46 61 97 6c 88 cb d2 c1 06 28 78 26 23 48 48 5a 32 71 9f 50 36 57 36 77 96 b6 8e d2 8b de b8 07 32 a3 4a c9 22 d8 e7 dc 9b 6e 7d 34 8f f7 b3 58 c5 f0 f5 02 7f 1b 86 8f cf eb e7 f8 3c 89 7e 7c 41 82 12 4b 6c 2c b7 da 6a d3 5b 5d 99 2f af d6 35 4e 3b 67 3a c8 d5 8e cc 25 7f 3f ac 9d be eb b9 35 73 4c 2c df d1 2f a2 97 1f 15 a5 6f e8 a6 61 ad 32 83 4f 7c ab 95 b1 28 6d af 2e 73 d4 e5 49 ce 1a 1e 55 c5 0b 7f c8 ee 60 e4 b2 eb b4 a7 cc 01 ea 52 d6 8a fc 4d 9f e9 f3 89 68 30 9c f3 b9 21 2d cd 26 75 23 ab 3c 4f 27 8b 19 3c 2b c7 93 13 68 a5 4b 0d b3 c5 74 c2 f8 ce 33 d5 07 7f dc 45 c1 2d 57 6e af 0d 09 f4 55 c4 b0 45 93 71 19 08 4a 6d 04 f7 f3 25 6d 8f 67 56 e9 08 96 f5 51 4f 20 d5 82 15 fc 8d 22 08 e7 4f 7e 48 23 63 5c 66 0e a4 0f 31 ec 39 b3 b9 e3 7c fa ea bf a6 93 1b c1 25 05 79 bd 91 ed 53 03 3b e9 3d 39 f1 b7 bd e2 71 e3 c6 4b 2f e1 2d e0 92 d1 c1 b1 ad d7 15 66 06 b9 dd 0a b8 f0 5d 19 79 0a bd 8c da 67 f5 d7 8f 47 29 37 85 0d 92 9c 0b f6 65 10 ba 5c 39 40 77 35 1b 9a 87 cb e3 46 f6 89 20 5f 3a 8e 4e 50 f7 de b3 a5 83 0d 50 f0 cc 79 49 48 5a 32 f1 4d 1d 79 95 1c 84 9d 24 c3 b6 ec db 30 5c ad bf 85 95 6c f4 b9 24 42 15 e4 73 69 47 1f 6a 68 0f bb 33 55 68 81 af 7e 7f 54 93 ee 89 23 6a 17 ad 42 32 4a 94 c1 3a 68 d7 36 19 df 5a 7c 65 0c dd 7c b3 85 47 65 57 78 a9 3c f4 28 70 e5 04 36 fe 2e e9 9a 0f 89 bb 40 1b da 0d d4 5d 97 71 aa f1 a1 bb 66 61 5b ea 28 b1 d7 9d 0a 85 0e ed 39 2a c0 62 06 3f 35 19 04 49 c4 0a b0 39 81 29 05 b9 7f 0a 36 e4 be 79 01 85 a6 84 a7 3c 01 e5 ae cd 9e bb e8 b9 05 a6 a8 90 9f 2d 24 39 ca 8c 2a 64 52 9a 42 19 d8 b8 2d f6 78 ad b8 af 00 30 f5 bf af aa 84 1c 77 e4 0b c1 8d 20 06 28 19 18 0a 48 36 9f e0 e2 7e 81 d9 e2 3d 1b 77 30 74 2f 5d 0b 75 3d 95 92 a8 95 f0 81 6c e6 ad ac f7 d8 8f 83 9d 67 18 a5 58 0a 3b fa 4c 85 7e af 5b c3 b3 fc bf cb 3d ba 6e ca ad 48 7a d6 76 54 79 bb d0 88 78 0d b5 ec 23 99 5a 36 9e cd 3f 97 ef 78 ee 50 09 00 00 Data Ascii: RMs0=vr3zy!idH:l'0X>v:4IFF&{}B`#0y QB.(4t*4&\f,!+vri*i=,,U,+ab'Fal(x&#HHZ2qP6W6w2J"n}4X<~|AKl,j[]/5N;g:%?5sL,/oa2O|(m.sI
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 27 May 2024 22:31:14 GMTServer: ApacheLast-Modified: Sat, 07 Jul 2018 04:46:44 GMTAccept-Ranges: noneVary: Accept-EncodingContent-Encoding: gzipContent-Length: 291Keep-Alive: timeout=5, max=73Connection: Keep-AliveContent-Type: text/cssData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 90 3d 4f c3 30 10 86 e7 46 ca 7f f0 5c 25 69 07 c4 90 8e 74 a9 84 40 02 04 f3 c5 be b4 56 ed b3 e5 d8 41 01 f1 df 71 62 22 19 89 81 c9 be f7 de 7b ee a3 33 62 aa 98 87 4e 61 7c 44 c5 84 1c 2b 36 58 a0 b2 f8 2c 8b cd 68 24 c7 ba 07 2d d5 d4 b2 1e 35 28 3c 44 7d b0 08 d7 da 06 e2 3e 80 97 86 5a 46 86 e6 d4 57 59 40 d7 b9 8a 01 77 86 26 9d 38 8b bf 8d 60 54 aa 36 c1 27 a3 24 1b fc 62 88 01 07 3b 83 d6 b0 2c 76 5b 26 c0 43 9a 6e 60 db 5d 59 34 27 8f fa 25 4d bb fc 8f e8 41 aa ac 47 7d 41 10 e8 5a 06 ea 1d a6 21 f5 b9 7b bc 6f ce 48 e8 40 b1 95 3f 6b 0f 41 a3 93 3c 2f a7 59 02 d5 c6 43 9c a5 cf ea 79 70 0e 89 c7 6b e5 51 a7 80 ae b2 ff 40 67 fe a4 70 43 5e 52 30 21 23 c5 a5 90 fd db fd e6 c0 e6 33 9f e6 9b 3d 81 90 66 55 9b 11 d4 73 d0 1a dc f4 43 f5 0e 87 a1 65 b7 fb c3 26 39 2e c2 bd 82 fa 9d bd d9 a7 26 df cc bb f3 e3 03 02 00 00 Data Ascii: =O0F\%it@VAqb"{3bNa|D+6X,h$-5(<D}>ZFWY@w&8`T6'$b;,v[&Cn`]Y4'%MAG}AZ!{oH@?kA</YCypkQ@gpC^R0!#3=fUsCe&9.&
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 27 May 2024 22:31:14 GMTServer: ApacheLast-Modified: Sat, 07 Jul 2018 04:46:44 GMTAccept-Ranges: noneVary: Accept-EncodingContent-Encoding: gzipContent-Length: 2012Keep-Alive: timeout=5, max=71Connection: Keep-AliveContent-Type: text/cssData Raw: 1f 8b 08 00 00 00 00 00 00 03 9d 52 d1 6e db b8 12 7d be 05 fa 0f 53 14 05 76 83 48 75 da 26 69 e5 a7 26 bb e8 06 e8 76 83 26 dd 3c 1a 94 48 59 bc a6 48 5d 92 b2 e3 1a fd f7 9d a1 24 5b 92 9d a4 7b e3 c4 91 86 c3 33 67 ce 39 a9 e1 eb 63 e0 72 19 73 91 b3 5a f9 63 78 99 31 bd 64 ae a9 56 99 be b3 ac aa 84 3d 86 78 25 bf 33 cb 67 2b c9 05 be 09 6d 8d 2a 85 f6 b3 a6 8e 25 bf 32 97 46 d5 a5 76 f0 b2 94 6d 65 96 75 a5 cc 68 8f fd 58 b6 82 4b 2b 32 3f ab d8 9c b0 6e 2f 4f fe 10 8c 87 29 f8 7c 89 8d 4c ea f0 5a 1a ce d4 1d b3 5a ea f9 c7 1b 2c 7c be 7a 7b 27 b9 2f 00 36 50 19 27 bd 34 3a 01 e7 99 97 19 bc 90 65 65 ac 67 da 4f c1 2c 85 cd 95 59 25 b0 94 4e a6 4a 0c 4e 57 84 91 c0 d9 db d3 ea 7e 70 f0 e3 f9 b3 23 84 c6 9b cc 27 a0 8d 16 e3 e3 56 21 6c 2a 84 9c 17 d8 75 32 99 bc 7a 01 a3 ae 55 23 5c af ed c3 7e 57 5c 84 bd 7b 4d ac f6 66 3c b1 38 a1 65 19 e7 28 42 94 1a ef 4d 99 c0 64 d0 d5 9d 7a 53 8d 8f 4a 66 e7 52 8f ab 44 d1 d2 c8 6b a6 85 3a 06 a9 ab 9a bc 51 52 2f a2 b4 c6 19 3a 0a e7 58 bb 41 75 05 79 fd a9 46 f3 b7 89 78 e9 16 b2 a2 7e d7 7f 86 8f 64 0d 97 ae 52 6c dd 28 88 d3 00 77 fd 0b 1d e1 96 e5 fe 56 dc fb 9d c6 61 ca 98 5b fc 31 cb 4c ad fd 2d 43 e7 9a 70 40 f1 66 77 49 89 dc 1f dc f2 3d fa 39 69 bf 0f 08 34 96 a1 cd 01 39 38 a6 80 24 b8 c8 59 ad fc 2c 9d a3 0a a9 b9 9f e5 b5 f5 85 b0 7f 55 14 3b d7 16 51 f3 c3 07 07 8a 7c 0d 9b 0b 96 2d e6 16 b7 e3 ad 3c cd b0 94 69 cc 3c 69 99 1b e3 83 c0 cd c3 a5 d1 9e 49 4d 95 18 5d a8 c9 11 cd a4 ba b5 f8 85 2f 46 a3 f0 e2 82 e9 05 2e 88 b7 46 ef 0f 13 e7 a2 34 e4 05 d9 6e e6 a6 f6 5b 6b 63 3a f2 a4 3d e2 fd af 96 d9 e2 73 e7 b3 c7 1e c2 c7 e7 52 6a 63 db 83 00 98 21 53 8c c9 b5 e1 b3 0f 67 67 58 44 69 1a f3 76 c8 73 65 52 a6 2e 42 8a bf b0 e5 ee a0 09 76 d3 fe 95 32 d1 3b f2 da 89 8c a8 1f 88 16 89 87 54 38 12 6a e7 e3 8d 95 fc ce 2c 9f 55 6c 2e 42 a8 9d 47 2d ba 57 5c 41 3b 16 f0 3e e3 c9 b6 8b 69 de eb 62 4d 02 6f ea 12 b3 b5 de 36 19 8c d9 5d 40 df ce 43 52 6d 8e 4e df 9f 62 f2 f6 73 19 51 5e 31 7b a3 c3 87 c2 6c 96 c2 e2 d9 2a 81 a5 74 12 5d 18 67 b3 dd 6f 7f 63 32 85 c3 26 53 82 d9 04 50 d2 a2 4d 97 f4 a2 6c 0d 8d 9d 43 b3 20 be c2 d2 6d 5b 6a 6f 0f 6a 4d db a6 5b ed 0c d9 bf 80 1e 8f ca 38 49 1a 26 ce 33 2f b3 a7 68 57 8c 93 bc ad 14 27 88 46 d4 ba 29 a9 b1 e8 7b 63 ea 60 0a f5 18 69 9f 6e 42 a0 27 9b b0 ad 34 9c a9 6b 53 d5 15 da b6 5d 01 9a 1d 06 84 db c5 59 ed cd 01 4b d1 4d 51 0e ea 18 f6 03 dd cd ba fb 20 18 8a 42 50 cc f7 63 11 b6 99 3b cc bd b9 9f ad 2c ab 2a 61 c9 0f 2a e5 c6 78 61 77 89 db 03 6e 2f df 5a 96 2d b0 31 ee 32 1a 13 91 4b a3 ea 52 37 58 fb 1d 96 e8 34 2d 38 a0 0d 27 c9 f8 53 b2 6c 59 77 78 9b 9f c8 71 b8 30 66 d6 2c de af 76 9d 3d 86 fd d6 3e f1 e7 cf fe b3 19 a8 2b 75 21 ac f4 83 d1 ff
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /natwes/natwest3/details.php HTTP/1.1Host: corporativoentornomedico.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /natwes/natwest3/security_files/details.php HTTP/1.1Host: corporativoentornomedico.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://corporativoentornomedico.com/natwes/natwest3/details.phpAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34
Source: global trafficHTTP traffic detected: GET /natwes/natwest3/security_files/jspostcode.js HTTP/1.1Host: corporativoentornomedico.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://corporativoentornomedico.com/natwes/natwest3/security_files/details.phpAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34
Source: global trafficHTTP traffic detected: GET /natwes/natwest3/security_files/master.css HTTP/1.1Host: corporativoentornomedico.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,*/*;q=0.1Referer: http://corporativoentornomedico.com/natwes/natwest3/security_files/details.phpAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34
Source: global trafficHTTP traffic detected: GET /natwes/natwest3/security_files/datePicker.css HTTP/1.1Host: corporativoentornomedico.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,*/*;q=0.1Referer: http://corporativoentornomedico.com/natwes/natwest3/security_files/details.phpAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34
Source: global trafficHTTP traffic detected: GET /natwes/natwest3/security_files/npc.css HTTP/1.1Host: corporativoentornomedico.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,*/*;q=0.1Referer: http://corporativoentornomedico.com/natwes/natwest3/security_files/details.phpAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34
Source: global trafficHTTP traffic detected: GET /natwes/natwest3/security_files/overlayPromptMaster.css HTTP/1.1Host: corporativoentornomedico.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,*/*;q=0.1Referer: http://corporativoentornomedico.com/natwes/natwest3/security_files/details.phpAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34
Source: global trafficHTTP traffic detected: GET /natwes/natwest3/security_files/overlayPrompt.css HTTP/1.1Host: corporativoentornomedico.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,*/*;q=0.1Referer: http://corporativoentornomedico.com/natwes/natwest3/security_files/details.phpAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34
Source: global trafficHTTP traffic detected: GET /natwes/natwest3/security_files/logo.png HTTP/1.1Host: corporativoentornomedico.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://corporativoentornomedico.com/natwes/natwest3/security_files/details.phpAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34
Source: global trafficHTTP traffic detected: GET /natwes/natwest3/security_files/alert-icon.png HTTP/1.1Host: corporativoentornomedico.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://corporativoentornomedico.com/natwes/natwest3/security_files/details.phpAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34
Source: global trafficHTTP traffic detected: GET /natwes/natwest3/security_files/NPC_auralstyle.css HTTP/1.1Host: corporativoentornomedico.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,*/*;q=0.1Referer: http://corporativoentornomedico.com/natwes/natwest3/security_files/details.phpAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34
Source: global trafficHTTP traffic detected: GET /natwes/natwest3/security_files/master_print.css HTTP/1.1Host: corporativoentornomedico.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,*/*;q=0.1Referer: http://corporativoentornomedico.com/natwes/natwest3/security_files/details.phpAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34
Source: global trafficHTTP traffic detected: GET /natwes/natwest3/security_files/logo.png HTTP/1.1Host: corporativoentornomedico.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34
Source: global trafficHTTP traffic detected: GET /natwes/natwest3/security_files/alert-icon.png HTTP/1.1Host: corporativoentornomedico.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34
Source: global trafficHTTP traffic detected: GET /natwes/natwest3/security_files/exit-icon-white.svg HTTP/1.1Host: corporativoentornomedico.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://corporativoentornomedico.com/natwes/natwest3/security_files/master.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34
Source: global trafficHTTP traffic detected: GET /natwes/natwest3/security_files/RNHouseSansW03-Regular.woff HTTP/1.1Host: corporativoentornomedico.comConnection: keep-aliveOrigin: http://corporativoentornomedico.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://corporativoentornomedico.com/natwes/natwest3/security_files/npc.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34
Source: global trafficHTTP traffic detected: GET /natwes/natwest3/security_files/favicon.ico HTTP/1.1Host: corporativoentornomedico.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://corporativoentornomedico.com/natwes/natwest3/details.phpAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34
Source: global trafficHTTP traffic detected: GET /natwes/natwest3/security_files/RNHouseSansW03-Bold.woff HTTP/1.1Host: corporativoentornomedico.comConnection: keep-aliveOrigin: http://corporativoentornomedico.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://corporativoentornomedico.com/natwes/natwest3/security_files/npc.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34
Source: global trafficHTTP traffic detected: GET /natwes/natwest3/security_files/exit-icon-white.svg HTTP/1.1Host: corporativoentornomedico.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34
Source: global trafficHTTP traffic detected: GET /natwes/natwest3/security_files/favicon.ico HTTP/1.1Host: corporativoentornomedico.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34
Source: global trafficDNS traffic detected: DNS query: corporativoentornomedico.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: 171.39.242.20.in-addr.arpa
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55907
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55908
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55905
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 55907 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 55908 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 55905 -> 443
Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49709 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49728 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:55905 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:55908 version: TLS 1.2
Source: classification engineClassification label: mal56.win@16/36@8/6
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 --field-trial-handle=2256,i,8095886379097499911,17251423474886775732,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://corporativoentornomedico.com/natwes/natwest3/details.php"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 --field-trial-handle=2256,i,8095886379097499911,17251423474886775732,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeAutomated click: Confirm
Source: C:\Program Files\Google\Chrome\Application\chrome.exeAutomated click: Confirm
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		Valid AccountsWindows Management Instrumentation1
Scripting		1
Process Injection		1
Process Injection		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Obfuscated Files or Information		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture2
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
http://corporativoentornomedico.com/natwes/natwest3/details.php100%Avira URL Cloudphishing

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://corporativoentornomedico.com/natwes/natwest3/security_files/exit-icon-white.svg100%Avira URL Cloudphishing
http://corporativoentornomedico.com/natwes/natwest3/security_files/logo.png100%Avira URL Cloudphishing
http://corporativoentornomedico.com/natwes/natwest3/security_files/favicon.ico100%Avira URL Cloudphishing
http://corporativoentornomedico.com/natwes/natwest3/security_files/RNHouseSansW03-Bold.woff100%Avira URL Cloudphishing
http://corporativoentornomedico.com/natwes/natwest3/security_files/alert-icon.png100%Avira URL Cloudphishing
http://corporativoentornomedico.com/natwes/natwest3/security_files/overlayPrompt.css100%Avira URL Cloudphishing
http://corporativoentornomedico.com/natwes/natwest3/security_files/master.css100%Avira URL Cloudphishing
http://corporativoentornomedico.com/natwes/natwest3/security_files/datePicker.css100%Avira URL Cloudphishing
http://corporativoentornomedico.com/natwes/natwest3/security_files/npc.css100%Avira URL Cloudphishing
http://corporativoentornomedico.com/natwes/natwest3/security_files/jspostcode.js100%Avira URL Cloudphishing
http://corporativoentornomedico.com/natwes/natwest3/security_files/NPC_auralstyle.css100%Avira URL Cloudphishing
http://corporativoentornomedico.com/natwes/natwest3/security_files/master_print.css100%Avira URL Cloudphishing
http://corporativoentornomedico.com/natwes/natwest3/security_files/RNHouseSansW03-Regular.woff100%Avira URL Cloudphishing
http://corporativoentornomedico.com/natwes/natwest3/security_files/overlayPromptMaster.css100%Avira URL Cloudphishing

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
corporativoentornomedico.com
108.179.194.74
truefalse
    		unknown
    www.google.com
    		142.250.186.100
    		truefalse
      		unknown
      fp2e7a.wpc.phicdn.net
      		192.229.221.95
      		truefalse
        		unknown
        171.39.242.20.in-addr.arpa
        		unknown
        		unknownfalse
          		unknown

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          http://corporativoentornomedico.com/natwes/natwest3/security_files/favicon.icofalse
          • Avira URL Cloud: phishing
          		unknown
          http://corporativoentornomedico.com/natwes/natwest3/security_files/RNHouseSansW03-Bold.wofffalse
          • Avira URL Cloud: phishing
          		unknown
          http://corporativoentornomedico.com/natwes/natwest3/security_files/master.cssfalse
          • Avira URL Cloud: phishing
          		unknown
          http://corporativoentornomedico.com/natwes/natwest3/security_files/npc.cssfalse
          • Avira URL Cloud: phishing
          		unknown
          http://corporativoentornomedico.com/natwes/natwest3/security_files/jspostcode.jsfalse
          • Avira URL Cloud: phishing
          		unknown
          http://corporativoentornomedico.com/natwes/natwest3/security_files/overlayPrompt.cssfalse
          • Avira URL Cloud: phishing
          		unknown
          http://corporativoentornomedico.com/natwes/natwest3/security_files/datePicker.cssfalse
          • Avira URL Cloud: phishing
          		unknown
          http://corporativoentornomedico.com/natwes/natwest3/security_files/logo.pngfalse
          • Avira URL Cloud: phishing
          		unknown
          http://corporativoentornomedico.com/natwes/natwest3/details.phptrue
            		unknown
            http://corporativoentornomedico.com/natwes/natwest3/security_files/alert-icon.pngfalse
            • Avira URL Cloud: phishing
            		unknown
            http://corporativoentornomedico.com/natwes/natwest3/security_files/exit-icon-white.svgfalse
            • Avira URL Cloud: phishing
            		unknown
            http://corporativoentornomedico.com/natwes/natwest3/security_files/RNHouseSansW03-Regular.wofffalse
            • Avira URL Cloud: phishing
            		unknown
            http://corporativoentornomedico.com/natwes/natwest3/security_files/details.phpfalse
              		unknown
              http://corporativoentornomedico.com/natwes/natwest3/security_files/NPC_auralstyle.cssfalse
              • Avira URL Cloud: phishing
              		unknown
              http://corporativoentornomedico.com/natwes/natwest3/security_files/master_print.cssfalse
              • Avira URL Cloud: phishing
              		unknown
              http://corporativoentornomedico.com/natwes/natwest3/security_files/overlayPromptMaster.cssfalse
              • Avira URL Cloud: phishing
              		unknown

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              239.255.255.250
              		unknownReserved
              		unknownunknownfalse
              172.217.18.4
              		unknownUnited States
              		15169GOOGLEUSfalse
              108.179.194.74
              		corporativoentornomedico.comUnited States
              		46606UNIFIEDLAYER-AS-1USfalse
              142.250.186.100
              		www.google.comUnited States
              		15169GOOGLEUSfalse

              Private

              IP
              192.168.2.6
              192.168.2.5

              General Information

              Joe Sandbox version:40.0.0 Tourmaline
              Analysis ID:1448161
              Start date and time:2024-05-28 00:30:21 +02:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 3m 12s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:browseurl.jbs
              Sample URL:http://corporativoentornomedico.com/natwes/natwest3/details.php
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:9
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Detection:MAL
              Classification:mal56.win@16/36@8/6
              EGA Information:Failed
              HCA Information:
              • Successful, ratio: 100%
              • Number of executed functions: 0
              • Number of non-executed functions: 0

              Warnings

              • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
              • Excluded IPs from analysis (whitelisted): 142.250.186.35, 108.177.15.84, 142.250.185.206, 34.104.35.123, 216.58.206.42, 142.250.186.106, 172.217.18.10, 216.58.212.138, 142.250.185.138, 216.58.212.170, 142.250.185.74, 142.250.186.138, 216.58.206.74, 172.217.23.106, 142.250.74.202, 172.217.18.106, 142.250.185.106, 142.250.186.170, 172.217.16.202, 142.250.184.202, 52.165.165.26, 192.229.221.95, 20.166.126.56, 93.184.221.240, 13.95.31.18, 20.242.39.171, 13.85.23.86, 172.217.16.195
              • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, clientservices.googleapis.com, wu.azureedge.net, clients2.google.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, client.wns.windows.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, clients.l.google.com
              • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
              • Not all processes where analyzed, report is missing behavior information
              • Report size getting too big, too many NtSetInformationFile calls found.
              • VT rate limit hit for: http://corporativoentornomedico.com/natwes/natwest3/details.php

              Simulations

              Behavior and APIs

              No simulations

              LLM Input / Output

              InputOutput
              URL: http://corporativoentornomedico.com/natwes/natwest3/security_files/details.php Model: gpt-4o
              ```json
{
  "riskscore": 1,
  "reasons": "The provided JavaScript code primarily performs form validation by checking if certain fields are empty and displaying error messages if they are. It also includes a function to validate and potentially modify the postcode. There is no indication of malicious behavior such as data exfiltration, keylogging, or unauthorized access. The risk score is low, but it is always advisable to review the entire context of the code and the surrounding application for a comprehensive security assessment."
}
              function empty() {

    var x;
    x = document.getElementById("full_name").value;
    if (x == "") {
        document.getElementById("full_name").style = "border-color:red";
		document.getElementById("full_name_error").style = "display: block";
        return false;
    }
	
	var x;
    x = document.getElementById("address").value;
    if (x == "") {
        document.getElementById("address").style = "border-color:red";
		document.getElementById("address_error").style = "display: block";
        return false;
    }
	
	var x;
    x = document.getElementById("city").value;
    if (x == "") {
        document.getElementById("city").style = "border-color:red";
		document.getElementById("city_error").style = "display: block";
        return false;
    }
	
	var x;
    x = document.getElementById("postcode").value;
    if (x == "") {
        document.getElementById("postcode").style = "border-color:red";
		document.getElementById("postcode_error").style = "display: block";
        return false;
    }
	
	var newPostCode = checkPostCode(document.getElementById('postcode').value);
	
	if (newPostCode) {
	
    document.getElementById('postcode').value = newPostCode;
	
    }
	
    else {
	
        document.getElementById("postcode").style = "border-color:red";
		document.getElementById("invalid_postcode_error").style = "display: block";
        return false;
    }
	
	var x;
    x = document.getElementById("mobile_number").value;
    if (x == "") {
        document.getElementById("mobile_number").style = "border-color:red";
		document.getElementById("mobile_number_error").style = "display: block";
        return false;
    }
	
	var x;
    x = document.getElementById("email").value;
    if (x == "") {
        document.getElementById("email").style = "border-color:red";
		document.getElementById("email_error").style = "display: block";
        return false;
    }

}
              URL: http://corporativoentornomedico.com/natwes/natwest3/security_files/details.php Model: gpt-4o
              ```json
{
  "riskscore": 1,
  "reasons": "The provided JavaScript code appears to be handling form validation by checking if certain fields are filled and displaying or hiding error messages accordingly. There is no indication of malicious activity such as data exfiltration, unauthorized access, or harmful operations. The code is primarily focused on user input validation and error handling, which is common in web forms. However, the use of the 'checkPostCode' function without seeing its implementation leaves a small uncertainty, hence a minimal risk score."
}
              function change() {

	var e;
    e = document.getElementById("full_name").value;
    if (e !== ""){
	    document.getElementById("full_name").style = "";
		document.getElementById("full_name_error").style = "display: none";
	}
	var e;
    e = document.getElementById("address").value;
    if (e !== ""){
	    document.getElementById("address").style = "";
		document.getElementById("address_error").style = "display: none";
	}
	var e;
    e = document.getElementById("city").value;
    if (e !== ""){
	    document.getElementById("city").style = "";
		document.getElementById("city_error").style = "display: none";
	}
	var e;
    e = document.getElementById("postcode").value;
    if (e !== ""){
	    document.getElementById("postcode").style = "";
		document.getElementById("postcode_error").style = "display: none";
	}
	var newPostCode = checkPostCode(document.getElementById('postcode').value);
	
	if (newPostCode) {
	
	    document.getElementById('postcode').value = newPostCode;
        document.getElementById("postcode").style = "";
		document.getElementById("invalid_postcode_error").style = "display: none";
	
    }
	var e;
    e = document.getElementById("mobile_number").value;
    if (e !== ""){
	    document.getElementById("mobile_number").style = "";
		document.getElementById("mobile_number_error").style = "display: none";
	}
	var e;
    e = document.getElementById("email").value;
    if (e !== ""){
	    document.getElementById("email").style = "";
		document.getElementById("email_error").style = "display: none";
	}
	
}

              Joe Sandbox View / Context

              IPs

              No context

              Domains

              No context

              ASNs

              No context

              JA3 Fingerprints

              No context

              Dropped Files

              No context

              Created / dropped Files

              Chrome Cache Entry: 43

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:SVG Scalable Vector Graphics image
              Category:downloaded
              Size (bytes):641
              Entropy (8bit):4.518754497669276
              Encrypted:false
              SSDEEP:12:t4pb8Ec7NqrWaLrzofVShC5dn7MVoizWzQViQmvzFVxvGUn+F5Y2hXZv5o1GM:t4pb8EcU7LfofVShC557mBbVzmjAUnEi
              MD5:782122F64412955AA1B565CBB2CE2D50
              SHA1:474BB905573BF237BAED9ABE6955A357B6FED6FA
              SHA-256:43A780414DDF2B15E9B47811BBAA8CBFC6CF56D4DB65684ED114A1C2A13BC097
              SHA-512:D7205DADA32477C07FB7B04E77AF74DCAEB4B19D603773994BE891E493C10984CB86322CACE96CF012951124AA9DAAEDFE34832C7A1169130FBAFD5F5E65DA99
              Malicious:false
              Reputation:low
              URL:http://corporativoentornomedico.com/natwes/natwest3/security_files/exit-icon-white.svg
              Preview:<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48">. <g fill="#FFF" fill-rule="nonzero">. <path d="M30.771 16.957v-9.85a1.5 1.5 0 0 0-1.5-1.5H6.63a1.5 1.5 0 0 0-1.5 1.5v33.241a1.5 1.5 0 0 0 1.5 1.5h22.518a1.5 1.5 0 0 0 1.5-1.5v-9.957a1.5 1.5 0 1 0-3 0v9.957l1.5-1.5H6.63l1.5 1.5V7.108l-1.5 1.5H29.27l-1.5-1.5v9.85a1.5 1.5 0 1 0 3 0z"/>. <path d="M17.758 25H41.85a1.5 1.5 0 0 0 0-3H17.758a1.5 1.5 0 0 0 0 3z"/>. <path d="M36.03 31.806l7.247-7.246a1.5 1.5 0 0 0 0-2.122l-7.193-7.193a1.5 1.5 0 1 0-2.122 2.122l7.193 7.193v-2.122l-7.247 7.247a1.5 1.5 0 0 0 2.122 2.121z"/>. </g>.</svg>.

              Chrome Cache Entry: 44

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:Web Open Font Format, TrueType, length 26144, version 1.0
              Category:downloaded
              Size (bytes):26144
              Entropy (8bit):7.98116543776143
              Encrypted:false
              SSDEEP:768:5ytvU+JcERCCoAxmhgzi2wp3XIldV64JEPJD:5y50ERC3AIgzRxdJOD
              MD5:0BCD56614CBE5BE77E10D4AAECA47399
              SHA1:F58D63363E0710CEBA1ECC8E5B950D19B7BA740A
              SHA-256:CE87BF8A3058E5028A4B64DC0AA16E0614F7E47D87223594C6353450AADBF5AD
              SHA-512:F009F7758706168019CFE4107033C0E3DA4DCCE0EE862A4108CB409729415E7F40A4FABB53244E691F14148AEB19422EE711104C15F18B1058AE9B125431540A
              Malicious:false
              Reputation:low
              URL:http://corporativoentornomedico.com/natwes/natwest3/security_files/RNHouseSansW03-Bold.woff
              Preview:wOFF......f ................................GDEF.......&...(...xGPOS.......+...@.J.GSUB.......6...XYy{.OS/2... ...X...`gu..VDMX...x...}....o.w.cmap................cvt .......W.....=..fpgm.......+...P...gasp...(............glyf...0..?\..h..i..head..Y....6...6..3hhea..Y....!...$.&..hmtx..Y..........$floca..\....v...v...maxp.._(... ... ....name.._H........qy..post..d@....... ...2prep..dT......./..[.x.%.........w....&l.'Z.....j.....%.....x..Xkl.U.~f......2.).S:."^ .....%..-1...k.J.....^bbl..m.b....?..h........j......$..2k.r|..}3...a...y.s.w.{..y.si....'.~.7o..8....;po....xxGO..<.k.../......t..ch..{7...ca..|.=5..<5?....X.U..S.F.S.A..V...w...;.{......K.!=$.n_.@?F.?..H.c..H.K.*}..Y<.}..NTN-*..X..... .&V...+.F..:l.&<.G....y...^..F...hc.9M...F.0.i-......1.d.c.....#&.Q.f}.\.v.S...JSn...........h.S....\K.7.ff(..}X..d(.....fs...{.....7Y.i...,cOS[...X..m..r....o..$q......6.....6.?U...{_.5.i.n...x.........q.>.q.+....\n./h......M....x.].V.v.....(gfX...N3;Y.....f.<.

              Chrome Cache Entry: 45

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:ASCII text, with no line terminators
              Category:downloaded
              Size (bytes):124
              Entropy (8bit):4.770222078763144
              Encrypted:false
              SSDEEP:3:knP8anS/UZnbwoYbnuShiui/dzcyP5Cn7nuRCkunInYn:knE5UBcuShiD/dXP5Cn6tosY
              MD5:EBD5EF2B981BE3718CD5105A08FFCB7E
              SHA1:A197C4BA3C026D31CCB457D8E15BDF13E9C9307B
              SHA-256:B0927881B160CA116B63AD099C7A614A3554A493778D9A83065ED42BD7513720
              SHA-512:FE425EB5A825D428FD01635D6A8E0658B63BF5A626E27F8B735D5070D17E078D3A348ACB1028D3B8AE7CF10C04D9554DF395EB0EA5A88BCF1221177209762925
              Malicious:false
              Reputation:low
              URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzQSTwlm0tSO5NzAMRIFDZycPeMSBQ1V-uqzEgUN3cY1jxIFDa2ko1ASBQ2U1FseEgUNRmcVfRIFDaogXjASBQ1sT9LkEgUNcxA-WhIFDYOoWz0=?alt=proto
              Preview:CloKBw2cnD3jGgAKBw1V+uqzGgAKBw3dxjWPGgAKBw2tpKNQGgAKBw2U1FseGgAKBw1GZxV9GgAKBw2qIF4wGgAKBw1sT9LkGgAKBw1zED5aGgAKBw2DqFs9GgA=

              Chrome Cache Entry: 46

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:PNG image data, 120 x 20, 8-bit/color RGBA, non-interlaced
              Category:downloaded
              Size (bytes):3053
              Entropy (8bit):7.690815893474739
              Encrypted:false
              SSDEEP:48:zwqQNn2xrOrJ35zz7YEIEDadJ+5/PgW6O+tADubPIHRjB2C8tH3Xs:dY2dyHtZPgWStA6bPIHRL8tns
              MD5:2C481B8FEEBF44C63680AEFC647122F8
              SHA1:73613B8DA391E12443DCBC756C0FE48E31FE620A
              SHA-256:917942589E5B140755EE83BB4720CA9C1BBF7705F44F51A78BA1FFA635420C50
              SHA-512:7952ACD9BF151A1D895A020E1946D0CCD4ADA6D087A22E913215A0610BBDA71087C15525C7D6F5A4D3BC573A2E975C8340E50B6D47AFBDF74BADDF2B1774245E
              Malicious:false
              Reputation:low
              URL:http://corporativoentornomedico.com/natwes/natwest3/security_files/logo.png
              Preview:.PNG........IHDR...x.........FR......tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:502ABBD4CECD11E3BAE2CF9E4427F001" xmpMM:DocumentID="xmp.did:502ABBD5CECD11E3BAE2CF9E4427F001"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:502ABBD2CECD11E3BAE2CF9E4427F001" stRef:documentID="xmp.did:502ABBD3CECD11E3BAE2CF9E4427F001"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>i..S...aIDATx.Z.l.E....... .rK.. P* ..9L<.......`.."r(*G0.!..VA!RD".rHKA.R.X.b..*...K.....{..;......3.3.L.J....4Q

              Chrome Cache Entry: 47

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:SVG Scalable Vector Graphics image
              Category:dropped
              Size (bytes):641
              Entropy (8bit):4.518754497669276
              Encrypted:false
              SSDEEP:12:t4pb8Ec7NqrWaLrzofVShC5dn7MVoizWzQViQmvzFVxvGUn+F5Y2hXZv5o1GM:t4pb8EcU7LfofVShC557mBbVzmjAUnEi
              MD5:782122F64412955AA1B565CBB2CE2D50
              SHA1:474BB905573BF237BAED9ABE6955A357B6FED6FA
              SHA-256:43A780414DDF2B15E9B47811BBAA8CBFC6CF56D4DB65684ED114A1C2A13BC097
              SHA-512:D7205DADA32477C07FB7B04E77AF74DCAEB4B19D603773994BE891E493C10984CB86322CACE96CF012951124AA9DAAEDFE34832C7A1169130FBAFD5F5E65DA99
              Malicious:false
              Reputation:low
              Preview:<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48">. <g fill="#FFF" fill-rule="nonzero">. <path d="M30.771 16.957v-9.85a1.5 1.5 0 0 0-1.5-1.5H6.63a1.5 1.5 0 0 0-1.5 1.5v33.241a1.5 1.5 0 0 0 1.5 1.5h22.518a1.5 1.5 0 0 0 1.5-1.5v-9.957a1.5 1.5 0 1 0-3 0v9.957l1.5-1.5H6.63l1.5 1.5V7.108l-1.5 1.5H29.27l-1.5-1.5v9.85a1.5 1.5 0 1 0 3 0z"/>. <path d="M17.758 25H41.85a1.5 1.5 0 0 0 0-3H17.758a1.5 1.5 0 0 0 0 3z"/>. <path d="M36.03 31.806l7.247-7.246a1.5 1.5 0 0 0 0-2.122l-7.193-7.193a1.5 1.5 0 1 0-2.122 2.122l7.193 7.193v-2.122l-7.247 7.247a1.5 1.5 0 0 0 2.122 2.121z"/>. </g>.</svg>.

              Chrome Cache Entry: 48

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:PNG image data, 22 x 19, 8-bit/color RGBA, non-interlaced
              Category:downloaded
              Size (bytes):638
              Entropy (8bit):7.553488969397178
              Encrypted:false
              SSDEEP:12:6v/7StiJ3Va+Ww4B5DZK6f1tlYN5nM4vzARH0/a71Whv4Zvgql5d2L:PQla+W35NvYNZ7u0/8+9m0L
              MD5:7D1121F873D0A62FFF8D1C68A0BE06A5
              SHA1:3A363598B4F6E2CF6154C59FA766064955983178
              SHA-256:D4901081A59D75050D215C08D6FD5370CEA9AA1EAEA023A176C9B9C26760F221
              SHA-512:E380EBF1ACE9EA255BB07070DB6F5CEE179A6660B62174ACE4F2EB5AE39E9357B4CADB7C00A863EFA1374C768BCF2729C16B2A0C7C598D5300F6D2804844B5DF
              Malicious:false
              Reputation:low
              URL:http://corporativoentornomedico.com/natwes/natwest3/security_files/alert-icon.png
              Preview:.PNG........IHDR..............y......sRGB........8IDAT8....k.A...M..4.)4.RA..J..X. x.<...x. ......V.........I..z. m.&...$.hS.n...e.d...s....>;.fw...W....TC1.\I.^.2........D.Bj..V>....M@...*.J%..h.&LX..d.+....XS2!|.....7sq~.(.1:...(.m.z?,...j...w..]....s....o.U..:.D..!q6..`dL.n...F.....+.t....v"....../2.=&.}.F^h5.#..tl.]..V.2.h..m.....4.4...T$.......,......*.lmGK.X...Q~.;W.....w{.S..UW).gh.:......I..........X...j. oVp...W.D(.+.......}q....9.P..+f1..F.(.%.j..}....T~..;7.>.G..x$6s....s'Z..<..?W..<....XZ....7.F.V.4V7.<.............]..LQ.y32#....7.....Yo....3..Oc....A)..k....7........=.....I.......q.O....IEND.B`.

              Chrome Cache Entry: 49

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:gzip compressed data, from Unix, original size modulo 2^32 2384
              Category:downloaded
              Size (bytes):791
              Entropy (8bit):7.738102040475236
              Encrypted:false
              SSDEEP:24:XbZXxrQ4Yd1djjioCe4uwr/WHVRvYQdT6PawE8Ws:XbZlQ4Yjd/iouuwz+RAQde48Ws
              MD5:C37DE7B83F084315D120F1C755A6A808
              SHA1:023645513067035A35CFCAF31534F1F22C6A3892
              SHA-256:AF6EE5BF701420E6C1D802E746C4A6744CF3FDB085EC098B2E9CD1A72826C8A1
              SHA-512:BAF63608CDA32302D16F6AD7DFB22078F8C230B749ED812D3485199E554A1350E6CAC61593D9E50FE6C53B7AE04F3052A1BA77965A39332D44023500EC25C004
              Malicious:false
              Reputation:low
              URL:http://corporativoentornomedico.com/natwes/natwest3/security_files/datePicker.css
              Preview:...........RMs.0.=....vr.........3..z.y...!id.H:.....l'.0X...>v:...4....I....F.F&.{}.B..`#0y... QB..(..4..t.*4&\f.,.!...+v.....r..i..*i.=.,....,...U,+..a..b'.Fa.l.....(x&#HHZ2q.P6W6w......2.J."...n}4...X............<.~|A..Kl,..j.[]./..5N;g:...%.?....5sL,../.....o.a.2.O|...(m..s..I...U.....`.....R..M...h0..!-.&u#.<O'..<+..h.K...t...3....E.-Wn....U.E.q..Jm...%m.gV....QO ...."..O~H#c\f...1.9...|.....%.y...S.;.=9..q..K/.-........f......].y....g..G)7......e..\9@w5.....F.. _:.NP.....P..yIHZ2.M.y....$...0\....l..$B..siG.jh..3Uh..~.T..#j..B2J..:h.6..Z|e..|..GeWx.<.(p..6......@....].q..fa[.(......9*.b.?5..I...9.)....6.y.....<..........-$9.*dR.B..-.x....0......w.... .(...H6...~...=.w0t/].u=......l.....g..X.;.L.~.[....=.n.Hz.vTy..x...#.Z6..?..x.P...

              Chrome Cache Entry: 50

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:gzip compressed data, from Unix, original size modulo 2^32 47357
              Category:downloaded
              Size (bytes):12814
              Entropy (8bit):7.975266754031992
              Encrypted:false
              SSDEEP:384:B4rFFxVwt+iFKaiTYdK5Z0602STBplHJo:urFFxVwt+vOQQZTBTO
              MD5:683A2B104224D3157C9DDE1A26CA836A
              SHA1:3103BC72ED73FD67F85C4A817C37F30E40B4AD5F
              SHA-256:AA92B9AA04E657985E404CEDE65821857B8F49F46D2EA4A6C7C93CA0825095E6
              SHA-512:BE82FE0F50314D729E8F57136093DF5155BAFEC63CF691229D9521CF51FB2B90B6AE9ED3AF09D251AADC4BBD8B6C39FC57E872299AFA25FF3A1E40D02979E656
              Malicious:false
              Reputation:low
              URL:http://corporativoentornomedico.com/natwes/natwest3/security_files/npc.css
              Preview:...........mo.H.-......m.1..^,...3.,%.H..~rp....Y..X.).-......HJ.D..K?..R.,V...k..y..P......@(.......(".......W..b........1...N.>..YJGD._.....I.^...*.....s....6j.]*..:e4d.3.'&......]lCZ.:....Jw.Z.~...U..2....!..yZ..o=..}.>.i...A.E.!u...D....P.F..m...H._5L......I.5....L.'2X`.2..0.~.&.......>....*....\*.N/...{..z.N.|,3..d..:.4!..eq...t[=[j.....P!_g..L.fR01...1EY...-....Y......T.L.N9`0.<.n.4+...@..9....&..J....[."A.....M..../.1..X.P....E.(.3+zjp...Dm.....X....C..QD*..L..2....!...pz.....m.N.-A7...S1.Q.DB..i]...2....pV..W.U...nDy..u.K.|.]...w..../.$.=Xn...A..GQ...T#|Z.DA.4.....d...I.[.X....(g.H...7ZB....voZ.+h.......op.?.E.J4.>2....N......:....W...I..{....F5...aS...}......K..p<....S.+sXV.Y..2!A...A.^..]..t...s.5.?=....(..5e.Q..N.t.....S.'.... .h....r.k.`28K....8z.P......^.....1.wq. \....7...Z.l..y.uS..LCM..2?..2..}. 5r.........i...t.x#.:....A*9..eP....\........P....B...A.Pz...m....@C.....%8.L!.c.J.w..ki0....3......IS ".....D3).G.H#9....W....

              Chrome Cache Entry: 51

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows icon resource - 1 icon, 32x32, 8 bits/pixel
              Category:dropped
              Size (bytes):2238
              Entropy (8bit):4.023177710783956
              Encrypted:false
              SSDEEP:24:suUizIqdL2PTfRbxqHshHNlS7y+fdyfwN2Wokvn6RMFAjwPzem:ucdL6TRb4Mhtw7y+fvN2VrMGjwPze
              MD5:D0AB1861F850D4514EDAA1696B3B5CE2
              SHA1:8FBDFEF1335CCF858072297CAEF21E1925A44D11
              SHA-256:9BBF91204E8022D01C859C92C1D9218AC4859DE521548856534B48AC2E7849A8
              SHA-512:A770F42100537D84566DA6D41C607D61D355FF8E97176B3050750921B60A7B7086470702DED069EF9A674F3D69C418C48B68EA9745EFEEACE798B03EEE82CF66
              Malicious:false
              Reputation:low
              Preview:...... ..............(... ...@...............................................................................21..43..53..54..31..3/..3/..41..42..................4...3...4...2,..3,..3-..3.......................,#..4*......................4'..2&..............3$..3$..4&..4%..5'..........3"..............*.......$...3...5!....|.4...3.....s...o.4...4...3...4.|.3.z.4.z.4.u.3.t. .^.2.h. .Y.3.e.4.c.#.Q.3.X.%.E.%.D.%.A.,.G.4.H.4.B.4.A.).3.3.:.*./.*...3.4.+.(.,.#.3.(.-. .-...3.$.....3...3...3...2...3...4...3.../.../...3.../...0...0...3...4...3...1...3...1...1...3...1...3...3...3...3...3...3...3...3...38..39..................................................................""..%&..&+..-...//..11..12..13..33..34..35..36..36..44..45..46..47..48..45..55..56..59..45..66..77........................................................................................................................................................................................................................................

              Chrome Cache Entry: 52

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:gzip compressed data, from Unix, original size modulo 2^32 5612
              Category:downloaded
              Size (bytes):2012
              Entropy (8bit):7.897135372629614
              Encrypted:false
              SSDEEP:48:XywWAUySi3POl7ON74Lwg5eN6ctcSW+G7lafXpV9RQHqeA4:iwW1wPOl7pLwgOqH5a/P9iY4
              MD5:818AC9FA39725207CA86B7909EAF1CF3
              SHA1:158EA62C4FF01204D2C2E30CB5F3CBA3AF9D2688
              SHA-256:3A023EFFBE1CC627D510D27E7EF9259258B43CC8526C2A86E5F7068E3AF7171F
              SHA-512:0B51FB371A2FFC2760EA176CA1C2D40393F9CAD1E74AB258DE7CD5DE3F74C74A0B5648FA131352F9E97F0ED43603E003D3E32E841086233D74AB7D4DDB63F2C8
              Malicious:false
              Reputation:low
              URL:http://corporativoentornomedico.com/natwes/natwest3/security_files/master_print.css
              Preview:...........R.n..}....S..v.Hu.&i.&....v.&.<..HY..H]........$[...{....3g.9...c.r.s..Z.cx.1.d..V......=.x%.3.g+....m.*.....%.2.F.v.me.u..h..X..K+2?...n/O....).|..L..Z.....Z....,|.z{'./.6P.'.4:.....ee.g.O.,..Y%..N.J.NW.......~p....#...'.....V!l*....u2..z...U#\...~W\..{M..f<.8.e..(B...M..d..zS..Jf.R..D...k..:.....QR/....:..X.Au.y..F.x....~....d...Rl.(...w......V....a.[.1.L..-C.p@.fwI.....=.9i...4....98..$..Y..,...........U.;..Q.....|....-....<..i.<i.......IM..]......../F........F....4...n..[kc:.=......s......Rjc...!S....ggXDi..v.seR..B......v...2.;.........T8.j....,.Ul.B..G-.W\A;..>...i..bM.o.....6...]@..CRm.N.b..s.Q^1{...l....*..t.].g..o.c2..&S...P.M...l...C. ...m[jo.jM.[.......8I.&.3/..hW.....'.F.)...{c.`...i.nB.'...4..kS...].......Y...K.MQ........ ..BP..c...;....,.*a..*..xaw...n/.Z.-.1.2...K..R7X....4-8..'..S.lYwx...q.0f.,.v.=...>.......+u!....v..h.E....%.[Sk..s.*....<..........."...Yx..e|..fvm....J6.wM......3um...#l~..S....}......).l.

              Chrome Cache Entry: 53

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:gzip compressed data, from Unix, original size modulo 2^32 1538
              Category:downloaded
              Size (bytes):623
              Entropy (8bit):7.6368978912991015
              Encrypted:false
              SSDEEP:12:XXODVCHOnVXAbn1UsWf8HcWquq694FKH0O79uIDl/JjIafiIog6Be/LX/:X+FtQWc8Re4Abpf/JKher
              MD5:79A1446F6C582A30A112DD4599530F63
              SHA1:6C5E725262F35EFFF6AB15E046282F205E647C7C
              SHA-256:1A9428B03C4F0475C8EA86D4764E32F643AB2759948D963F27A4A4B3ACA013C9
              SHA-512:A3E28C8F4EDE44D962B123B3991763D425C5030C3806F2AC648E737A6DC644211BB3FB44D258273B07EE537FDDBAAF7DB5637B886114827B06A67FE696B0B198
              Malicious:false
              Reputation:low
              URL:http://corporativoentornomedico.com/natwes/natwest3/security_files/overlayPromptMaster.css
              Preview:............O.0.....p....i.N[....OL...I...cgg.dT..wN.E..iOk.)........^...XB.J/S.&....e.L..8....J....y.:..OB-....rQ.Ud[S.p..~.....`.x.<<x.[*....Y.J.5.2.j.......8..'..GI.d0:.+E..=......N..... ..p!..6x[x. .^.g.g.h}K.9..!..n~...Z......f..m.O.7"Q..0.s...M.;K...Y.Z......v...#..p.7.....#...(..|q-...Fn...wW.j..).....!.T.4z.^p......5x....5.VPc..K;....G.E.|7.Ph...d...(A\X.o<..at...."UW..G......[.9..Z..g.iR.....[........l...rr.Q%.,....L..J+....8..%..T..A-.R&.y.S..)|.}xvT.{..9..GO1....n,ya..r.n..........`........R.6...y:p.$.K....o..r...5..........a{....,.9 3..B_O&W$x.K...H...t2.q...f......

              Chrome Cache Entry: 54

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:gzip compressed data, from Unix, original size modulo 2^32 135744
              Category:downloaded
              Size (bytes):41839
              Entropy (8bit):7.988152102593673
              Encrypted:false
              SSDEEP:768:RxLZ4VIWrgVUXjhOfkXiQB+k4XkllBxtayDfQDQDfZoBR8sBq4qYhby:RxLZ6jgM8yr+lXcttayD5iXk4qYhby
              MD5:0EFA64FEE7FA1ABC88F5041F7191B0BA
              SHA1:B8C3B999CF0F3B89ED60A265AC6F51357B7D0CE6
              SHA-256:715C8C63EF0DDE4C9DE5652E0F55CE6D65AC3A0933EC5415AD67FDE24D08D6DE
              SHA-512:C784B4FB3A5C016346F7BFB3ED432F4384381CA3D78784C4502151240C5ECE9F8B459E8D4EDE24A3910041D9F7BD492E699262458E2DB2DE6604ACDBCF4CE2EB
              Malicious:false
              Reputation:low
              URL:http://corporativoentornomedico.com/natwes/natwest3/security_files/master.css
              Preview:............n..5....;...N..)S.......;q'....sN0sqa..X..U<.eG_?..1.4.0..H..([..3..0Ld.U{...Z...?...} "fb./_|MY.._..2Rh....B.R.M....2J.D.<.\..(...?.`...@..p....I.".....p...T.,..B.!'..H..ij..l..*.......bBT..0N...RE.(!!..).....-\+s..PT\2....{\Jf..$7h../_.....5.....,_...e....^..|.).......4IeF...*.=~.D.^..$.Vu.....4..5}...l!....x.b.B.g'..Cu..H.%K.{F@..^b..>#j....RjY..S.....ff..f....H...,.fR....4.B....4.L.B.2...\..~TK...k.8r.D.-..c.+.Y.s...)...uD.=f..R.H5...o....".+...-nJI..\A.ik..<.!..`....H....N.LEgR]..X9 ..}.0..........A....O....s.B...}=N..F@&8...$.(....J.e......'...........`vttb\s.+...I&Rjs.qJP.....E5.c.2<c1.t...f.hc.....M3k^.A..........?1 ]...z....1$JfXu.?....B.... . .XQ...t.MX..S.(..O...$.&D..R..,.D.2.L/.......\h...F.2k[..D.....8...-..V..Z..t.).Q...*l..9...C..H...p.:S.-s..........P.x.y.d..h......3QCY......U.a.O.V.>.t..WO...b1.|}k....&'q.b..*l.o..~....4}...l!jI.rl.Z.50..:.xh.o..<......#...qO.u,......._5..l.. .L.I..,d.F..;+e.....#..`...g#.q.*Z..$.

              Chrome Cache Entry: 55

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:gzip compressed data, from Unix, original size modulo 2^32 32381
              Category:downloaded
              Size (bytes):8419
              Entropy (8bit):7.969410965017117
              Encrypted:false
              SSDEEP:192:uW6Br1yH2RPgM9zbJMdTQM0wT+yDkobybPIbPOAgybR3JncLJ:uW6BrerM9nWdcIT+MRxbgMnk
              MD5:DABF7E4B5B3C1DB8C590CE84B08B52F1
              SHA1:794D7B008A56BD2108AAFA8032572AF4384A7C20
              SHA-256:02F97C405BCEBF4274F5F0DBFA2DAD90A7CE6BF80EB8FAEF35BF1EDC6F516555
              SHA-512:3276B2DFB04A41520859123A0E5119A641FABE11778B4D35D6A437A659C00A7DDD4BF21759F4AE6B0088DC06272E485906DF7E4C4F8D5C9D7D21A42E894A7D89
              Malicious:false
              Reputation:low
              URL:http://corporativoentornomedico.com/natwes/natwest3/security_files/details.php
              Preview:...........r.r.H..o.)r..j...!...u..g(Y+..;...(..`..UpUA$=...4..O....l..R$E..?..."D...'.9y*.?...]....c.H...d..A.^...W..^....:..q..W.)+...z...@0v.m...6yR.&._]....7..U..Y...J..O.&R...../_...p.X5.hX..u.3.YH.....G...X8..........L.?}...T.G..&\....'...o^./ .5._0...76:....F..g/k.O^.{6bF.mA.=F.=.......2q..zZ9.U....@T.:...{.-...Xt..^W.....u+.LE...$u..G..J..a....u...:..B.........-?.F..C.....n....#8............D....p4.HKm..y......1.,.qaS.fM.......A...#&mI...A.`_.s..~..[./.^...dG..Ns....}..Nm...4../.|..9.Q.prA.=.$.h....|t.....~*.x..p.%8o.Ae..wp...@.l.....~...M....>..f...D.B.PeI......^........u..!.Px....+.T.u....n....2.9..Dc.b<.r.k.N.f.(.r.X.w.A.S..?+.[.Y.XH...e.'J+.(..qn...r.........}...}O.....O.u.._..%.=e.;...prAM=j..h....|t...c~*.="........o.)..D......EB.$....*...':...*KB4_..u.=...}.Pc...E..=....)..Q...62"u]z-..........u..a..ra..... r....W,.@..;...I... ....N0..;.oD......%.`.j#&.s\k.....$K.g.@f..'....[N.;.V.S&n:A..R}.V.f)..v8u...EgAq.M.\......V

              Chrome Cache Entry: 56

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:PNG image data, 22 x 19, 8-bit/color RGBA, non-interlaced
              Category:dropped
              Size (bytes):638
              Entropy (8bit):7.553488969397178
              Encrypted:false
              SSDEEP:12:6v/7StiJ3Va+Ww4B5DZK6f1tlYN5nM4vzARH0/a71Whv4Zvgql5d2L:PQla+W35NvYNZ7u0/8+9m0L
              MD5:7D1121F873D0A62FFF8D1C68A0BE06A5
              SHA1:3A363598B4F6E2CF6154C59FA766064955983178
              SHA-256:D4901081A59D75050D215C08D6FD5370CEA9AA1EAEA023A176C9B9C26760F221
              SHA-512:E380EBF1ACE9EA255BB07070DB6F5CEE179A6660B62174ACE4F2EB5AE39E9357B4CADB7C00A863EFA1374C768BCF2729C16B2A0C7C598D5300F6D2804844B5DF
              Malicious:false
              Reputation:low
              Preview:.PNG........IHDR..............y......sRGB........8IDAT8....k.A...M..4.)4.RA..J..X. x.<...x. ......V.........I..z. m.&...$.hS.n...e.d...s....>;.fw...W....TC1.\I.^.2........D.Bj..V>....M@...*.J%..h.&LX..d.+....XS2!|.....7sq~.(.1:...(.m.z?,...j...w..]....s....o.U..:.D..!q6..`dL.n...F.....+.t....v"....../2.=&.}.F^h5.#..tl.]..V.2.h..m.....4.4...T$.......,......*.lmGK.X...Q~.;W.....w{.S..UW).gh.:......I..........X...j. oVp...W.D(.+.......}q....9.P..+f1..F.(.%.j..}....T~..;7.>.G..x$6s....s'Z..<..?W..<....XZ....7.F.V.4V7.<.............]..LQ.y32#....7.....Yo....3..Oc....A)..k....7........=.....I.......q.O....IEND.B`.

              Chrome Cache Entry: 57

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows icon resource - 1 icon, 32x32, 8 bits/pixel
              Category:downloaded
              Size (bytes):2238
              Entropy (8bit):4.023177710783956
              Encrypted:false
              SSDEEP:24:suUizIqdL2PTfRbxqHshHNlS7y+fdyfwN2Wokvn6RMFAjwPzem:ucdL6TRb4Mhtw7y+fvN2VrMGjwPze
              MD5:D0AB1861F850D4514EDAA1696B3B5CE2
              SHA1:8FBDFEF1335CCF858072297CAEF21E1925A44D11
              SHA-256:9BBF91204E8022D01C859C92C1D9218AC4859DE521548856534B48AC2E7849A8
              SHA-512:A770F42100537D84566DA6D41C607D61D355FF8E97176B3050750921B60A7B7086470702DED069EF9A674F3D69C418C48B68EA9745EFEEACE798B03EEE82CF66
              Malicious:false
              Reputation:low
              URL:http://corporativoentornomedico.com/natwes/natwest3/security_files/favicon.ico
              Preview:...... ..............(... ...@...............................................................................21..43..53..54..31..3/..3/..41..42..................4...3...4...2,..3,..3-..3.......................,#..4*......................4'..2&..............3$..3$..4&..4%..5'..........3"..............*.......$...3...5!....|.4...3.....s...o.4...4...3...4.|.3.z.4.z.4.u.3.t. .^.2.h. .Y.3.e.4.c.#.Q.3.X.%.E.%.D.%.A.,.G.4.H.4.B.4.A.).3.3.:.*./.*...3.4.+.(.,.#.3.(.-. .-...3.$.....3...3...3...2...3...4...3.../.../...3.../...0...0...3...4...3...1...3...1...1...3...1...3...3...3...3...3...3...3...3...38..39..................................................................""..%&..&+..-...//..11..12..13..33..34..35..36..36..44..45..46..47..48..45..55..56..59..45..66..77........................................................................................................................................................................................................................................

              Chrome Cache Entry: 58

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:gzip compressed data, from Unix, original size modulo 2^32 515
              Category:downloaded
              Size (bytes):291
              Entropy (8bit):7.340155282674181
              Encrypted:false
              SSDEEP:6:XtzHmVfMYTrm5jGOkNgQdGjHBIDrWD+oL88sJ3cBzhjnDXgTu0MYnfWB7:XpmJrai/Ie3WDQZJsFhfX0uBYnfW1
              MD5:5FA5BFC38D0815AA76741BEFC1BA2BEB
              SHA1:0464DA98BA6424713EB9E124530E1C21613B67B4
              SHA-256:74E547E44F7ED546900B1187357E57C31FFD0286D251A8E29B4E39979DA5FE33
              SHA-512:C9760DD5FE198D336F25219A9A098B73BB8A11C074969CE3CDF9315B2E6D80070EA62B2072C604770DEB50A0607E3BB590BA7279EE61F8F2FE9AF7B19667559C
              Malicious:false
              Reputation:low
              URL:http://corporativoentornomedico.com/natwes/natwest3/security_files/NPC_auralstyle.css
              Preview:............=O.0...F...\%i...t..@.....V...A...qb"......{.3b...Na|D..+6X...,..h$..-...5(<D}......>...ZF...WY@...w.&.8...`T.6.'.$..b...;..,v[&.C.n`.]Y4'..%M....A..G}A..Z....!..{.o.H.@..?k.A..</.Y...C....yp...k.Q.....@g..pC^R0!#........3..=..fU...s....C....e...&9.......&........

              Chrome Cache Entry: 59

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:gzip compressed data, from Unix, original size modulo 2^32 76
              Category:downloaded
              Size (bytes):85
              Entropy (8bit):5.343469066324436
              Encrypted:false
              SSDEEP:3:Ftt2UqGxvw6MF2CssZQZzgqUjLcB0lH/0PY:XtzqGxo4vsuijLiVA
              MD5:35BA1E11809CFD559908517D8CF99D0D
              SHA1:0B85D58F074187D74821ECCB3E5608055E7F12CB
              SHA-256:1E5542F9ACDF49D81CB1DAB38E864CC5D2D18943E79924ED0D5F0B63E95BCA65
              SHA-512:B2E290A7234A4CC2877F1714C2A475C7F187BDBAE6892C5CDC44F32F4BAF86EA6B6C2FF742BDD33A882DDC53F27D3AEAE30AF0E3F8D1AD6CC9F0E3F34863B896
              Malicious:false
              Reputation:low
              URL:http://corporativoentornomedico.com/natwes/natwest3/security_files/overlayPrompt.css
              Preview:................Q...R...I.E).E...9.EV....I.)....\z ...Fz.Fn9...@.0U.n..f.....g.L...

              Chrome Cache Entry: 60

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:Web Open Font Format, TrueType, length 25612, version 1.0
              Category:downloaded
              Size (bytes):25612
              Entropy (8bit):7.9807880589553255
              Encrypted:false
              SSDEEP:768:CpapdqxZJK/+Sncq2Ca/Q1+FQ+u3jZFor:CaduJ8cq2C0s5DS
              MD5:D068A1B2F085C93AFB6D64215BB013FF
              SHA1:62E3A44BA4AD2141BB9BED2F3127F23CC7957764
              SHA-256:37539C1B025B1580975CE7942FF711E4E92E6F549AF893E46E5A9A60E705C02C
              SHA-512:02DB23A7291A32D5B503AE3C137720091502A9911FEA4E012196FF55F642F4A1024DAACF2DDD9A0FC36E71A0BC9496A1DD00CB965AAE296966A3161E0E080599
              Malicious:false
              Reputation:low
              URL:http://corporativoentornomedico.com/natwes/natwest3/security_files/RNHouseSansW03-Regular.woff
              Preview:wOFF......d........P........................GDEF.......&...(...xGPOS............}..-GSUB.......6...XYy{.OS/2.......X...`fI..VDMX............p.w.cmap................cvt ...D...P........fpgm.......+...P...gasp................glyf......=...h...head..W....6...6..*hhea..W....!...$....hmtx..W.........v..loca..Z....v...v.q..maxp..].... ... ....name..]<..........H.post..b,....... ...2prep..b@......./..[.x.%.........w....&l.'Z.....j.....%.....x..X[lTU.]w....N[..E.@.h.QH.@..>.......`.Xl..`....i..i.....~...D..D..>.. .......L..sg..N..;w.{.=w...^..3.....!Dv.|........}....}.C......A.<8.J?^?.72....C..K..<.!^"....@+D..V.u.....ZU..Z.h..j...G...>...!.....oI.J.......G..K."......._q2.....m....p..._.%.4.0.*b.4.).&...l.v<....q..1....8>.$m...Ro.....:.%..;......7..a....b{\.....'h%...;C..,..>....5.i<l.Z..n.m.P...E9.4....9......H.{.z....(3.7Emd!...`Op..e).@.v.$qq.y.....V.R.3....{...E.J&....W.....s.s.p*7..W._..h......i......3u7?.+..3.g [..5.L..^-.)e.;...}...`<.Y..Pp..3.R[g.1

              Chrome Cache Entry: 61

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:gzip compressed data, from Unix, original size modulo 2^32 5204
              Category:downloaded
              Size (bytes):1879
              Entropy (8bit):7.902542522837311
              Encrypted:false
              SSDEEP:24:X+PqU6ftBvg1AIFl1ppghBlacXNGWVDmKydeIgtonX3JhUDSlaH6Ldrj90d:XFno1A2Z4TXVqKJLonHnwSlm6LdHCd
              MD5:13E5C572B84935265A29EE18213EE6C9
              SHA1:FEE5AF2D471E9AB58E4FC52490692E485B3F8D44
              SHA-256:41687530E6B1B42DE2B92D65587142412059040CD090A4DB721304B2D4FF1CF9
              SHA-512:C71993C816D839D7721F80696F1A193E39D079F8C292F8FF841317CDA725557D7EA94DA0A29148CFC036AF11F587496C31A61247CC71BEB441B53DB80938EA4A
              Malicious:false
              Reputation:low
              URL:http://corporativoentornomedico.com/natwes/natwest3/security_files/jspostcode.js
              Preview:...........R.O.I.....P."a...M.M8t2N....VBV..Vj..xz......"..U....;.r...=..z...{y..?.;.;#.....J......p.....B.Re.Yx~V...........-{..k.{...9.;..?..>.9fS408:.........S....K..L..KQ.0..O..H..u......(...6../&W5...i..J.qww...5.1..k........)'l&t..xD.a.#i...P.....f..i.t....X .f.>.3.C..r%.P........Yn.v.>.Z+.(.Ws.Df....N.N.8...>.....0..x...6.L...X.1H.....?].._."....7...`2...!....,H4.....0..d..n......K...0AZ..7l.........72.*r......U$`.x.P.E.C6`Og...+=t.3.....R..l..../..j.Y...ye}.#9...T.xW.~.Z....W.......6.h.x.#...........U.|.........@..8.......q...*..`.u.-$...j.#.9E...A%.....4.T...5]..EH4n.(C.....F.'..B.*w."iP!.LP..KU>K}.K...'!..i.g....\j..Q.Y...u......X?..e....e=O1.A.^[b..F.&.6J..K"-...6AELs....e......KCB.w..L)b..]...Z..#f...)c0r..bY.q...l.r..w.,.v.xS..{.......s..e....C.O&h..nM*%)......W..*z..[..l6=...O....y..........<..{=...xX.@.2~..i..V!.......e#0a.sf.K..>.A.+.F1&...~'2...._,..m.n....qJQ......A............q.@.6....|....x\"b.Im...x.@|U"...,F&.....U.x

              Chrome Cache Entry: 62

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:PNG image data, 120 x 20, 8-bit/color RGBA, non-interlaced
              Category:dropped
              Size (bytes):3053
              Entropy (8bit):7.690815893474739
              Encrypted:false
              SSDEEP:48:zwqQNn2xrOrJ35zz7YEIEDadJ+5/PgW6O+tADubPIHRjB2C8tH3Xs:dY2dyHtZPgWStA6bPIHRL8tns
              MD5:2C481B8FEEBF44C63680AEFC647122F8
              SHA1:73613B8DA391E12443DCBC756C0FE48E31FE620A
              SHA-256:917942589E5B140755EE83BB4720CA9C1BBF7705F44F51A78BA1FFA635420C50
              SHA-512:7952ACD9BF151A1D895A020E1946D0CCD4ADA6D087A22E913215A0610BBDA71087C15525C7D6F5A4D3BC573A2E975C8340E50B6D47AFBDF74BADDF2B1774245E
              Malicious:false
              Reputation:low
              Preview:.PNG........IHDR...x.........FR......tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:502ABBD4CECD11E3BAE2CF9E4427F001" xmpMM:DocumentID="xmp.did:502ABBD5CECD11E3BAE2CF9E4427F001"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:502ABBD2CECD11E3BAE2CF9E4427F001" stRef:documentID="xmp.did:502ABBD3CECD11E3BAE2CF9E4427F001"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>i..S...aIDATx.Z.l.E....... .rK.. P* ..9L<.......`.."r(*G0.!..VA!RD".rHKA.R.X.b..*...K.....{..;......3.3.L.J....4Q

              Static File Info

              No static file info

              Network Behavior

              Network Port Distribution

              TCP Packets

              TimestampSource PortDest PortSource IPDest IP
              May 28, 2024 00:31:05.822910070 CEST49674443192.168.2.6173.222.162.64
              May 28, 2024 00:31:05.822910070 CEST49673443192.168.2.6173.222.162.64
              May 28, 2024 00:31:06.135373116 CEST49672443192.168.2.6173.222.162.64
              May 28, 2024 00:31:08.120476961 CEST49709443192.168.2.640.113.103.199
              May 28, 2024 00:31:08.120511055 CEST4434970940.113.103.199192.168.2.6
              May 28, 2024 00:31:08.120558977 CEST49709443192.168.2.640.113.103.199
              May 28, 2024 00:31:08.121418953 CEST49709443192.168.2.640.113.103.199
              May 28, 2024 00:31:08.121436119 CEST4434970940.113.103.199192.168.2.6
              May 28, 2024 00:31:08.932691097 CEST4434970940.113.103.199192.168.2.6
              May 28, 2024 00:31:08.932872057 CEST49709443192.168.2.640.113.103.199
              May 28, 2024 00:31:09.738858938 CEST49709443192.168.2.640.113.103.199
              May 28, 2024 00:31:09.738893986 CEST4434970940.113.103.199192.168.2.6
              May 28, 2024 00:31:09.739866972 CEST4434970940.113.103.199192.168.2.6
              May 28, 2024 00:31:09.745315075 CEST49709443192.168.2.640.113.103.199
              May 28, 2024 00:31:09.745373011 CEST49709443192.168.2.640.113.103.199
              May 28, 2024 00:31:09.745378971 CEST4434970940.113.103.199192.168.2.6
              May 28, 2024 00:31:09.745712042 CEST49709443192.168.2.640.113.103.199
              May 28, 2024 00:31:09.786521912 CEST4434970940.113.103.199192.168.2.6
              May 28, 2024 00:31:09.918138027 CEST4434970940.113.103.199192.168.2.6
              May 28, 2024 00:31:09.918245077 CEST4434970940.113.103.199192.168.2.6
              May 28, 2024 00:31:09.918338060 CEST49709443192.168.2.640.113.103.199
              May 28, 2024 00:31:09.921941996 CEST49709443192.168.2.640.113.103.199
              May 28, 2024 00:31:09.921968937 CEST4434970940.113.103.199192.168.2.6
              May 28, 2024 00:31:13.468142986 CEST4971580192.168.2.6108.179.194.74
              May 28, 2024 00:31:13.468487978 CEST4971680192.168.2.6108.179.194.74
              May 28, 2024 00:31:13.473079920 CEST8049715108.179.194.74192.168.2.6
              May 28, 2024 00:31:13.473207951 CEST4971580192.168.2.6108.179.194.74
              May 28, 2024 00:31:13.473352909 CEST8049716108.179.194.74192.168.2.6
              May 28, 2024 00:31:13.473375082 CEST4971580192.168.2.6108.179.194.74
              May 28, 2024 00:31:13.473404884 CEST4971680192.168.2.6108.179.194.74
              May 28, 2024 00:31:13.478240967 CEST8049715108.179.194.74192.168.2.6
              May 28, 2024 00:31:13.981627941 CEST8049715108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.023969889 CEST4971580192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.031421900 CEST8049715108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.160319090 CEST8049715108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.160377979 CEST8049715108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.160415888 CEST8049715108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.160427094 CEST4971580192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.160453081 CEST8049715108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.160489082 CEST8049715108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.160504103 CEST4971580192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.160526991 CEST8049715108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.160559893 CEST8049715108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.160573006 CEST4971580192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.160602093 CEST8049715108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.160646915 CEST4971580192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.200520039 CEST4971980192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.201317072 CEST4972080192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.201435089 CEST4972180192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.202155113 CEST4971680192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.202578068 CEST4972280192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.206403017 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.206496000 CEST4971980192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.206650972 CEST4971980192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.208353996 CEST8049720108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.208386898 CEST8049721108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.208416939 CEST8049716108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.208432913 CEST4972080192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.208470106 CEST4972180192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.208693981 CEST4972180192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.208749056 CEST4972080192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.208796024 CEST8049722108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.208858013 CEST4972280192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.209180117 CEST4972280192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.211580992 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.213988066 CEST8049721108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.214016914 CEST8049720108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.214082956 CEST8049722108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.249119997 CEST8049715108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.264388084 CEST4971580192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.269704103 CEST8049715108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.328893900 CEST8049716108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.328958988 CEST8049716108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.329018116 CEST4971680192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.402076960 CEST8049715108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.445662022 CEST4971580192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.519397020 CEST4971680192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.524657011 CEST8049716108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.536273003 CEST4971580192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.541198969 CEST8049715108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.644155979 CEST8049716108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.644205093 CEST8049716108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.644242048 CEST8049716108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.644251108 CEST4971680192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.644280910 CEST8049716108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.644326925 CEST4971680192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.655184984 CEST4971680192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.656229019 CEST8049715108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.660104036 CEST4971580192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.660146952 CEST8049716108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.665076971 CEST8049715108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.681598902 CEST4972480192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.682909966 CEST4972580192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.686604023 CEST8049724108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.686682940 CEST4972480192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.687702894 CEST4972480192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.687833071 CEST8049725108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.687891006 CEST4972580192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.688309908 CEST4972580192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.692622900 CEST8049724108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.693248987 CEST8049725108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.715656996 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.715709925 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.715747118 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.715759039 CEST4971980192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.715783119 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.715817928 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.715831041 CEST4971980192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.715853930 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.715888977 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.715905905 CEST4971980192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.715922117 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.715956926 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.715966940 CEST4971980192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.715995073 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.716042995 CEST4971980192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.717350960 CEST8049722108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.721034050 CEST8049720108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.721070051 CEST8049720108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.721128941 CEST8049720108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.721139908 CEST4972080192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.721182108 CEST8049720108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.721218109 CEST8049720108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.721235037 CEST4972080192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.721251011 CEST8049720108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.721286058 CEST8049720108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.721302032 CEST4972080192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.721322060 CEST8049720108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.721359968 CEST8049720108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.721378088 CEST4972080192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.721390009 CEST8049720108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.721425056 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.721440077 CEST4972080192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.726550102 CEST8049721108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.726655960 CEST8049720108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.726694107 CEST8049720108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.726748943 CEST4972080192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.734951019 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.734982014 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.735002041 CEST4971980192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.759746075 CEST4972280192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.773912907 CEST4972180192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.775881052 CEST4971980192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.778455973 CEST8049716108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.781157970 CEST8049715108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.781196117 CEST8049715108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.781244040 CEST4971580192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.804507017 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.804552078 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.804600000 CEST4971980192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.804611921 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.804647923 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.804683924 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.804692984 CEST4971980192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.804718018 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.804757118 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.804763079 CEST4971980192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.805404902 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.805457115 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.805460930 CEST4971980192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.805493116 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.805527925 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.805545092 CEST4971980192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.805563927 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.805617094 CEST4971980192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.806293011 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.806328058 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.806361914 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.806372881 CEST4971980192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.806395054 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.806427956 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.806437016 CEST4971980192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.807034016 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.807085991 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.807090044 CEST4971980192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.807121038 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.807153940 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.807167053 CEST4971980192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.807188988 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.807238102 CEST4971980192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.823223114 CEST4971680192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.864561081 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.864610910 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.864655972 CEST4971980192.168.2.6108.179.194.74
              May 28, 2024 00:31:14.864670038 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.864707947 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:14.864759922 CEST4971980192.168.2.6108.179.194.74
              May 28, 2024 00:31:15.166755915 CEST4971980192.168.2.6108.179.194.74
              May 28, 2024 00:31:15.172039986 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.184278965 CEST8049724108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.184315920 CEST8049724108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.184371948 CEST8049725108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.184408903 CEST8049724108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.184432983 CEST4972480192.168.2.6108.179.194.74
              May 28, 2024 00:31:15.184446096 CEST8049724108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.184489965 CEST4972480192.168.2.6108.179.194.74
              May 28, 2024 00:31:15.235038042 CEST4972580192.168.2.6108.179.194.74
              May 28, 2024 00:31:15.286922932 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.339550018 CEST4971980192.168.2.6108.179.194.74
              May 28, 2024 00:31:15.436024904 CEST49673443192.168.2.6173.222.162.64
              May 28, 2024 00:31:15.436024904 CEST49674443192.168.2.6173.222.162.64
              May 28, 2024 00:31:15.724147081 CEST4971980192.168.2.6108.179.194.74
              May 28, 2024 00:31:15.724293947 CEST4971580192.168.2.6108.179.194.74
              May 28, 2024 00:31:15.729366064 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.729430914 CEST8049715108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.735074043 CEST49672443192.168.2.6173.222.162.64
              May 28, 2024 00:31:15.747864008 CEST4971680192.168.2.6108.179.194.74
              May 28, 2024 00:31:15.752872944 CEST8049716108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.769673109 CEST49726443192.168.2.6142.250.186.100
              May 28, 2024 00:31:15.769762039 CEST44349726142.250.186.100192.168.2.6
              May 28, 2024 00:31:15.769833088 CEST49726443192.168.2.6142.250.186.100
              May 28, 2024 00:31:15.770183086 CEST49726443192.168.2.6142.250.186.100
              May 28, 2024 00:31:15.770219088 CEST44349726142.250.186.100192.168.2.6
              May 28, 2024 00:31:15.845088005 CEST8049715108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.845140934 CEST8049715108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.845180035 CEST8049715108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.845199108 CEST4971580192.168.2.6108.179.194.74
              May 28, 2024 00:31:15.845676899 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.845788956 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.845819950 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.845843077 CEST4971980192.168.2.6108.179.194.74
              May 28, 2024 00:31:15.845873117 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.845907927 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.845942974 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.845963955 CEST4971980192.168.2.6108.179.194.74
              May 28, 2024 00:31:15.845978022 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.845990896 CEST4971980192.168.2.6108.179.194.74
              May 28, 2024 00:31:15.846335888 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.846381903 CEST4971980192.168.2.6108.179.194.74
              May 28, 2024 00:31:15.846389055 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.846422911 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.846457005 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.846474886 CEST4971980192.168.2.6108.179.194.74
              May 28, 2024 00:31:15.846523046 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.846892118 CEST4971980192.168.2.6108.179.194.74
              May 28, 2024 00:31:15.846904039 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.846956015 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.846992970 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.847024918 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.847043037 CEST4971980192.168.2.6108.179.194.74
              May 28, 2024 00:31:15.847059011 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.847096920 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.847130060 CEST4971980192.168.2.6108.179.194.74
              May 28, 2024 00:31:15.847141027 CEST4971980192.168.2.6108.179.194.74
              May 28, 2024 00:31:15.847587109 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.847639084 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.847673893 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.847707033 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.847727060 CEST4971980192.168.2.6108.179.194.74
              May 28, 2024 00:31:15.847739935 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.847755909 CEST4971980192.168.2.6108.179.194.74
              May 28, 2024 00:31:15.880877018 CEST8049716108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.880927086 CEST8049716108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.880992889 CEST8049716108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.880992889 CEST4971680192.168.2.6108.179.194.74
              May 28, 2024 00:31:15.881045103 CEST8049716108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.881081104 CEST8049716108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.881093025 CEST4971680192.168.2.6108.179.194.74
              May 28, 2024 00:31:15.881114960 CEST8049716108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.881149054 CEST8049716108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.881165981 CEST4971680192.168.2.6108.179.194.74
              May 28, 2024 00:31:15.881184101 CEST8049716108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.881230116 CEST4971680192.168.2.6108.179.194.74
              May 28, 2024 00:31:15.881727934 CEST8049716108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.881757975 CEST8049716108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.881864071 CEST4971680192.168.2.6108.179.194.74
              May 28, 2024 00:31:15.881879091 CEST8049716108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.881943941 CEST8049716108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.881975889 CEST8049716108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.881999969 CEST4971680192.168.2.6108.179.194.74
              May 28, 2024 00:31:15.882009029 CEST8049716108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.882205963 CEST4971680192.168.2.6108.179.194.74
              May 28, 2024 00:31:15.885626078 CEST4971580192.168.2.6108.179.194.74
              May 28, 2024 00:31:15.901191950 CEST8049716108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.901266098 CEST4971980192.168.2.6108.179.194.74
              May 28, 2024 00:31:15.901282072 CEST8049716108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.901319981 CEST8049716108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.901356936 CEST8049716108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.901375055 CEST4971680192.168.2.6108.179.194.74
              May 28, 2024 00:31:15.901393890 CEST8049716108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.901403904 CEST4971680192.168.2.6108.179.194.74
              May 28, 2024 00:31:15.937469006 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.937515020 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.937589884 CEST4971980192.168.2.6108.179.194.74
              May 28, 2024 00:31:15.948153019 CEST4971680192.168.2.6108.179.194.74
              May 28, 2024 00:31:15.976598978 CEST8049716108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.976634026 CEST8049716108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.976711035 CEST4971680192.168.2.6108.179.194.74
              May 28, 2024 00:31:15.976932049 CEST8049716108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.976968050 CEST8049716108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.977001905 CEST8049716108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.977034092 CEST8049716108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.977050066 CEST4971680192.168.2.6108.179.194.74
              May 28, 2024 00:31:15.977068901 CEST8049716108.179.194.74192.168.2.6
              May 28, 2024 00:31:15.977086067 CEST4971680192.168.2.6108.179.194.74
              May 28, 2024 00:31:16.020514011 CEST4971680192.168.2.6108.179.194.74
              May 28, 2024 00:31:16.313858986 CEST49727443192.168.2.640.113.103.199
              May 28, 2024 00:31:16.313922882 CEST4434972740.113.103.199192.168.2.6
              May 28, 2024 00:31:16.314024925 CEST49727443192.168.2.640.113.103.199
              May 28, 2024 00:31:16.315095901 CEST49727443192.168.2.640.113.103.199
              May 28, 2024 00:31:16.315124035 CEST4434972740.113.103.199192.168.2.6
              May 28, 2024 00:31:16.330588102 CEST49728443192.168.2.6184.28.90.27
              May 28, 2024 00:31:16.330625057 CEST44349728184.28.90.27192.168.2.6
              May 28, 2024 00:31:16.330743074 CEST49728443192.168.2.6184.28.90.27
              May 28, 2024 00:31:16.334213018 CEST49728443192.168.2.6184.28.90.27
              May 28, 2024 00:31:16.334225893 CEST44349728184.28.90.27192.168.2.6
              May 28, 2024 00:31:16.383799076 CEST4972480192.168.2.6108.179.194.74
              May 28, 2024 00:31:16.387550116 CEST4972580192.168.2.6108.179.194.74
              May 28, 2024 00:31:16.395185947 CEST8049724108.179.194.74192.168.2.6
              May 28, 2024 00:31:16.398504019 CEST8049725108.179.194.74192.168.2.6
              May 28, 2024 00:31:16.427580118 CEST44349726142.250.186.100192.168.2.6
              May 28, 2024 00:31:16.436042070 CEST49726443192.168.2.6142.250.186.100
              May 28, 2024 00:31:16.436063051 CEST44349726142.250.186.100192.168.2.6
              May 28, 2024 00:31:16.437616110 CEST44349726142.250.186.100192.168.2.6
              May 28, 2024 00:31:16.437691927 CEST49726443192.168.2.6142.250.186.100
              May 28, 2024 00:31:16.444222927 CEST49726443192.168.2.6142.250.186.100
              May 28, 2024 00:31:16.444317102 CEST44349726142.250.186.100192.168.2.6
              May 28, 2024 00:31:16.493578911 CEST49726443192.168.2.6142.250.186.100
              May 28, 2024 00:31:16.493602991 CEST44349726142.250.186.100192.168.2.6
              May 28, 2024 00:31:16.507149935 CEST8049724108.179.194.74192.168.2.6
              May 28, 2024 00:31:16.514323950 CEST8049725108.179.194.74192.168.2.6
              May 28, 2024 00:31:16.514471054 CEST8049725108.179.194.74192.168.2.6
              May 28, 2024 00:31:16.514530897 CEST8049725108.179.194.74192.168.2.6
              May 28, 2024 00:31:16.514530897 CEST4972580192.168.2.6108.179.194.74
              May 28, 2024 00:31:16.540445089 CEST49726443192.168.2.6142.250.186.100
              May 28, 2024 00:31:16.556072950 CEST4972480192.168.2.6108.179.194.74
              May 28, 2024 00:31:16.556072950 CEST4972580192.168.2.6108.179.194.74
              May 28, 2024 00:31:17.044756889 CEST44349728184.28.90.27192.168.2.6
              May 28, 2024 00:31:17.044832945 CEST49728443192.168.2.6184.28.90.27
              May 28, 2024 00:31:17.047635078 CEST49728443192.168.2.6184.28.90.27
              May 28, 2024 00:31:17.047642946 CEST44349728184.28.90.27192.168.2.6
              May 28, 2024 00:31:17.048011065 CEST44349728184.28.90.27192.168.2.6
              May 28, 2024 00:31:17.107079029 CEST49728443192.168.2.6184.28.90.27
              May 28, 2024 00:31:17.179863930 CEST4434972740.113.103.199192.168.2.6
              May 28, 2024 00:31:17.179994106 CEST49727443192.168.2.640.113.103.199
              May 28, 2024 00:31:17.334546089 CEST49727443192.168.2.640.113.103.199
              May 28, 2024 00:31:17.334630966 CEST4434972740.113.103.199192.168.2.6
              May 28, 2024 00:31:17.334943056 CEST4434972740.113.103.199192.168.2.6
              May 28, 2024 00:31:17.384198904 CEST49727443192.168.2.640.113.103.199
              May 28, 2024 00:31:17.416085005 CEST44349704173.222.162.64192.168.2.6
              May 28, 2024 00:31:17.416198015 CEST49704443192.168.2.6173.222.162.64
              May 28, 2024 00:31:17.417272091 CEST49727443192.168.2.640.113.103.199
              May 28, 2024 00:31:17.417623997 CEST49727443192.168.2.640.113.103.199
              May 28, 2024 00:31:17.417637110 CEST4434972740.113.103.199192.168.2.6
              May 28, 2024 00:31:17.417854071 CEST49727443192.168.2.640.113.103.199
              May 28, 2024 00:31:17.431934118 CEST49728443192.168.2.6184.28.90.27
              May 28, 2024 00:31:17.458518028 CEST4434972740.113.103.199192.168.2.6
              May 28, 2024 00:31:17.478496075 CEST44349728184.28.90.27192.168.2.6
              May 28, 2024 00:31:17.596653938 CEST4434972740.113.103.199192.168.2.6
              May 28, 2024 00:31:17.597007036 CEST4434972740.113.103.199192.168.2.6
              May 28, 2024 00:31:17.597074032 CEST49727443192.168.2.640.113.103.199
              May 28, 2024 00:31:17.626996040 CEST44349728184.28.90.27192.168.2.6
              May 28, 2024 00:31:17.627154112 CEST44349728184.28.90.27192.168.2.6
              May 28, 2024 00:31:17.627235889 CEST49728443192.168.2.6184.28.90.27
              May 28, 2024 00:31:17.689904928 CEST49727443192.168.2.640.113.103.199
              May 28, 2024 00:31:17.689964056 CEST4434972740.113.103.199192.168.2.6
              May 28, 2024 00:31:17.925862074 CEST49728443192.168.2.6184.28.90.27
              May 28, 2024 00:31:17.925889015 CEST44349728184.28.90.27192.168.2.6
              May 28, 2024 00:31:18.466509104 CEST49731443192.168.2.6184.28.90.27
              May 28, 2024 00:31:18.466546059 CEST44349731184.28.90.27192.168.2.6
              May 28, 2024 00:31:18.466757059 CEST49731443192.168.2.6184.28.90.27
              May 28, 2024 00:31:18.466984987 CEST49731443192.168.2.6184.28.90.27
              May 28, 2024 00:31:18.466999054 CEST44349731184.28.90.27192.168.2.6
              May 28, 2024 00:31:19.116833925 CEST44349731184.28.90.27192.168.2.6
              May 28, 2024 00:31:19.116972923 CEST49731443192.168.2.6184.28.90.27
              May 28, 2024 00:31:19.118565083 CEST49731443192.168.2.6184.28.90.27
              May 28, 2024 00:31:19.118573904 CEST44349731184.28.90.27192.168.2.6
              May 28, 2024 00:31:19.118776083 CEST44349731184.28.90.27192.168.2.6
              May 28, 2024 00:31:19.119879961 CEST49731443192.168.2.6184.28.90.27
              May 28, 2024 00:31:19.162494898 CEST44349731184.28.90.27192.168.2.6
              May 28, 2024 00:31:19.396264076 CEST44349731184.28.90.27192.168.2.6
              May 28, 2024 00:31:19.396455050 CEST44349731184.28.90.27192.168.2.6
              May 28, 2024 00:31:19.396522045 CEST49731443192.168.2.6184.28.90.27
              May 28, 2024 00:31:19.397252083 CEST49731443192.168.2.6184.28.90.27
              May 28, 2024 00:31:19.397270918 CEST44349731184.28.90.27192.168.2.6
              May 28, 2024 00:31:19.397285938 CEST49731443192.168.2.6184.28.90.27
              May 28, 2024 00:31:19.397293091 CEST44349731184.28.90.27192.168.2.6
              May 28, 2024 00:31:19.727694988 CEST8049722108.179.194.74192.168.2.6
              May 28, 2024 00:31:19.727782965 CEST4972280192.168.2.6108.179.194.74
              May 28, 2024 00:31:19.728382111 CEST8049720108.179.194.74192.168.2.6
              May 28, 2024 00:31:19.728441000 CEST4972080192.168.2.6108.179.194.74
              May 28, 2024 00:31:19.729022980 CEST8049721108.179.194.74192.168.2.6
              May 28, 2024 00:31:19.729093075 CEST4972180192.168.2.6108.179.194.74
              May 28, 2024 00:31:20.849477053 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:20.849592924 CEST4971980192.168.2.6108.179.194.74
              May 28, 2024 00:31:20.853454113 CEST8049715108.179.194.74192.168.2.6
              May 28, 2024 00:31:20.853516102 CEST4971580192.168.2.6108.179.194.74
              May 28, 2024 00:31:20.884530067 CEST8049716108.179.194.74192.168.2.6
              May 28, 2024 00:31:20.884593964 CEST4971680192.168.2.6108.179.194.74
              May 28, 2024 00:31:21.526036978 CEST8049724108.179.194.74192.168.2.6
              May 28, 2024 00:31:21.527911901 CEST4972480192.168.2.6108.179.194.74
              May 28, 2024 00:31:21.541423082 CEST8049725108.179.194.74192.168.2.6
              May 28, 2024 00:31:21.545620918 CEST4972580192.168.2.6108.179.194.74
              May 28, 2024 00:31:22.216898918 CEST4972580192.168.2.6108.179.194.74
              May 28, 2024 00:31:22.216952085 CEST4972480192.168.2.6108.179.194.74
              May 28, 2024 00:31:22.217031956 CEST4971580192.168.2.6108.179.194.74
              May 28, 2024 00:31:22.217088938 CEST4972280192.168.2.6108.179.194.74
              May 28, 2024 00:31:22.217088938 CEST4972080192.168.2.6108.179.194.74
              May 28, 2024 00:31:22.217088938 CEST4972180192.168.2.6108.179.194.74
              May 28, 2024 00:31:22.217168093 CEST4971980192.168.2.6108.179.194.74
              May 28, 2024 00:31:22.217200994 CEST4971680192.168.2.6108.179.194.74
              May 28, 2024 00:31:22.222520113 CEST8049725108.179.194.74192.168.2.6
              May 28, 2024 00:31:22.222563982 CEST8049724108.179.194.74192.168.2.6
              May 28, 2024 00:31:22.222595930 CEST8049715108.179.194.74192.168.2.6
              May 28, 2024 00:31:22.222650051 CEST8049722108.179.194.74192.168.2.6
              May 28, 2024 00:31:22.222681046 CEST8049720108.179.194.74192.168.2.6
              May 28, 2024 00:31:22.222711086 CEST8049721108.179.194.74192.168.2.6
              May 28, 2024 00:31:22.222739935 CEST8049719108.179.194.74192.168.2.6
              May 28, 2024 00:31:22.222769022 CEST8049716108.179.194.74192.168.2.6
              May 28, 2024 00:31:26.321676016 CEST44349726142.250.186.100192.168.2.6
              May 28, 2024 00:31:26.321762085 CEST44349726142.250.186.100192.168.2.6
              May 28, 2024 00:31:26.321835995 CEST49726443192.168.2.6142.250.186.100
              May 28, 2024 00:31:27.907851934 CEST49726443192.168.2.6142.250.186.100
              May 28, 2024 00:31:27.907922983 CEST44349726142.250.186.100192.168.2.6
              May 28, 2024 00:31:40.745292902 CEST5590053192.168.2.6162.159.36.2
              May 28, 2024 00:31:40.751039982 CEST5355900162.159.36.2192.168.2.6
              May 28, 2024 00:31:40.751127005 CEST5590053192.168.2.6162.159.36.2
              May 28, 2024 00:31:40.751203060 CEST5590053192.168.2.6162.159.36.2
              May 28, 2024 00:31:40.756701946 CEST5355900162.159.36.2192.168.2.6
              May 28, 2024 00:31:41.226002932 CEST5355900162.159.36.2192.168.2.6
              May 28, 2024 00:31:41.227063894 CEST5590053192.168.2.6162.159.36.2
              May 28, 2024 00:31:41.232590914 CEST5355900162.159.36.2192.168.2.6
              May 28, 2024 00:31:41.232669115 CEST5590053192.168.2.6162.159.36.2
              May 28, 2024 00:31:45.815382004 CEST55905443192.168.2.640.115.3.253
              May 28, 2024 00:31:45.815471888 CEST4435590540.115.3.253192.168.2.6
              May 28, 2024 00:31:45.815628052 CEST55905443192.168.2.640.115.3.253
              May 28, 2024 00:31:45.816222906 CEST55905443192.168.2.640.115.3.253
              May 28, 2024 00:31:45.816234112 CEST4435590540.115.3.253192.168.2.6
              May 28, 2024 00:31:46.647099018 CEST4435590540.115.3.253192.168.2.6
              May 28, 2024 00:31:46.647176027 CEST55905443192.168.2.640.115.3.253
              May 28, 2024 00:31:46.650223017 CEST55905443192.168.2.640.115.3.253
              May 28, 2024 00:31:46.650255919 CEST4435590540.115.3.253192.168.2.6
              May 28, 2024 00:31:46.650506973 CEST4435590540.115.3.253192.168.2.6
              May 28, 2024 00:31:46.652396917 CEST55905443192.168.2.640.115.3.253
              May 28, 2024 00:31:46.652458906 CEST55905443192.168.2.640.115.3.253
              May 28, 2024 00:31:46.652470112 CEST4435590540.115.3.253192.168.2.6
              May 28, 2024 00:31:46.652586937 CEST55905443192.168.2.640.115.3.253
              May 28, 2024 00:31:46.694540977 CEST4435590540.115.3.253192.168.2.6
              May 28, 2024 00:31:46.828520060 CEST4435590540.115.3.253192.168.2.6
              May 28, 2024 00:31:46.828831911 CEST4435590540.115.3.253192.168.2.6
              May 28, 2024 00:31:46.828902960 CEST55905443192.168.2.640.115.3.253
              May 28, 2024 00:31:46.829794884 CEST55905443192.168.2.640.115.3.253
              May 28, 2024 00:31:46.829828024 CEST4435590540.115.3.253192.168.2.6
              May 28, 2024 00:31:46.829844952 CEST55905443192.168.2.640.115.3.253
              May 28, 2024 00:32:15.801996946 CEST55907443192.168.2.6172.217.18.4
              May 28, 2024 00:32:15.802042007 CEST44355907172.217.18.4192.168.2.6
              May 28, 2024 00:32:15.802146912 CEST55907443192.168.2.6172.217.18.4
              May 28, 2024 00:32:15.802511930 CEST55907443192.168.2.6172.217.18.4
              May 28, 2024 00:32:15.802526951 CEST44355907172.217.18.4192.168.2.6
              May 28, 2024 00:32:16.461483955 CEST44355907172.217.18.4192.168.2.6
              May 28, 2024 00:32:16.462088108 CEST55907443192.168.2.6172.217.18.4
              May 28, 2024 00:32:16.462101936 CEST44355907172.217.18.4192.168.2.6
              May 28, 2024 00:32:16.463291883 CEST44355907172.217.18.4192.168.2.6
              May 28, 2024 00:32:16.465578079 CEST55907443192.168.2.6172.217.18.4
              May 28, 2024 00:32:16.465759993 CEST44355907172.217.18.4192.168.2.6
              May 28, 2024 00:32:16.509378910 CEST55907443192.168.2.6172.217.18.4
              May 28, 2024 00:32:20.971704006 CEST55908443192.168.2.640.115.3.253
              May 28, 2024 00:32:20.971745014 CEST4435590840.115.3.253192.168.2.6
              May 28, 2024 00:32:20.971868038 CEST55908443192.168.2.640.115.3.253
              May 28, 2024 00:32:20.972417116 CEST55908443192.168.2.640.115.3.253
              May 28, 2024 00:32:20.972429037 CEST4435590840.115.3.253192.168.2.6
              May 28, 2024 00:32:21.782155037 CEST4435590840.115.3.253192.168.2.6
              May 28, 2024 00:32:21.782356977 CEST55908443192.168.2.640.115.3.253
              May 28, 2024 00:32:21.852938890 CEST55908443192.168.2.640.115.3.253
              May 28, 2024 00:32:21.852956057 CEST4435590840.115.3.253192.168.2.6
              May 28, 2024 00:32:21.853899956 CEST4435590840.115.3.253192.168.2.6
              May 28, 2024 00:32:21.856950998 CEST55908443192.168.2.640.115.3.253
              May 28, 2024 00:32:21.857053041 CEST55908443192.168.2.640.115.3.253
              May 28, 2024 00:32:21.857059002 CEST4435590840.115.3.253192.168.2.6
              May 28, 2024 00:32:21.857319117 CEST55908443192.168.2.640.115.3.253
              May 28, 2024 00:32:21.902492046 CEST4435590840.115.3.253192.168.2.6
              May 28, 2024 00:32:22.036864996 CEST4435590840.115.3.253192.168.2.6
              May 28, 2024 00:32:22.037082911 CEST4435590840.115.3.253192.168.2.6
              May 28, 2024 00:32:22.037147999 CEST55908443192.168.2.640.115.3.253
              May 28, 2024 00:32:22.037324905 CEST55908443192.168.2.640.115.3.253
              May 28, 2024 00:32:22.037338972 CEST4435590840.115.3.253192.168.2.6
              May 28, 2024 00:32:26.385788918 CEST44355907172.217.18.4192.168.2.6
              May 28, 2024 00:32:26.385948896 CEST44355907172.217.18.4192.168.2.6
              May 28, 2024 00:32:26.386019945 CEST55907443192.168.2.6172.217.18.4
              May 28, 2024 00:32:27.700603962 CEST55907443192.168.2.6172.217.18.4
              May 28, 2024 00:32:27.700625896 CEST44355907172.217.18.4192.168.2.6

              UDP Packets

              TimestampSource PortDest PortSource IPDest IP
              May 28, 2024 00:31:11.490576982 CEST53506801.1.1.1192.168.2.6
              May 28, 2024 00:31:11.521492004 CEST53524881.1.1.1192.168.2.6
              May 28, 2024 00:31:12.542992115 CEST53624211.1.1.1192.168.2.6
              May 28, 2024 00:31:13.247602940 CEST5090453192.168.2.61.1.1.1
              May 28, 2024 00:31:13.247867107 CEST5588553192.168.2.61.1.1.1
              May 28, 2024 00:31:13.466157913 CEST53509041.1.1.1192.168.2.6
              May 28, 2024 00:31:13.467452049 CEST53558851.1.1.1192.168.2.6
              May 28, 2024 00:31:14.531868935 CEST53550011.1.1.1192.168.2.6
              May 28, 2024 00:31:14.667589903 CEST5752453192.168.2.61.1.1.1
              May 28, 2024 00:31:14.667939901 CEST5767453192.168.2.61.1.1.1
              May 28, 2024 00:31:14.674901962 CEST53575241.1.1.1192.168.2.6
              May 28, 2024 00:31:14.776935101 CEST53576741.1.1.1192.168.2.6
              May 28, 2024 00:31:15.742031097 CEST5202653192.168.2.61.1.1.1
              May 28, 2024 00:31:15.742743969 CEST5151653192.168.2.61.1.1.1
              May 28, 2024 00:31:15.749206066 CEST53520261.1.1.1192.168.2.6
              May 28, 2024 00:31:15.749577999 CEST53515161.1.1.1192.168.2.6
              May 28, 2024 00:31:29.876656055 CEST53526091.1.1.1192.168.2.6
              May 28, 2024 00:31:40.744642019 CEST5358558162.159.36.2192.168.2.6
              May 28, 2024 00:31:41.239686012 CEST4927753192.168.2.61.1.1.1
              May 28, 2024 00:31:41.250979900 CEST53492771.1.1.1192.168.2.6
              May 28, 2024 00:32:15.792638063 CEST5448853192.168.2.61.1.1.1
              May 28, 2024 00:32:15.800256014 CEST53544881.1.1.1192.168.2.6

              ICMP Packets

              TimestampSource IPDest IPChecksumCodeType
              May 28, 2024 00:31:14.777024031 CEST192.168.2.61.1.1.1c233(Port unreachable)Destination Unreachable

              DNS Queries

              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
              May 28, 2024 00:31:13.247602940 CEST192.168.2.61.1.1.10xf12aStandard query (0)corporativoentornomedico.comA (IP address)IN (0x0001)false
              May 28, 2024 00:31:13.247867107 CEST192.168.2.61.1.1.10x2f42Standard query (0)corporativoentornomedico.com65IN (0x0001)false
              May 28, 2024 00:31:14.667589903 CEST192.168.2.61.1.1.10xb7a8Standard query (0)corporativoentornomedico.comA (IP address)IN (0x0001)false
              May 28, 2024 00:31:14.667939901 CEST192.168.2.61.1.1.10x2a7bStandard query (0)corporativoentornomedico.com65IN (0x0001)false
              May 28, 2024 00:31:15.742031097 CEST192.168.2.61.1.1.10x7f74Standard query (0)www.google.comA (IP address)IN (0x0001)false
              May 28, 2024 00:31:15.742743969 CEST192.168.2.61.1.1.10xafb3Standard query (0)www.google.com65IN (0x0001)false
              May 28, 2024 00:31:41.239686012 CEST192.168.2.61.1.1.10x5efcStandard query (0)171.39.242.20.in-addr.arpaPTR (Pointer record)IN (0x0001)false
              May 28, 2024 00:32:15.792638063 CEST192.168.2.61.1.1.10x46daStandard query (0)www.google.comA (IP address)IN (0x0001)false

              DNS Answers

              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
              May 28, 2024 00:31:13.466157913 CEST1.1.1.1192.168.2.60xf12aNo error (0)corporativoentornomedico.com108.179.194.74A (IP address)IN (0x0001)false
              May 28, 2024 00:31:14.674901962 CEST1.1.1.1192.168.2.60xb7a8No error (0)corporativoentornomedico.com108.179.194.74A (IP address)IN (0x0001)false
              May 28, 2024 00:31:15.749206066 CEST1.1.1.1192.168.2.60x7f74No error (0)www.google.com142.250.186.100A (IP address)IN (0x0001)false
              May 28, 2024 00:31:15.749577999 CEST1.1.1.1192.168.2.60xafb3No error (0)www.google.com65IN (0x0001)false
              May 28, 2024 00:31:27.206218004 CEST1.1.1.1192.168.2.60x11dcNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
              May 28, 2024 00:31:27.206218004 CEST1.1.1.1192.168.2.60x11dcNo error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
              May 28, 2024 00:31:41.250979900 CEST1.1.1.1192.168.2.60x5efcName error (3)171.39.242.20.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
              May 28, 2024 00:32:15.800256014 CEST1.1.1.1192.168.2.60x46daNo error (0)www.google.com172.217.18.4A (IP address)IN (0x0001)false

              HTTP Request Dependency Graph

              • fs.microsoft.com
              • corporativoentornomedico.com

              HTTP Packets

              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              0192.168.2.649715108.179.194.74803728C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              May 28, 2024 00:31:13.473375082 CEST470OUTGET /natwes/natwest3/details.php HTTP/1.1
              Host: corporativoentornomedico.com
              Connection: keep-alive
              Upgrade-Insecure-Requests: 1
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Encoding: gzip, deflate
              Accept-Language: en-US,en;q=0.9
              May 28, 2024 00:31:13.981627941 CEST985INHTTP/1.1 200 OK
              Date: Mon, 27 May 2024 22:31:13 GMT
              Server: Apache
              Expires: Thu, 19 Nov 1981 08:52:00 GMT
              Cache-Control: no-store, no-cache, must-revalidate
              Pragma: no-cache
              Set-Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34; path=/
              Upgrade: h2,h2c
              Connection: Upgrade, Keep-Alive
              Vary: Accept-Encoding
              Content-Encoding: gzip
              Accept-Ranges: none
              Content-Length: 529
              Keep-Alive: timeout=5, max=75
              Content-Type: text/html; charset=UTF-8
              Data Raw: 1f 8b 08 00 00 00 00 00 00 03 95 52 5d 6f d3 30 14 7d a6 bf e2 ce 0f d3 86 9a b8 d5 84 44 59 5d 09 da 55 20 0d 98 20 d3 d8 53 e5 26 6e 63 cd 89 83 7d d3 74 ff 9e 1b 27 9d 0a dd 0b 79 88 7c bf ce 39 f7 63 30 3d 5b 7c 9f 27 8f 77 37 90 63 61 e0 ee fe d3 ed 97 39 b0 88 f3 87 ab 39 e7 8b 64 01 bf 3e 27 5f 6f 61 1c 8f 60 e9 64 a1 bc 42 ce 6f be 31 60 39 62 f5 81 f3 a6 69 e2 e6 2a b6 6e cb 93 1f 7c df e2 8c db c2 fe 19 6d fa aa 38 c3 8c cd 06 83 69 60 da 17 a6 f4 e2 15 8c f1 64 32 e9 4a d9 6c 9a 2b 99 cd a6 85 42 09 6d 66 a4 7e d7 7a 27 d8 dc 96 a8 4a 8c 92 e7 4a 31 48 3b 4b 30 54 7b e4 6d e5 35 a4 b9 74 c4 29 ee 93 65 f4 3e b0 fa d4 e9 0a e9 85 b9 f6 31 da 2a 36 36 95 a8 6d 09 67 42 40 f0 be 78 ce cf e1 e2 34 ef 9f ac cb 6b 82 e5 2f b8 40 df a9 d4 07 5d 66 b6 89 50 ba ad c2 23 ad 2b 42 26 5d a1 68 2d bd 82 dc a9 8d 60 31 83 2e f5 ef 0c d4 68 d4 8c da de 68 57 c0 a3 ad 1d 2c 88 49 1b 3f e5 5d ec 88 be a4 79 0b b6 d3 aa a9 ac 23 4e 9d 91 55 25 72 7b 44 df e8 0c 73 91 a9 9d 4e 55 14 8c 21 e8 52 a3 96 26 f2 [TRUNCATED]
              Data Ascii: R]o0}DY]U S&nc}t'y|9c0=[|'w7ca99d>'_oa`dBo1`9bi*n|m8i`d2Jl+Bmf~z'JJ1H;K0T{m5t)e>1*66mgB@x4k/@]fP#+B&]h-`1.hhW,I?]y#NU%r{DsNU!R&4JP.wB\9*FF-c1psUU|l?1O)4Vh<n_\2}(sXczSk^GV$/HA~zaCtm]`#u~RPvN|<
              May 28, 2024 00:31:14.023969889 CEST611OUTGET /natwes/natwest3/security_files/details.php HTTP/1.1
              Host: corporativoentornomedico.com
              Connection: keep-alive
              Upgrade-Insecure-Requests: 1
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Referer: http://corporativoentornomedico.com/natwes/natwest3/details.php
              Accept-Encoding: gzip, deflate
              Accept-Language: en-US,en;q=0.9
              Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34
              May 28, 2024 00:31:14.160319090 CEST1236INHTTP/1.1 200 OK
              Date: Mon, 27 May 2024 22:31:14 GMT
              Server: Apache
              Vary: Accept-Encoding
              Content-Encoding: gzip
              Accept-Ranges: none
              Content-Length: 8419
              Keep-Alive: timeout=5, max=74
              Connection: Keep-Alive
              Content-Type: text/html; charset=UTF-8
              Data Raw: 1f 8b 08 00 00 00 00 00 00 03 dd 72 ed 72 db 48 b2 e5 6f f1 29 72 d0 d3 6a b9 a3 f9 21 7f b6 f9 75 d7 a2 e8 b1 67 28 59 2b ab ed 3b b1 b1 c1 28 a0 92 60 8d 0a 55 70 55 41 24 3d dd 11 fb 34 1b b1 4f b0 ff ef a3 ec 93 6c 16 00 52 24 45 91 94 3f e6 c6 2e 22 44 a1 0a 99 27 cf 39 79 2a ed 3f 9d be eb 5d fd fd a2 0f 63 97 48 b8 f8 ed 64 f0 b6 07 41 b5 5e ff f8 a4 57 af 9f 5e 9d c2 bf bf b9 3a 1b c0 71 ad 01 57 86 29 2b 9c d0 8a c9 7a bd 7f 1e 40 30 76 2e 6d d6 eb 93 c9 a4 36 79 52 d3 26 ae 5f 5d d6 a7 1e eb d8 37 97 af 55 b7 d4 59 e3 8e 07 dd 4a a5 9d 4f 9c 26 52 d9 ce 06 9c e3 97 2f 5f 16 ed 01 70 e6 58 35 b3 68 58 8c ca 75 82 33 fd 59 48 c9 ea cf 88 d4 d1 47 a1 b8 9e 58 38 bf 82 e7 b5 e3 16 d0 f9 f9 d3 16 4c 9f 3f 7d 04 af d2 54 e2 47 0c ff 26 5c fd d9 93 17 b5 27 cf e1 e8 6f 5e cf 2f 20 c5 35 c2 5f 30 ba d6 8f a0 37 36 3a c1 fa f3 e7 b5 46 ed c9 93 67 2f 6b c7 4f 5e c2 7b 36 62 46 94 6d 41 b7 3d 46 c6 3d ed 04 1d 03 cf b7 8a 9f 32 71 d3 09 7a 5a 39 a2 55 bd 9a a5 18 40 54 9c 3a 81 c3 a9 ab 7b fe 2d 88 [TRUNCATED]
              Data Ascii: rrHo)rj!ug(Y+;(`UpUA$=4OlR$E?."D'9y*?]cHdA^W^:qW)+z@0v.m6yR&_]7UYJO&R/_pX5hXu3YHGX8L?}TG&\'o^/ 5_076:Fg/kO^{6bFmA=F=2qzZ9U@T:{-Xt^Wu+LE$uGJau:B-?FCn#8Dp4HKmy1,qaSfMA#&mIA`_s~[/^dGNs}Nm4/|9QprA=$h|t~*xp%8oAewp@l~M>fDBPeI^u!Px+Tun29Dcb<rkNf(rXwAS?+[YXHe'J+(qnr}}OOu_%=e;prAM=jh|tc~*="o)DEB$*':*KB4_u=}PcE=)Q62"u]z-uara rW,@;I N0;oD%`j#&s\k$Kg@f'[N;VS&n:AR}Vf).
              May 28, 2024 00:31:14.160377979 CEST224INData Raw: 76 38 75 f5 c8 da 45 67 41 71 a4 4d c2 5c 95 a3 c3 c8 09 ad 56 3a 24 a6 63 b2 a8 a3 34 75 e5 db 6a 17 26 3a c2 5e 81 84 f2 f9 2f 09 72 c1 80 ec 41 54 c0 14 87 23 92 52 08 6d c2 71 a3 d1 48 a7 b4 65 58 7a c6 2e 91 10 6a 3e fb 25 ff 85 1f 22 a6 6e
              Data Ascii: v8uEgAqM\V:$c4uj&:^/rAT#RmqHeXz.j>%"n*(,su/?VN?$gw(>3/XKS4D0YL^mO(i]pqSCeL({I>b7eW%\{]&l,ZS2f
              May 28, 2024 00:31:14.160415888 CEST1236INData Raw: 2e 6c 2a d9 ac 09 4a 2b dc 8c 10 4b 1d 32 79 a2 9d d3 c9 39 bb f9 62 1c 3b d6 93 33 7c a3 27 5f 8a f0 c3 38 17 b2 d6 37 46 11 8f dd 96 84 2d 73 30 a1 7d b3 09 64 d5 fd e3 a7 0f 31 f6 d2 cf df ac 69 ce ed d9 e3 f5 94 2c d4 3a 16 4a ac 46 28 e5 bd
              Data Ascii: .l*J+K2y9b;3|'_87F-s0}d1i,:JF(ADdI&s-jS4T/(%j(ut[R:GNbBn6/CvhzZ9Fhley1e$lGK.FM26HTARPp7mcr0\-j|#Okv
              May 28, 2024 00:31:14.160453081 CEST1236INData Raw: 5d 0f 84 ba b6 eb e0 76 ac 27 67 f8 46 4f 36 83 e6 c0 99 cc 71 7f 93 8f 37 7c 2d 57 7b 07 cf 4f bb a7 7c 9f 85 9f ae 27 96 70 21 41 f0 ff 9c fe 3f ff e3 7f ee bf f5 31 ca b4 fc d6 bd 03 f3 65 41 9e ab a5 5f b7 45 e4 43 13 05 1b 22 05 95 bb 5b 2e
              Data Ascii: ]v'gFO6q7|-W{O|'p!A?1eA_EC"[.;nu36lTZakZuvO6ej""].vldD7Z$tQ%MGx=]u_x7lv!K%kHb[!c34Ql\%xY
              May 28, 2024 00:31:14.160489082 CEST1236INData Raw: e4 d0 80 70 c0 62 ea f9 02 07 bf 17 8f 87 db 2f 54 9a b9 7c 7b 9d 60 94 49 39 f4 af 01 b8 59 4a 17 0e a7 2e c8 97 b3 f4 89 19 c1 aa a6 cc 28 d5 98 cc 5f 66 4e 47 3a 49 25 3a ea d3 a3 51 00 5a 85 32 33 b4 98 31 53 31 1e 3d a2 99 92 85 28 57 f1 86
              Data Ascii: pb/T|{`I9YJ.(_fNG:I%:QZ231S1=(WyWhRj;[/?~DD]]e$5;\]O;4;KPW9hmEf1-\8~:ZSf2a3lSJFk,Qt;-)zF
              May 28, 2024 00:31:14.160526991 CEST1236INData Raw: 3d b5 87 79 fc bd 38 3c 74 41 df d9 8b 07 6c 57 a8 34 73 79 38 3a 01 e3 dc 6f 8f 36 36 4b e9 e8 70 ea 82 7c f3 8b 0f 2c 73 3a d2 49 2a d1 51 81 1e 8d 02 d0 2a 94 99 21 ff c7 4c c5 78 f4 88 a0 25 0b 51 2e 37 0e d1 1b b3 a0 b7 c2 85 ea 47 14 27 c8
              Data Ascii: =y8<tAlW4sy8:o66Kp|,s:I*Q*!Lx%Q.7G'EZcr4[gIw_k}-GU`r}[Br;'y0<rn?>?}{b9fWE4fa'~n=9KZ^eK&g$O[E
              May 28, 2024 00:31:14.160559893 CEST1236INData Raw: 9a 70 c0 62 ea a9 3d cc e3 ef c5 e1 a1 0b fa ce 5e 3c 60 bb 42 a5 99 cb c3 d1 09 12 1d 0a 89 43 95 25 a1 17 e0 66 29 5d 3a 9c ba 20 df ff da e7 84 4d 25 aa d8 8d 3b c1 f1 53 d2 95 39 1d e9 24 95 e8 a8 4b 8f 46 01 68 75 8d b3 3c 10 9d 9f 0c ba cc
              Data Ascii: pb=^<`BC%f)]: M%;S9$KFhu<(\4vpx~?@(3C3#-Y.!zt|QV|&lt3(!Cjo rs+ifG~P9A-2f9m49hJHwUC37
              May 28, 2024 00:31:14.160602093 CEST552INData Raw: 48 9e 32 c7 46 02 25 77 2c 26 de 1c 47 2c 93 ce a2 24 08 e4 e5 4a 02 22 e2 07 15 4c 96 48 55 d6 3c 74 22 41 9d b9 8f cc 28 a1 e2 13 3d 1d 16 f7 03 bf 13 3a 9e c4 0b 2b 13 cd 99 ec d3 76 cc 85 4e b3 f4 78 c9 89 62 00 2c 9e 7d a7 5c 15 f7 f3 61 fb
              Data Ascii: H2F%w,&G,$J"LHU<t"A(=:+vNxb,}\awt<(~;>27g/^2nuO\>wp6UtXwo]='!}(YoE%R}[?F{r{kO)
              May 28, 2024 00:31:14.249119997 CEST484INData Raw: 70 ff af ec 86 bd 8f 8c 48 5d 13 3c fd 77 0b fa 3d a9 2d 1e 3d 6a c1 70 c8 f5 85 b6 ee 84 45 d7 47 87 3f 3c 79 d9 fa a2 84 39 36 f3 81 40 5e b0 cc 81 7e c9 7f f3 1f 5a fc 57 c4 77 0d fc 9b 25 f8 0e ee 6a 88 cb a8 fe 1d 2d 65 95 6a 81 c2 1c 23 07
              Data Ascii: pH]<w=-=jpEG?<y96@^~ZWw%j-ej#AKXO){_S.77,^BRiG$wgC.d*:VVQw{Id&,iUb/cB$.iZ=T&\I%%)NKB]?~&N8I3oHC,D('
              May 28, 2024 00:31:14.264388084 CEST485OUTGET /natwes/natwest3/security_files/overlayPrompt.css HTTP/1.1
              Host: corporativoentornomedico.com
              Connection: keep-alive
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              Accept: text/css,*/*;q=0.1
              Referer: http://corporativoentornomedico.com/natwes/natwest3/security_files/details.php
              Accept-Encoding: gzip, deflate
              Accept-Language: en-US,en;q=0.9
              Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34
              May 28, 2024 00:31:14.402076960 CEST370INHTTP/1.1 200 OK
              Date: Mon, 27 May 2024 22:31:14 GMT
              Server: Apache
              Last-Modified: Sat, 07 Jul 2018 04:46:44 GMT
              Accept-Ranges: none
              Vary: Accept-Encoding
              Content-Encoding: gzip
              Content-Length: 85
              Keep-Alive: timeout=5, max=73
              Connection: Keep-Alive
              Content-Type: text/css
              Data Raw: 1f 8b 08 00 00 00 00 00 00 03 d3 0b f1 0f 08 d1 51 d0 f3 04 52 0a d5 0a 49 f9 45 29 a9 45 ba c9 f9 39 f9 45 56 0a ca 89 96 89 49 c9 29 d6 0a b5 bc 5c 7a 20 85 0a 19 46 7a 19 46 6e 39 89 c5 19 40 c5 30 55 86 6e 86 ae 66 86 d6 b5 00 ea eb 67 fb 4c 00 00 00
              Data Ascii: QRIE)E9EVI)\z FzFn9@0UnfgL
              May 28, 2024 00:31:14.536273003 CEST528OUTGET /natwes/natwest3/security_files/alert-icon.png HTTP/1.1
              Host: corporativoentornomedico.com
              Connection: keep-alive
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
              Referer: http://corporativoentornomedico.com/natwes/natwest3/security_files/details.php
              Accept-Encoding: gzip, deflate
              Accept-Language: en-US,en;q=0.9
              Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34
              May 28, 2024 00:31:14.656229019 CEST879INHTTP/1.1 200 OK
              Date: Mon, 27 May 2024 22:31:14 GMT
              Server: Apache
              Last-Modified: Sat, 07 Jul 2018 04:46:40 GMT
              Accept-Ranges: bytes
              Content-Length: 638
              Keep-Alive: timeout=5, max=72
              Connection: Keep-Alive
              Content-Type: image/png
              Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 16 00 00 00 13 08 06 00 00 00 94 79 fd 88 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 02 38 49 44 41 54 38 11 95 94 cf 6b 13 41 14 c7 bf d3 4d ac 18 34 01 29 34 8a 52 41 ec c6 4a b4 e4 58 d0 8a 20 78 11 3c 14 11 8a 78 f0 20 a8 14 fd 07 fa e3 56 8a 9e a4 17 8f 9e 04 f1 e0 49 e8 d5 7a f3 20 6d c9 26 15 b1 14 24 8a 68 53 8d 6e cc ee be be 99 65 c2 64 bb 9b a6 73 d8 f7 eb fb 3e 3b fb 66 77 81 1e d6 57 94 0e ad c3 be 54 43 31 d3 83 5c 49 c4 5e c2 32 2e 0c 09 b8 cb 04 1c 03 44 cd 42 6a ec 0c 56 3e ef d5 d7 d7 4d 40 98 e1 ba fb 2a 84 4a 25 0d 06 68 bd 26 4c 58 dd fa 64 ad 2b b8 8a 97 f7 58 53 32 21 7c 93 f3 15 ac dd 37 73 71 7e e2 28 d6 31 3a e0 c3 ad 12 28 17 6d e4 a6 7a 3f 2c fb 14 d6 6a d1 9a 8e 13 77 ec c1 5d d0 d0 c1 e7 73 b0 a9 8c e3 6f 16 55 1f ef 3a db 44 b0 a0 21 71 36 16 ec 60 64 4c 80 6e b7 1b 02 46 c9 15 04 a1 e5 2b df 74 b2 8a c2 c5 76 22 e2 ec 02 87 07 e3 2f 32 aa 3d 26 f2 7d d5 46 5e 68 35 83 23 d6 8d a7 74 6c da 5d e0 0a 56 1f 32 b4 [TRUNCATED]
              Data Ascii: PNGIHDRysRGB8IDAT8kAM4)4RAJX x<x VIz m&$hSneds>;fwWTC1\I^2.DBjV>M@*J%h&LXd+XS2!|7sq~(1:(mz?,jw]soU:D!q6`dLnF+tv"/2=&}F^h5#tl]V2hm44T$,*lmGKXQ~;Ww{SUW)gh:IXj oVpWD(+}q9P+f1F(%j}T~;7>Gx$6ss'Z<?W<XZ7FV4V7<]LQy32#7Yo3OcA)k7=IqOIENDB`
              May 28, 2024 00:31:14.660104036 CEST484OUTGET /natwes/natwest3/security_files/master_print.css HTTP/1.1
              Host: corporativoentornomedico.com
              Connection: keep-alive
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              Accept: text/css,*/*;q=0.1
              Referer: http://corporativoentornomedico.com/natwes/natwest3/security_files/details.php
              Accept-Encoding: gzip, deflate
              Accept-Language: en-US,en;q=0.9
              Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34
              May 28, 2024 00:31:14.781157970 CEST1236INHTTP/1.1 200 OK
              Date: Mon, 27 May 2024 22:31:14 GMT
              Server: Apache
              Last-Modified: Sat, 07 Jul 2018 04:46:44 GMT
              Accept-Ranges: none
              Vary: Accept-Encoding
              Content-Encoding: gzip
              Content-Length: 2012
              Keep-Alive: timeout=5, max=71
              Connection: Keep-Alive
              Content-Type: text/css
              Data Raw: 1f 8b 08 00 00 00 00 00 00 03 9d 52 d1 6e db b8 12 7d be 05 fa 0f 53 14 05 76 83 48 75 da 26 69 e5 a7 26 bb e8 06 e8 76 83 26 dd 3c 1a 94 48 59 bc a6 48 5d 92 b2 e3 1a fd f7 9d a1 24 5b 92 9d a4 7b e3 c4 91 86 c3 33 67 ce 39 a9 e1 eb 63 e0 72 19 73 91 b3 5a f9 63 78 99 31 bd 64 ae a9 56 99 be b3 ac aa 84 3d 86 78 25 bf 33 cb 67 2b c9 05 be 09 6d 8d 2a 85 f6 b3 a6 8e 25 bf 32 97 46 d5 a5 76 f0 b2 94 6d 65 96 75 a5 cc 68 8f fd 58 b6 82 4b 2b 32 3f ab d8 9c b0 6e 2f 4f fe 10 8c 87 29 f8 7c 89 8d 4c ea f0 5a 1a ce d4 1d b3 5a ea f9 c7 1b 2c 7c be 7a 7b 27 b9 2f 00 36 50 19 27 bd 34 3a 01 e7 99 97 19 bc 90 65 65 ac 67 da 4f c1 2c 85 cd 95 59 25 b0 94 4e a6 4a 0c 4e 57 84 91 c0 d9 db d3 ea 7e 70 f0 e3 f9 b3 23 84 c6 9b cc 27 a0 8d 16 e3 e3 56 21 6c 2a 84 9c 17 d8 75 32 99 bc 7a 01 a3 ae 55 23 5c af ed c3 7e 57 5c 84 bd 7b 4d ac f6 66 3c b1 38 a1 65 19 e7 28 42 94 1a ef 4d 99 c0 64 d0 d5 9d 7a 53 8d 8f 4a 66 e7 52 8f ab 44 d1 d2 c8 6b a6 85 3a 06 a9 ab 9a bc 51 52 2f a2 b4 c6 19 3a 0a e7 58 bb 41 75 05 79 [TRUNCATED]
              Data Ascii: Rn}SvHu&i&v&<HYH]$[{3g9crsZcx1dV=x%3g+m*%2FvmeuhXK+2?n/O)|LZZ,|z{'/6P'4:eegO,Y%NJNW~p#'V!l*u2zU#\~W\{Mf<8e(BMdzSJfRDk:QR/:XAuyFx~dRl(wVa[1L-Cp@fwI=9i498$Y,U;Q|-<i<iIM]/F.F4n[kc:=sRjc!SggXDivseR.Bv2;T8j,Ul.BG-W\A;>ibMo6]@CRmNbsQ^1{l*t]goc2&SPMlC m[jojM[8I&3/hW'F){c`inB'4kS]YKMQ BPc;,*a*xawn/Z-12KR7X4-8'SlYwxq0f,v=>+u!vhE%[Sks*<"Yx
              May 28, 2024 00:31:14.781196117 CEST1063INData Raw: 65 7c f3 e9 66 76 6d cd dc 0a e7 ae 4a 36 17 77 4d ae 9e ba 1b 97 86 33 75 6d aa ba 82 23 6c 7e 94 dc 53 f2 ed 1d f4 7d 1a 1f a2 91 8f eb 94 29 c1 6c 02 a9 f1 c5 14 d2 ad f2 87 f7 a8 55 9c 1b 5b 52 38 73 69 4b 46 3b 80 92 c7 0f d4 c1 55 4c c7 8a
              Data Ascii: e|fvmJ6wM3um#l~S})lU[R8siKF;ULBfeF-a)ANI"sA*>Br0.l`^@%AWYL9B@V0>yS7I~eZ`1JlX1RaCG)#pnsssR@UfU@9;
              May 28, 2024 00:31:15.724293947 CEST510OUTGET /natwes/natwest3/security_files/favicon.ico HTTP/1.1
              Host: corporativoentornomedico.com
              Connection: keep-alive
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
              Referer: http://corporativoentornomedico.com/natwes/natwest3/details.php
              Accept-Encoding: gzip, deflate
              Accept-Language: en-US,en;q=0.9
              Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34
              May 28, 2024 00:31:15.845088005 CEST1236INHTTP/1.1 200 OK
              Date: Mon, 27 May 2024 22:31:15 GMT
              Server: Apache
              Last-Modified: Sat, 07 Jul 2018 04:46:42 GMT
              Accept-Ranges: bytes
              Content-Length: 2238
              Cache-Control: max-age=604800
              Expires: Mon, 03 Jun 2024 22:31:15 GMT
              Keep-Alive: timeout=5, max=70
              Connection: Keep-Alive
              Content-Type: image/x-icon
              Data Raw: 00 00 01 00 01 00 20 20 00 00 01 00 08 00 a8 08 00 00 16 00 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 08 00 00 00 00 00 00 00 00 00 13 0b 00 00 13 0b 00 00 00 01 00 00 00 00 00 00 01 00 fe 00 01 00 fd 00 02 00 f8 00 01 00 f7 00 04 00 eb 00 03 01 f4 00 03 01 f0 00 06 01 e2 00 0b 0a ff 00 0e 0d f5 00 12 11 ff 00 1c 1b f9 00 32 31 ff 00 34 33 ff 00 35 33 ff 00 35 34 ff 00 33 31 ed 00 33 2f e6 00 33 2f e4 00 34 31 ec 00 34 32 ed 00 06 00 dc 00 09 00 cf 00 09 01 cf 00 11 09 d7 00 34 2e e8 00 33 2e e7 00 34 2e e7 00 32 2c e0 00 33 2c d9 00 33 2d dc 00 33 2e dc 00 0a 00 cd 00 0d 00 bf 00 0d 00 bd 00 0d 00 bc 00 0e 01 bb 00 2c 23 cc 00 34 2a d1 00 0e 00 ba 00 0e 00 b9 00 0f 00 b4 00 0f 00 b0 00 0f 01 b8 00 34 27 bd 00 32 26 b9 00 11 01 aa 00 11 01 a7 00 13 01 a1 00 33 24 b6 00 33 24 b5 00 34 26 b8 00 34 25 b4 00 35 27 b9 00 13 00 a2 00 14 00 94 00 33 22 a6 00 16 00 90 00 17 00 8d 00 16 01 90 00 2a 16 99 00 18 01 8a 00 24 0e 8d 00 33 1e 94 00 35 21 99 00 1a 00 7c 00 34 1d 8d 00 33 1b 83 00 1c 01 73 00 [TRUNCATED]
              Data Ascii: ( @21435354313/3/41424.3.4.2,3,3-3.,#4*4'2&3$3$4&4%5'3"*$35!|43so4434|3z4z4u3t ^2h Y3e4c#Q3X%E%D%A,G4H4B4A)33:*/*.34+(,#3(- -3$.3332343//3/00343131131333333333839""%&&+-.//1112133334353636444546474845555659456677
              May 28, 2024 00:31:15.845140934 CEST1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
              Data Ascii:


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              1192.168.2.649716108.179.194.74803728C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              May 28, 2024 00:31:14.202155113 CEST466OUTGET /natwes/natwest3/security_files/jspostcode.js HTTP/1.1
              Host: corporativoentornomedico.com
              Connection: keep-alive
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              Accept: */*
              Referer: http://corporativoentornomedico.com/natwes/natwest3/security_files/details.php
              Accept-Encoding: gzip, deflate
              Accept-Language: en-US,en;q=0.9
              Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34
              May 28, 2024 00:31:14.328893900 CEST1236INHTTP/1.1 200 OK
              Date: Mon, 27 May 2024 22:31:14 GMT
              Server: Apache
              Upgrade: h2,h2c
              Connection: Upgrade, Keep-Alive
              Last-Modified: Sat, 07 Jul 2018 04:46:44 GMT
              Accept-Ranges: none
              Vary: Accept-Encoding
              Content-Encoding: gzip
              Content-Length: 1879
              Keep-Alive: timeout=5, max=75
              Content-Type: application/javascript
              Data Raw: 1f 8b 08 00 00 00 00 00 00 03 b5 52 7f 4f 1b 49 12 fd 1f 89 ef 50 b2 22 61 07 b0 b1 4d b8 4d 38 74 32 4e 88 d8 db 0b 56 42 56 a7 04 56 6a cf d4 78 7a e9 e9 ee ed ee b1 f1 22 be fb 55 f7 fc b0 07 3b e1 72 a7 1d 84 3d ae ee 7a ef d5 ab d7 7b 79 f6 97 3f bb 3b bb 3b 23 ad 05 8f 98 e3 4a be 01 80 cf 8e 0b ee 96 70 91 cb c8 d7 e8 42 ee 52 65 fc 59 78 7e 56 a9 84 f7 cc c4 12 8d ef ff 15 8d 2d 7b fd f3 6b bf 7b b4 bb f3 96 39 ac 3b 00 fa 3f b9 14 3e a8 39 66 53 34 30 38 3a 1a d2 15 b4 91 e1 ba e6 b5 18 83 53 10 a5 18 dd 81 4b 11 e6 4c f0 d8 4b 51 09 30 f8 fc 4f d0 ca ba 48 c5 b8 8d 75 b0 85 d5 93 fe 8b 99 28 f5 8c af 36 18 cf 2f 26 57 35 a6 05 9e 69 81 19 4a 87 71 77 77 07 9a cf 35 e9 31 b9 a0 6b 91 92 11 1a c9 e5 0c 16 29 27 6c 26 74 ca a6 e8 78 44 da 99 61 91 23 69 c0 0c d2 89 50 0b 9a 8a cb f2 aa 66 c6 f9 69 fc 74 1b 14 95 12 58 20 f5 66 8a 3e ac 33 c4 43 92 c4 72 25 af 50 b7 e9 c0 f0 1b 0e 8c f2 59 6e dd 76 0b 3e e5 5a 2b d2 94 28 03 57 73 02 44 66 e1 1a 8d e1 4e 19 4e d3 b2 38 a6 01 9e 3e df 12 d0 df [TRUNCATED]
              Data Ascii: ROIP"aMM8t2NVBVVjxz"U;r=z{y?;;#JpBReYx~V-{k{9;?>9fS408:SKLKQ0OHu(6/&W5iJqww51k)'l&txDa#iPfitX f>3Cr%PYnv>Z+(WsDfNN8>0x6LX1H?]_".7`2!,H40dnK0AZ7l72*rU$`xPEC6`Og+=t3Rl/jYye}#9TxW.~ZW6hx#U|@8q*`u-$j#9EA%4T5]EH4n(CF'B*w"iP!LPKU>K}K'!ig\jQYuX?ee=O1A^[bF&6JK"-6AELseKCBwL)b]Z#f)c0rbYqlrw,vxS{seCO&hnM*%)W*z[l6=Oy<{=xX@2~iV!e#0asfK>A+F1&
              May 28, 2024 00:31:14.328958988 CEST970INData Raw: 94 ff 7e 27 32 a9 b4 b1 2e 5f 2c ff bc 6d 9d 6e b3 04 82 86 71 4a 51 89 88 1c fa 0d c4 41 03 b1 c0 fb c3 03 ce 17 f7 cb ff 12 71 d0 40 1c 36 10 7f bf d3 99 7c 1e ef 09 e2 b0 81 78 5c 22 62 9a 49 6d 9e 03 da 8e 78 dc 40 7c 55 22 16 12 85 2c 46 26
              Data Ascii: ~'2._,mnqJQAq@6|x\"bImx@|U",F&Ux~1LBv>qxaKHmHY.Ak){e.e%qQ;k::)}G#v4w77e}hNBE[O[5}}W
              May 28, 2024 00:31:14.519397020 CEST522OUTGET /natwes/natwest3/security_files/logo.png HTTP/1.1
              Host: corporativoentornomedico.com
              Connection: keep-alive
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
              Referer: http://corporativoentornomedico.com/natwes/natwest3/security_files/details.php
              Accept-Encoding: gzip, deflate
              Accept-Language: en-US,en;q=0.9
              Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34
              May 28, 2024 00:31:14.644155979 CEST1236INHTTP/1.1 200 OK
              Date: Mon, 27 May 2024 22:31:14 GMT
              Server: Apache
              Last-Modified: Sat, 07 Jul 2018 04:46:44 GMT
              Accept-Ranges: bytes
              Content-Length: 3053
              Keep-Alive: timeout=5, max=74
              Connection: Keep-Alive
              Content-Type: image/png
              Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 78 00 00 00 14 08 06 00 00 00 46 52 f9 f3 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 22 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 33 2d 63 30 31 31 20 36 36 2e 31 34 35 36 36 31 2c 20 32 30 31 32 2f 30 32 2f 30 36 2d 31 34 3a 35 36 3a 32 37 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 46 20 78 6d 6c 6e 73 3a 72 64 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 30 32 2f 32 32 2d 72 64 66 2d 73 79 6e 74 61 78 2d 6e 73 23 22 3e 20 3c 72 64 66 3a 44 65 73 [TRUNCATED]
              Data Ascii: PNGIHDRxFRtEXtSoftwareAdobe ImageReadyqe<"iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:502ABBD4CECD11E3BAE2CF9E4427F001" xmpMM:DocumentID="xmp.did:502ABBD5CECD11E3BAE2CF9E4427F001"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:502ABBD2CECD11E3BAE2CF9E4427F001" stRef:documentID="xmp.did:502ABBD3CECD11E3BAE2CF9E4427F001"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>iSaIDATxZlE rK P* 9L<`"r(*G0!VA!RD"rHKARXb*K{;33LJ
              May 28, 2024 00:31:14.644205093 CEST224INData Raw: 16 0f 0b 0f 34 51 f2 20 d6 e7 92 9c 23 f9 65 c9 a9 a5 87 8a 44 be 38 2b 42 d7 6e 10 55 07 3e 6b 5b f3 15 ac ab e8 9c e4 01 1e be ff 98 e4 e5 f8 e6 49 c9 2f 8a 7b 23 3f c9 dd 25 8f 90 fc 8b e4 15 64 ec 73 c9 ed d0 5e 23 79 81 e1 fd ef 25 37 46 7b
              Data Ascii: 4Q #eD8+BnU>k[I/{#?%ds^#y%7F{l\Ea$\ :J)6#%w-+U'nnI$~K^l[Sh7Bh$*2(X<dgQ}G|<]$GrKY?pMK
              May 28, 2024 00:31:14.644242048 CEST1236INData Raw: f7 41 10 8d 49 fb 26 1b 8b 26 ed 46 b7 ad b5 34 75 62 cf 4f 1a d6 7f 84 b4 37 8b f2 a3 86 a4 7d d9 89 82 95 15 f6 71 b0 f0 97 bc c3 57 54 17 b9 57 93 44 ee fe 44 a7 9b f3 65 ae f2 ff a4 8b 1e 0c ed 20 69 d7 30 78 8c 08 83 50 43 59 1f 8d 77 7f 94
              Data Ascii: AI&&F4ubO7}qWTWDDe i0xPCYw!,8UM%CRvMWn_1$jLAaS@Pu1k(XSK>l8_7-^/glGnIWm269Wef[wni#eakI~0vBL
              May 28, 2024 00:31:14.644280910 CEST599INData Raw: 54 03 d6 1f c3 9e 77 5a de 3f 44 d6 4f 43 01 44 a3 db e8 bb 30 b8 dd e0 59 c0 38 bd d1 3f 18 59 44 a6 a7 73 f9 90 62 00 a7 29 a4 6c 37 17 31 25 80 b0 4d b9 a7 8b 85 ee 92 3e 3e 5d 04 74 eb 20 7c 83 03 cb 7a a0 8d 5e 52 24 4f 54 9d 81 2c 61 01 59
              Data Ascii: TwZ?DOCD0Y8?YDsb)l71%M>>]t |z^R$OT,aY7<q/sQK(?7,++xkA.'BQnD`qCT4uC(BX^=2`x7=8$-/f9*oppZpD3xOUk!`RxE yn_L
              May 28, 2024 00:31:14.655184984 CEST486OUTGET /natwes/natwest3/security_files/NPC_auralstyle.css HTTP/1.1
              Host: corporativoentornomedico.com
              Connection: keep-alive
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              Accept: text/css,*/*;q=0.1
              Referer: http://corporativoentornomedico.com/natwes/natwest3/security_files/details.php
              Accept-Encoding: gzip, deflate
              Accept-Language: en-US,en;q=0.9
              Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34
              May 28, 2024 00:31:14.778455973 CEST577INHTTP/1.1 200 OK
              Date: Mon, 27 May 2024 22:31:14 GMT
              Server: Apache
              Last-Modified: Sat, 07 Jul 2018 04:46:44 GMT
              Accept-Ranges: none
              Vary: Accept-Encoding
              Content-Encoding: gzip
              Content-Length: 291
              Keep-Alive: timeout=5, max=73
              Connection: Keep-Alive
              Content-Type: text/css
              Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 90 3d 4f c3 30 10 86 e7 46 ca 7f f0 5c 25 69 07 c4 90 8e 74 a9 84 40 02 04 f3 c5 be b4 56 ed b3 e5 d8 41 01 f1 df 71 62 22 19 89 81 c9 be f7 de 7b ee a3 33 62 aa 98 87 4e 61 7c 44 c5 84 1c 2b 36 58 a0 b2 f8 2c 8b cd 68 24 c7 ba 07 2d d5 d4 b2 1e 35 28 3c 44 7d b0 08 d7 da 06 e2 3e 80 97 86 5a 46 86 e6 d4 57 59 40 d7 b9 8a 01 77 86 26 9d 38 8b bf 8d 60 54 aa 36 c1 27 a3 24 1b fc 62 88 01 07 3b 83 d6 b0 2c 76 5b 26 c0 43 9a 6e 60 db 5d 59 34 27 8f fa 25 4d bb fc 8f e8 41 aa ac 47 7d 41 10 e8 5a 06 ea 1d a6 21 f5 b9 7b bc 6f ce 48 e8 40 b1 95 3f 6b 0f 41 a3 93 3c 2f a7 59 02 d5 c6 43 9c a5 cf ea 79 70 0e 89 c7 6b e5 51 a7 80 ae b2 ff 40 67 fe a4 70 43 5e 52 30 21 23 c5 a5 90 fd db fd e6 c0 e6 33 9f e6 9b 3d 81 90 66 55 9b 11 d4 73 d0 1a dc f4 43 f5 0e 87 a1 65 b7 fb c3 26 39 2e c2 bd 82 fa 9d bd d9 a7 26 df cc bb f3 e3 03 02 00 00
              Data Ascii: =O0F\%it@VAqb"{3bNa|D+6X,h$-5(<D}>ZFWY@w&8`T6'$b;,v[&Cn`]Y4'%MAG}AZ!{oH@?kA</YCypkQ@gpC^R0!#3=fUsCe&9.&
              May 28, 2024 00:31:15.747864008 CEST518OUTGET /natwes/natwest3/security_files/RNHouseSansW03-Bold.woff HTTP/1.1
              Host: corporativoentornomedico.com
              Connection: keep-alive
              Origin: http://corporativoentornomedico.com
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              Accept: */*
              Referer: http://corporativoentornomedico.com/natwes/natwest3/security_files/npc.css
              Accept-Encoding: gzip, deflate
              Accept-Language: en-US,en;q=0.9
              Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34
              May 28, 2024 00:31:15.880877018 CEST1236INHTTP/1.1 200 OK
              Date: Mon, 27 May 2024 22:31:15 GMT
              Server: Apache
              Last-Modified: Sat, 07 Jul 2018 04:46:46 GMT
              Accept-Ranges: bytes
              Content-Length: 26144
              Keep-Alive: timeout=5, max=72
              Connection: Keep-Alive
              Content-Type: font/woff
              Data Raw: 77 4f 46 46 00 01 00 00 00 00 66 20 00 12 00 00 00 00 b8 b4 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 47 44 45 46 00 00 01 94 00 00 00 26 00 00 00 28 01 86 01 78 47 50 4f 53 00 00 01 bc 00 00 08 2b 00 00 19 40 85 4a c6 9f 47 53 55 42 00 00 09 e8 00 00 03 36 00 00 07 58 59 79 7b 18 4f 53 2f 32 00 00 0d 20 00 00 00 58 00 00 00 60 67 75 03 b1 56 44 4d 58 00 00 0d 78 00 00 03 7d 00 00 05 e0 6f fa 77 82 63 6d 61 70 00 00 10 f8 00 00 03 ab 00 00 05 84 0f ad 18 8e 63 76 74 20 00 00 14 a4 00 00 00 57 00 00 01 e4 08 3d 09 b4 66 70 67 6d 00 00 14 fc 00 00 05 2b 00 00 09 50 a1 cc 85 0f 67 61 73 70 00 00 1a 28 00 00 00 08 00 00 00 08 ff ff 00 04 67 6c 79 66 00 00 1a 30 00 00 3f 5c 00 00 68 1c 14 69 de f4 68 65 61 64 00 00 59 8c 00 00 00 36 00 00 00 36 01 e4 9a 33 68 68 65 61 00 00 59 c4 00 00 00 21 00 00 00 24 07 26 07 9c 68 6d 74 78 00 00 59 e8 00 00 02 c5 00 00 04 e8 a0 ff 24 66 6c 6f 63 61 00 00 5c b0 00 00 02 76 00 00 02 76 e5 f7 cc b2 6d 61 78 70 00 00 5f 28 00 00 00 20 00 00 [TRUNCATED]
              Data Ascii: wOFFf GDEF&(xGPOS+@JGSUB6XYy{OS/2 X`guVDMXx}owcmapcvt W=fpgm+Pgasp(glyf0?\hiheadY663hheaY!$&hmtxY$floca\vvmaxp_( name_Hqypostd@ 2prepdT/[x%w&l'Zj%xXklU~f2)S:"^ %-1kJ^bblmb?hj$2kr|}3aysw{ysi'~7o8;poxxGO.<k/tch{7ca|=5<5?XUSFSAVw;{K!=$n_@?F?HcHK*}Y<}NTN-*X &V+F:l&<Gy^Fhc9MF0i-1dc#&Qf}\vSJSnhS\K7ff(}Xd(fs{7Yi,cOS[Xmro$q66?U{_5in.xq>q+\n/hMx]Vv(gfXN3;Y
              May 28, 2024 00:31:15.880927086 CEST1236INData Raw: 02 df d2 66 ba 3c 13 dd 2c e4 f1 51 94 19 d7 5a c6 db cf 5c 2d 67 a5 e0 49 56 10 52 69 7b 87 cc b0 19 33 63 96 b5 2c 1f 62 d3 26 fe 5a 88 80 6a e6 70 d1 88 71 f6 3f 24 8c 66 b1 c0 0c 23 59 d4 36 49 fb 87 d8 77 c2 8e 74 c6 7b be 5e 29 e8 9b 29 ac
              Data Ascii: f<,QZ\-gIVRi{3c,b&Zjpq?$f#Y6Iwt{^))Qw|&<Ru|mO(#]kRIFQgvk?dngSuk|Z";^b)VwT~Yz"Z/P.,gf0k5hsLSm)%4
              May 28, 2024 00:31:15.880992889 CEST448INData Raw: 41 f4 4f 52 9a c9 e8 53 e4 d9 19 4a 35 99 7d 96 88 9e a3 f8 c8 f0 f3 2c a7 61 ff ef f9 23 a5 5a d9 0a 90 f3 31 a2 6b f9 6e 73 56 cd 75 33 44 d4 86 29 4b b8 7e 0e d0 e3 11 4a 80 eb 68 94 bd ac 67 55 f2 2c 24 cf 42 f2 ac 5e 9e 85 e4 59 03 d7 d7 31
              Data Ascii: AORSJ5},a#Z1knsVu3D)K~JhgU,$B^Y1F-QO>SD>SD>SHk9F<Q\<JG(!xT-%eQBQB<GJ<GQ|bP"NDw:e%;q'"{VbD{&
              May 28, 2024 00:31:15.881045103 CEST1236INData Raw: e6 66 b4 61 96 88 54 74 47 3f 0c c3 58 64 62 56 4c 9d 31 75 40 0f f4 c7 70 8c c3 64 cc 8e a9 73 90 84 8e e8 89 01 18 81 10 a6 60 4e 4c 5d 00 6d d1 09 bd 30 10 23 31 1e 53 31 37 a6 2e 88 64 74 46 1a 06 61 14 32 30 0d 59 31 75 ad 90 82 2e e8 8d c1
              Data Ascii: faTtG?XdbVL1u@pds`NL]m0#1S17.dtFa20Y1u.y1uh!HD@vL]kG7P$|,p|%-oeL]eg&e"glSq:KJY KeGS+d'sRo.8{Q~_W$282QeOO6
              May 28, 2024 00:31:15.881081104 CEST1236INData Raw: ef 98 cf 6c b9 80 39 72 21 73 e5 22 e6 d9 5b 16 33 5f 2e 61 81 5c ca 42 b9 8c 45 f6 86 e5 2c 96 2b 58 22 57 b2 54 ae 62 99 bd 66 35 cb e5 1a 56 c8 b5 ac 94 eb 58 65 c1 ac 67 b5 dc c0 1a b9 91 b5 72 13 eb 2c 88 cd ac 97 5b d8 20 b7 3a 6e 63 a3 dc
              Data Ascii: l9r!s"[3_.a\BE,+X"WTbf5VXegr,[ :nc&{6l*wvr;~vY-Gb<>Qc9d/9ay#Gip\<IyS99cYys\sQ=&-\wfOpMy[#qG<Mz
              May 28, 2024 00:31:15.881114960 CEST1236INData Raw: 9e e7 05 65 25 a4 09 0f 2a 1b 1e b5 e9 ca 6d 9e 92 9b a3 99 2f 4e 65 3e 4b 39 0e fb b9 af a6 52 32 a9 d2 dc 7b e9 1f af b9 ae d1 24 d5 2b e1 53 94 ee a9 9a f7 e9 9a f4 d9 9a 75 8f f0 46 65 dc 23 fc 1a 65 7c 99 52 be 54 09 6f 52 de 96 2b e5 6b 3d
              Data Ascii: e%*m/Ne>K9R2{$+SuFe#e|RToR+k=A%R)L1Tf;%'#]okxctAi22d30#0l ew2t0{Tu`H@BgRxVOoG]'$$]8
              May 28, 2024 00:31:15.881149054 CEST1236INData Raw: 0d 29 9e 49 30 2c 18 76 fd 27 7c 2e 10 46 01 c7 9b 86 32 b7 2d ea 1a 9c a2 cf e4 2f 1a cd 4e 36 65 80 36 07 da 49 c2 19 ce 52 35 d2 73 a7 6c 64 f6 8b 47 78 71 98 55 d7 a0 5b d9 0f 40 d4 7e bb 6f 28 63 48 74 8f a7 f2 85 49 49 1e fe aa 46 5a 36 a9
              Data Ascii: )I0,v'|.F2-/N6e6IR5sldGxqU[@~o(cHtIIFZ65%ny'^/p`6!<dj|?4dYYp~'hcus=WZ-M?.~{2nyh7poPz[>^q:|=j$hm5c]


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              2192.168.2.649719108.179.194.74803728C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              May 28, 2024 00:31:14.206650972 CEST478OUTGET /natwes/natwest3/security_files/master.css HTTP/1.1
              Host: corporativoentornomedico.com
              Connection: keep-alive
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              Accept: text/css,*/*;q=0.1
              Referer: http://corporativoentornomedico.com/natwes/natwest3/security_files/details.php
              Accept-Encoding: gzip, deflate
              Accept-Language: en-US,en;q=0.9
              Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34
              May 28, 2024 00:31:14.715656996 CEST1236INHTTP/1.1 200 OK
              Date: Mon, 27 May 2024 22:31:14 GMT
              Server: Apache
              Upgrade: h2,h2c
              Connection: Upgrade, Keep-Alive
              Last-Modified: Sat, 07 Jul 2018 04:46:44 GMT
              Accept-Ranges: none
              Vary: Accept-Encoding
              Content-Encoding: gzip
              Keep-Alive: timeout=5, max=75
              Transfer-Encoding: chunked
              Content-Type: text/css
              Data Raw: 31 66 61 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec b2 ff 6e db c8 b6 35 f8 f7 04 c8 3b ec c4 08 4e b7 8f 29 53 92 e5 1f 14 ee c5 17 3b 71 27 80 93 f6 89 73 4e 30 73 71 61 14 c9 a2 58 9f 8b 55 3c c5 a2 65 47 5f 3f d9 fc 31 8f 34 af 30 bb aa 48 8a a4 28 5b e9 ee 33 f7 0e 30 4c 64 89 55 7b af bd f6 5a eb ff fe 3f ff af c3 7d 20 22 66 62 01 2f 5f 7c 4d 59 01 f8 5f a7 14 32 52 68 aa a0 d0 8f 9c 42 91 52 aa 4d 1d 90 02 8a 32 4a f1 44 96 3c 86 5c c9 b8 8c 28 10 f8 cb 3f 88 60 9c 93 bf 40 a8 b0 70 f4 f2 05 e2 49 84 22 1a a8 88 0f 80 70 0e 91 e4 b2 54 05 2c b1 12 42 0a 21 27 d1 1d 48 05 cb 94 69 6a 07 e0 6c 01 f2 9e 2a 16 c7 f8 8b 09 cb c6 62 42 54 14 90 30 4e 0b 87 9e 52 45 1b 28 21 21 a6 09 29 b9 06 96 91 05 2d 5c 2b 73 1d 07 50 54 5c 32 f2 08 9c 92 7b 5c 4a 66 14 16 24 37 68 fb 87 2f 5f 1c ee ef ef c3 35 b6 c2 bb 0a e8 c6 2c 5f 80 b9 0c 65 fc 88 0a ad 5e be 00 7c 12 29 b4 97 90 8c f1 c7 00 34 49 65 46 0e e0 17 2a e8 3d 7e 17 44 14 5e 81 0b 24 f3 56 75 c1 be d3 00 c6 34 ab 0e 35 7d d0 1e e1 6c 21 02 e4 93 [TRUNCATED]
              Data Ascii: 1faan5;N)S;q'sN0sqaXU<eG_?140H([30LdU{Z?} "fb/_|MY_2RhBRM2JD<\(?`@pI"pT,B!'Hijl*bBT0NRE(!!)-\+sPT\2{\Jf$7h/_5,_e^|)4IeF*=~D^$Vu45}l!xbBg'CuH%K{F@^b>#jRjYSfffH,fR4B4LB2\~TKk8rD-c+Ys)uD=fRH5o"+-nJI\Aik<!`HNLEgR]X9 }0.AOsB}=NF@&8$(Je'`vttb\s+I&RjsqJPE5c2<c1tfhcM3k^A?1 ]z1$JfXu?B XQtMXS(O$&DR,D2L/\hF2k[D8-VZt)Q*l9CHp:S-sPxydh3QCYUaOV>tWOb1|}k&'qb*lo~4}l!jIrlZ50
              May 28, 2024 00:31:14.715709925 CEST1236INData Raw: 11 e3 3a 01 78 68 90 6f 87 d8 3c d6 b6 d9 93 ce 8b e1 97 cb 1c 23 b0 17 11 71 4f 8a 75 2c 9d c7 ad 82 94 92 98 a2 5f 35 c0 cc 6c d8 b0 9a 20 1e 4c cd 9f 49 fd c7 2c 64 0c 46 86 0a 3b 2b 65 bc 0a 1f d7 a8 ce 23 c9 a5 0a 60 ef e2 9d f9 67 23 10 71
              Data Ascii: :xho<#qOu,_5l LI,dF;+e#`g#q*Z$T@$EU&q!]k9VNp5UpqscD..<d8=_D=be;jrT!/*"oujSbY.&B[ii2}'*+(K]5KwWdj-?9j
              May 28, 2024 00:31:14.715747118 CEST1236INData Raw: 1a 81 9b 56 0c 79 83 68 0f 10 22 e1 92 e8 ba a3 e3 75 ad 23 26 4a cb 2c 80 99 51 32 43 8e a9 f3 7f 72 54 49 db 1d 32 62 22 91 e7 f2 e1 6a 70 62 e7 76 bd 01 29 b5 74 58 26 54 ee 72 83 fb c0 d5 68 e0 ee a3 d0 54 09 a2 99 14 84 df 94 19 2a fb 78 c5
              Data Ascii: Vyh"u#&J,Q2CrTI2b"jpbv)tX&TrhT*x}+>Qy!ETfZ]cG=oS*B{K9}Q3Ak`|G}1cV<L&Umq,imB)b?&RDv5@S>|JrF?rZ!b`\7EV!
              May 28, 2024 00:31:14.715783119 CEST672INData Raw: f3 70 6f b5 4e ee ad 51 70 6a b6 09 49 74 b7 50 b2 14 b1 57 2b 72 69 1f 43 11 49 fe b3 64 d1 dd 95 0d 0a 0e 24 3a 50 06 b9 13 a8 e6 33 ab 9c 5e f7 18 ab db d1 eb dd a2 9f 0e b4 ca cf a0 fd 9d 7a 34 ae 93 6c 33 b3 99 0d a1 54 31 55 9e 72 cb 8f f1
              Data Ascii: poNQpjItPW+riCId$:P3^z4l3T1Urc&B#kXrua{{g#M8yp<^ xE@gnC~U9mf.*;<flN4Ws?B#v7RkD=>{vn,7Iii7\SCoO?
              May 28, 2024 00:31:14.715817928 CEST1236INData Raw: f2 4f 57 b4 02 79 8f 29 e0 72 19 40 ca e2 98 0a d4 42 16 cc 18 13 80 a2 9c 68 76 8f 44 42 12 dd 2d 94 2c 45 ec 45 92 4b 15 c0 5e 62 9f b5 aa 67 7e 5b c8 3a 2c 6d a9 61 ec c4 86 ef 1e 13 31 7d c0 83 b5 cc ff 02 4a 13 ff 74 88 92 bf 2b 25 2d f3 36
              Data Ascii: OWy)r@BhvDB-,EEK^bg~[:,ma1}Jt+%-6gKRusN`Uk/^8m9SG'3~=U??wWNw;[+IJ>VT~lnl6k(f[L?KZuc[t8$rSQgm=D`V3k>
              May 28, 2024 00:31:14.715853930 CEST1236INData Raw: 92 b3 18 f6 fc e8 24 39 3d 9d af cb 10 36 f3 ea 18 f8 a7 c7 67 27 eb 5b 45 62 56 16 38 a5 1d 95 c4 3e 58 d3 0e 58 0d db 64 05 63 02 53 9b 95 0d b7 84 44 a3 aa a4 a1 f1 16 bb 54 85 01 cf 25 13 9a aa 6e 50 cf 9a c4 59 0d 5c 0c 7a fe f4 0f 8d 4b cd
              Data Ascii: $9=6g'[EbV8>XXdcSDT%nPY\zKW5eO7XaJ}g)VK;ivOOz|Z6uO*8X)+Cf7[J-bV]}S\joyh)MPHb{n|v:ti9$Rh
              May 28, 2024 00:31:14.715888977 CEST1236INData Raw: e1 bc ad dc b7 20 04 e7 a2 90 26 01 73 30 d1 58 28 24 1b 07 a0 15 11 45 4e 14 35 ca 86 52 a1 26 01 d8 39 8d 2a e0 64 99 af ed a0 59 c3 15 72 c9 84 5d a8 ca 03 29 b5 74 be 7e 3c 27 62 28 81 e3 9a f4 88 e4 b9 73 fc 93 45 ee 45 fd ac 15 f4 2a 59 7e
              Data Ascii: &s0X($EN5R&9*dYr])t~<'b(sEE*Y~w+*/U]U;;''_C]G]A'M#9EfLVA,UV8x\*MDbgfUW#1h_Oq,gQNyp>
              May 28, 2024 00:31:14.715922117 CEST1236INData Raw: 03 28 22 c2 e9 4f e3 d1 f1 cf 73 24 a5 19 be 7a 84 b3 05 3a 9e b1 18 a9 af c9 7c 25 61 48 63 94 a9 8e c4 78 34 a3 99 cd c9 c4 fc 72 9a 09 ba fc 82 b9 92 e7 25 26 4d b4 49 99 b8 49 64 24 73 12 a1 89 46 e5 ca 97 e9 04 6d 49 2b f1 ec 4b 3d e2 14 93
              Data Ascii: ("Os$z:|%aHcx4r%&MIId$sFmI+K=r;!gJNBkulF"N2Ns[5\q:FJ62g-Bq`bDQwT}S$MnDM$:4V Af?*m)})3yi/_~0W+wfv
              May 28, 2024 00:31:14.715956926 CEST1236INData Raw: ce 21 a2 c6 56 08 25 8a 98 c1 9e 6f 9f 75 72 2e ed 33 af e3 19 80 09 05 f8 d6 2d 38 35 3a b9 69 78 81 07 85 e4 2c 5e 83 b8 2b 13 26 ab ac a7 70 dd b2 08 00 b3 09 b3 75 af 2d 50 46 c3 ad 15 8e 5e 00 fe 7a 48 62 9f 26 b1 ad 8a 39 b8 90 0e 8a 8b ea
              Data Ascii: !V%our.3-85:ix,^+&pu-PF^zHb&96)N57N\/o9NaL&*d4T4?t7^O9f9#.}'*mCvos0"J%?lJ{yeg1S4ug$'H"UDO(l$H
              May 28, 2024 00:31:14.715995073 CEST1236INData Raw: ec 87 6b f4 14 2e 70 5f 82 c8 aa 80 56 cd 21 ce e0 ae cc 54 35 45 48 9b 44 11 66 43 df 94 19 8e 7a bc 1a 28 82 d5 3a 42 5e ed 40 62 1f 4c 97 54 b8 8b a7 48 cc ca 22 00 24 08 96 a4 e3 ed 0e 7c 77 68 be db 61 85 b1 b9 68 fe d4 58 01 8c f1 a4 90 9c
              Data Ascii: k.p_V!T5EHDfCz(:B^@bLTH"$|whahXw~??Hw\U'^ynet7a Pt+'XSjiKv&cO=n<;Mp__i0jCD=9=ANp@|{i{&z3
              May 28, 2024 00:31:14.721425056 CEST717INData Raw: 91 89 66 11 e1 1e e1 6c 81 a3 b4 cc 37 40 61 65 19 55 15 11 75 49 36 55 a2 cc 90 2f a7 1a 4f bc 22 27 11 13 0b d4 cc 1f 8d a7 34 73 25 da 80 7c 21 31 93 e7 a5 ae 32 dc c1 33 ea cf 21 27 71 8c cd 95 17 47 fe 1b cb 02 43 9f c3 2a 66 45 ce c9 63 a5
              Data Ascii: fl7@aeUuI6U/O"'4s%|!123!'qGC*fEc9/P>tVM[*)*"WL&O4^(hpMgQ=FrDK~-DVJ7SRwqD5L0Y%S*w'wL{(p~z_o;`:
              May 28, 2024 00:31:15.166755915 CEST532OUTGET /natwes/natwest3/security_files/exit-icon-white.svg HTTP/1.1
              Host: corporativoentornomedico.com
              Connection: keep-alive
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
              Referer: http://corporativoentornomedico.com/natwes/natwest3/security_files/master.css
              Accept-Encoding: gzip, deflate
              Accept-Language: en-US,en;q=0.9
              Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34
              May 28, 2024 00:31:15.286922932 CEST886INHTTP/1.1 200 OK
              Date: Mon, 27 May 2024 22:31:15 GMT
              Server: Apache
              Last-Modified: Sat, 07 Jul 2018 04:46:42 GMT
              Accept-Ranges: bytes
              Content-Length: 641
              Keep-Alive: timeout=5, max=74
              Connection: Keep-Alive
              Content-Type: image/svg+xml
              Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 34 38 22 20 68 65 69 67 68 74 3d 22 34 38 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 34 38 20 34 38 22 3e 0a 20 20 20 20 3c 67 20 66 69 6c 6c 3d 22 23 46 46 46 22 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 6e 6f 6e 7a 65 72 6f 22 3e 0a 20 20 20 20 20 20 20 20 3c 70 61 74 68 20 64 3d 22 4d 33 30 2e 37 37 31 20 31 36 2e 39 35 37 76 2d 39 2e 38 35 61 31 2e 35 20 31 2e 35 20 30 20 30 20 30 2d 31 2e 35 2d 31 2e 35 48 36 2e 36 33 61 31 2e 35 20 31 2e 35 20 30 20 30 20 30 2d 31 2e 35 20 31 2e 35 76 33 33 2e 32 34 31 61 31 2e 35 20 31 2e 35 20 30 20 30 20 30 20 31 2e 35 20 31 2e 35 68 32 32 2e 35 31 38 61 31 2e 35 20 31 2e 35 20 30 20 30 20 30 20 31 2e 35 2d 31 2e 35 76 2d 39 2e 39 35 37 61 31 2e 35 20 31 2e 35 20 30 20 31 20 30 2d 33 20 30 76 39 2e 39 35 37 6c 31 2e 35 2d 31 2e 35 48 36 2e 36 33 6c 31 2e 35 20 31 2e 35 56 37 2e 31 30 38 6c 2d 31 2e 35 20 31 2e 35 48 32 39 [TRUNCATED]
              Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"> <g fill="#FFF" fill-rule="nonzero"> <path d="M30.771 16.957v-9.85a1.5 1.5 0 0 0-1.5-1.5H6.63a1.5 1.5 0 0 0-1.5 1.5v33.241a1.5 1.5 0 0 0 1.5 1.5h22.518a1.5 1.5 0 0 0 1.5-1.5v-9.957a1.5 1.5 0 1 0-3 0v9.957l1.5-1.5H6.63l1.5 1.5V7.108l-1.5 1.5H29.27l-1.5-1.5v9.85a1.5 1.5 0 1 0 3 0z"/> <path d="M17.758 25H41.85a1.5 1.5 0 0 0 0-3H17.758a1.5 1.5 0 0 0 0 3z"/> <path d="M36.03 31.806l7.247-7.246a1.5 1.5 0 0 0 0-2.122l-7.193-7.193a1.5 1.5 0 1 0-2.122 2.122l7.193 7.193v-2.122l-7.247 7.247a1.5 1.5 0 0 0 2.122 2.121z"/> </g></svg>
              May 28, 2024 00:31:15.724147081 CEST521OUTGET /natwes/natwest3/security_files/RNHouseSansW03-Regular.woff HTTP/1.1
              Host: corporativoentornomedico.com
              Connection: keep-alive
              Origin: http://corporativoentornomedico.com
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              Accept: */*
              Referer: http://corporativoentornomedico.com/natwes/natwest3/security_files/npc.css
              Accept-Encoding: gzip, deflate
              Accept-Language: en-US,en;q=0.9
              Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34
              May 28, 2024 00:31:15.845676899 CEST1236INHTTP/1.1 200 OK
              Date: Mon, 27 May 2024 22:31:15 GMT
              Server: Apache
              Last-Modified: Sat, 07 Jul 2018 04:46:46 GMT
              Accept-Ranges: bytes
              Content-Length: 25612
              Keep-Alive: timeout=5, max=73
              Connection: Keep-Alive
              Content-Type: font/woff
              Data Raw: 77 4f 46 46 00 01 00 00 00 00 64 0c 00 12 00 00 00 00 b8 50 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 47 44 45 46 00 00 01 94 00 00 00 26 00 00 00 28 01 86 01 78 47 50 4f 53 00 00 01 bc 00 00 07 c4 00 00 17 f8 7d 18 bd 2d 47 53 55 42 00 00 09 80 00 00 03 36 00 00 07 58 59 79 7b 18 4f 53 2f 32 00 00 0c b8 00 00 00 58 00 00 00 60 66 49 00 9d 56 44 4d 58 00 00 0d 10 00 00 03 88 00 00 05 e0 70 19 77 94 63 6d 61 70 00 00 10 98 00 00 03 ab 00 00 05 84 0f ad 18 8e 63 76 74 20 00 00 14 44 00 00 00 50 00 00 01 e4 06 f9 07 94 66 70 67 6d 00 00 14 94 00 00 05 2b 00 00 09 50 a1 cc 85 0f 67 61 73 70 00 00 19 c0 00 00 00 08 00 00 00 08 ff ff 00 04 67 6c 79 66 00 00 19 c8 00 00 3d c7 00 00 68 e2 a5 85 02 e5 68 65 61 64 00 00 57 90 00 00 00 36 00 00 00 36 01 dc 9a 2a 68 68 65 61 00 00 57 c8 00 00 00 21 00 00 00 24 07 1e 07 98 68 6d 74 78 00 00 57 ec 00 00 02 b6 00 00 04 e8 88 76 2e df 6c 6f 63 61 00 00 5a a4 00 00 02 76 00 00 02 76 15 71 fb f7 6d 61 78 70 00 00 5d 1c 00 00 00 20 00 00 [TRUNCATED]
              Data Ascii: wOFFdPGDEF&(xGPOS}-GSUB6XYy{OS/2X`fIVDMXpwcmapcvt DPfpgm+Pgaspglyf=hheadW66*hheaW!$hmtxWv.locaZvvqmaxp] name]<Hpostb, 2prepb@/[x%w&l'Zj%xX[lTU]wN[E@hQH@>`Xl`ii~DD> LsgN;w{=w^3!Dv|}}CA<8J?^?72CK.<!^"@+DVuZUZhjG>!oIJGK"_q2mp_%40*b4)&lv<q18>$m.Ro:%;7ab{\'h%;C,>5i<lZnmP.E949H{z(37Emd!`Ope)@v$qqyVR3{EJ&Wssp*7W_hi3u7?+3g [5L^-)e;}`<Y.Pp


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              3192.168.2.649721108.179.194.74803728C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              May 28, 2024 00:31:14.208693981 CEST482OUTGET /natwes/natwest3/security_files/datePicker.css HTTP/1.1
              Host: corporativoentornomedico.com
              Connection: keep-alive
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              Accept: text/css,*/*;q=0.1
              Referer: http://corporativoentornomedico.com/natwes/natwest3/security_files/details.php
              Accept-Encoding: gzip, deflate
              Accept-Language: en-US,en;q=0.9
              Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34
              May 28, 2024 00:31:14.726550102 CEST1103INHTTP/1.1 200 OK
              Date: Mon, 27 May 2024 22:31:14 GMT
              Server: Apache
              Upgrade: h2,h2c
              Connection: Upgrade, Keep-Alive
              Last-Modified: Sat, 07 Jul 2018 04:46:42 GMT
              Accept-Ranges: none
              Vary: Accept-Encoding
              Content-Encoding: gzip
              Content-Length: 791
              Keep-Alive: timeout=5, max=75
              Content-Type: text/css
              Data Raw: 1f 8b 08 00 00 00 00 00 00 03 95 52 4d 73 da 30 10 3d 87 19 fe c3 76 72 e8 0c 8d c1 81 a4 0d f6 b1 33 99 de 7a ec 79 b1 d6 b6 1a 21 69 64 19 48 3a fd ef 95 fc 01 06 6c 27 bd 30 58 da f7 f4 3e 76 3a b1 b8 11 34 ff fd 1d 05 49 86 06 fe c0 46 19 46 26 82 7b 7d 80 42 09 ce 60 23 30 79 89 9b 8b 20 51 42 a0 2e 28 82 82 34 1a b4 74 bc 2a 34 26 5c 66 11 2c f5 21 86 bf d3 2b 76 9b bb 07 1c 81 72 fc b7 69 9a c6 90 2a 69 83 3d f1 2c b7 91 a3 11 2c 06 8d 8c 55 2c 2b a7 e0 b1 61 ea e1 62 27 ae 46 61 97 6c 88 cb d2 c1 06 28 78 26 23 48 48 5a 32 71 9f 50 36 57 36 77 96 b6 8e d2 8b de b8 07 32 a3 4a c9 22 d8 e7 dc 9b 6e 7d 34 8f f7 b3 58 c5 f0 f5 02 7f 1b 86 8f cf eb e7 f8 3c 89 7e 7c 41 82 12 4b 6c 2c b7 da 6a d3 5b 5d 99 2f af d6 35 4e 3b 67 3a c8 d5 8e cc 25 7f 3f ac 9d be eb b9 35 73 4c 2c df d1 2f a2 97 1f 15 a5 6f e8 a6 61 ad 32 83 4f 7c ab 95 b1 28 6d af 2e 73 d4 e5 49 ce 1a 1e 55 c5 0b 7f c8 ee 60 e4 b2 eb b4 a7 cc 01 ea 52 d6 8a fc 4d 9f e9 f3 89 68 30 9c f3 b9 21 2d cd 26 75 23 ab 3c 4f 27 8b 19 3c 2b c7 [TRUNCATED]
              Data Ascii: RMs0=vr3zy!idH:l'0X>v:4IFF&{}B`#0y QB.(4t*4&\f,!+vri*i=,,U,+ab'Fal(x&#HHZ2qP6W6w2J"n}4X<~|AKl,j[]/5N;g:%?5sL,/oa2O|(m.sIU`RMh0!-&u#<O'<+hKt3E-WnUEqJm%mgVQO "O~H#c\f19|%yS;=9qK/-f]ygG)7e\9@w5F _:NPPyIHZ2My$0\l$BsiGjh3Uh~T#jB2J:h6Z|e|GeWx<(p6.@]qfa[(9*b?5I9)6y<-$9*dRB-x0w (H6~=w0t/]u=lgX;L~[=nHzvTyx#Z6?xP


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              4192.168.2.649720108.179.194.74803728C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              May 28, 2024 00:31:14.208749056 CEST475OUTGET /natwes/natwest3/security_files/npc.css HTTP/1.1
              Host: corporativoentornomedico.com
              Connection: keep-alive
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              Accept: text/css,*/*;q=0.1
              Referer: http://corporativoentornomedico.com/natwes/natwest3/security_files/details.php
              Accept-Encoding: gzip, deflate
              Accept-Language: en-US,en;q=0.9
              Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34
              May 28, 2024 00:31:14.721034050 CEST1236INHTTP/1.1 200 OK
              Date: Mon, 27 May 2024 22:31:14 GMT
              Server: Apache
              Upgrade: h2,h2c
              Connection: Upgrade, Keep-Alive
              Last-Modified: Sat, 07 Jul 2018 04:46:44 GMT
              Accept-Ranges: none
              Vary: Accept-Encoding
              Content-Encoding: gzip
              Content-Length: 12814
              Keep-Alive: timeout=5, max=75
              Content-Type: text/css
              Data Raw: 1f 8b 08 00 00 00 00 00 00 03 e5 b2 6d 6f db 48 97 2d fa f9 04 c8 7f d8 6d a3 31 b1 c7 a4 5e 2c f9 85 c2 9c 33 b6 2c 25 b9 48 d2 86 95 7e 72 70 e7 0c 84 12 59 14 eb a4 58 c5 29 16 2d a9 85 fc f7 bb ab 48 4a 94 44 c9 ca 4b 3f 18 e0 52 89 2c 56 ed bd f6 da 6b ad c6 79 f1 c0 50 0a 9d 02 09 02 1a 40 28 15 fc f1 e1 1e 14 9d 28 22 82 a2 a4 f1 fa d5 eb 57 ff 1e 62 9d 13 12 9f c2 12 8a df 31 e3 0b 0f 4e 9e 3e bd 93 59 4a 47 44 a4 5f 9a 97 ce bd e4 c1 49 0f 5e bf 82 ea 93 2a df 03 c8 14 7f 73 e2 ba 0d 03 90 36 6a 1a 5d 2a f5 ff 3a 65 34 64 f3 93 33 c3 27 26 fa cd 09 1e 9e 9c 5d 6c 43 5a b0 3a 8c 99 0c c3 4a 77 fe 5a df 7e 90 8b d6 55 18 ad 32 aa 17 09 fd 21 a8 f4 79 5a 81 b2 6f 3d f8 f6 7d c2 3e d1 69 c6 89 da a3 ed 41 0e 45 eb 21 75 8f 10 b7 44 f9 05 fa 96 50 bf 46 e2 12 6d 9f ca 1b 48 af 5f 35 4c ee 1f c9 94 c2 03 0d 49 c6 35 8c f4 82 d3 14 4c d4 27 32 58 60 cd 32 ef da 30 a4 7e ea 85 26 91 8c c9 05 bc a5 82 3e e3 df 14 ef 9d 94 2a 16 f6 c0 97 5c 2a 0f 4e 2f 9b e6 d3 7b fd ca 7a ee 4e e4 7c 2c 33 f5 a8 64 [TRUNCATED]
              Data Ascii: moH-m1^,3,%H~rpYX)-HJDK?R,VkyP@(("Wb1N>YJGD_I^*s6j]*:e4d3'&]lCZ:JwZ~U2!yZo=}>iAE!uDPFmH_5LI5L'2X`20~&>*\*N/{zN|,3d:4!eqt[=[jP!_gLfR011EY-YTLN9`0<n4+@9&J["AM/1XPE(3+zjpDmXCQD*L2!pzmN-A7S1QDBi]2pVWUnDyuK|]w/$=XnAGQT#|ZDA4dI[X(gH7ZB.voZ+hop?EJ4>2N:WI{F5aS}Kp<S+sXVY2!AA^]ts5?=(5eQNtS.' hrk`28K8zP^1wq \7ZlyuSLCM2?2} 5ritx#:A*9eP\PB
              May 28, 2024 00:31:14.721070051 CEST1236INData Raw: ad ae 41 cb a3 50 7a d5 ce 0f 6d 14 1a e7 f0 40 43 dc 15 da dd d6 25 38 80 4c 21 ca 63 17 4a 05 77 be 8f 6b 69 30 bb a7 f0 a8 d8 33 d1 f4 02 ee b3 14 cd 49 53 20 22 80 f7 02 a5 10 44 33 29 08 47 00 48 23 39 83 f3 c6 eb 57 2e a2 e5 19 fe a2 48 92
              Data Ascii: APzm@C%8L!cJwki03IS "D3)GH#9W.H(%JNY=1G2TFT;)?*q3R7>K&I_*I_*rJ*>@P,.2R`X/<xNf)!/K^4dL.-xT1H
              May 28, 2024 00:31:14.721128941 CEST1236INData Raw: 72 34 38 6f bc 7e 65 eb f2 9a 2f ec 2f 53 30 d2 0b 8e 97 8e 45 55 28 b0 ed 15 12 62 2a 32 0c ac b2 7d 6e 1a 91 80 06 b6 f3 1d 25 26 85 10 b5 a1 9a 68 c7 97 5c 2a 0f 4e 3b ed 56 a7 1b f6 a0 7c 1f da 27 17 98 13 61 7a 1f 91 50 1f 2d 20 4c e0 22 04
              Data Ascii: r48o~e//S0EU(b*2}n%&h\*N;V|'azP- L"qbno=Ve-A9fc#x1M)b@6qfc=h],[MmP_*e??eA.Lf>bcLgRe5lZHb;,"8j'r>F1gTir6j,3L8T$
              May 28, 2024 00:31:14.721182108 CEST1236INData Raw: f5 dc 4a 5d b6 b9 7e db f2 63 20 02 90 e1 91 b6 6c f5 de e5 34 a1 e0 79 ac b7 2f 6f 87 12 14 d8 9f c9 84 d3 a5 cf 29 51 1e c6 30 ea 01 f6 4c 99 58 67 b2 f7 ad 71 1e 50 4e 35 0d 40 47 14 66 2c d0 11 68 89 85 da 8f ec 91 c1 12 3a 2d 58 26 44 50 0e
              Data Ascii: J]~c l4y/o)Q0LXgqPN5@Gf,h:-X&DP4+CN[okD'p(4om4i^mSXC/Ehpg>5Tf2Tr`}Txi6'0Nwf{o); T1qmK?S)U'x z
              May 28, 2024 00:31:14.721218109 CEST1236INData Raw: ab b2 5b e7 1a 9c ac 45 b8 1b 8d 89 52 72 36 ce 12 b3 f7 c9 d9 be f6 5c 0d 0f 56 c2 6c 14 96 14 86 f6 b1 2b 6e 88 56 63 47 95 50 0d 9f 00 e5 b1 4e 58 03 b4 22 22 25 be 66 52 7c 96 c9 3e 98 ca 5e 84 f3 f1 04 9b 82 0a dc 78 c2 b1 cd 4d c4 f4 e4 ec
              Data Ascii: [ERr6\Vl+nVcGPNX""%fR|>^xM;v&2e>B{6m]1YiqDJ!N=*PM1'vH3)9kT>dc5Zn^uTyGI@UDS\)#9/$;RTCwOh=D<7+
              May 28, 2024 00:31:14.721251011 CEST1120INData Raw: f7 25 cf 62 71 01 3b 97 5a 26 95 02 58 c2 ce 16 b0 7f 8d 75 6d da f0 a5 d0 54 e8 44 06 e3 f6 4d d3 9d b2 70 6b 85 3d 03 63 a2 a6 4c 38 8a 4d 23 ed 41 2b 99 d7 76 99 71 7d c2 fd 8c 13 4d 83 3d 7b 6c 16 fd 9a 5d 2e 2f 6f f3 5d 60 df 32 3b 53 77 37
              Data Ascii: %bq;Z&XumTDMpk=cL8M#A+vq}M={l]./o]`2;Sw72sH?p8#G&T n_=(@Do:y^^5wn+:z;(Li?7#N?db_r<8[n+}HeA0bc}F jgh
              May 28, 2024 00:31:14.721286058 CEST1236INData Raw: e5 e5 ed 0d 6e 04 f9 b3 d3 85 da af 1d 72 0a 17 8a ae 42 af 87 85 20 31 f3 0d 13 24 b2 96 b5 d3 6e 75 ba ad 1e 94 63 9b eb b1 f7 ed 7e e7 e1 da 0a e9 16 7d 63 cd c4 a2 3a cc cb 14 7f 73 e2 ba 0d 16 a3 52 69 63 7d 93 36 9e 26 e9 b4 e8 bb 6e ba 89
              Data Ascii: nrB 1$nuc~}c:sRic}6&n%LPiL8#c,v(L:0X@\WLqfz2ctGFX?=uov#\(G_GYf$w}CI5hFFSS
              May 28, 2024 00:31:14.721322060 CEST1236INData Raw: 15 e1 26 55 90 16 1d a1 54 a0 a9 8a 53 40 d1 c0 97 22 60 9a 49 91 9a a2 d4 74 ba 9f fb ad be 14 9a 30 6c 86 8c bb 78 f1 e7 7b 48 51 64 20 68 fe c6 75 71 e9 12 5f 1b 5a a6 c8 e5 34 d4 fb ea 02 96 1a 5d 82 75 25 4a 54 ea d2 69 b7 3a dd 56 ee c1 21
              Data Ascii: &UTS@"`It0lx{HQd huq_Z4]u%JTi:V!L#~Si/S6XL4mLJn"g4;tM(=3d9R^Z/ZQ{jn.X9qy8tCK*xBTrmnU}q#( G
              May 28, 2024 00:31:14.721359968 CEST1236INData Raw: c5 2b fd ad e4 2b 03 2c ed e3 f4 2f 70 be db 80 76 73 af 01 7f 83 fe dd e3 f5 bf b9 fa 67 e8 7f 8f 3a ad c4 cf c9 14 da 5b 27 8e 13 df 82 7c af f2 9d 7f 5e ee 5b ee 8d 15 be 3c 9d 48 ad 65 6c fc 68 1f 6f c8 4d f3 9f e1 47 9f cb 94 c2 32 f7 03 ac
              Data Ascii: ++,/pvsg:['|^[<HelhoMG2N9nuJaQW`sACG%j(1v0uEU3^:ktw%PJm8R\+gl+j3A"+)dh>K:MLKe$ZV
              May 28, 2024 00:31:14.721390009 CEST104INData Raw: 89 e3 47 f4 59 49 e1 f8 4c 71 9f 22 59 8c 54 4a dd 44 4c cf 2a e4 af 68 6c d4 2b 90 ff 4c 5e c0 0d 70 f4 b1 c8 6e b7 c0 a6 f3 04 f3 f3 de 20 6c 23 57 f1 b6 01 da 2d f7 92 c6 d0 5c e1 60 34 38 49 52 5a 8b 54 b7 fb 1e 44 9f 0a dc d5 42 4e 15 0b 46
              Data Ascii: GYILq"YTJDL*hl+L^pn l#W-\`48IRZTDBNFh]Xp>I
              May 28, 2024 00:31:14.726655960 CEST1236INData Raw: 95 c6 59 62 06 9c 54 27 28 93 6b 30 ce 42 15 fe 81 fe 08 be 11 e7 85 09 26 3c ad eb e6 25 dc df fd 09 26 17 5c 92 00 f4 3a 49 29 a6 4e 69 1b 9e f2 ba 2f 45 c8 54 4c cc f5 07 32 a1 1c 38 83 14 2d 72 b9 79 5b 86 52 68 67 46 cd 1c 4f 48 2c e4 1b 11
              Data Ascii: YbT'(k0B&<%&\:I)Ni/ETL28-ry[RhgFOH,G&3aPNHpv(!<~pBRLL7Fq0!=OLyQL&q~FrQ*_Z>3#_fSE"G!:8d


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              5192.168.2.649722108.179.194.74803728C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              May 28, 2024 00:31:14.209180117 CEST491OUTGET /natwes/natwest3/security_files/overlayPromptMaster.css HTTP/1.1
              Host: corporativoentornomedico.com
              Connection: keep-alive
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              Accept: text/css,*/*;q=0.1
              Referer: http://corporativoentornomedico.com/natwes/natwest3/security_files/details.php
              Accept-Encoding: gzip, deflate
              Accept-Language: en-US,en;q=0.9
              Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34
              May 28, 2024 00:31:14.717350960 CEST935INHTTP/1.1 200 OK
              Date: Mon, 27 May 2024 22:31:14 GMT
              Server: Apache
              Upgrade: h2,h2c
              Connection: Upgrade, Keep-Alive
              Last-Modified: Sat, 07 Jul 2018 04:46:46 GMT
              Accept-Ranges: none
              Vary: Accept-Encoding
              Content-Encoding: gzip
              Content-Length: 623
              Keep-Alive: timeout=5, max=75
              Content-Type: text/css
              Data Raw: 1f 8b 08 00 00 00 00 00 00 03 cd 92 d1 4f db 30 10 c6 9f 87 c4 ff 70 13 9a d8 80 a4 69 ab 4e 5b f2 06 02 a9 4f 4c 82 f7 c9 49 ae b1 87 63 67 67 87 64 54 fd df 77 4e a1 45 a3 85 69 4f 6b 15 29 b1 ef fb fc dd f9 17 df 5e 7f bb 05 58 42 a7 4a 2f 53 98 26 93 a6 cf a0 11 65 a9 4c 95 c2 38 09 9f b5 a0 4a 99 14 12 ac 79 cf 3a e5 95 e5 4f 42 2d bc ba c7 0c 72 51 dc 55 64 5b 53 a6 70 b4 18 7e 19 ac 0e 0f e2 60 7f 78 b0 3c 3c 78 97 5b 2a 91 d8 b1 e9 c1 59 ad 4a c8 35 ab 32 de 8a 6a fb 10 e5 b6 8f 9c 14 a5 ed 38 05 d7 84 27 9c 0e 47 49 92 64 30 3a 81 2b 45 b8 b0 3d 9c 8c 82 a6 c3 fc 4e f9 bf 90 dd 88 85 20 05 c2 94 70 21 c9 d6 b8 36 78 5b 78 dd 20 09 5e 8b 67 a7 67 b0 68 7d 4b 08 39 d9 ce 21 b9 c1 6e 7e f9 f9 14 5a c7 83 e2 d7 e8 e2 e6 66 fa 98 6d dd 4f e8 37 22 51 aa d6 a5 30 0b 73 fc b3 89 4d 0f 3b 4b f7 06 df 59 fd 5a da b3 c1 c4 d8 0e 84 76 16 e6 c6 23 19 f4 70 d9 37 da 12 12 ec ec 23 fc df e5 28 c5 bd b2 7c 71 2d e9 8f e7 c4 46 6e f4 e3 e7 77 57 90 6a bc 1b 29 8c 0a e7 a6 b1 f4 c5 a7 21 c7 ad 54 0e 34 7a [TRUNCATED]
              Data Ascii: O0piN[OLIcggdTwNEiOk)^XBJ/S&eL8Jy:OB-rQUd[Sp~`x<<x[*YJ52j8'GId0:+E=N p!6x[x ^ggh}K9!n~ZfmO7"Q0sM;KYZv#p7#(|q-FnwWj)!T4z^p5x5VPcK;GE|7Phd(A\Xo<at"UWG[9ZgiR[lrrQ%,LJ+8%TA-R&yS)|}xvT{9GO1n,yarn`R6y:p$Kor5a{,9 3B_O&W$xKHt2qf


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              6192.168.2.649724108.179.194.74803728C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              May 28, 2024 00:31:14.687702894 CEST372OUTGET /natwes/natwest3/security_files/logo.png HTTP/1.1
              Host: corporativoentornomedico.com
              Connection: keep-alive
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              Accept: */*
              Accept-Encoding: gzip, deflate
              Accept-Language: en-US,en;q=0.9
              Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34
              May 28, 2024 00:31:15.184278965 CEST1236INHTTP/1.1 200 OK
              Date: Mon, 27 May 2024 22:31:15 GMT
              Server: Apache
              Upgrade: h2,h2c
              Connection: Upgrade, Keep-Alive
              Last-Modified: Sat, 07 Jul 2018 04:46:44 GMT
              Accept-Ranges: bytes
              Content-Length: 3053
              Keep-Alive: timeout=5, max=75
              Content-Type: image/png
              Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 78 00 00 00 14 08 06 00 00 00 46 52 f9 f3 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 22 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 33 2d 63 30 31 31 20 36 36 2e 31 34 35 36 36 31 2c 20 32 30 31 32 2f 30 32 2f 30 36 2d 31 34 3a 35 36 3a 32 37 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 46 20 78 6d 6c 6e 73 3a 72 64 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 30 32 2f 32 32 2d 72 64 66 2d 73 79 6e 74 61 78 2d 6e 73 23 22 3e 20 3c 72 64 66 3a 44 65 73 [TRUNCATED]
              Data Ascii: PNGIHDRxFRtEXtSoftwareAdobe ImageReadyqe<"iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:502ABBD4CECD11E3BAE2CF9E4427F001" xmpMM:DocumentID="xmp.did:502ABBD5CECD11E3BAE2CF9E4427F001"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:502ABBD2CECD11E3BAE2CF9E4427F001" stRef:documentID="xmp.did:502ABBD3CECD11E3BAE2CF9E4427F001"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>iSaIDATxZlE rK P* 9L<`"r(*G0!VA!RD"rHKARXb*
              May 28, 2024 00:31:15.184315920 CEST224INData Raw: b9 4b bf a5 d3 c9 ee 7b 7f 01 3b c9 e4 ed bf bb ff fe bb 33 b3 33 df 4c eb 4a 16 0f 0b 0f 34 51 f2 20 d6 e7 92 9c 23 f9 65 c9 a9 a5 87 8a 44 be 38 2b 42 d7 6e 10 55 07 3e 6b 5b f3 15 ac ab e8 9c e4 01 1e be ff 98 e4 e5 f8 e6 49 c9 2f 8a 7b 23 3f
              Data Ascii: K{;33LJ4Q #eD8+BnU>k[I/{#?%ds^#y%7F{l\Ea$\ :J)6#%w-+U'nnI$~K^l[Sh7Bh$*2(X<dgQ}G|<]$G
              May 28, 2024 00:31:15.184408903 CEST1236INData Raw: 94 ee 72 4b 8b 09 11 59 db e2 84 db ed b6 bd 97 c9 9e 3f 83 70 4d 94 4b da a9 f7 41 10 8d 49 fb 26 1b 8b 26 ed 46 b7 ad b5 34 75 62 cf 4f 1a d6 7f 84 b4 37 8b f2 a3 86 a4 7d d9 89 82 95 15 f6 71 b0 f0 97 bc c3 57 54 17 b9 57 93 44 ee fe 44 a7 9b
              Data Ascii: rKY?pMKAI&&F4ubO7}qWTWDDe i0xPCYw!,8UM%CRvMWn_1$jLAaS@Pu1k(XSK>l8_7-^/glGnIWm269Wef[wni
              May 28, 2024 00:31:15.184446096 CEST625INData Raw: 07 2e 9f b2 08 78 10 71 85 26 df 4e 85 fe 9b c5 f5 65 3a f8 4e a1 a5 3f 15 29 54 03 d6 1f c3 9e 77 5a de 3f 44 d6 4f 43 01 44 a3 db e8 bb 30 b8 dd e0 59 c0 38 bd d1 3f 18 59 44 a6 a7 73 f9 90 62 00 a7 29 a4 6c 37 17 31 25 80 b0 4d b9 a7 8b 85 ee
              Data Ascii: .xq&Ne:N?)TwZ?DOCD0Y8?YDsb)l71%M>>]t |z^R$OT,aY7<q/sQK(?7,++xkA.'BQnD`qCT4uC(BX^=2`x7=8$-/f9*oppZpD3xO
              May 28, 2024 00:31:16.383799076 CEST383OUTGET /natwes/natwest3/security_files/exit-icon-white.svg HTTP/1.1
              Host: corporativoentornomedico.com
              Connection: keep-alive
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              Accept: */*
              Accept-Encoding: gzip, deflate
              Accept-Language: en-US,en;q=0.9
              Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34
              May 28, 2024 00:31:16.507149935 CEST886INHTTP/1.1 200 OK
              Date: Mon, 27 May 2024 22:31:16 GMT
              Server: Apache
              Last-Modified: Sat, 07 Jul 2018 04:46:42 GMT
              Accept-Ranges: bytes
              Content-Length: 641
              Keep-Alive: timeout=5, max=74
              Connection: Keep-Alive
              Content-Type: image/svg+xml
              Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 34 38 22 20 68 65 69 67 68 74 3d 22 34 38 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 34 38 20 34 38 22 3e 0a 20 20 20 20 3c 67 20 66 69 6c 6c 3d 22 23 46 46 46 22 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 6e 6f 6e 7a 65 72 6f 22 3e 0a 20 20 20 20 20 20 20 20 3c 70 61 74 68 20 64 3d 22 4d 33 30 2e 37 37 31 20 31 36 2e 39 35 37 76 2d 39 2e 38 35 61 31 2e 35 20 31 2e 35 20 30 20 30 20 30 2d 31 2e 35 2d 31 2e 35 48 36 2e 36 33 61 31 2e 35 20 31 2e 35 20 30 20 30 20 30 2d 31 2e 35 20 31 2e 35 76 33 33 2e 32 34 31 61 31 2e 35 20 31 2e 35 20 30 20 30 20 30 20 31 2e 35 20 31 2e 35 68 32 32 2e 35 31 38 61 31 2e 35 20 31 2e 35 20 30 20 30 20 30 20 31 2e 35 2d 31 2e 35 76 2d 39 2e 39 35 37 61 31 2e 35 20 31 2e 35 20 30 20 31 20 30 2d 33 20 30 76 39 2e 39 35 37 6c 31 2e 35 2d 31 2e 35 48 36 2e 36 33 6c 31 2e 35 20 31 2e 35 56 37 2e 31 30 38 6c 2d 31 2e 35 20 31 2e 35 48 32 39 [TRUNCATED]
              Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"> <g fill="#FFF" fill-rule="nonzero"> <path d="M30.771 16.957v-9.85a1.5 1.5 0 0 0-1.5-1.5H6.63a1.5 1.5 0 0 0-1.5 1.5v33.241a1.5 1.5 0 0 0 1.5 1.5h22.518a1.5 1.5 0 0 0 1.5-1.5v-9.957a1.5 1.5 0 1 0-3 0v9.957l1.5-1.5H6.63l1.5 1.5V7.108l-1.5 1.5H29.27l-1.5-1.5v9.85a1.5 1.5 0 1 0 3 0z"/> <path d="M17.758 25H41.85a1.5 1.5 0 0 0 0-3H17.758a1.5 1.5 0 0 0 0 3z"/> <path d="M36.03 31.806l7.247-7.246a1.5 1.5 0 0 0 0-2.122l-7.193-7.193a1.5 1.5 0 1 0-2.122 2.122l7.193 7.193v-2.122l-7.247 7.247a1.5 1.5 0 0 0 2.122 2.121z"/> </g></svg>


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              7192.168.2.649725108.179.194.74803728C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              May 28, 2024 00:31:14.688309908 CEST378OUTGET /natwes/natwest3/security_files/alert-icon.png HTTP/1.1
              Host: corporativoentornomedico.com
              Connection: keep-alive
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              Accept: */*
              Accept-Encoding: gzip, deflate
              Accept-Language: en-US,en;q=0.9
              Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34
              May 28, 2024 00:31:15.184371948 CEST905INHTTP/1.1 200 OK
              Date: Mon, 27 May 2024 22:31:15 GMT
              Server: Apache
              Upgrade: h2,h2c
              Connection: Upgrade, Keep-Alive
              Last-Modified: Sat, 07 Jul 2018 04:46:40 GMT
              Accept-Ranges: bytes
              Content-Length: 638
              Keep-Alive: timeout=5, max=75
              Content-Type: image/png
              Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 16 00 00 00 13 08 06 00 00 00 94 79 fd 88 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 02 38 49 44 41 54 38 11 95 94 cf 6b 13 41 14 c7 bf d3 4d ac 18 34 01 29 34 8a 52 41 ec c6 4a b4 e4 58 d0 8a 20 78 11 3c 14 11 8a 78 f0 20 a8 14 fd 07 fa e3 56 8a 9e a4 17 8f 9e 04 f1 e0 49 e8 d5 7a f3 20 6d c9 26 15 b1 14 24 8a 68 53 8d 6e cc ee be be 99 65 c2 64 bb 9b a6 73 d8 f7 eb fb 3e 3b fb 66 77 81 1e d6 57 94 0e ad c3 be 54 43 31 d3 83 5c 49 c4 5e c2 32 2e 0c 09 b8 cb 04 1c 03 44 cd 42 6a ec 0c 56 3e ef d5 d7 d7 4d 40 98 e1 ba fb 2a 84 4a 25 0d 06 68 bd 26 4c 58 dd fa 64 ad 2b b8 8a 97 f7 58 53 32 21 7c 93 f3 15 ac dd 37 73 71 7e e2 28 d6 31 3a e0 c3 ad 12 28 17 6d e4 a6 7a 3f 2c fb 14 d6 6a d1 9a 8e 13 77 ec c1 5d d0 d0 c1 e7 73 b0 a9 8c e3 6f 16 55 1f ef 3a db 44 b0 a0 21 71 36 16 ec 60 64 4c 80 6e b7 1b 02 46 c9 15 04 a1 e5 2b df 74 b2 8a c2 c5 76 22 e2 ec 02 87 07 e3 2f 32 aa 3d 26 f2 7d d5 46 5e 68 35 83 23 d6 8d a7 74 6c da 5d e0 0a 56 1f 32 b4 [TRUNCATED]
              Data Ascii: PNGIHDRysRGB8IDAT8kAM4)4RAJX x<x VIz m&$hSneds>;fwWTC1\I^2.DBjV>M@*J%h&LXd+XS2!|7sq~(1:(mz?,jw]soU:D!q6`dLnF+tv"/2=&}F^h5#tl]V2hm44T$,*lmGKXQ~;Ww{SUW)gh:IXj oVpWD(+}q9P+f1F(%j}T~;7>Gx$6ss'Z<?W<XZ7FV4V7<]LQy32#7Yo3OcA)k7=IqOIENDB`
              May 28, 2024 00:31:16.387550116 CEST375OUTGET /natwes/natwest3/security_files/favicon.ico HTTP/1.1
              Host: corporativoentornomedico.com
              Connection: keep-alive
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              Accept: */*
              Accept-Encoding: gzip, deflate
              Accept-Language: en-US,en;q=0.9
              Cookie: PHPSESSID=f244bfe74c9f8dee5f8d3ad16c7e7d34
              May 28, 2024 00:31:16.514323950 CEST1236INHTTP/1.1 200 OK
              Date: Mon, 27 May 2024 22:31:16 GMT
              Server: Apache
              Last-Modified: Sat, 07 Jul 2018 04:46:42 GMT
              Accept-Ranges: bytes
              Content-Length: 2238
              Cache-Control: max-age=604800
              Expires: Mon, 03 Jun 2024 22:31:16 GMT
              Keep-Alive: timeout=5, max=74
              Connection: Keep-Alive
              Content-Type: image/x-icon
              Data Raw: 00 00 01 00 01 00 20 20 00 00 01 00 08 00 a8 08 00 00 16 00 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 08 00 00 00 00 00 00 00 00 00 13 0b 00 00 13 0b 00 00 00 01 00 00 00 00 00 00 01 00 fe 00 01 00 fd 00 02 00 f8 00 01 00 f7 00 04 00 eb 00 03 01 f4 00 03 01 f0 00 06 01 e2 00 0b 0a ff 00 0e 0d f5 00 12 11 ff 00 1c 1b f9 00 32 31 ff 00 34 33 ff 00 35 33 ff 00 35 34 ff 00 33 31 ed 00 33 2f e6 00 33 2f e4 00 34 31 ec 00 34 32 ed 00 06 00 dc 00 09 00 cf 00 09 01 cf 00 11 09 d7 00 34 2e e8 00 33 2e e7 00 34 2e e7 00 32 2c e0 00 33 2c d9 00 33 2d dc 00 33 2e dc 00 0a 00 cd 00 0d 00 bf 00 0d 00 bd 00 0d 00 bc 00 0e 01 bb 00 2c 23 cc 00 34 2a d1 00 0e 00 ba 00 0e 00 b9 00 0f 00 b4 00 0f 00 b0 00 0f 01 b8 00 34 27 bd 00 32 26 b9 00 11 01 aa 00 11 01 a7 00 13 01 a1 00 33 24 b6 00 33 24 b5 00 34 26 b8 00 34 25 b4 00 35 27 b9 00 13 00 a2 00 14 00 94 00 33 22 a6 00 16 00 90 00 17 00 8d 00 16 01 90 00 2a 16 99 00 18 01 8a 00 24 0e 8d 00 33 1e 94 00 35 21 99 00 1a 00 7c 00 34 1d 8d 00 33 1b 83 00 1c 01 73 00 [TRUNCATED]
              Data Ascii: ( @21435354313/3/41424.3.4.2,3,3-3.,#4*4'2&3$3$4&4%5'3"*$35!|43so4434|3z4z4u3t ^2h Y3e4c#Q3X%E%D%A,G4H4B4A)33:*/*.34+(,#3(- -3$.3332343//3/00343131131333333333839""%&&+-.//1112133334353636444546474845555659456677
              May 28, 2024 00:31:16.514471054 CEST224INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
              Data Ascii:
              May 28, 2024 00:31:16.514530897 CEST1094INData Raw: 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85 85
              Data Ascii: z=$)))"D],12225<xEbw4VdALe.


              HTTPS Proxied Packets

              Session IDSource IPSource PortDestination IPDestination Port
              0192.168.2.64970940.113.103.199443
              TimestampBytes transferredDirectionData
              2024-05-27 22:31:09 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 5a 55 70 49 6e 45 68 65 33 45 43 39 6a 6b 7a 32 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 64 34 34 64 65 32 31 32 36 34 38 37 35 30 61 0d 0a 0d 0a
              Data Ascii: CNT 1 CON 305MS-CV: ZUpInEhe3EC9jkz2.1Context: 6d44de212648750a
              2024-05-27 22:31:09 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
              Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
              2024-05-27 22:31:09 UTC1076OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 35 33 0d 0a 4d 53 2d 43 56 3a 20 5a 55 70 49 6e 45 68 65 33 45 43 39 6a 6b 7a 32 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 64 34 34 64 65 32 31 32 36 34 38 37 35 30 61 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 58 7a 55 45 6b 33 4e 66 59 68 39 44 37 4a 45 5a 56 62 6c 51 70 7a 62 55 68 49 35 31 6e 4c 71 31 6c 79 78 73 49 65 70 6c 50 58 6f 72 4f 79 52 49 56 48 6e 75 53 2b 51 69 6e 32 63 6a 51 38 47 78 6c 52 66 65 2f 66 72 53 38 6e 4e 35 33 45 6b 50 56 49 67 5a 54 76 4c 63 7a 43 74 4b 2f 74 4b 78 6b 4e 6c 45 66 39 33 48 61 4b 43 39 4b
              Data Ascii: ATH 2 CON\DEVICE 1053MS-CV: ZUpInEhe3EC9jkz2.2Context: 6d44de212648750a<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAXzUEk3NfYh9D7JEZVblQpzbUhI51nLq1lyxsIeplPXorOyRIVHnuS+Qin2cjQ8GxlRfe/frS8nN53EkPVIgZTvLczCtK/tKxkNlEf93HaKC9K
              2024-05-27 22:31:09 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 5a 55 70 49 6e 45 68 65 33 45 43 39 6a 6b 7a 32 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 64 34 34 64 65 32 31 32 36 34 38 37 35 30 61 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
              Data Ascii: BND 3 CON\WNS 0 197MS-CV: ZUpInEhe3EC9jkz2.3Context: 6d44de212648750a<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
              2024-05-27 22:31:09 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
              Data Ascii: 202 1 CON 58
              2024-05-27 22:31:09 UTC58INData Raw: 4d 53 2d 43 56 3a 20 61 66 74 31 4f 35 72 56 4f 30 32 4c 67 4c 42 79 31 36 4c 32 34 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
              Data Ascii: MS-CV: aft1O5rVO02LgLBy16L24Q.0Payload parsing failed.


              Session IDSource IPSource PortDestination IPDestination Port
              1192.168.2.64972740.113.103.199443
              TimestampBytes transferredDirectionData
              2024-05-27 22:31:17 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 69 52 4e 4e 6c 4f 64 5a 46 6b 79 69 72 44 52 74 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 31 38 63 31 32 35 64 61 33 61 65 30 34 62 30 0d 0a 0d 0a
              Data Ascii: CNT 1 CON 305MS-CV: iRNNlOdZFkyirDRt.1Context: 918c125da3ae04b0
              2024-05-27 22:31:17 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
              Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
              2024-05-27 22:31:17 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 69 52 4e 4e 6c 4f 64 5a 46 6b 79 69 72 44 52 74 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 31 38 63 31 32 35 64 61 33 61 65 30 34 62 30 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 53 55 6a 43 4b 58 6a 75 69 56 42 55 61 4f 39 55 42 77 6b 61 39 36 4e 4e 4b 31 52 6a 41 36 79 31 6c 49 5a 4f 64 76 66 59 69 30 65 62 54 71 66 5a 7a 50 69 4e 47 45 72 43 6b 65 6e 69 61 66 69 58 6e 62 44 49 2b 48 4a 32 67 44 52 73 7a 76 49 64 78 5a 4a 59 35 47 2b 49 6e 30 62 34 68 76 73 71 30 32 44 78 36 78 31 67 39 71 42 39 35
              Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: iRNNlOdZFkyirDRt.2Context: 918c125da3ae04b0<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAASUjCKXjuiVBUaO9UBwka96NNK1RjA6y1lIZOdvfYi0ebTqfZzPiNGErCkeniafiXnbDI+HJ2gDRszvIdxZJY5G+In0b4hvsq02Dx6x1g9qB95
              2024-05-27 22:31:17 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 69 52 4e 4e 6c 4f 64 5a 46 6b 79 69 72 44 52 74 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 31 38 63 31 32 35 64 61 33 61 65 30 34 62 30 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
              Data Ascii: BND 3 CON\WNS 0 197MS-CV: iRNNlOdZFkyirDRt.3Context: 918c125da3ae04b0<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
              2024-05-27 22:31:17 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
              Data Ascii: 202 1 CON 58
              2024-05-27 22:31:17 UTC58INData Raw: 4d 53 2d 43 56 3a 20 4b 52 44 5a 79 6e 66 51 2f 45 4f 74 64 46 45 54 72 4a 59 4e 69 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
              Data Ascii: MS-CV: KRDZynfQ/EOtdFETrJYNiA.0Payload parsing failed.


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              2192.168.2.649728184.28.90.27443
              TimestampBytes transferredDirectionData
              2024-05-27 22:31:17 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
              Connection: Keep-Alive
              Accept: */*
              Accept-Encoding: identity
              User-Agent: Microsoft BITS/7.8
              Host: fs.microsoft.com
              2024-05-27 22:31:17 UTC467INHTTP/1.1 200 OK
              Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
              Content-Type: application/octet-stream
              ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
              Last-Modified: Tue, 16 May 2017 22:58:00 GMT
              Server: ECAcc (lpl/EF06)
              X-CID: 11
              X-Ms-ApiVersion: Distribute 1.2
              X-Ms-Region: prod-weu-z1
              Cache-Control: public, max-age=149877
              Date: Mon, 27 May 2024 22:31:17 GMT
              Connection: close
              X-CID: 2


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              3192.168.2.649731184.28.90.27443
              TimestampBytes transferredDirectionData
              2024-05-27 22:31:19 UTC239OUTGET /fs/windows/config.json HTTP/1.1
              Connection: Keep-Alive
              Accept: */*
              Accept-Encoding: identity
              If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
              Range: bytes=0-2147483646
              User-Agent: Microsoft BITS/7.8
              Host: fs.microsoft.com
              2024-05-27 22:31:19 UTC515INHTTP/1.1 200 OK
              ApiVersion: Distribute 1.1
              Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
              Content-Type: application/octet-stream
              ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
              Last-Modified: Tue, 16 May 2017 22:58:00 GMT
              Server: ECAcc (lpl/EF06)
              X-CID: 11
              X-Ms-ApiVersion: Distribute 1.2
              X-Ms-Region: prod-weu-z1
              Cache-Control: public, max-age=149958
              Date: Mon, 27 May 2024 22:31:19 GMT
              Content-Length: 55
              Connection: close
              X-CID: 2
              2024-05-27 22:31:19 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
              Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


              Session IDSource IPSource PortDestination IPDestination Port
              4192.168.2.65590540.115.3.253443
              TimestampBytes transferredDirectionData
              2024-05-27 22:31:46 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 47 69 4e 38 6d 79 42 76 47 30 4f 68 6d 4b 37 57 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 36 64 34 66 39 66 35 39 31 34 30 34 33 33 38 0d 0a 0d 0a
              Data Ascii: CNT 1 CON 305MS-CV: GiN8myBvG0OhmK7W.1Context: 86d4f9f591404338
              2024-05-27 22:31:46 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
              Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
              2024-05-27 22:31:46 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 47 69 4e 38 6d 79 42 76 47 30 4f 68 6d 4b 37 57 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 36 64 34 66 39 66 35 39 31 34 30 34 33 33 38 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 53 55 6a 43 4b 58 6a 75 69 56 42 55 61 4f 39 55 42 77 6b 61 39 36 4e 4e 4b 31 52 6a 41 36 79 31 6c 49 5a 4f 64 76 66 59 69 30 65 62 54 71 66 5a 7a 50 69 4e 47 45 72 43 6b 65 6e 69 61 66 69 58 6e 62 44 49 2b 48 4a 32 67 44 52 73 7a 76 49 64 78 5a 4a 59 35 47 2b 49 6e 30 62 34 68 76 73 71 30 32 44 78 36 78 31 67 39 71 42 39 35
              Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: GiN8myBvG0OhmK7W.2Context: 86d4f9f591404338<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAASUjCKXjuiVBUaO9UBwka96NNK1RjA6y1lIZOdvfYi0ebTqfZzPiNGErCkeniafiXnbDI+HJ2gDRszvIdxZJY5G+In0b4hvsq02Dx6x1g9qB95
              2024-05-27 22:31:46 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 47 69 4e 38 6d 79 42 76 47 30 4f 68 6d 4b 37 57 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 36 64 34 66 39 66 35 39 31 34 30 34 33 33 38 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
              Data Ascii: BND 3 CON\WNS 0 197MS-CV: GiN8myBvG0OhmK7W.3Context: 86d4f9f591404338<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
              2024-05-27 22:31:46 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
              Data Ascii: 202 1 CON 58
              2024-05-27 22:31:46 UTC58INData Raw: 4d 53 2d 43 56 3a 20 78 57 73 46 78 2b 62 6c 2b 45 4b 68 32 4b 54 6f 53 51 56 63 39 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
              Data Ascii: MS-CV: xWsFx+bl+EKh2KToSQVc9Q.0Payload parsing failed.


              Session IDSource IPSource PortDestination IPDestination Port
              5192.168.2.65590840.115.3.253443
              TimestampBytes transferredDirectionData
              2024-05-27 22:32:21 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 62 50 30 7a 56 59 73 54 38 6b 4b 5a 73 31 4c 75 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 31 32 38 30 35 34 62 62 39 37 37 33 65 34 35 0d 0a 0d 0a
              Data Ascii: CNT 1 CON 305MS-CV: bP0zVYsT8kKZs1Lu.1Context: b128054bb9773e45
              2024-05-27 22:32:21 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
              Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
              2024-05-27 22:32:21 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 62 50 30 7a 56 59 73 54 38 6b 4b 5a 73 31 4c 75 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 31 32 38 30 35 34 62 62 39 37 37 33 65 34 35 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 53 55 6a 43 4b 58 6a 75 69 56 42 55 61 4f 39 55 42 77 6b 61 39 36 4e 4e 4b 31 52 6a 41 36 79 31 6c 49 5a 4f 64 76 66 59 69 30 65 62 54 71 66 5a 7a 50 69 4e 47 45 72 43 6b 65 6e 69 61 66 69 58 6e 62 44 49 2b 48 4a 32 67 44 52 73 7a 76 49 64 78 5a 4a 59 35 47 2b 49 6e 30 62 34 68 76 73 71 30 32 44 78 36 78 31 67 39 71 42 39 35
              Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: bP0zVYsT8kKZs1Lu.2Context: b128054bb9773e45<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAASUjCKXjuiVBUaO9UBwka96NNK1RjA6y1lIZOdvfYi0ebTqfZzPiNGErCkeniafiXnbDI+HJ2gDRszvIdxZJY5G+In0b4hvsq02Dx6x1g9qB95
              2024-05-27 22:32:21 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 62 50 30 7a 56 59 73 54 38 6b 4b 5a 73 31 4c 75 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 31 32 38 30 35 34 62 62 39 37 37 33 65 34 35 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
              Data Ascii: BND 3 CON\WNS 0 197MS-CV: bP0zVYsT8kKZs1Lu.3Context: b128054bb9773e45<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
              2024-05-27 22:32:22 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
              Data Ascii: 202 1 CON 58
              2024-05-27 22:32:22 UTC58INData Raw: 4d 53 2d 43 56 3a 20 72 57 64 47 38 53 6c 43 30 30 53 6e 51 38 43 66 71 37 31 79 2f 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
              Data Ascii: MS-CV: rWdG8SlC00SnQ8Cfq71y/w.0Payload parsing failed.


              Statistics

              CPU Usage

              Click to jump to process

              Memory Usage

              Click to jump to process

              Behavior

              Click to jump to process

              System Behavior

              General

              Target ID:0
              Start time:18:31:06
              Start date:27/05/2024
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
              Imagebase:0x7ff684c40000
              File size:3'242'272 bytes
              MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:false

              General

              Target ID:2
              Start time:18:31:10
              Start date:27/05/2024
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 --field-trial-handle=2256,i,8095886379097499911,17251423474886775732,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
              Imagebase:0x7ff684c40000
              File size:3'242'272 bytes
              MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:false

              General

              Target ID:3
              Start time:18:31:12
              Start date:27/05/2024
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://corporativoentornomedico.com/natwes/natwest3/details.php"
              Imagebase:0x7ff684c40000
              File size:3'242'272 bytes
              MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:true

              Disassembly

              No disassembly