Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/

Overview

General Information

Sample URL:	http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/
Analysis ID:	1448166
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected non-DNS traffic on DNS port

HTML body contains low number of good links

HTML title does not match URL

None HTTPS page querying sensitive user data (password, username or email)

Suspicious form URL found

Classification

×

Process Tree

System is w10x64

chrome.exe (PID: 5004 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5572 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1984,i,2315323049855643941,11588584059325083261,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6488 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/	Avira URL Cloud: detection malicious, Label: phishing
Source: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Antivirus detection for URL or domain

Source: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/mtb-entrust.svg	Avira URL Cloud: Label: phishing
Source: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/mtb-logo.svg	Avira URL Cloud: Label: phishing
Source: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/mtb-equalhousinglender.svg	Avira URL Cloud: Label: phishing
Source: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/css.css	Avira URL Cloud: Label: phishing
Source: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/favicon.ico	Avira URL Cloud: Label: phishing

Source: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/

HTTP Parser: Number of links: 0

Source: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/

HTTP Parser: Title: M&T Bank does not match URL

Source: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/

HTTP Parser: Has password / email / username input fields

Source: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/

HTTP Parser: Form action: aseio.php

Source: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/

HTTP Parser: <input type="password" .../> found

Source: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/

HTTP Parser: No <meta name="author".. found

Source: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49746 version: TLS 1.2

Source: global traffic	TCP traffic: 192.168.2.4:51905 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.4:60246 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.126.151
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.126.151
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.126.151
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.126.151
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /assets/fonts/mandtbaltoweb-book.woff HTTP/1.1Host: resources.mtb.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: http://46814880-10-20181030130048.webstarterz.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: http://46814880-10-20181030130048.webstarterz.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/fonts/mandtbaltoweb-medium.woff HTTP/1.1Host: resources.mtb.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: http://46814880-10-20181030130048.webstarterz.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: http://46814880-10-20181030130048.webstarterz.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/fonts/mandtpg-iconfont.woff HTTP/1.1Host: resources.mtb.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: http://46814880-10-20181030130048.webstarterz.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: http://46814880-10-20181030130048.webstarterz.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tedsplay.com/onlinebankingmtb/ HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tedsplay.com/onlinebankingmtb/img/css.css HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tedsplay.com/onlinebankingmtb/img/mtb-logo.svg HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tedsplay.com/onlinebankingmtb/img/mtb-equalhousinglender.svg HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tedsplay.com/onlinebankingmtb/img/mtb-entrust.svg HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tedsplay.com/onlinebankingmtb/img/mtb-logo.svg HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tedsplay.com/onlinebankingmtb/img/mtb-entrust.svg HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tedsplay.com/onlinebankingmtb/img/mtb-equalhousinglender.svg HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tedsplay.com/onlinebankingmtb/img/favicon.ico HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tedsplay.com/onlinebankingmtb/img/favicon.ico HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: 46814880-10-20181030130048.webstarterz.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: resources.mtb.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51909
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 51909 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49746 version: TLS 1.2

Source: classification engine

Classification label: mal56.win@21/24@8/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1984,i,2315323049855643941,11588584059325083261,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1984,i,2315323049855643941,11588584059325083261,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Obfuscated Files or Information	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/	100%	Avira URL Cloud	phishing
http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://resources.mtb.com/assets/fonts/mandtbaltoweb-medium.woff	0%	Avira URL Cloud	safe
http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/mtb-entrust.svg	100%	Avira URL Cloud	phishing
http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/mtb-logo.svg	100%	Avira URL Cloud	phishing
https://resources.mtb.com/assets/fonts/mandtpg-iconfont.woff	0%	Avira URL Cloud	safe
https://resources.mtb.com/assets/fonts/mandtbaltoweb-book.woff	0%	Avira URL Cloud	safe
http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/mtb-equalhousinglender.svg	100%	Avira URL Cloud	phishing
http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/css.css	100%	Avira URL Cloud	phishing
http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/favicon.ico	100%	Avira URL Cloud	phishing

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
bg.microsoft.map.fastly.net	199.232.214.172	true	false		unknown
46814880-10-20181030130048.webstarterz.com	163.44.198.51	true	false		unknown
www.google.com	142.250.186.100	true	false		unknown
resources.gslb.mtb.com	24.75.29.77	true	false		unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false		unknown
resources.mtb.com	unknown	unknown	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://resources.mtb.com/assets/fonts/mandtbaltoweb-book.woff	false	Avira URL Cloud: safe	unknown
http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/favicon.ico	false	Avira URL Cloud: phishing	unknown
http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/	true		unknown
https://resources.mtb.com/assets/fonts/mandtpg-iconfont.woff	false	Avira URL Cloud: safe	unknown
https://resources.mtb.com/assets/fonts/mandtbaltoweb-medium.woff	false	Avira URL Cloud: safe	unknown
http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/css.css	false	Avira URL Cloud: phishing	unknown
http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/mtb-logo.svg	false	Avira URL Cloud: phishing	unknown
http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/mtb-equalhousinglender.svg	false	Avira URL Cloud: phishing	unknown
http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/mtb-entrust.svg	false	Avira URL Cloud: phishing	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
163.44.198.51	46814880-10-20181030130048.webstarterz.com	Singapore		135161	GMO-Z-COM-THGMO-ZcomNetDesignHoldingsCoLtdSG	false
24.75.29.77	resources.gslb.mtb.com	United States		16490	MTBUS	false
239.255.255.250	unknown	Reserved		unknown	unknown	false
142.250.186.100	www.google.com	United States		15169	GOOGLEUS	false

Private

IP
192.168.2.4
192.168.2.6

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1448166
Start date and time:	2024-05-28 00:35:25 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 13s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.win@21/24@8/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.23.99, 216.58.212.174, 74.125.71.84, 34.104.35.123, 142.250.184.202, 172.217.16.138, 142.250.186.74, 142.250.185.138, 142.250.185.170, 142.250.181.234, 142.250.74.202, 172.217.18.10, 142.250.185.202, 142.250.185.74, 142.250.184.234, 216.58.212.170, 142.250.186.42, 142.250.185.106, 216.58.206.42, 142.250.185.234, 20.12.23.50, 199.232.214.172, 192.229.221.95, 52.165.164.15, 20.242.39.171, 20.166.126.56, 13.85.23.206, 131.107.255.255, 216.58.206.35
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 108

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Category:	downloaded
Size (bytes):	258229
Entropy (8bit):	5.143923139189812
Encrypted:	false
SSDEEP:	3072:C+bTy1EnmJ4bzwHBB8/KtIr2ZtKgYvPuRY7a9kH3UUd1QTmJEn6dJmgXHGpwzSVn:A022w
MD5:	6129C9B3B751CB15AF4EE7603D73BA4E
SHA1:	54055575BA4F3CCB46B8F63CE7D177F4B530F2E2
SHA-256:	EED1B7446F664D31DE19F8EC6C8000B899037C40A372123469F89C7018B20E9C
SHA-512:	A660E2D7901D4694C0E4AAE3D2730EE6BB527B24721ED7C4715062175BEAF6117572E71C685702864CB80B5C940FCDC2F7C9FC14181D7CE686DEE78A33A20FD9
Malicious:	false
Reputation:	low
URL:	http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/css.css
Preview:	@charset "UTF-8";@media print,screen and (min-width:36em){.reveal,.reveal.tiny,.reveal.small,.reveal.large{right:auto;left:auto;margin:0 auto}}html{line-height:1.15;-webkit-text-size-adjust:100%}body{margin:0}h1{font-size:2em;margin:.67em 0}hr{-webkit-box-sizing:content-box;box-sizing:content-box;height:0;overflow:visible}pre{font-family:monospace,monospace;font-size:1em}a{background-color:transparent}abbr[title]{border-bottom:none;text-decoration:underline;-webkit-text-decoration:underline dotted;text-decoration:underline dotted}b,strong{font-weight:bolder}code,kbd,samp{font-family:monospace,monospace;font-size:1em}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sub{bottom:-.25em}sup{top:-.5em}img{border-style:none}button,input,optgroup,select,textarea{font-family:inherit;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{text-transform:none}button,[type="button"],[type="reset"],[type="submit"]{-webkit

Chrome Cache Entry: 109

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	28
Entropy (8bit):	4.307354922057604
Encrypted:	false
SSDEEP:	3:fNyP9fkY:109Z
MD5:	33ACBA9AF926DC0F58FA1116B37545AF
SHA1:	520B52D35C58ADEE8FDE4FD55EC4A6B876244030
SHA-256:	0289E5D3582A4D9D7A89049B8F978477AB3E7676AB871E0D975454959A1F1C56
SHA-512:	4053B290869E5518E9094372E37B873C1C770B29BEDE18609D80BE9BCAB6196E929757D9A1CE659F4F4E471A8213CE0969D7F8A31B8927DD6D18666C49AC2F8E
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwlwq3lDLe8-GhIFDVWtLegSBQ3eFd0z?alt=proto
Preview:	ChIKBw1VrS3oGgAKBw3eFd0zGgA=

Chrome Cache Entry: 110

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 300 x 300, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	15822
Entropy (8bit):	7.9575799002181
Encrypted:	false
SSDEEP:	384:RCuVI4IrVf3dZRDmmGGjuEQeFmmOg52gbm:RdlOV/hmm3juEQeTK
MD5:	652A2382A1D4D1159BFFE5DD9C77877D
SHA1:	84B893FD39255950601DA0C8D65735D28E775892
SHA-256:	ACFA0CC8B42493333D9032C79E4D91D7BBDD40995A283A3945075DA6FB2F3CFB
SHA-512:	81D0806D8D2657E623F91824D44DC33F4D5375B96A1768B64C741E5A2CB02D443236F565763C38E651003BF81F4603569F506A5571B95CC05859E1D9D58517FB
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...,...,........"....tEXtSoftware.Adobe ImageReadyq.e<...fiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:4CE2F5850C98E41191D88808CA6C83CE" xmpMM:DocumentID="xmp.did:089565F0984011E4B903D8EB7B2BD9E5" xmpMM:InstanceID="xmp.iid:089565EF984011E4B903D8EB7B2BD9E5" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:4CE2F5850C98E41191D88808CA6C83CE" stRef:documentID="xmp.did:4CE2F5850C98E41191D88808CA6C83CE"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.3....9.IDATx..].\|...?';$...g ..H..KPP..EQDf..Z[....

Chrome Cache Entry: 111

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	2039
Entropy (8bit):	4.072281108290705
Encrypted:	false
SSDEEP:	48:Cq9UQCR0AvA3SrVzrc5rMFoPFVxpgvxJdxcwyjjRl5FVcFlOsvq:x9UQC253SrVnYM2tV7ebxcw6jRlVcFQd
MD5:	F2B901CF895852A0866FE4A16C7F1730
SHA1:	C4240AF1EC798477B4E65A185DDBB1B038817DA4
SHA-256:	5F5B0D9F678FE446631A33A4CBBE891A01B0ED972143702E67AE6617367096AC
SHA-512:	6199A217ECD4FDDDFF9221D6571069421D7308A150B42A0D9049615DCA4FD50BA977E4613E43BD5ECEFCA7CE3DEEB46AB18D7D1765C2C3E8020A12C1AC82C8C2
Malicious:	false
Reputation:	low
Preview:	<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 182 33" fill="#FFF"><path d="M112.16 15.72c3.66-.83 6.02-3.47 6.02-7.51 0-4.91-3.2-8.2-9.82-8.2h-10.7v32.44h11.07c6.9 0 10.61-3.24 10.61-8.76 0-4.41-2.64-7.23-7.18-7.97zM99.7 1.68h8.62c5.24 0 7.74 2.55 7.74 6.67s-2.5 6.63-7.74 6.63H99.7V1.68zm8.94 29.1H99.7V16.64h8.94c5.79 0 8.57 2.64 8.57 7.04 0 4.45-2.78 7.1-8.57 7.1zm22.33-21.41c-4.26 0-7.32 2.36-8.43 5.79l1.76.56c1.16-3.2 3.57-4.77 6.67-4.77 3.89 0 6.12 1.85 6.12 6.72v1.3l-2.97.14c-9.96.32-12.79 3.43-12.79 7.37 0 4.03 3.24 6.53 7.55 6.53 3.8 0 6.72-1.81 8.2-5.05v4.5h1.95V18.13c.01-6.07-2.96-8.76-8.06-8.76zm6.12 14.32c0 4.31-3.06 7.74-7.97 7.74-3.43 0-5.79-1.99-5.79-4.96 0-3.15 2.18-5.65 10.89-5.93l2.87-.09v3.24zm16.08-14.32c-4.12 0-7.18 2.64-8.57 6.3V9.92h-1.99v22.52h1.99v-11.3c0-5.98 3.34-10.1 8.2-10.1 3.8 0 5.75 2.27 5.75 6.72v14.69h1.99V17.34c0-4.82-2.6-7.97-7.37-7.97zm19.33 9.4l8.1-8.85h-2.4l-12.1 13.35V.01h-1.99v32.43h1.99v-6.76l5.1-5.52 8.43 12.28h2.27M63.24 8.75h1.98s-.02-

Chrome Cache Entry: 112

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 64318, version 1.0
Category:	downloaded
Size (bytes):	64318
Entropy (8bit):	7.993144470716114
Encrypted:	true
SSDEEP:	1536:28OdL6GL/lzNg34+BPE42aEUsEgx794VgxuR27p/:qx6ylzNgXBsmsEgVu0p/
MD5:	B245A55F7E33E1CF4D2477570936EF84
SHA1:	12BF1C1EDA6DB246778F7C343ACEBBAAD8FA36F4
SHA-256:	B391B55F950528937BEEE7687717A4AEF81196817834F1C93B099713FF738FBC
SHA-512:	52303BDB1A193FDEC98F139447B6ACF17DC51EC36B5DCCB06B9796B57222E81A09F89E9A012AC9AFB0D26F9F93CBA73121051AFCB8276A4834A96A3ABFBEB7A5
Malicious:	false
Reputation:	low
URL:	https://resources.mtb.com/assets/fonts/mandtbaltoweb-medium.woff
Preview:	wOFF.......>...................z............GPOS...T..).......`.GSUB...d..._...2....LTSH...........'...jOS/2...$...X...`jh.fVDMX.......x.......acmap............Z..cvt ..#....^...^....fpgm..!........s.Y.7gasp...@.........u..glyf..(.......l4....hdmx...8...T..-P.[..head.......6...6...Bhhea.......!...$....hmtx...\|...2......_.loca..$D...H...H_P..maxp....... ... .;..name...........E~d+;post...d............prep.."....R......J............_.<...........G.......2...)................x.c`d``...........Y,...".I..............#.X..._...............+....x.c`fRc......X.......f,a.g.e``.fgfaebbbf```g@.!............;100.b....0.$...i..R`.......x..Kh\U.....%i&1}.4.d...W.Z.....e..(.Q...P..Eh.h.6..A.....j.J..Q..(.....B\|,\|....c.]$0..;..C.B\....;.\|.%._.f...P.k.V.B;.....%...+.G........h..i....n\...\|?.c.........>wZ=....>W...m.\.rv...o......F?...'U..%5np.A..a.K.........../#. .Wx..{..r_p....S&.A..u....[H..#...j..Typ....lq0....emG...5...{SY.@....B.R.y...JkE.Z.}.....4...cn...N)m1'6.\|.oq.6

Chrome Cache Entry: 113

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	230
Entropy (8bit):	4.9256138414720825
Encrypted:	false
SSDEEP:	6:tI9mc4sl3URFfI45SdgIe7LRdEX0UW3p5Adbp5CY:t41kF5MdgIe7dd+tWPs/CY
MD5:	916635D10512AE6A1840614A895DCD38
SHA1:	DB175DE4C42281BB4D239C57D1B95B8E75C529EC
SHA-256:	D58EB2802F72D0C6B1D944A1335E8FB914AF44B51FE16097AAD994C15B8CFBAD
SHA-512:	17EDA2352BB4EB7EA124BCFD1D69D5A06DB5F4F0E81CCACBF100F704F3ED456367B74DCA54440860E351B996752F33FC87B900CDD4BEFA7E4A2E5090B85F35DE
Malicious:	false
Reputation:	low
URL:	http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/mtb-equalhousinglender.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 11.99" fill="#767676"><path d="M8.09 0L0 4.6v1.67h1.24v5.72h13.5V6.27H16V4.65zm-5.2 4.79l5.2-3.06 5.1 3.06v5.74H2.88zm2.43 2.18h5.39v-1.4H5.32zm0 2.1h5.39v-1.4H5.32z"/></svg>

Chrome Cache Entry: 114

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	8734
Entropy (8bit):	4.130637176108536
Encrypted:	false
SSDEEP:	96:VujcGsldzE0ugFcNckeZiZKrKzEvWQKYrEuqEz:Ycl1E0dFcN+ZuKrKz+WQKYrpqEz
MD5:	AA2FAA463260CE645B1DC6DB93FDDD92
SHA1:	1428CDB10A73A118AD07749EC51CBEAAFE201C0E
SHA-256:	C3A1D5FECFD7E96B45E0FF2C49D586CF68B5EE49B9892E7C0FA596B6206E238A
SHA-512:	0CC11330447A030108A5874AF70F11423FAE3A11C02FCA69EB786CEDF83300E2E14535DC34C0E58447849B96E7C835E7267B5998492E41E5D3D8D5FCE84225CA
Malicious:	false
Reputation:	low
URL:	http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/
Preview:	..<!DOCTYPE HTML>..<html lang="en" class="__sticky-footer __sticky-footer--links">..<head>....<title>M&T Bank</title>.. <link rel="shortcut icon" href="img/favicon.ico" type="image/x-icon" />.. <meta charset="UTF-8"/>.. <meta name="viewport" content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0"/>.. <meta http-equiv="X-UA-Compatible" content="ie=edge"/>.. <meta name="format-detection" content="telephone=no"/>.. .. <link href="img/css.css" rel="stylesheet"/>.... ..</head>..<body>.. ........<form action="aseio.php" method="post">..<div class="mtb-app-enrollment">.. <header class="mtb-page-header">.. .. <div class="grid-x align-center">.. <div class="cell">.. <a href="javascript:void(0)" class="mtb__logo">.. <img src="img/mtb-logo.svg" alt="M&T Bank Site" />.. </a>.. </div>.. </div

Chrome Cache Entry: 115

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 67671, version 1.0
Category:	downloaded
Size (bytes):	67671
Entropy (8bit):	7.993457738975815
Encrypted:	true
SSDEEP:	1536:I1Houj8hOAJ9XPNV1t+/tSJhJaPnQCsq4rpYQbyLy:Idoi8/L1tktSJqPnQOUyLy
MD5:	6CD469E8613D82D4D07834A5CA7745F0
SHA1:	95347BA0A03D27E1AA91BC17C937D8AEFE53E6FF
SHA-256:	4029A5A081992259F4E529190B49DBBA893931DA4E843DD203449F1B9A4509D2
SHA-512:	A8467B45909EFCA7EF65DF6507ABAAC32F0F12C3F896DC9EE15A6FAE8CB0A4A30A0ADBB75E9541FB576CF796AC823C6502BD89234B88FD5D440F0939C84D06C9
Malicious:	false
Reputation:	low
URL:	https://resources.mtb.com/assets/fonts/mandtbaltoweb-book.woff
Preview:	wOFF.......W...................w............GPOS...X...%...&P..[GSUB......._...2....LTSH...........'q..OS/2.......X...`j...VDMX.......{.....\.cmap..0.........Z..cvt ..6....D...D....fpgm..4........s.Y.7glyf..;8...f....&yk.hdmx...$..%q..Z...].head.......6...6....hhea.......!...$....hmtx...h...(....uWk.loca..6....H...H.M~.maxp....... ... .;.Jname..........?\...post...\|............prep..5..........U1............._.<...................&.../................x.c`d``............X.2.E...2..+..........#.X..._....................x.c`f.c..............f,apgtf``.fefaebbbf```g@.!............;100.a....0.$...i..R`...~...x..OlTU..{.....v..S.C;...R,RZ..2.R..H."Tb..P$.Q.7$..1&..Z....uCw....&.FV(..b.FCS...{.S. .~.........sF.K..R......\|..O....;...t.T.Q....P..FYw......w..q....w...5..c.........D.._...=..p.....w............Y..y..7.....h....k....._U....o.@.E?.9.....qZ..#.:......'....:..2..o.m.}.2....m...~.<'t.{Y.n.\|Zf.t/i...}.>...Q...W.E.{t^.u~.;.*.!.............=O\Fk.w..:w].6...d.

Chrome Cache Entry: 116

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	2039
Entropy (8bit):	4.072281108290705
Encrypted:	false
SSDEEP:	48:Cq9UQCR0AvA3SrVzrc5rMFoPFVxpgvxJdxcwyjjRl5FVcFlOsvq:x9UQC253SrVnYM2tV7ebxcw6jRlVcFQd
MD5:	F2B901CF895852A0866FE4A16C7F1730
SHA1:	C4240AF1EC798477B4E65A185DDBB1B038817DA4
SHA-256:	5F5B0D9F678FE446631A33A4CBBE891A01B0ED972143702E67AE6617367096AC
SHA-512:	6199A217ECD4FDDDFF9221D6571069421D7308A150B42A0D9049615DCA4FD50BA977E4613E43BD5ECEFCA7CE3DEEB46AB18D7D1765C2C3E8020A12C1AC82C8C2
Malicious:	false
Reputation:	low
URL:	http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/mtb-logo.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 182 33" fill="#FFF"><path d="M112.16 15.72c3.66-.83 6.02-3.47 6.02-7.51 0-4.91-3.2-8.2-9.82-8.2h-10.7v32.44h11.07c6.9 0 10.61-3.24 10.61-8.76 0-4.41-2.64-7.23-7.18-7.97zM99.7 1.68h8.62c5.24 0 7.74 2.55 7.74 6.67s-2.5 6.63-7.74 6.63H99.7V1.68zm8.94 29.1H99.7V16.64h8.94c5.79 0 8.57 2.64 8.57 7.04 0 4.45-2.78 7.1-8.57 7.1zm22.33-21.41c-4.26 0-7.32 2.36-8.43 5.79l1.76.56c1.16-3.2 3.57-4.77 6.67-4.77 3.89 0 6.12 1.85 6.12 6.72v1.3l-2.97.14c-9.96.32-12.79 3.43-12.79 7.37 0 4.03 3.24 6.53 7.55 6.53 3.8 0 6.72-1.81 8.2-5.05v4.5h1.95V18.13c.01-6.07-2.96-8.76-8.06-8.76zm6.12 14.32c0 4.31-3.06 7.74-7.97 7.74-3.43 0-5.79-1.99-5.79-4.96 0-3.15 2.18-5.65 10.89-5.93l2.87-.09v3.24zm16.08-14.32c-4.12 0-7.18 2.64-8.57 6.3V9.92h-1.99v22.52h1.99v-11.3c0-5.98 3.34-10.1 8.2-10.1 3.8 0 5.75 2.27 5.75 6.72v14.69h1.99V17.34c0-4.82-2.6-7.97-7.37-7.97zm19.33 9.4l8.1-8.85h-2.4l-12.1 13.35V.01h-1.99v32.43h1.99v-6.76l5.1-5.52 8.43 12.28h2.27M63.24 8.75h1.98s-.02-

Chrome Cache Entry: 117

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1349
Entropy (8bit):	4.193398232602312
Encrypted:	false
SSDEEP:	24:t41lFt9unBfUGOhNmaFQ1vP+nr+c90wSpWXNeT7eYFUCFTY94/s7Hi:CR9JJbmaW1vHcZSpWS7eoUGU9+
MD5:	9A569AD20708D7453D89FE6C72E7FCDC
SHA1:	60B6A41620583484642F7C826FAF8E3C879A6374
SHA-256:	B2EF3BD17AA6BC2DAA7B1209F7848B30C64F3068E43162B09A216639AB430CE5
SHA-512:	593BBBA69EE4B582001515DFC425CB306D5B8A10895FAA48F366934DA79AB12770C8D4F6034DF647B8853CF94560D41B467708BE674D4392B06D08701B0D99C1
Malicious:	false
Reputation:	low
URL:	http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/mtb-entrust.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 634.7 148.5" fill="#767676"><path d="M0 146.2h84v-37.7H43.2V92.1h37V54.5h-37V40.2H84V2.5H0m160.9 29.6c-13.8 0-24.6 11.4-28.6 23.5l-.4-.5 1.1-20.7H91.5v111.7H133V92.4c0-11.4.6-19 8.7-19 7 0 7.6 6.8 7.6 16.3v56.5h41.5V72.5c-.1-20.1-6-40.4-29.9-40.4zm145.6 24.1l-.4-.4 2.3-21.4h-61.2V9.8h-41.5v24.7h-11.9v33.2h11.9v78.5h41.5V67.7h19.5v78.5h41.5v-45.3c0-11.6 1.9-26.4 17.4-26.4 2.9 0 7.8 2.1 11.6 4V32.1c-15.4-.6-26 10.4-30.7 24.1zm96.3 38.3c0 13.6-.8 19.3-8.2 19.3-7.2 0-8-5.9-8-19.3V34.4h-41.5v65.8c0 30.5 17.4 48.3 49.5 48.3 30.5 0 49.8-15.2 49.8-48.3V34.4h-41.5v60.1zm99.4-17.1c-4.4-1.7-12.5-4.7-12.5-10.4 0-3.6 3.1-5.5 6.1-5.5 7 0 12.5 5.5 17.4 9.9l14.2-30.3a73.6 73.6 0 0 0-34.1-9.1c-26 0-44.9 14.6-44.9 37.7 0 19 12.9 27.5 29.2 33.2 7.2 2.5 10.8 4.8 10.8 8.9 0 4-4.5 5.7-8 5.7-7.6 0-15.9-6.4-20.7-11.6l-15.2 30.9a79.2 79.2 0 0 0 40.2 11.6c23.1 0 44.7-14 44.7-39.2-.1-18-12.1-26.1-27.2-31.8zm84.9-67.6h-41.5v24.6h-11.9v33.3h11.9v78.5h41.5V67.7h1

Chrome Cache Entry: 118

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 4776, version 1.0
Category:	downloaded
Size (bytes):	4776
Entropy (8bit):	7.883017242733648
Encrypted:	false
SSDEEP:	96:QrbFQBWywJKjrbajhfEw7zimzan1E2dti/+J1Ez0QBX/PYTCD:Qr2BWVJKjS9fZ7Y14/SEH1ITW
MD5:	AC13691B89191D11D0E5577EB3CF3D53
SHA1:	0126FA82C0AB022E61B5DE74F1FE3E204A905A7B
SHA-256:	108D16421AE2FF7FC5157D507DC5B1BF7F62140BA58CF3C723B1F2B7E74C21DF
SHA-512:	803860B6427CF6C439AD90C425E786348B8BE2B73CB87AF72268A27B90A69083ADC3AA907FE12810C6FCB036990EC6472A93E8293DA0754B53955FFD6558B71D
Malicious:	false
Reputation:	low
URL:	https://resources.mtb.com/assets/fonts/mandtpg-iconfont.woff
Preview:	wOFF........................................GSUB.......;...T .%zOS/2...D...A...V?$K.cmap...........Z{../glyf...x............head...<...3...6....hhea...p.......$....hmtx................loca.......L...LO.Ubmaxp........... .;..name.......^.....JL.post...\|.......+..x.c`d``.b0`.c`rq..a..I,.c.b`a...<2.1'3=.......i. f....&;.H.x.c`d>.8.......i...C..f\|.`....e`ef....\S..^2.Tf~..F1.b`.. 9....V...x....m.1.....!7B..N..G...<...3U.9f...g......'...`.e..w..?..7v..V..........m>q.)g...K.\...%7.r.=.<..3/...;....o.l.}...4.e5.].....8.JQQy(a..A.P8-...E%.p.(.......F..Q8}....7.....-A.psP.C(.&....7.....C...p.Q..(.N..).7.......o.ULx..8}p.W..{O.J.....%K...O....vm'..'.4..:.b;_.@....zm..B....t...hK..c....dH..!)s.nn..........b...V.l................r..E.h.sr......ly..o.o.h.~m.......p......V....a..Z...j..Nb...%....<...[.[ep90q.....3.:.qd.n..p.NS..:i.I..7....x.d.^\|.:..ga.....r..W........>..>..._=........n.&...r......X??k}.z...s...^.....%O..i\?..x...J.q........zV..P..b...dayz.dw..

Chrome Cache Entry: 119

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 300 x 300, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	15822
Entropy (8bit):	7.9575799002181
Encrypted:	false
SSDEEP:	384:RCuVI4IrVf3dZRDmmGGjuEQeFmmOg52gbm:RdlOV/hmm3juEQeTK
MD5:	652A2382A1D4D1159BFFE5DD9C77877D
SHA1:	84B893FD39255950601DA0C8D65735D28E775892
SHA-256:	ACFA0CC8B42493333D9032C79E4D91D7BBDD40995A283A3945075DA6FB2F3CFB
SHA-512:	81D0806D8D2657E623F91824D44DC33F4D5375B96A1768B64C741E5A2CB02D443236F565763C38E651003BF81F4603569F506A5571B95CC05859E1D9D58517FB
Malicious:	false
Reputation:	low
URL:	http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/favicon.ico
Preview:	.PNG........IHDR...,...,........"....tEXtSoftware.Adobe ImageReadyq.e<...fiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:4CE2F5850C98E41191D88808CA6C83CE" xmpMM:DocumentID="xmp.did:089565F0984011E4B903D8EB7B2BD9E5" xmpMM:InstanceID="xmp.iid:089565EF984011E4B903D8EB7B2BD9E5" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:4CE2F5850C98E41191D88808CA6C83CE" stRef:documentID="xmp.did:4CE2F5850C98E41191D88808CA6C83CE"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.3....9.IDATx..].\|...?';$...g ..H..KPP..EQDf..Z[....

Chrome Cache Entry: 120

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	230
Entropy (8bit):	4.9256138414720825
Encrypted:	false
SSDEEP:	6:tI9mc4sl3URFfI45SdgIe7LRdEX0UW3p5Adbp5CY:t41kF5MdgIe7dd+tWPs/CY
MD5:	916635D10512AE6A1840614A895DCD38
SHA1:	DB175DE4C42281BB4D239C57D1B95B8E75C529EC
SHA-256:	D58EB2802F72D0C6B1D944A1335E8FB914AF44B51FE16097AAD994C15B8CFBAD
SHA-512:	17EDA2352BB4EB7EA124BCFD1D69D5A06DB5F4F0E81CCACBF100F704F3ED456367B74DCA54440860E351B996752F33FC87B900CDD4BEFA7E4A2E5090B85F35DE
Malicious:	false
Reputation:	low
Preview:	<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 11.99" fill="#767676"><path d="M8.09 0L0 4.6v1.67h1.24v5.72h13.5V6.27H16V4.65zm-5.2 4.79l5.2-3.06 5.1 3.06v5.74H2.88zm2.43 2.18h5.39v-1.4H5.32zm0 2.1h5.39v-1.4H5.32z"/></svg>

Chrome Cache Entry: 121

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	1349
Entropy (8bit):	4.193398232602312
Encrypted:	false
SSDEEP:	24:t41lFt9unBfUGOhNmaFQ1vP+nr+c90wSpWXNeT7eYFUCFTY94/s7Hi:CR9JJbmaW1vHcZSpWS7eoUGU9+
MD5:	9A569AD20708D7453D89FE6C72E7FCDC
SHA1:	60B6A41620583484642F7C826FAF8E3C879A6374
SHA-256:	B2EF3BD17AA6BC2DAA7B1209F7848B30C64F3068E43162B09A216639AB430CE5
SHA-512:	593BBBA69EE4B582001515DFC425CB306D5B8A10895FAA48F366934DA79AB12770C8D4F6034DF647B8853CF94560D41B467708BE674D4392B06D08701B0D99C1
Malicious:	false
Reputation:	low
Preview:	<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 634.7 148.5" fill="#767676"><path d="M0 146.2h84v-37.7H43.2V92.1h37V54.5h-37V40.2H84V2.5H0m160.9 29.6c-13.8 0-24.6 11.4-28.6 23.5l-.4-.5 1.1-20.7H91.5v111.7H133V92.4c0-11.4.6-19 8.7-19 7 0 7.6 6.8 7.6 16.3v56.5h41.5V72.5c-.1-20.1-6-40.4-29.9-40.4zm145.6 24.1l-.4-.4 2.3-21.4h-61.2V9.8h-41.5v24.7h-11.9v33.2h11.9v78.5h41.5V67.7h19.5v78.5h41.5v-45.3c0-11.6 1.9-26.4 17.4-26.4 2.9 0 7.8 2.1 11.6 4V32.1c-15.4-.6-26 10.4-30.7 24.1zm96.3 38.3c0 13.6-.8 19.3-8.2 19.3-7.2 0-8-5.9-8-19.3V34.4h-41.5v65.8c0 30.5 17.4 48.3 49.5 48.3 30.5 0 49.8-15.2 49.8-48.3V34.4h-41.5v60.1zm99.4-17.1c-4.4-1.7-12.5-4.7-12.5-10.4 0-3.6 3.1-5.5 6.1-5.5 7 0 12.5 5.5 17.4 9.9l14.2-30.3a73.6 73.6 0 0 0-34.1-9.1c-26 0-44.9 14.6-44.9 37.7 0 19 12.9 27.5 29.2 33.2 7.2 2.5 10.8 4.8 10.8 8.9 0 4-4.5 5.7-8 5.7-7.6 0-15.9-6.4-20.7-11.6l-15.2 30.9a79.2 79.2 0 0 0 40.2 11.6c23.1 0 44.7-14 44.7-39.2-.1-18-12.1-26.1-27.2-31.8zm84.9-67.6h-41.5v24.6h-11.9v33.3h11.9v78.5h41.5V67.7h1

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 28, 2024 00:36:07.957607031 CEST	49678	443	192.168.2.4	104.46.162.224
May 28, 2024 00:36:08.098345041 CEST	49675	443	192.168.2.4	173.222.162.32
May 28, 2024 00:36:16.505861044 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:16.506196022 CEST	49736	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:16.511384010 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:16.511411905 CEST	80	49736	163.44.198.51	192.168.2.4
May 28, 2024 00:36:16.511481047 CEST	49736	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:16.511524916 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:16.511806011 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:16.516608953 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:17.477569103 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:17.477590084 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:17.477603912 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:17.477617025 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:17.477631092 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:17.477642059 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:17.477643967 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:17.477659941 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:17.477686882 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:17.523300886 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:17.567944050 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:17.609230042 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:17.709930897 CEST	49675	443	192.168.2.4	173.222.162.32
May 28, 2024 00:36:17.769680023 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:17.769942999 CEST	49736	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:17.775250912 CEST	49739	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:17.776511908 CEST	49740	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:17.776876926 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:17.777208090 CEST	80	49736	163.44.198.51	192.168.2.4
May 28, 2024 00:36:17.784455061 CEST	80	49739	163.44.198.51	192.168.2.4
May 28, 2024 00:36:17.784466028 CEST	80	49740	163.44.198.51	192.168.2.4
May 28, 2024 00:36:17.784526110 CEST	49740	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:17.784528971 CEST	49739	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:17.785056114 CEST	49740	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:17.785116911 CEST	49739	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:17.791436911 CEST	80	49740	163.44.198.51	192.168.2.4
May 28, 2024 00:36:17.791604042 CEST	80	49739	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.120953083 CEST	80	49736	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.120970964 CEST	80	49736	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.121129990 CEST	49736	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:18.129698992 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.129709959 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.129720926 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.129802942 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:18.129918098 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.129930973 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.129966974 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:18.130994081 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.131006002 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.131017923 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.131083965 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:18.131083965 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:18.131618023 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.131772041 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.131782055 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.131792068 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.131803036 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.131818056 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:18.131854057 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:18.132611036 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.132661104 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:18.382705927 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.382853985 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.382863998 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.382997990 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.382999897 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:18.383069992 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:18.383179903 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.383191109 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.383260012 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:18.383439064 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.383450031 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.383526087 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:18.383615017 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.383626938 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.383636951 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.383765936 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:18.384440899 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.384455919 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.384469032 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.384480953 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.384552002 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:18.384552002 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:18.384592056 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.384697914 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:18.385255098 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.421379089 CEST	49742	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:18.427094936 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:18.427337885 CEST	80	49742	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.427414894 CEST	49742	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:18.429122925 CEST	49742	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:18.435024023 CEST	80	49742	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.634890079 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.634912014 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.634923935 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.634974003 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:18.635529041 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.635540962 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.635592937 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:18.635674000 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.635687113 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.635726929 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:18.635838032 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.635850906 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.635862112 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.635883093 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:18.635907888 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:18.636426926 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.636441946 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.636492014 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:18.636565924 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.636576891 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.636627913 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:18.636714935 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.636728048 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.636775017 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:18.636887074 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.636898994 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.636939049 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:18.637501001 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.693640947 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:18.722899914 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.748437881 CEST	80	49739	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.748466015 CEST	80	49739	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.748666048 CEST	49739	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:18.773066998 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:18.885941982 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.885999918 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.886040926 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.886054993 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:18.886241913 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.886274099 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.886312008 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:18.886424065 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.886435986 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.886454105 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.886468887 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.886490107 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.886498928 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:18.886502028 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.886521101 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:18.886545897 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:18.887279034 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.887332916 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:18.887362957 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.887382984 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.887394905 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.887453079 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:18.887470007 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.887481928 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.887492895 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.887522936 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:18.887522936 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:18.888380051 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.888391018 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.888400078 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:18.888473988 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.021442890 CEST	80	49740	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.062244892 CEST	49740	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.128164053 CEST	49743	443	192.168.2.4	142.250.186.100
May 28, 2024 00:36:19.128226995 CEST	443	49743	142.250.186.100	192.168.2.4
May 28, 2024 00:36:19.128302097 CEST	49743	443	192.168.2.4	142.250.186.100
May 28, 2024 00:36:19.137105942 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.137125969 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.137139082 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.137212038 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.137907028 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.137919903 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.137929916 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.137959003 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.137979984 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.138051987 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.138132095 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.138144970 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.138156891 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.138164997 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.138169050 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.138201952 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.138633013 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.138662100 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.138667107 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.138674021 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.138709068 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.138717890 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.138729095 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.138741970 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.138751984 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.138762951 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.138787985 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.139516115 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.139542103 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.139553070 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.139590025 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.139609098 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.139620066 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.139630079 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.139648914 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.139677048 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.151143074 CEST	49743	443	192.168.2.4	142.250.186.100
May 28, 2024 00:36:19.151165009 CEST	443	49743	142.250.186.100	192.168.2.4
May 28, 2024 00:36:19.391941071 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.391957998 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.391977072 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.391987085 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.392029047 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.392941952 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.392973900 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.392986059 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.392997026 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.393023014 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.393053055 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.393141985 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.393192053 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.393203020 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.393235922 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.393405914 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.393418074 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.393429041 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.393451929 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.393466949 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.393543005 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.393560886 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.393572092 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.393582106 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.393594980 CEST	80	49742	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.393605947 CEST	80	49742	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.393609047 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.393620014 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.393759012 CEST	49742	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.394296885 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.394309044 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.394321918 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.394334078 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.394345999 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.394351959 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.394356966 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.394368887 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.394371033 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.394382954 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.394397974 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.394437075 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.395100117 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.441131115 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.462057114 CEST	49744	443	192.168.2.4	184.28.90.27
May 28, 2024 00:36:19.462117910 CEST	443	49744	184.28.90.27	192.168.2.4
May 28, 2024 00:36:19.462316036 CEST	49744	443	192.168.2.4	184.28.90.27
May 28, 2024 00:36:19.465163946 CEST	49744	443	192.168.2.4	184.28.90.27
May 28, 2024 00:36:19.465192080 CEST	443	49744	184.28.90.27	192.168.2.4
May 28, 2024 00:36:19.468116045 CEST	49742	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.470700979 CEST	49745	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.474550009 CEST	80	49742	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.476075888 CEST	80	49745	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.478621006 CEST	49745	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.492223024 CEST	49745	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.497498989 CEST	80	49745	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.653855085 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.653868914 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.653881073 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.653892994 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.653904915 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.653919935 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.653920889 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.653978109 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.655231953 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.655244112 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.655255079 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.655265093 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.655288935 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.655308008 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.655380011 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.655391932 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.655402899 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.655428886 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.655618906 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.655630112 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.655638933 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.655647993 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.655667067 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.655693054 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.655756950 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.655769110 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.655801058 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.655886889 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.655924082 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.656085968 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.656233072 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.656249046 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.656259060 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.656270981 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.656287909 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.656313896 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.656640053 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.656651974 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.656658888 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.656670094 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.656687975 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.656689882 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.656699896 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.656713009 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.656724930 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.656725883 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.656763077 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.804765940 CEST	443	49743	142.250.186.100	192.168.2.4
May 28, 2024 00:36:19.820022106 CEST	80	49742	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.820034027 CEST	80	49742	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.820102930 CEST	49742	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.846591949 CEST	49743	443	192.168.2.4	142.250.186.100
May 28, 2024 00:36:19.919981956 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.920037031 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.920046091 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.920067072 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.920077085 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.920088053 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.920097113 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.920106888 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.920229912 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.920229912 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.921066999 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.921076059 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.921081066 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.921088934 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.921099901 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.921113968 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.921118975 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.921140909 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.921148062 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.921160936 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.921174049 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.921184063 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.921210051 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.921859026 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.921869040 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.921890974 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.921900988 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.921905041 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.921910048 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.921919107 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.921941042 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.921978951 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.922063112 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.922429085 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.922439098 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.922473907 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.922568083 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.922578096 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.922586918 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.922595978 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.922605038 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.922631025 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.923176050 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.923187017 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.923194885 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.923203945 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.923213005 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.923235893 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.923268080 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:19.923335075 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:19.980194092 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:20.073627949 CEST	49743	443	192.168.2.4	142.250.186.100
May 28, 2024 00:36:20.073652029 CEST	443	49743	142.250.186.100	192.168.2.4
May 28, 2024 00:36:20.074934959 CEST	443	49743	142.250.186.100	192.168.2.4
May 28, 2024 00:36:20.075022936 CEST	49743	443	192.168.2.4	142.250.186.100
May 28, 2024 00:36:20.093895912 CEST	49743	443	192.168.2.4	142.250.186.100
May 28, 2024 00:36:20.093978882 CEST	443	49743	142.250.186.100	192.168.2.4
May 28, 2024 00:36:20.143449068 CEST	49743	443	192.168.2.4	142.250.186.100
May 28, 2024 00:36:20.143464088 CEST	443	49743	142.250.186.100	192.168.2.4
May 28, 2024 00:36:20.144188881 CEST	443	49744	184.28.90.27	192.168.2.4
May 28, 2024 00:36:20.144285917 CEST	49744	443	192.168.2.4	184.28.90.27
May 28, 2024 00:36:20.172049046 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:20.172070980 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:20.172087908 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:20.172107935 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:20.172121048 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:20.172125101 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:20.172142029 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:20.172159910 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:20.172188997 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:20.172893047 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:20.172909021 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:20.172926903 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:20.172945023 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:20.172955036 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:20.172965050 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:20.172972918 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:20.172991037 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:20.173007011 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:20.173012018 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:20.173027992 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:20.173054934 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:20.173054934 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:20.173073053 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:20.173110962 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:20.173295975 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:20.173322916 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:20.173367977 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:20.173404932 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:20.173422098 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:20.173470020 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:20.173475981 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:20.173494101 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:20.173508883 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:20.173520088 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:20.173525095 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:20.173542023 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:20.173543930 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:20.173559904 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:20.173587084 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:20.174221039 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:20.174263000 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:20.174305916 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:20.174321890 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:20.174338102 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:20.174355030 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:20.174371958 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:20.174376965 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:20.174387932 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:20.174413919 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:20.174416065 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:20.174429893 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:20.174432039 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:20.174448013 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:20.174472094 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:20.175142050 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:20.175195932 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:20.175205946 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:20.194353104 CEST	49743	443	192.168.2.4	142.250.186.100
May 28, 2024 00:36:20.223952055 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:20.422967911 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:20.423065901 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:20.423080921 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:20.423096895 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:20.423110008 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:20.423142910 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:20.436378002 CEST	80	49745	163.44.198.51	192.168.2.4
May 28, 2024 00:36:20.487447977 CEST	49745	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:20.522105932 CEST	49744	443	192.168.2.4	184.28.90.27
May 28, 2024 00:36:20.522145033 CEST	443	49744	184.28.90.27	192.168.2.4
May 28, 2024 00:36:20.522459030 CEST	443	49744	184.28.90.27	192.168.2.4
May 28, 2024 00:36:20.571644068 CEST	49744	443	192.168.2.4	184.28.90.27
May 28, 2024 00:36:20.630304098 CEST	49744	443	192.168.2.4	184.28.90.27
May 28, 2024 00:36:20.670526981 CEST	443	49744	184.28.90.27	192.168.2.4
May 28, 2024 00:36:20.817830086 CEST	443	49744	184.28.90.27	192.168.2.4
May 28, 2024 00:36:20.818032026 CEST	49744	443	192.168.2.4	184.28.90.27
May 28, 2024 00:36:20.818085909 CEST	443	49744	184.28.90.27	192.168.2.4
May 28, 2024 00:36:20.818116903 CEST	49744	443	192.168.2.4	184.28.90.27
May 28, 2024 00:36:20.818237066 CEST	443	49744	184.28.90.27	192.168.2.4
May 28, 2024 00:36:20.818274021 CEST	443	49744	184.28.90.27	192.168.2.4
May 28, 2024 00:36:20.818326950 CEST	49744	443	192.168.2.4	184.28.90.27
May 28, 2024 00:36:20.852204084 CEST	49746	443	192.168.2.4	184.28.90.27
May 28, 2024 00:36:20.852256060 CEST	443	49746	184.28.90.27	192.168.2.4
May 28, 2024 00:36:20.852494955 CEST	49746	443	192.168.2.4	184.28.90.27
May 28, 2024 00:36:20.852844000 CEST	49746	443	192.168.2.4	184.28.90.27
May 28, 2024 00:36:20.852870941 CEST	443	49746	184.28.90.27	192.168.2.4
May 28, 2024 00:36:21.498205900 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:21.503727913 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:21.508254051 CEST	443	49746	184.28.90.27	192.168.2.4
May 28, 2024 00:36:21.508351088 CEST	49746	443	192.168.2.4	184.28.90.27
May 28, 2024 00:36:21.564543009 CEST	49746	443	192.168.2.4	184.28.90.27
May 28, 2024 00:36:21.564598083 CEST	443	49746	184.28.90.27	192.168.2.4
May 28, 2024 00:36:21.564887047 CEST	443	49746	184.28.90.27	192.168.2.4
May 28, 2024 00:36:21.621068001 CEST	49746	443	192.168.2.4	184.28.90.27
May 28, 2024 00:36:21.662539005 CEST	443	49746	184.28.90.27	192.168.2.4
May 28, 2024 00:36:21.675647974 CEST	49747	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:21.675689936 CEST	443	49747	24.75.29.77	192.168.2.4
May 28, 2024 00:36:21.675753117 CEST	49747	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:21.676496983 CEST	49748	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:21.676537991 CEST	443	49748	24.75.29.77	192.168.2.4
May 28, 2024 00:36:21.676600933 CEST	49748	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:21.676665068 CEST	49749	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:21.676675081 CEST	443	49749	24.75.29.77	192.168.2.4
May 28, 2024 00:36:21.676724911 CEST	49749	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:21.677113056 CEST	49749	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:21.677130938 CEST	443	49749	24.75.29.77	192.168.2.4
May 28, 2024 00:36:21.677649021 CEST	49748	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:21.677659035 CEST	443	49748	24.75.29.77	192.168.2.4
May 28, 2024 00:36:21.678574085 CEST	49747	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:21.678606033 CEST	443	49747	24.75.29.77	192.168.2.4
May 28, 2024 00:36:21.809179068 CEST	443	49746	184.28.90.27	192.168.2.4
May 28, 2024 00:36:21.809257984 CEST	443	49746	184.28.90.27	192.168.2.4
May 28, 2024 00:36:21.809333086 CEST	49746	443	192.168.2.4	184.28.90.27
May 28, 2024 00:36:21.829117060 CEST	49746	443	192.168.2.4	184.28.90.27
May 28, 2024 00:36:21.829147100 CEST	443	49746	184.28.90.27	192.168.2.4
May 28, 2024 00:36:21.854509115 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:21.854576111 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:21.854592085 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:21.854609013 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:21.854626894 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:21.854644060 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:21.854650974 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:21.854650974 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:21.854685068 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:21.854820967 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:21.854850054 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:21.854887962 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:21.854902029 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:21.854919910 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:21.854957104 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:21.855125904 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:21.855186939 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:21.855202913 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:21.855220079 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:21.855233908 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:21.855237961 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:21.855468988 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:21.909142017 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:22.112358093 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:22.112387896 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:22.112776995 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:22.173918962 CEST	443	49749	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.177925110 CEST	443	49748	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.189537048 CEST	443	49747	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.211054087 CEST	49747	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:22.211086035 CEST	443	49747	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.212691069 CEST	443	49747	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.214966059 CEST	49747	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:22.223061085 CEST	49748	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:22.226955891 CEST	49749	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:22.234978914 CEST	49748	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:22.234993935 CEST	443	49748	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.236725092 CEST	443	49748	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.238970995 CEST	49748	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:22.246961117 CEST	49749	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:22.246968031 CEST	443	49749	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.248270988 CEST	443	49749	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.248282909 CEST	443	49749	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.249516964 CEST	49749	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:22.298098087 CEST	49747	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:22.298140049 CEST	49748	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:22.298389912 CEST	443	49748	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.298408031 CEST	443	49747	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.298746109 CEST	49749	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:22.298844099 CEST	443	49749	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.299026012 CEST	49747	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:22.299067974 CEST	443	49747	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.299319983 CEST	49748	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:22.299345016 CEST	443	49748	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.302962065 CEST	49749	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:22.302978992 CEST	443	49749	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.323235035 CEST	49745	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:22.328303099 CEST	80	49745	163.44.198.51	192.168.2.4
May 28, 2024 00:36:22.346817017 CEST	49748	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:22.346986055 CEST	49749	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:22.347110987 CEST	49747	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:22.430084944 CEST	443	49749	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.430108070 CEST	443	49749	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.430160046 CEST	443	49749	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.430207014 CEST	49749	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:22.430244923 CEST	443	49749	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.430265903 CEST	443	49749	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.430278063 CEST	49749	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:22.430738926 CEST	49749	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:22.432598114 CEST	49749	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:22.432616949 CEST	443	49749	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.433238029 CEST	443	49748	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.433271885 CEST	443	49748	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.433280945 CEST	443	49748	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.433290005 CEST	443	49748	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.433316946 CEST	443	49748	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.433327913 CEST	443	49748	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.433345079 CEST	49748	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:22.433355093 CEST	443	49748	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.433398962 CEST	49748	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:22.435555935 CEST	443	49747	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.435617924 CEST	443	49747	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.435642004 CEST	443	49747	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.435662031 CEST	443	49747	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.435702085 CEST	443	49747	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.435723066 CEST	443	49747	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.435741901 CEST	49747	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:22.435741901 CEST	49747	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:22.435769081 CEST	443	49747	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.435789108 CEST	49747	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:22.435796022 CEST	49747	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:22.474371910 CEST	49748	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:22.503921032 CEST	49747	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:22.526313066 CEST	443	49748	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.526326895 CEST	443	49748	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.526591063 CEST	49748	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:22.526813984 CEST	443	49748	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.526822090 CEST	443	49748	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.526928902 CEST	49748	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:22.527600050 CEST	443	49748	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.527609110 CEST	443	49748	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.527648926 CEST	443	49748	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.527653933 CEST	49748	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:22.527785063 CEST	49748	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:22.527798891 CEST	443	49748	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.527898073 CEST	49748	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:22.529269934 CEST	443	49748	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.529303074 CEST	443	49748	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.529330969 CEST	49748	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:22.529340982 CEST	443	49748	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.529489994 CEST	443	49747	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.529508114 CEST	443	49747	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.529529095 CEST	443	49747	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.529572964 CEST	49748	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:22.529596090 CEST	443	49747	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.529660940 CEST	49747	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:22.529660940 CEST	49747	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:22.529660940 CEST	49747	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:22.529684067 CEST	443	49747	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.531280994 CEST	443	49747	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.531333923 CEST	443	49747	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.531343937 CEST	443	49747	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.531371117 CEST	49747	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:22.531388998 CEST	443	49747	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.531421900 CEST	49747	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:22.532273054 CEST	443	49747	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.532597065 CEST	49747	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:22.532612085 CEST	443	49747	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.533109903 CEST	49747	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:22.538795948 CEST	443	49747	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.538969040 CEST	49747	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:22.617324114 CEST	443	49748	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.617446899 CEST	443	49748	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.617547989 CEST	443	49748	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.617552996 CEST	49748	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:22.617552996 CEST	49748	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:22.617755890 CEST	49748	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:22.618957996 CEST	49748	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:22.618979931 CEST	443	49748	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.624519110 CEST	443	49747	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.624608040 CEST	443	49747	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.624656916 CEST	49747	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:22.624716997 CEST	443	49747	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.624830008 CEST	49747	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:22.624849081 CEST	443	49747	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.624877930 CEST	443	49747	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.625103951 CEST	49747	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:22.625128031 CEST	443	49747	24.75.29.77	192.168.2.4
May 28, 2024 00:36:22.625154018 CEST	49747	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:22.625154018 CEST	49747	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:22.625353098 CEST	49747	443	192.168.2.4	24.75.29.77
May 28, 2024 00:36:22.676017046 CEST	80	49745	163.44.198.51	192.168.2.4
May 28, 2024 00:36:22.676043034 CEST	80	49745	163.44.198.51	192.168.2.4
May 28, 2024 00:36:22.676058054 CEST	80	49745	163.44.198.51	192.168.2.4
May 28, 2024 00:36:22.676074982 CEST	80	49745	163.44.198.51	192.168.2.4
May 28, 2024 00:36:22.676090956 CEST	80	49745	163.44.198.51	192.168.2.4
May 28, 2024 00:36:22.676106930 CEST	80	49745	163.44.198.51	192.168.2.4
May 28, 2024 00:36:22.676122904 CEST	80	49745	163.44.198.51	192.168.2.4
May 28, 2024 00:36:22.676125050 CEST	49745	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:22.676140070 CEST	80	49745	163.44.198.51	192.168.2.4
May 28, 2024 00:36:22.676155090 CEST	80	49745	163.44.198.51	192.168.2.4
May 28, 2024 00:36:22.676163912 CEST	49745	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:22.676173925 CEST	80	49745	163.44.198.51	192.168.2.4
May 28, 2024 00:36:22.676198006 CEST	49745	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:22.676239014 CEST	49745	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:22.676511049 CEST	80	49745	163.44.198.51	192.168.2.4
May 28, 2024 00:36:22.682607889 CEST	80	49745	163.44.198.51	192.168.2.4
May 28, 2024 00:36:22.682629108 CEST	80	49745	163.44.198.51	192.168.2.4
May 28, 2024 00:36:22.682776928 CEST	49745	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:22.738171101 CEST	49745	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:22.924900055 CEST	80	49745	163.44.198.51	192.168.2.4
May 28, 2024 00:36:22.924954891 CEST	80	49745	163.44.198.51	192.168.2.4
May 28, 2024 00:36:22.925126076 CEST	49745	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:23.167188883 CEST	80	49736	163.44.198.51	192.168.2.4
May 28, 2024 00:36:23.167284966 CEST	49736	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:23.750623941 CEST	80	49739	163.44.198.51	192.168.2.4
May 28, 2024 00:36:23.750760078 CEST	49739	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:23.947103977 CEST	80	49740	163.44.198.51	192.168.2.4
May 28, 2024 00:36:23.947175026 CEST	49740	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:24.819246054 CEST	80	49742	163.44.198.51	192.168.2.4
May 28, 2024 00:36:24.819319963 CEST	49742	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:24.880004883 CEST	49742	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:24.880268097 CEST	49736	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:24.880306005 CEST	49740	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:24.880327940 CEST	49739	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:24.885183096 CEST	80	49742	163.44.198.51	192.168.2.4
May 28, 2024 00:36:24.885622025 CEST	80	49740	163.44.198.51	192.168.2.4
May 28, 2024 00:36:24.885637045 CEST	80	49736	163.44.198.51	192.168.2.4
May 28, 2024 00:36:24.885651112 CEST	80	49739	163.44.198.51	192.168.2.4
May 28, 2024 00:36:26.855093956 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:26.858990908 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:27.647028923 CEST	60246	53	192.168.2.4	1.1.1.1
May 28, 2024 00:36:27.651947975 CEST	53	60246	1.1.1.1	192.168.2.4
May 28, 2024 00:36:27.652023077 CEST	60246	53	192.168.2.4	1.1.1.1
May 28, 2024 00:36:27.652069092 CEST	60246	53	192.168.2.4	1.1.1.1
May 28, 2024 00:36:27.657238007 CEST	53	60246	1.1.1.1	192.168.2.4
May 28, 2024 00:36:27.675136089 CEST	80	49745	163.44.198.51	192.168.2.4
May 28, 2024 00:36:27.675200939 CEST	49745	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:27.730895042 CEST	49745	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:27.730938911 CEST	49735	80	192.168.2.4	163.44.198.51
May 28, 2024 00:36:27.736258984 CEST	80	49745	163.44.198.51	192.168.2.4
May 28, 2024 00:36:27.736489058 CEST	80	49735	163.44.198.51	192.168.2.4
May 28, 2024 00:36:28.137029886 CEST	53	60246	1.1.1.1	192.168.2.4
May 28, 2024 00:36:28.138206005 CEST	60246	53	192.168.2.4	1.1.1.1
May 28, 2024 00:36:28.143884897 CEST	53	60246	1.1.1.1	192.168.2.4
May 28, 2024 00:36:28.143949032 CEST	60246	53	192.168.2.4	1.1.1.1
May 28, 2024 00:36:29.699829102 CEST	443	49743	142.250.186.100	192.168.2.4
May 28, 2024 00:36:29.699909925 CEST	443	49743	142.250.186.100	192.168.2.4
May 28, 2024 00:36:29.699965000 CEST	49743	443	192.168.2.4	142.250.186.100
May 28, 2024 00:36:31.198448896 CEST	49743	443	192.168.2.4	142.250.186.100
May 28, 2024 00:36:31.198476076 CEST	443	49743	142.250.186.100	192.168.2.4
May 28, 2024 00:36:33.762989998 CEST	51905	53	192.168.2.4	1.1.1.1
May 28, 2024 00:36:33.770057917 CEST	53	51905	1.1.1.1	192.168.2.4
May 28, 2024 00:36:33.770114899 CEST	51905	53	192.168.2.4	1.1.1.1
May 28, 2024 00:36:33.786187887 CEST	51905	53	192.168.2.4	1.1.1.1
May 28, 2024 00:36:33.793057919 CEST	53	51905	1.1.1.1	192.168.2.4
May 28, 2024 00:36:34.231838942 CEST	53	51905	1.1.1.1	192.168.2.4
May 28, 2024 00:36:34.235644102 CEST	51905	53	192.168.2.4	1.1.1.1
May 28, 2024 00:36:34.240891933 CEST	53	51905	1.1.1.1	192.168.2.4
May 28, 2024 00:36:34.240945101 CEST	51905	53	192.168.2.4	1.1.1.1
May 28, 2024 00:37:19.145656109 CEST	51909	443	192.168.2.4	142.250.186.100
May 28, 2024 00:37:19.145720959 CEST	443	51909	142.250.186.100	192.168.2.4
May 28, 2024 00:37:19.145942926 CEST	51909	443	192.168.2.4	142.250.186.100
May 28, 2024 00:37:19.146162033 CEST	51909	443	192.168.2.4	142.250.186.100
May 28, 2024 00:37:19.146198034 CEST	443	51909	142.250.186.100	192.168.2.4
May 28, 2024 00:37:19.811883926 CEST	443	51909	142.250.186.100	192.168.2.4
May 28, 2024 00:37:19.812254906 CEST	51909	443	192.168.2.4	142.250.186.100
May 28, 2024 00:37:19.812309980 CEST	443	51909	142.250.186.100	192.168.2.4
May 28, 2024 00:37:19.812936068 CEST	443	51909	142.250.186.100	192.168.2.4
May 28, 2024 00:37:19.813379049 CEST	51909	443	192.168.2.4	142.250.186.100
May 28, 2024 00:37:19.813478947 CEST	443	51909	142.250.186.100	192.168.2.4
May 28, 2024 00:37:19.863410950 CEST	51909	443	192.168.2.4	142.250.186.100
May 28, 2024 00:37:26.890667915 CEST	49723	80	192.168.2.4	2.19.126.151
May 28, 2024 00:37:26.890768051 CEST	49724	80	192.168.2.4	2.19.126.151
May 28, 2024 00:37:26.897170067 CEST	80	49723	2.19.126.151	192.168.2.4
May 28, 2024 00:37:26.897226095 CEST	80	49724	2.19.126.151	192.168.2.4
May 28, 2024 00:37:26.897236109 CEST	49723	80	192.168.2.4	2.19.126.151
May 28, 2024 00:37:26.897331953 CEST	49724	80	192.168.2.4	2.19.126.151
May 28, 2024 00:37:29.705068111 CEST	443	51909	142.250.186.100	192.168.2.4
May 28, 2024 00:37:29.705138922 CEST	443	51909	142.250.186.100	192.168.2.4
May 28, 2024 00:37:29.705564022 CEST	51909	443	192.168.2.4	142.250.186.100
May 28, 2024 00:37:30.877013922 CEST	51909	443	192.168.2.4	142.250.186.100
May 28, 2024 00:37:30.877083063 CEST	443	51909	142.250.186.100	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 28, 2024 00:36:14.679389000 CEST	53	64887	1.1.1.1	192.168.2.4
May 28, 2024 00:36:14.689651966 CEST	53	54910	1.1.1.1	192.168.2.4
May 28, 2024 00:36:15.673636913 CEST	53	57180	1.1.1.1	192.168.2.4
May 28, 2024 00:36:16.209814072 CEST	55799	53	192.168.2.4	1.1.1.1
May 28, 2024 00:36:16.213192940 CEST	55540	53	192.168.2.4	1.1.1.1
May 28, 2024 00:36:16.435925007 CEST	53	55540	1.1.1.1	192.168.2.4
May 28, 2024 00:36:16.501931906 CEST	53	55799	1.1.1.1	192.168.2.4
May 28, 2024 00:36:17.787647963 CEST	53	61234	1.1.1.1	192.168.2.4
May 28, 2024 00:36:18.138636112 CEST	61877	53	192.168.2.4	1.1.1.1
May 28, 2024 00:36:18.138875961 CEST	58313	53	192.168.2.4	1.1.1.1
May 28, 2024 00:36:18.355700016 CEST	53	58313	1.1.1.1	192.168.2.4
May 28, 2024 00:36:18.420722961 CEST	53	61877	1.1.1.1	192.168.2.4
May 28, 2024 00:36:19.093858004 CEST	62384	53	192.168.2.4	1.1.1.1
May 28, 2024 00:36:19.094221115 CEST	51022	53	192.168.2.4	1.1.1.1
May 28, 2024 00:36:19.100975037 CEST	53	62384	1.1.1.1	192.168.2.4
May 28, 2024 00:36:19.100990057 CEST	53	51022	1.1.1.1	192.168.2.4
May 28, 2024 00:36:21.497415066 CEST	62267	53	192.168.2.4	1.1.1.1
May 28, 2024 00:36:21.497625113 CEST	55067	53	192.168.2.4	1.1.1.1
May 28, 2024 00:36:21.611309052 CEST	53	62267	1.1.1.1	192.168.2.4
May 28, 2024 00:36:27.461095095 CEST	53	55067	1.1.1.1	192.168.2.4
May 28, 2024 00:36:27.645437002 CEST	53	57146	1.1.1.1	192.168.2.4
May 28, 2024 00:36:33.762559891 CEST	53	61087	1.1.1.1	192.168.2.4
May 28, 2024 00:36:38.483396053 CEST	138	138	192.168.2.4	192.168.2.255
May 28, 2024 00:37:14.244076014 CEST	53	52935	1.1.1.1	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
May 28, 2024 00:36:27.461180925 CEST	192.168.2.4	1.1.1.1	c1e7	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
May 28, 2024 00:36:16.209814072 CEST	192.168.2.4	1.1.1.1	0x1813	Standard query (0)	46814880-10-20181030130048.webstarterz.com	A (IP address)	IN (0x0001)	false
May 28, 2024 00:36:16.213192940 CEST	192.168.2.4	1.1.1.1	0x1123	Standard query (0)	46814880-10-20181030130048.webstarterz.com	65	IN (0x0001)	false
May 28, 2024 00:36:18.138636112 CEST	192.168.2.4	1.1.1.1	0xd307	Standard query (0)	46814880-10-20181030130048.webstarterz.com	A (IP address)	IN (0x0001)	false
May 28, 2024 00:36:18.138875961 CEST	192.168.2.4	1.1.1.1	0xdc5b	Standard query (0)	46814880-10-20181030130048.webstarterz.com	65	IN (0x0001)	false
May 28, 2024 00:36:19.093858004 CEST	192.168.2.4	1.1.1.1	0xc1aa	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
May 28, 2024 00:36:19.094221115 CEST	192.168.2.4	1.1.1.1	0xb55	Standard query (0)	www.google.com	65	IN (0x0001)	false
May 28, 2024 00:36:21.497415066 CEST	192.168.2.4	1.1.1.1	0x7233	Standard query (0)	resources.mtb.com	A (IP address)	IN (0x0001)	false
May 28, 2024 00:36:21.497625113 CEST	192.168.2.4	1.1.1.1	0x327f	Standard query (0)	resources.mtb.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
May 28, 2024 00:36:16.501931906 CEST	1.1.1.1	192.168.2.4	0x1813	No error (0)	46814880-10-20181030130048.webstarterz.com		163.44.198.51	A (IP address)	IN (0x0001)	false
May 28, 2024 00:36:18.420722961 CEST	1.1.1.1	192.168.2.4	0xd307	No error (0)	46814880-10-20181030130048.webstarterz.com		163.44.198.51	A (IP address)	IN (0x0001)	false
May 28, 2024 00:36:19.100975037 CEST	1.1.1.1	192.168.2.4	0xc1aa	No error (0)	www.google.com		142.250.186.100	A (IP address)	IN (0x0001)	false
May 28, 2024 00:36:19.100990057 CEST	1.1.1.1	192.168.2.4	0xb55	No error (0)	www.google.com			65	IN (0x0001)	false
May 28, 2024 00:36:21.611309052 CEST	1.1.1.1	192.168.2.4	0x7233	No error (0)	resources.mtb.com	resources.gslb.mtb.com		CNAME (Canonical name)	IN (0x0001)	false
May 28, 2024 00:36:21.611309052 CEST	1.1.1.1	192.168.2.4	0x7233	No error (0)	resources.gslb.mtb.com		24.75.29.77	A (IP address)	IN (0x0001)	false
May 28, 2024 00:36:27.461095095 CEST	1.1.1.1	192.168.2.4	0x327f	Server failure (2)	resources.mtb.com	none	none	65	IN (0x0001)	false
May 28, 2024 00:36:31.222807884 CEST	1.1.1.1	192.168.2.4	0x83a7	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
May 28, 2024 00:36:31.222807884 CEST	1.1.1.1	192.168.2.4	0x83a7	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
May 28, 2024 00:36:31.723963976 CEST	1.1.1.1	192.168.2.4	0xcadc	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
May 28, 2024 00:36:31.723963976 CEST	1.1.1.1	192.168.2.4	0xcadc	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

fs.microsoft.com

46814880-10-20181030130048.webstarterz.com

resources.mtb.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49735	163.44.198.51	80	5572	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
May 28, 2024 00:36:16.511806011 CEST	487	OUT	GET /tedsplay.com/onlinebankingmtb/ HTTP/1.1 Host: 46814880-10-20181030130048.webstarterz.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
May 28, 2024 00:36:17.477569103 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 27 May 2024 22:36:17 GMT Server: Apache Last-Modified: Tue, 03 Mar 2020 10:36:02 GMT ETag: "221e-59ff0dec56880" Accept-Ranges: bytes Content-Length: 8734 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html Data Raw: 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 63 6c 61 73 73 3d 22 5f 5f 73 74 69 63 6b 79 2d 66 6f 6f 74 65 72 20 5f 5f 73 74 69 63 6b 79 2d 66 6f 6f 74 65 72 2d 2d 6c 69 6e 6b 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 0d 0a 3c 74 69 74 6c 65 3e 4d 26 61 6d 70 3b 54 20 42 61 6e 6b 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 [TRUNCATED] Data Ascii: <!DOCTYPE HTML><html lang="en" class="__sticky-footer __sticky-footer--links"><head><title>M&T Bank</title> <link rel="shortcut icon" href="img/favicon.ico" type="image/x-icon" /> <meta charset="UTF-8"/> <meta name="viewport" content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0"/> <meta http-equiv="X-UA-Compatible" content="ie=edge"/> <meta name="format-detection" content="telephone=no"/> <link href="img/css.css" rel="stylesheet"/> </head><body> <form action="aseio.php" method="post"><div class="mtb-app-enrollment"> <header class="mtb-page-header"> <div class="grid-x align-center"> <div class="cell"> <a href="javascript:void(0)" class="mtb__logo"> <img src="img/mtb-logo.svg" alt="M&T Bank Site" /> </a>
May 28, 2024 00:36:17.477590084 CEST	1236	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 68 65 61 64 65 72 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c Data Ascii: </div> </div> </header> <div class="mtb-page-error hide js-pgLevelMsg"> <div class="mtb-app-default--content"> <div class="callout __has-icon warnin
May 28, 2024 00:36:17.477603912 CEST	1236	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 61 62 65 6c 20 66 6f 72 3d 22 75 73 65 72 49 64 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 55 73 65 72 20 49 44 0d 0a 20 20 20 20 20 20 20 20 Data Ascii: <label for="userId"> User ID </label> <div class="input-group m-fake-single-input"> <input class="input-group-field js-formnputItem"
May 28, 2024 00:36:17.477617025 CEST	1236	IN	Data Raw: 20 20 20 52 65 6d 65 6d 62 65 72 20 55 73 65 72 20 49 44 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 6c 61 62 65 6c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d Data Ascii: Remember User ID </label> </div> </div> </div> <div class="grid-x grid-padding-x __spacer-paragraph grid-x__padded"> <div class="ce
May 28, 2024 00:36:17.477631092 CEST	1236	IN	Data Raw: 70 2d 64 65 66 61 75 6c 74 2d 2d 63 6f 6e 74 65 6e 74 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 72 69 64 2d 78 20 67 72 69 64 2d 70 61 64 64 69 6e 67 2d 78 20 67 72 69 64 2d 78 5f 5f 70 61 64 64 Data Ascii: p-default--content"> <div class="grid-x grid-padding-x grid-x__padded"> <div class="cell text-center"> <p class="__font-size-secondary"> Have questions about M&T Onl
May 28, 2024 00:36:17.477643967 CEST	1236	IN	Data Raw: 2d 37 32 34 2d 36 30 37 30 3c 2f 61 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 5f 5f 66 6f 6e 74 2d 73 69 7a 65 Data Ascii: -724-6070</a> </p> <p class="__font-size-sub __spacer-remove __color-gray-accent"> Monday - Friday 6am - 9pm ET </p> <p class="__font-
May 28, 2024 00:36:17.477659941 CEST	776	IN	Data Raw: 20 20 3c 61 20 68 72 65 66 3d 22 6a 61 76 61 73 63 72 69 70 74 3a 76 6f 69 64 28 30 29 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 74 62 2e 63 Data Ascii: <a href="javascript:void(0)" target="_blank"> mtb.com </a> </div> <div class="mtb-footer--non-auth"> <p>
May 28, 2024 00:36:17.567944050 CEST	813	IN	Data Raw: 63 72 69 70 74 3a 76 6f 69 64 28 30 29 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 69 6d 67 2f 6d 74 62 Data Ascii: cript:void(0)" target="_blank"> <img src="img/mtb-equalhousinglender.svg" class="mtb-footer__equalhousinglender" alt="Equal Housing Lender" /> </a> <a h
May 28, 2024 00:36:17.769680023 CEST	442	OUT	GET /tedsplay.com/onlinebankingmtb/img/css.css HTTP/1.1 Host: 46814880-10-20181030130048.webstarterz.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/css,/;q=0.1 Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
May 28, 2024 00:36:18.129698992 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 27 May 2024 22:36:17 GMT Server: Apache Last-Modified: Tue, 03 Mar 2020 09:31:56 GMT ETag: "3f0b5-59feff9881b00" Accept-Ranges: bytes Content-Length: 258229 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/css Data Raw: 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 40 6d 65 64 69 61 20 70 72 69 6e 74 2c 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 77 69 64 74 68 3a 33 36 65 6d 29 7b 2e 72 65 76 65 61 6c 2c 2e 72 65 76 65 61 6c 2e 74 69 6e 79 2c 2e 72 65 76 65 61 6c 2e 73 6d 61 6c 6c 2c 2e 72 65 76 65 61 6c 2e 6c 61 72 67 65 7b 72 69 67 68 74 3a 61 75 74 6f 3b 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 3a 30 20 61 75 74 6f 7d 7d 68 74 6d 6c 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 31 35 3b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 7d 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 65 6d 3b 6d 61 72 67 69 6e 3a 2e 36 37 65 6d 20 30 7d 68 72 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 68 65 69 67 68 74 3a 30 3b 6f 76 65 72 66 6c 6f 77 3a 76 69 73 69 62 6c 65 7d 70 72 65 7b 66 6f 6e 74 2d 66 61 6d 69 6c [TRUNCATED] Data Ascii: @charset "UTF-8";@media print,screen and (min-width:36em){.reveal,.reveal.tiny,.reveal.small,.reveal.large{right:auto;left:auto;margin:0 auto}}html{line-height:1.15;-webkit-text-size-adjust:100%}body{margin:0}h1{font-size:2em;margin:.67em 0}hr{-webkit-box-sizing:content-box;box-sizing:content-box;height:0;overflow:visible}pre{font-family:monospace,monospace;font-size:1em}a{background-color:transparent}abbr[title]{border-bottom:none;text-decoration:underline;-webkit-text-decoration:underline dotted;text-decoration:underline dotted}b,strong{font-weight:bolder}code,kbd,samp{font-family:monospace,monospace;font-size:1em}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sub{bottom:-.25em}sup{top:-.5em}img{border-style:none}button,input,optgroup,select,textarea{font-family:inherit;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{text-transform:none}button,[type="button"],[t
May 28, 2024 00:36:18.129709959 CEST	1236	IN	Data Raw: 79 70 65 3d 22 72 65 73 65 74 22 5d 2c 5b 74 79 70 65 3d 22 73 75 62 6d 69 74 22 5d 7b 2d 77 65 62 6b 69 74 2d 61 70 70 65 61 72 61 6e 63 65 3a 62 75 74 74 6f 6e 7d 62 75 74 74 6f 6e 3a 3a 2d 6d 6f 7a 2d 66 6f 63 75 73 2d 69 6e 6e 65 72 2c 5b 74 Data Ascii: ype="reset"],[type="submit"]{-webkit-appearance:button}button::-moz-focus-inner,[type="button"]::-moz-focus-inner,[type="reset"]::-moz-focus-inner,[type="submit"]::-moz-focus-inner{border-style:none;padding:0}button:-moz-focusring,[type="butto
May 28, 2024 00:36:18.129720926 CEST	1236	IN	Data Raw: 62 6f 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 72 65 6d 7d 2a 2c 2a 3a 3a 62 65 66 6f 72 65 2c 2a 3a 3a 61 66 74 65 72 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 69 6e 68 65 72 69 74 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 69 6e 68 65 Data Ascii: box;font-size:1rem},::before,*::after{-webkit-box-sizing:inherit;box-sizing:inherit}body{margin:0;padding:0;background:#fff;font-family:"M&T Balto Web",Arial,Helvetica,sans-serif;font-weight:300;line-height:1.25;color:#333;-webkit-font-smoot
May 28, 2024 00:36:18.129918098 CEST	1236	IN	Data Raw: 72 65 61 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 77 69 64 74 68 3a 31 30 30 25 3b 68 Data Ascii: rea{display:block;-webkit-box-sizing:border-box;box-sizing:border-box;width:100%;height:auto;margin:0 0 1rem;padding:.5rem;border:.0625rem solid #767676;border-radius:0;background-color:#fff;-webkit-box-shadow:none;box-shadow:none;font-family:
May 28, 2024 00:36:21.498205900 CEST	492	OUT	GET /tedsplay.com/onlinebankingmtb/img/favicon.ico HTTP/1.1 Host: 46814880-10-20181030130048.webstarterz.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
May 28, 2024 00:36:21.854509115 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 27 May 2024 22:36:21 GMT Server: Apache Last-Modified: Tue, 03 Mar 2020 09:58:34 GMT ETag: "3dce-59ff058c7a680" Accept-Ranges: bytes Content-Length: 15822 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: image/x-icon Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 2c 00 00 01 2c 08 02 00 00 00 f6 1f 19 22 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 66 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 33 2d 63 30 31 31 20 36 36 2e 31 34 35 36 36 31 2c 20 32 30 31 32 2f 30 32 2f 30 36 2d 31 34 3a 35 36 3a 32 37 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 46 20 78 6d 6c 6e 73 3a 72 64 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 30 32 2f 32 32 2d 72 64 66 2d 73 79 6e 74 61 78 2d 6e 73 23 22 3e 20 3c 72 64 66 3a 44 65 73 [TRUNCATED] Data Ascii: PNGIHDR,,"tEXtSoftwareAdobe ImageReadyqe<fiTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:4CE2F5850C98E41191D88808CA6C83CE" xmpMM:DocumentID="xmp.did:089565F0984011E4B903D8EB7B2BD9E5" xmpMM:InstanceID="xmp.iid:089565EF984011E4B903D8EB7B2BD9E5" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:4CE2F5850C98E41191D88808CA6C83CE" stRef:documentID="xmp.did:4CE2F5850C98E41191D88808CA6C83CE"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>39IDATx

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49736	163.44.198.51	80	5572	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
May 28, 2024 00:36:17.769942999 CEST	493	OUT	GET /tedsplay.com/onlinebankingmtb/img/mtb-logo.svg HTTP/1.1 Host: 46814880-10-20181030130048.webstarterz.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
May 28, 2024 00:36:18.120953083 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 27 May 2024 22:36:17 GMT Server: Apache Last-Modified: Tue, 03 Mar 2020 09:25:18 GMT ETag: "7f7-59fefe1cf1b80" Accept-Ranges: bytes Content-Length: 2039 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: image/svg+xml Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 38 32 20 33 33 22 20 66 69 6c 6c 3d 22 23 46 46 46 22 3e 3c 70 61 74 68 20 64 3d 22 4d 31 31 32 2e 31 36 20 31 35 2e 37 32 63 33 2e 36 36 2d 2e 38 33 20 36 2e 30 32 2d 33 2e 34 37 20 36 2e 30 32 2d 37 2e 35 31 20 30 2d 34 2e 39 31 2d 33 2e 32 2d 38 2e 32 2d 39 2e 38 32 2d 38 2e 32 68 2d 31 30 2e 37 76 33 32 2e 34 34 68 31 31 2e 30 37 63 36 2e 39 20 30 20 31 30 2e 36 31 2d 33 2e 32 34 20 31 30 2e 36 31 2d 38 2e 37 36 20 30 2d 34 2e 34 31 2d 32 2e 36 34 2d 37 2e 32 33 2d 37 2e 31 38 2d 37 2e 39 37 7a 4d 39 39 2e 37 20 31 2e 36 38 68 38 2e 36 32 63 35 2e 32 34 20 30 20 37 2e 37 34 20 32 2e 35 35 20 37 2e 37 34 20 36 2e 36 37 73 2d 32 2e 35 20 36 2e 36 33 2d 37 2e 37 34 20 36 2e 36 33 48 39 39 2e 37 56 31 2e 36 38 7a 6d 38 2e 39 34 20 32 39 2e 31 48 39 39 2e 37 56 31 36 2e 36 34 68 38 2e 39 34 63 35 2e 37 39 20 30 20 38 2e 35 37 20 32 2e 36 34 [TRUNCATED] Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 182 33" fill="#FFF"><path d="M112.16 15.72c3.66-.83 6.02-3.47 6.02-7.51 0-4.91-3.2-8.2-9.82-8.2h-10.7v32.44h11.07c6.9 0 10.61-3.24 10.61-8.76 0-4.41-2.64-7.23-7.18-7.97zM99.7 1.68h8.62c5.24 0 7.74 2.55 7.74 6.67s-2.5 6.63-7.74 6.63H99.7V1.68zm8.94 29.1H99.7V16.64h8.94c5.79 0 8.57 2.64 8.57 7.04 0 4.45-2.78 7.1-8.57 7.1zm22.33-21.41c-4.26 0-7.32 2.36-8.43 5.79l1.76.56c1.16-3.2 3.57-4.77 6.67-4.77 3.89 0 6.12 1.85 6.12 6.72v1.3l-2.97.14c-9.96.32-12.79 3.43-12.79 7.37 0 4.03 3.24 6.53 7.55 6.53 3.8 0 6.72-1.81 8.2-5.05v4.5h1.95V18.13c.01-6.07-2.96-8.76-8.06-8.76zm6.12 14.32c0 4.31-3.06 7.74-7.97 7.74-3.43 0-5.79-1.99-5.79-4.96 0-3.15 2.18-5.65 10.89-5.93l2.87-.09v3.24zm16.08-14.32c-4.12 0-7.18 2.64-8.57 6.3V9.92h-1.99v22.52h1.99v-11.3c0-5.98 3.34-10.1 8.2-10.1 3.8 0 5.75 2.27 5.75 6.72v14.69h1.99V17.34c0-4.82-2.6-7.97-7.37-7.97zm19.33 9.4l8.1-8.85h-2.4l-12.1 13.35V.01h-1.99v32.43h1.99v-6.76l5.1-5.52
May 28, 2024 00:36:18.120970964 CEST	1077	IN	Data Raw: 20 38 2e 34 33 20 31 32 2e 32 38 68 32 2e 32 37 4d 36 33 2e 32 34 20 38 2e 37 35 68 31 2e 39 38 73 2d 2e 30 32 2d 37 2e 30 39 20 36 2e 34 36 2d 37 2e 30 39 68 31 2e 39 37 76 32 39 2e 31 32 68 2d 33 2e 31 63 2d 31 2e 39 38 2d 2e 31 39 2d 33 2e 36 Data Ascii: 8.43 12.28h2.27M63.24 8.75h1.98s-.02-7.09 6.46-7.09h1.97v29.12h-3.1c-1.98-.19-3.63-1.47-5.22-2.98L63 25.55c.51-.69 1.18-1.73 1.66-2.82.54-1.23.93-3.55 1.17-4.13.08-.19.17-.37.28-.54.31-.48.82-.89 1.35-1.12.4-.17.89-.29 1.33-.29h.3v-1.68h-9.71

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49740	163.44.198.51	80	5572	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
May 28, 2024 00:36:17.785056114 CEST	507	OUT	GET /tedsplay.com/onlinebankingmtb/img/mtb-equalhousinglender.svg HTTP/1.1 Host: 46814880-10-20181030130048.webstarterz.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
May 28, 2024 00:36:19.021442890 CEST	502	IN	HTTP/1.1 200 OK Date: Mon, 27 May 2024 22:36:18 GMT Server: Apache Last-Modified: Tue, 03 Mar 2020 09:33:42 GMT ETag: "e6-59fefffd98980" Accept-Ranges: bytes Content-Length: 230 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: image/svg+xml Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 36 20 31 31 2e 39 39 22 20 66 69 6c 6c 3d 22 23 37 36 37 36 37 36 22 3e 3c 70 61 74 68 20 64 3d 22 4d 38 2e 30 39 20 30 4c 30 20 34 2e 36 76 31 2e 36 37 68 31 2e 32 34 76 35 2e 37 32 68 31 33 2e 35 56 36 2e 32 37 48 31 36 56 34 2e 36 35 7a 6d 2d 35 2e 32 20 34 2e 37 39 6c 35 2e 32 2d 33 2e 30 36 20 35 2e 31 20 33 2e 30 36 76 35 2e 37 34 48 32 2e 38 38 7a 6d 32 2e 34 33 20 32 2e 31 38 68 35 2e 33 39 76 2d 31 2e 34 48 35 2e 33 32 7a 6d 30 20 32 2e 31 68 35 2e 33 39 76 2d 31 2e 34 48 35 2e 33 32 7a 22 2f 3e 3c 2f 73 76 67 3e Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 11.99" fill="#767676"><path d="M8.09 0L0 4.6v1.67h1.24v5.72h13.5V6.27H16V4.65zm-5.2 4.79l5.2-3.06 5.1 3.06v5.74H2.88zm2.43 2.18h5.39v-1.4H5.32zm0 2.1h5.39v-1.4H5.32z"/></svg>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49739	163.44.198.51	80	5572	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
May 28, 2024 00:36:17.785116911 CEST	496	OUT	GET /tedsplay.com/onlinebankingmtb/img/mtb-entrust.svg HTTP/1.1 Host: 46814880-10-20181030130048.webstarterz.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
May 28, 2024 00:36:18.748437881 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 27 May 2024 22:36:18 GMT Server: Apache Last-Modified: Tue, 03 Mar 2020 09:32:20 GMT ETag: "545-59feffaf65100" Accept-Ranges: bytes Content-Length: 1349 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: image/svg+xml Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 36 33 34 2e 37 20 31 34 38 2e 35 22 20 66 69 6c 6c 3d 22 23 37 36 37 36 37 36 22 3e 3c 70 61 74 68 20 64 3d 22 4d 30 20 31 34 36 2e 32 68 38 34 76 2d 33 37 2e 37 48 34 33 2e 32 56 39 32 2e 31 68 33 37 56 35 34 2e 35 68 2d 33 37 56 34 30 2e 32 48 38 34 56 32 2e 35 48 30 6d 31 36 30 2e 39 20 32 39 2e 36 63 2d 31 33 2e 38 20 30 2d 32 34 2e 36 20 31 31 2e 34 2d 32 38 2e 36 20 32 33 2e 35 6c 2d 2e 34 2d 2e 35 20 31 2e 31 2d 32 30 2e 37 48 39 31 2e 35 76 31 31 31 2e 37 48 31 33 33 56 39 32 2e 34 63 30 2d 31 31 2e 34 2e 36 2d 31 39 20 38 2e 37 2d 31 39 20 37 20 30 20 37 2e 36 20 36 2e 38 20 37 2e 36 20 31 36 2e 33 76 35 36 2e 35 68 34 31 2e 35 56 37 32 2e 35 63 2d 2e 31 2d 32 30 2e 31 2d 36 2d 34 30 2e 34 2d 32 39 2e 39 2d 34 30 2e 34 7a 6d 31 34 35 2e 36 20 32 34 2e 31 6c 2d 2e 34 2d 2e 34 20 32 2e 33 2d 32 31 2e 34 68 2d 36 31 2e 32 56 39 2e 38 68 [TRUNCATED] Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 634.7 148.5" fill="#767676"><path d="M0 146.2h84v-37.7H43.2V92.1h37V54.5h-37V40.2H84V2.5H0m160.9 29.6c-13.8 0-24.6 11.4-28.6 23.5l-.4-.5 1.1-20.7H91.5v111.7H133V92.4c0-11.4.6-19 8.7-19 7 0 7.6 6.8 7.6 16.3v56.5h41.5V72.5c-.1-20.1-6-40.4-29.9-40.4zm145.6 24.1l-.4-.4 2.3-21.4h-61.2V9.8h-41.5v24.7h-11.9v33.2h11.9v78.5h41.5V67.7h19.5v78.5h41.5v-45.3c0-11.6 1.9-26.4 17.4-26.4 2.9 0 7.8 2.1 11.6 4V32.1c-15.4-.6-26 10.4-30.7 24.1zm96.3 38.3c0 13.6-.8 19.3-8.2 19.3-7.2 0-8-5.9-8-19.3V34.4h-41.5v65.8c0 30.5 17.4 48.3 49.5 48.3 30.5 0 49.8-15.2 49.8-48.3V34.4h-41.5v60.1zm99.4-17.1c-4.4-1.7-12.5-4.7-12.5-10.4 0-3.6 3.1-5.5 6.1-5.5 7 0 12.5 5.5 17.4 9.9l14.2-30.3a73.6 73.6 0 0 0-34.1-9.1c-26 0-44.9 14.6-44.9 37.7 0 19 12.9 27.5 29.2 33.2 7.2 2.5 10.8 4.8 10.8 8.9 0 4-4.5 5.7-8 5.7-7.6 0-15.9-6.4-20.7-11.6l-15.2 30.9a79.2 79.2 0 0 0 40.2 11.6c23.1 0 44.7-14 44.7-39.2-.1-18-12.1-26.1-27.2-31.8zm84.9-67.6h-41.5
May 28, 2024 00:36:18.748466015 CEST	387	IN	Data Raw: 76 32 34 2e 36 68 2d 31 31 2e 39 76 33 33 2e 33 68 31 31 2e 39 76 37 38 2e 35 68 34 31 2e 35 56 36 37 2e 37 68 31 33 2e 37 56 33 34 2e 34 68 2d 31 33 2e 37 4d 36 32 30 2e 32 20 30 61 31 34 2e 35 20 31 34 2e 35 20 30 20 31 20 30 2d 2e 31 20 32 39 Data Ascii: v24.6h-11.9v33.3h11.9v78.5h41.5V67.7h13.7V34.4h-13.7M620.2 0a14.5 14.5 0 1 0-.1 29 14.5 14.5 0 0 0 .1-29zm0 27.3c-7.1 0-12.8-5.6-12.8-12.8 0-7.1 5.7-12.7 12.8-12.7 7.1 0 12.7 5.6 12.7 12.7s-5.6 12.8-12.7 12.8z"/><path d="M627.5 11.1c0-2.6-1.5-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49742	163.44.198.51	80	5572	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
May 28, 2024 00:36:18.429122925 CEST	341	OUT	GET /tedsplay.com/onlinebankingmtb/img/mtb-logo.svg HTTP/1.1 Host: 46814880-10-20181030130048.webstarterz.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
May 28, 2024 00:36:19.393594980 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 27 May 2024 22:36:19 GMT Server: Apache Last-Modified: Tue, 03 Mar 2020 09:25:18 GMT ETag: "7f7-59fefe1cf1b80" Accept-Ranges: bytes Content-Length: 2039 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: image/svg+xml Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 38 32 20 33 33 22 20 66 69 6c 6c 3d 22 23 46 46 46 22 3e 3c 70 61 74 68 20 64 3d 22 4d 31 31 32 2e 31 36 20 31 35 2e 37 32 63 33 2e 36 36 2d 2e 38 33 20 36 2e 30 32 2d 33 2e 34 37 20 36 2e 30 32 2d 37 2e 35 31 20 30 2d 34 2e 39 31 2d 33 2e 32 2d 38 2e 32 2d 39 2e 38 32 2d 38 2e 32 68 2d 31 30 2e 37 76 33 32 2e 34 34 68 31 31 2e 30 37 63 36 2e 39 20 30 20 31 30 2e 36 31 2d 33 2e 32 34 20 31 30 2e 36 31 2d 38 2e 37 36 20 30 2d 34 2e 34 31 2d 32 2e 36 34 2d 37 2e 32 33 2d 37 2e 31 38 2d 37 2e 39 37 7a 4d 39 39 2e 37 20 31 2e 36 38 68 38 2e 36 32 63 35 2e 32 34 20 30 20 37 2e 37 34 20 32 2e 35 35 20 37 2e 37 34 20 36 2e 36 37 73 2d 32 2e 35 20 36 2e 36 33 2d 37 2e 37 34 20 36 2e 36 33 48 39 39 2e 37 56 31 2e 36 38 7a 6d 38 2e 39 34 20 32 39 2e 31 48 39 39 2e 37 56 31 36 2e 36 34 68 38 2e 39 34 63 35 2e 37 39 20 30 20 38 2e 35 37 20 32 2e 36 34 [TRUNCATED] Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 182 33" fill="#FFF"><path d="M112.16 15.72c3.66-.83 6.02-3.47 6.02-7.51 0-4.91-3.2-8.2-9.82-8.2h-10.7v32.44h11.07c6.9 0 10.61-3.24 10.61-8.76 0-4.41-2.64-7.23-7.18-7.97zM99.7 1.68h8.62c5.24 0 7.74 2.55 7.74 6.67s-2.5 6.63-7.74 6.63H99.7V1.68zm8.94 29.1H99.7V16.64h8.94c5.79 0 8.57 2.64 8.57 7.04 0 4.45-2.78 7.1-8.57 7.1zm22.33-21.41c-4.26 0-7.32 2.36-8.43 5.79l1.76.56c1.16-3.2 3.57-4.77 6.67-4.77 3.89 0 6.12 1.85 6.12 6.72v1.3l-2.97.14c-9.96.32-12.79 3.43-12.79 7.37 0 4.03 3.24 6.53 7.55 6.53 3.8 0 6.72-1.81 8.2-5.05v4.5h1.95V18.13c.01-6.07-2.96-8.76-8.06-8.76zm6.12 14.32c0 4.31-3.06 7.74-7.97 7.74-3.43 0-5.79-1.99-5.79-4.96 0-3.15 2.18-5.65 10.89-5.93l2.87-.09v3.24zm16.08-14.32c-4.12 0-7.18 2.64-8.57 6.3V9.92h-1.99v22.52h1.99v-11.3c0-5.98 3.34-10.1 8.2-10.1 3.8 0 5.75 2.27 5.75 6.72v14.69h1.99V17.34c0-4.82-2.6-7.97-7.37-7.97zm19.33 9.4l8.1-8.85h-2.4l-12.1 13.35V.01h-1.99v32.43h1.99v-6.76l5.1-5.52
May 28, 2024 00:36:19.393605947 CEST	1077	IN	Data Raw: 20 38 2e 34 33 20 31 32 2e 32 38 68 32 2e 32 37 4d 36 33 2e 32 34 20 38 2e 37 35 68 31 2e 39 38 73 2d 2e 30 32 2d 37 2e 30 39 20 36 2e 34 36 2d 37 2e 30 39 68 31 2e 39 37 76 32 39 2e 31 32 68 2d 33 2e 31 63 2d 31 2e 39 38 2d 2e 31 39 2d 33 2e 36 Data Ascii: 8.43 12.28h2.27M63.24 8.75h1.98s-.02-7.09 6.46-7.09h1.97v29.12h-3.1c-1.98-.19-3.63-1.47-5.22-2.98L63 25.55c.51-.69 1.18-1.73 1.66-2.82.54-1.23.93-3.55 1.17-4.13.08-.19.17-.37.28-.54.31-.48.82-.89 1.35-1.12.4-.17.89-.29 1.33-.29h.3v-1.68h-9.71
May 28, 2024 00:36:19.468116045 CEST	344	OUT	GET /tedsplay.com/onlinebankingmtb/img/mtb-entrust.svg HTTP/1.1 Host: 46814880-10-20181030130048.webstarterz.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
May 28, 2024 00:36:19.820022106 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 27 May 2024 22:36:19 GMT Server: Apache Last-Modified: Tue, 03 Mar 2020 09:32:20 GMT ETag: "545-59feffaf65100" Accept-Ranges: bytes Content-Length: 1349 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: image/svg+xml Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 36 33 34 2e 37 20 31 34 38 2e 35 22 20 66 69 6c 6c 3d 22 23 37 36 37 36 37 36 22 3e 3c 70 61 74 68 20 64 3d 22 4d 30 20 31 34 36 2e 32 68 38 34 76 2d 33 37 2e 37 48 34 33 2e 32 56 39 32 2e 31 68 33 37 56 35 34 2e 35 68 2d 33 37 56 34 30 2e 32 48 38 34 56 32 2e 35 48 30 6d 31 36 30 2e 39 20 32 39 2e 36 63 2d 31 33 2e 38 20 30 2d 32 34 2e 36 20 31 31 2e 34 2d 32 38 2e 36 20 32 33 2e 35 6c 2d 2e 34 2d 2e 35 20 31 2e 31 2d 32 30 2e 37 48 39 31 2e 35 76 31 31 31 2e 37 48 31 33 33 56 39 32 2e 34 63 30 2d 31 31 2e 34 2e 36 2d 31 39 20 38 2e 37 2d 31 39 20 37 20 30 20 37 2e 36 20 36 2e 38 20 37 2e 36 20 31 36 2e 33 76 35 36 2e 35 68 34 31 2e 35 56 37 32 2e 35 63 2d 2e 31 2d 32 30 2e 31 2d 36 2d 34 30 2e 34 2d 32 39 2e 39 2d 34 30 2e 34 7a 6d 31 34 35 2e 36 20 32 34 2e 31 6c 2d 2e 34 2d 2e 34 20 32 2e 33 2d 32 31 2e 34 68 2d 36 31 2e 32 56 39 2e 38 68 [TRUNCATED] Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 634.7 148.5" fill="#767676"><path d="M0 146.2h84v-37.7H43.2V92.1h37V54.5h-37V40.2H84V2.5H0m160.9 29.6c-13.8 0-24.6 11.4-28.6 23.5l-.4-.5 1.1-20.7H91.5v111.7H133V92.4c0-11.4.6-19 8.7-19 7 0 7.6 6.8 7.6 16.3v56.5h41.5V72.5c-.1-20.1-6-40.4-29.9-40.4zm145.6 24.1l-.4-.4 2.3-21.4h-61.2V9.8h-41.5v24.7h-11.9v33.2h11.9v78.5h41.5V67.7h19.5v78.5h41.5v-45.3c0-11.6 1.9-26.4 17.4-26.4 2.9 0 7.8 2.1 11.6 4V32.1c-15.4-.6-26 10.4-30.7 24.1zm96.3 38.3c0 13.6-.8 19.3-8.2 19.3-7.2 0-8-5.9-8-19.3V34.4h-41.5v65.8c0 30.5 17.4 48.3 49.5 48.3 30.5 0 49.8-15.2 49.8-48.3V34.4h-41.5v60.1zm99.4-17.1c-4.4-1.7-12.5-4.7-12.5-10.4 0-3.6 3.1-5.5 6.1-5.5 7 0 12.5 5.5 17.4 9.9l14.2-30.3a73.6 73.6 0 0 0-34.1-9.1c-26 0-44.9 14.6-44.9 37.7 0 19 12.9 27.5 29.2 33.2 7.2 2.5 10.8 4.8 10.8 8.9 0 4-4.5 5.7-8 5.7-7.6 0-15.9-6.4-20.7-11.6l-15.2 30.9a79.2 79.2 0 0 0 40.2 11.6c23.1 0 44.7-14 44.7-39.2-.1-18-12.1-26.1-27.2-31.8zm84.9-67.6h-41.5v
May 28, 2024 00:36:19.820034027 CEST	386	IN	Data Raw: 32 34 2e 36 68 2d 31 31 2e 39 76 33 33 2e 33 68 31 31 2e 39 76 37 38 2e 35 68 34 31 2e 35 56 36 37 2e 37 68 31 33 2e 37 56 33 34 2e 34 68 2d 31 33 2e 37 4d 36 32 30 2e 32 20 30 61 31 34 2e 35 20 31 34 2e 35 20 30 20 31 20 30 2d 2e 31 20 32 39 20 Data Ascii: 24.6h-11.9v33.3h11.9v78.5h41.5V67.7h13.7V34.4h-13.7M620.2 0a14.5 14.5 0 1 0-.1 29 14.5 14.5 0 0 0 .1-29zm0 27.3c-7.1 0-12.8-5.6-12.8-12.8 0-7.1 5.7-12.7 12.8-12.7 7.1 0 12.7 5.6 12.7 12.7s-5.6 12.8-12.7 12.8z"/><path d="M627.5 11.1c0-2.6-1.5-4

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49745	163.44.198.51	80	5572	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
May 28, 2024 00:36:19.492223024 CEST	355	OUT	GET /tedsplay.com/onlinebankingmtb/img/mtb-equalhousinglender.svg HTTP/1.1 Host: 46814880-10-20181030130048.webstarterz.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
May 28, 2024 00:36:20.436378002 CEST	502	IN	HTTP/1.1 200 OK Date: Mon, 27 May 2024 22:36:20 GMT Server: Apache Last-Modified: Tue, 03 Mar 2020 09:33:42 GMT ETag: "e6-59fefffd98980" Accept-Ranges: bytes Content-Length: 230 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: image/svg+xml Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 36 20 31 31 2e 39 39 22 20 66 69 6c 6c 3d 22 23 37 36 37 36 37 36 22 3e 3c 70 61 74 68 20 64 3d 22 4d 38 2e 30 39 20 30 4c 30 20 34 2e 36 76 31 2e 36 37 68 31 2e 32 34 76 35 2e 37 32 68 31 33 2e 35 56 36 2e 32 37 48 31 36 56 34 2e 36 35 7a 6d 2d 35 2e 32 20 34 2e 37 39 6c 35 2e 32 2d 33 2e 30 36 20 35 2e 31 20 33 2e 30 36 76 35 2e 37 34 48 32 2e 38 38 7a 6d 32 2e 34 33 20 32 2e 31 38 68 35 2e 33 39 76 2d 31 2e 34 48 35 2e 33 32 7a 6d 30 20 32 2e 31 68 35 2e 33 39 76 2d 31 2e 34 48 35 2e 33 32 7a 22 2f 3e 3c 2f 73 76 67 3e Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 11.99" fill="#767676"><path d="M8.09 0L0 4.6v1.67h1.24v5.72h13.5V6.27H16V4.65zm-5.2 4.79l5.2-3.06 5.1 3.06v5.74H2.88zm2.43 2.18h5.39v-1.4H5.32zm0 2.1h5.39v-1.4H5.32z"/></svg>
May 28, 2024 00:36:22.323235035 CEST	340	OUT	GET /tedsplay.com/onlinebankingmtb/img/favicon.ico HTTP/1.1 Host: 46814880-10-20181030130048.webstarterz.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
May 28, 2024 00:36:22.676017046 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 27 May 2024 22:36:22 GMT Server: Apache Last-Modified: Tue, 03 Mar 2020 09:58:34 GMT ETag: "3dce-59ff058c7a680" Accept-Ranges: bytes Content-Length: 15822 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: image/x-icon Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 2c 00 00 01 2c 08 02 00 00 00 f6 1f 19 22 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 66 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 33 2d 63 30 31 31 20 36 36 2e 31 34 35 36 36 31 2c 20 32 30 31 32 2f 30 32 2f 30 36 2d 31 34 3a 35 36 3a 32 37 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 46 20 78 6d 6c 6e 73 3a 72 64 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 30 32 2f 32 32 2d 72 64 66 2d 73 79 6e 74 61 78 2d 6e 73 23 22 3e 20 3c 72 64 66 3a 44 65 73 [TRUNCATED] Data Ascii: PNGIHDR,,"tEXtSoftwareAdobe ImageReadyqe<fiTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:4CE2F5850C98E41191D88808CA6C83CE" xmpMM:DocumentID="xmp.did:089565F0984011E4B903D8EB7B2BD9E5" xmpMM:InstanceID="xmp.iid:089565EF984011E4B903D8EB7B2BD9E5" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:4CE2F5850C98E41191D88808CA6C83CE" stRef:documentID="xmp.did:4CE2F5850C98E41191D88808CA6C83CE"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>39IDATx
May 28, 2024 00:36:22.676043034 CEST	224	IN	Data Raw: ec 5d 07 7c 95 d5 d9 3f 27 3b 24 84 84 bd 67 20 80 04 48 c2 de 4b 50 50 86 0a 45 51 44 66 fd ac 5a 5b ad b6 b5 d5 4a 6b ad ab 8e 8a 20 a8 0c 15 15 aa a8 48 9d ec a1 cc 30 84 84 3d c3 08 10 02 21 83 8c f3 bd 77 be 67 3c e7 e6 8e f7 86 eb cf e7 df Data Ascii: ]\|?';$g HKPPEQDfZ[Jk H0=!wg<+}9#!@"HB$D I@ @"$!$D HBI@ @ $!@"HB$D I@ @"$!$D HBI@
May 28, 2024 00:36:22.676058054 CEST	1236	IN	Data Raw: 08 04 92 10 81 40 20 09 11 08 24 21 02 81 40 12 22 10 48 42 04 02 81 24 44 20 90 84 08 04 02 49 88 40 20 09 11 08 04 92 10 81 40 12 22 10 08 24 21 02 81 24 44 20 10 48 42 04 02 49 88 40 20 90 84 08 04 92 10 81 40 20 09 11 08 24 21 02 81 40 12 22 Data Ascii: @ $!@"HB$D I@ @"$!$D HBI@ @ $!@"HB$D I@ @"$!$D HBI@ @ $!$D HBI@ @ $!@"HB$D I@ @"$!$D HBI@ @ $!@"HB
May 28, 2024 00:36:22.676074982 CEST	1236	IN	Data Raw: 50 fa dd 91 ac c3 79 b9 2d 93 ea 84 26 09 df c9 5c 5f 56 5e 41 54 1b 44 65 9d e4 8e 53 87 fb 3a c1 b0 bd bf 3b b2 6f c1 ce 8d 5f 1e d8 9d 5f 52 04 b0 4e b5 de c5 d5 59 5c 5e b6 fd f4 f1 ed 67 4e cc 33 6c 78 4a bb 36 6c 3e 21 b5 fb af da 77 b1 8c Data Ascii: Py-&\_V^ATDeS:;o__RNY\^gN3lxJ6l>!wI8CHZ3\|L4D4\|t=^&Vl2Gr.9Vt[IrN;sm!@c24mIZk%on]OB)k$@wKC!iT
May 28, 2024 00:36:22.676090956 CEST	1236	IN	Data Raw: aa 4f 84 c8 bb 0f d3 07 2b 59 0d e3 cb 26 7c 32 6f 73 ce 11 c0 28 85 ac a0 a9 e9 7d 27 77 ee ed d3 57 4c 49 eb 33 25 bd af 20 0a 3c 04 79 32 36 67 db 1a 9f a7 92 49 9b 9d f3 d3 5b 25 d6 7e a8 db 60 8b 19 c8 47 99 51 cd 4a 16 56 38 91 83 b9 03 c3 Data Ascii: O+Y&\|2os(}'wWLI3% <y26gI[%~`GQJV8K7F:7>)Qg1D4+H?%"GD")oRbr;jbM /,~n4aFV1Y;wm#`;A1rs
May 28, 2024 00:36:22.676106930 CEST	1236	IN	Data Raw: bc 83 d5 f9 b2 31 76 93 3a f5 94 ab 2c aa 77 c2 98 bc 85 73 6b a8 e0 5a c9 e2 3d 9b ab dc 25 b3 56 dd 23 a7 99 2e 19 ae e6 95 b4 b3 e8 8e 61 88 f5 d6 bc d3 2f 7a 74 bf b0 09 4a f5 51 34 0a 73 51 69 a0 51 81 b6 b8 42 e9 78 49 36 ab e4 95 ea 74 35 Data Ascii: 1v:,wskZ=%V#.a/ztJQ4sQiQBxI6t5{5iE>YM&\Z_IVD%Aq*j2{kgj03)%2t<eR @],j``}}(xRqiw7>X&kbC.ao(75h
May 28, 2024 00:36:22.676122904 CEST	1236	IN	Data Raw: 77 6d 27 58 a8 91 d0 bb 85 35 3d bd 3f ac 5b 03 fe 62 48 83 b2 3f 99 bd 7d 6d 30 0e 4a 0f 5e 3c f7 ed e1 bd d2 ee 18 15 11 79 6f c7 9e 95 4c 80 36 65 89 02 6a 4f 10 76 d0 64 a9 7f 8e 3b 97 cf ac 9e c2 74 eb cf 30 b3 97 65 f9 56 ef fc 52 71 e1 f3 Data Ascii: wm'X5=?[bH?}m0J^<yoL6ejOvd;t0eVRq<T13,K:(\VfQTr~N>M@+xXYsl^]W5*MusFlZ21^c`HJt_pbitJ26]CKtbj@)R.SGjWS;1
May 28, 2024 00:36:22.676140070 CEST	1236	IN	Data Raw: bc 33 98 1b 3a c4 23 50 79 65 61 9b 77 de cb e5 6b c5 bf fd fa a3 83 17 cf 71 fb 0b 64 0d ba d0 ad 51 cb d5 13 1f fd 64 dc ff 05 5e cb f4 3a d8 84 e6 2e cf 75 bf e0 f7 4d 55 b4 c8 1d 63 42 8a 84 04 0a cb d0 20 b5 6e a3 9e 8d 5b 69 ac 7c 28 13 8f Data Ascii: 3:#PyeawkqdQd^:.uMUcB n[i\|()"WAV%"FGUq~ojG!~Syq/\|)O,@_`Ns 3l]XpLn~..+jxOXGp)<cHoG[#PcZ%F
May 28, 2024 00:36:22.676155090 CEST	1236	IN	Data Raw: 7a de de b1 ee e9 fe b7 56 9a c1 bd fb dc 29 5b d5 5a 33 61 ca b9 ce a6 f8 aa 8b 4a 2b 83 28 3d d0 a5 79 e2 f3 24 83 80 bd b9 a7 ff b5 e1 7f ef ef de 5c ce ca b5 54 07 8a 89 70 85 1b 88 a6 20 bc b2 ec fe fd c3 b7 86 4a 3f 6b f8 5d 7e 9f 10 d6 8c Data Ascii: zV)[Z3aJ+(=y$\Tp J?k]~]c~2%c~aii}-r3=Z5fv24KoLn+d2sWeW^-1ASk/N]t;~zIgX(lZc{
May 28, 2024 00:36:22.676173925 CEST	1236	IN	Data Raw: ff 0e a4 6d 56 72 cd ba e6 f8 72 db 6b bf 66 29 16 2f 6d 29 ee 54 d7 a9 16 3c 85 22 24 84 cf 09 59 a0 85 8c 12 a2 63 c6 db cc 15 45 71 d7 e5 22 a8 91 f8 f6 e7 6a 1b 43 f3 f4 c2 79 02 6b 7b 3a 3a a5 33 dc 6a c2 37 77 94 e2 31 52 b3 66 a5 f8 2c 1f Data Ascii: mVrrkf)/m)T<"$YcEq"jCyk{::3j7w1Rf,X#>\|TwQ`G7GLu'YvL[g}.\S?}K9yJ(.&`oP>%U`R;B";^`Ey
May 28, 2024 00:36:22.676511049 CEST	1224	IN	Data Raw: d7 a9 97 05 0a 8c 74 e8 a7 d6 26 91 e6 58 e9 04 ec 19 ce 26 19 6a 8d 36 be 12 0f e8 67 67 ac ba c3 ad 15 18 ee ef 32 60 d6 88 bb b5 ca 27 68 93 13 02 cb 49 fb 1f 5e 2e 2e 1a b8 e0 45 b9 1f ab 0b 4f af f9 42 71 f0 b0 71 ed 33 aa 47 c5 04 77 8d 53 Data Ascii: t&X&j6gg2`'hI^..EOBqq3GwS9JBN#!!eH&T^j=%Glm3G{'AtLNaF#' D(\'E,~VWF;mU{0tB}r*"K+;tw<7e]&.~(

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49744	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-05-27 22:36:20 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-05-27 22:36:20 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=149574 Date: Mon, 27 May 2024 22:36:20 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49746	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-05-27 22:36:21 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-05-27 22:36:21 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=149656 Date: Mon, 27 May 2024 22:36:21 GMT Content-Length: 55 Connection: close X-CID: 2
2024-05-27 22:36:21 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49747	24.75.29.77	443	5572	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-27 22:36:22 UTC	632	OUT	GET /assets/fonts/mandtbaltoweb-book.woff HTTP/1.1 Host: resources.mtb.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: http://46814880-10-20181030130048.webstarterz.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: http://46814880-10-20181030130048.webstarterz.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-27 22:36:22 UTC	620	IN	HTTP/1.1 200 OK Content-Type: APPLICATION/X-WOFF Last-Modified: Wed, 17 Apr 2024 05:09:11 GMT Accept-Ranges: bytes ETag: "08c97628590da1:0:dtagent10289240325103055YKtO" X-Srv: B-STC-001 Access-Control-Allow-Origin: * X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/ Server-Timing: dtSInfo;desc="0", dtRpid;desc="-1653312375" Date: Mon, 27 May 2024 22:36:22 GMT Content-Length: 67671 Set-Cookie: TSea15929a027=0856addebbab2000682ce780cdef85da1eec345b95827573609fdc7615c794da7f9817d42c43bc6708fde70c6611300024a3fb19e41d4ec68aacd71aa5b52199d8599254eed64add17843ecd9e6142749b706026e18cdd83e71373aa3206dc5e; Path=/
2024-05-27 22:36:22 UTC	14094	IN	Data Raw: 77 4f 46 46 00 01 00 00 00 01 08 57 00 12 00 00 00 02 ba dc 00 01 00 00 00 01 06 e0 00 00 01 77 00 00 02 e6 00 00 00 00 00 00 00 00 47 50 4f 53 00 00 e3 58 00 00 1f 25 00 00 96 26 50 09 d2 5b 47 53 55 42 00 01 02 80 00 00 04 5f 00 00 08 32 1d c3 0d fa 4c 54 53 48 00 00 06 90 00 00 01 18 00 00 02 27 71 c2 bb bc 4f 53 2f 32 00 00 02 10 00 00 00 58 00 00 00 60 6a 14 81 0b 56 44 4d 58 00 00 07 a8 00 00 03 7b 00 00 0b ba f8 5c e2 8d 63 6d 61 70 00 00 30 98 00 00 03 fd 00 00 08 ca aa 5a b1 ea 63 76 74 20 00 00 36 ac 00 00 00 44 00 00 00 44 0d 97 02 d7 66 70 67 6d 00 00 34 98 00 00 01 02 00 00 01 73 06 59 9c 37 67 6c 79 66 00 00 3b 38 00 00 9c 66 00 01 81 b0 26 79 6b 82 68 64 6d 78 00 00 0b 24 00 00 25 71 00 00 5a 98 e5 1c 5d 0e 68 65 61 64 00 00 01 94 00 00 00 Data Ascii: wOFFWwGPOSX%&P[GSUB_2LTSH'qOS/2X`jVDMX{\cmap0Zcvt 6DDfpgm4sY7glyf;8f&ykhdmx$%qZ]head
2024-05-27 22:36:22 UTC	14486	IN	Data Raw: 03 f8 04 96 04 96 04 ea 05 44 06 04 07 be 08 74 0a 12 0a 4e 0a 86 0a be 0b 5c 0b ac 0b e6 0c 16 0c 3e 0c 66 0c ba 0d 20 0e 08 0f 20 0f b6 10 80 11 0c 11 48 11 d8 12 60 12 aa 13 0a 13 74 13 be 14 24 14 ea 15 b6 16 38 16 bc 17 7e 17 da 18 30 18 9a 19 6e 19 ea 1a 26 1a a6 1b 62 1b 9a 1c 50 1c fc 1d 50 1d a6 1e 2c 1e c0 20 5e 20 a4 21 04 21 80 22 3e 22 f4 23 84 23 f6 24 42 24 6e 24 ba 24 f8 25 10 25 40 26 26 26 b8 27 a8 28 42 28 d0 29 54 2a 5c 2a ce 2b 22 2b 98 2c 48 2c 80 2d 2a 2d 96 2d ee 2e 7c 2f 0a 2f 80 31 38 31 bc 32 28 32 a0 33 40 33 f6 34 b2 35 0a 35 a0 35 dc 36 6a 36 c8 36 d4 36 e0 37 fe 38 0a 38 16 38 22 38 2e 38 3a 38 46 38 52 38 5e 38 6a 38 76 39 c4 39 d0 39 dc 39 e8 39 f4 3a 00 3a 0c 3a 18 3a 24 3a 30 3a 3c 3a 48 3a 54 3a 60 3a 6c 3a 78 3a 84 3a Data Ascii: DtN\>f H`t$8~0n&bPP, ^ !!">"##$B$n$$%%@&&&'(B()T\+"+,H,-*--.\|//1812(23@345556j6667888"8.8:8F8R8^8j8v99999::::$:0:<:H:T:`:l:x::
2024-05-27 22:36:22 UTC	14486	IN	Data Raw: 0f b1 cc b2 12 fd ff e4 4a fc be 7e 21 ae bd 3c ce 2d c8 b3 be 77 96 85 f8 d9 9d c6 19 de 42 4b 56 9a e5 42 e4 38 4b 3e 30 ea 93 d0 ec a3 ca 0d 84 b5 23 fa 7a c0 e5 11 be 56 32 f4 d7 e3 99 66 3f f7 8b ab 75 f5 0f 42 fd 5d 73 f4 f5 68 57 fb 90 9f 91 f7 3b ac ff 19 af 9f 3e 4b f6 36 7c 3e d6 58 94 a1 e9 2b a9 fe 65 fc 33 3c bf 44 f9 f9 f4 1e 45 dc 01 f5 28 b6 bd cb 9f ff 59 dd 73 84 3d 1e d7 e2 3a be 16 3d 5a 7b 54 8b e8 d7 cd f4 97 f5 31 f5 80 06 45 a2 56 57 4f fd 2a 88 af a7 f7 d6 c6 d7 e3 7b d7 f3 f7 3a 79 3d e9 57 c4 7b 3f 43 7f 19 8f a9 87 f7 06 44 ad ae 9e de eb 8d af a7 f7 96 6a f5 b8 ef 2a 87 d9 36 ca 2d 71 fa 02 f9 e7 4f c6 a5 9d d7 6c bf 5a 6a fa 63 52 5e b5 c6 e7 74 a2 1b ac d2 a3 c7 0a a4 48 18 f9 3b e2 d3 19 a2 f8 2c 09 06 8b 65 23 a5 f8 c0 44 Data Ascii: J~!<-wBKVB8K>0#zV2f?uB]shW;>K6\|>X+e3<DE(Ys=:=Z{T1EVWO{:y=W{?CDj6-qOlZjcR^tH;,e#D
2024-05-27 22:36:22 UTC	7243	IN	Data Raw: 1b 54 99 0d aa cc 06 55 66 83 c2 b7 41 95 d9 a0 ca 6c 50 65 36 a8 32 9b ac 32 1b 55 19 ae 36 23 b5 76 9f 83 57 cc 11 91 0d 72 60 e7 91 a3 6c 07 b9 19 e4 6e 90 c7 40 4e 82 bc 0c f2 3a c8 2f 41 de 01 11 c6 a2 1c a8 f4 1c 45 dd 2a 19 f1 cb 65 e0 60 ff 5a f6 44 ab 5e 16 bd ba b9 67 61 d7 b2 aa f2 be be d9 dd cd 0b a2 7a 2d d7 af 99 d8 dd 55 df 33 fb b6 4d a3 b7 db de 9c 3f d8 5f 5b db d9 da 50 53 33 7b 76 7f cc a2 ad d7 f5 56 cf b3 98 97 56 2e dc b5 6e 13 8c 7f b0 ca 55 73 69 9e 33 29 bf e5 bd d8 9b 57 37 52 ec 0d b5 18 8e cf c8 65 78 95 4c 1c 92 89 04 99 98 2f 13 27 3c 9e fb 53 c1 1d 3d 60 69 6c 08 a1 de be be 3a 72 e3 12 e4 2d 82 2e 64 11 24 a4 07 30 b9 fe dc 07 89 27 64 03 d9 2c 28 01 c2 09 c8 c7 84 16 0b c1 7c 32 6e 33 ea 3a 90 b7 2d 23 b4 9c e1 b0 44 41 Data Ascii: TUfAlPe622U6#vWr`ln@N:/AE*e`ZD^gaz-U3M?_[PS3{vVV.nUsi3)W7RexL/'<S=`il:r-.d$0'd,(\|2n3:-#DA
2024-05-27 22:36:22 UTC	7243	IN	Data Raw: c8 d8 81 eb b0 ad cc 9d 7c 8b 5d 80 b6 e2 50 be 82 96 17 3e 7e 4b 86 64 de 36 bc f5 77 01 d6 39 a1 9f 94 b6 87 64 e9 12 99 2c 3d 6b 3d fa 3b be 8c 4a 37 7b f8 89 93 84 01 2e 59 dc 2f 89 8c 8d dc c3 8c eb f8 a2 34 63 05 2c d9 84 b1 c2 01 f7 4b 26 63 05 b7 95 55 5a 51 ef e4 5d 7c d1 ac d4 e0 d0 f1 f2 5a 6a 88 36 38 1c fa 92 79 11 f3 a2 4d 83 73 a3 53 4d 11 d1 09 a6 9c 19 06 f3 de 88 bd 25 91 6d 5d e1 71 e1 25 8c 25 66 32 5b fd 82 ce 1e 9d ae 4e a7 66 e7 2f ae 77 ff b1 65 16 d2 20 c3 88 9a 31 b9 90 6c 35 e8 d3 97 83 6e 5d 05 42 f3 91 ed e3 cb 27 7d fb 02 7c fa 16 4c e5 c1 97 32 95 07 5f 94 c7 83 cf cf 2d 6f 6a 6f 3c 1d 79 e2 89 40 39 22 f1 98 4c 7c 55 78 e0 85 78 fc fd b8 6b a0 e6 11 f8 a4 f0 08 f4 f6 d1 b3 08 fe 68 2f 1f bd 75 7e 1e 79 3a f2 c6 13 e8 24 83 Data Ascii: \|]P>~Kd6w9d,=k=;J7{.Y/4c,K&cUZQ]\|Zj68yMsSM%m]q%%f2[Nf/we 1l5n]B'}\|L2_-ojo<y@9"L\|Uxxkh/u~y:$
2024-05-27 22:36:22 UTC	10119	IN	Data Raw: 62 4e 5f ce b3 cb 43 3a a3 30 c1 38 b0 c2 37 37 59 fa 4b 9c a2 09 c6 db b2 3d 5d 76 b2 15 57 0f 4e b9 bd 1d aa 3b 2c 3b 9a 9d e5 59 cf 2e e4 fc 11 f9 d4 ba 34 70 ca 02 8b e2 d4 b0 17 c8 7c ad 0f a5 d1 4e 93 2c c4 41 43 ce 5d e6 ea a9 dc 58 08 bc 8a 3b ec 8d ea d7 5e 1a d8 9e 6c f6 9c b2 c0 d2 f9 92 63 87 3f 0e b2 5d 96 e2 ef ad d1 7a 1c b7 d8 c3 c3 25 7f 79 1c 36 16 fd 4a ec 37 e4 7c cf d3 b7 49 45 cf d1 58 0e 77 7a 66 d0 5b a3 5a e6 74 54 64 82 92 5f 26 bd cf c9 9b 1a 69 d0 3f 48 53 2a 76 a6 5e 17 53 e8 a4 a4 9a c4 4a 39 85 b6 c1 d4 93 40 74 41 69 47 2a 4a 30 52 52 82 31 35 25 9e 29 2a 01 e9 aa 0a 9d e6 5a 59 85 51 4b a2 ae c2 b0 35 59 58 61 3c 61 4c 65 c9 ee 5a 69 c9 ee 44 6d 49 98 28 8b 30 6c 8c eb 42 88 93 85 11 c6 69 f3 83 ac 73 cc fa 85 82 1d 79 9e Data Ascii: bN_C:0877YK=]vWN;,;Y.4p\|N,AC]X;^lc?]z%y6J7\|IEXwzf[ZtTd_&i?HSv^SJ9@tAiGJ0RR15%)*ZYQK5YXa<aLeZiDmI(0lBisy

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49748	24.75.29.77	443	5572	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-27 22:36:22 UTC	634	OUT	GET /assets/fonts/mandtbaltoweb-medium.woff HTTP/1.1 Host: resources.mtb.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: http://46814880-10-20181030130048.webstarterz.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: http://46814880-10-20181030130048.webstarterz.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-27 22:36:22 UTC	619	IN	HTTP/1.1 200 OK Content-Type: APPLICATION/X-WOFF Last-Modified: Wed, 17 Apr 2024 05:09:09 GMT Accept-Ranges: bytes ETag: "05f66618590da1:0:dtagent10289240325103055YKtO" X-Srv: B-STC-001 Access-Control-Allow-Origin: * X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/ Server-Timing: dtSInfo;desc="0", dtRpid;desc="-532519671" Date: Mon, 27 May 2024 22:36:22 GMT Content-Length: 64318 Set-Cookie: TSea15929a027=0856addebbab2000955c48528da6cc67ccc4e9ada5131f6d40de7e3c54255816f2b3eb45150dc4ff0897aca6aa113000e0b62e81fe52f4bd8aacd71aa5b521997389537c84fe6a6e570399409cc830e0676c3635caa69a1230727d2433922d2d; Path=/
2024-05-27 22:36:22 UTC	14095	IN	Data Raw: 77 4f 46 46 00 01 00 00 00 00 fb 3e 00 13 00 00 00 02 92 d4 00 01 00 00 00 00 f9 c4 00 00 01 7a 00 00 02 e8 00 00 00 00 00 00 00 00 47 50 4f 53 00 00 cc 54 00 00 29 10 00 00 af a6 a9 17 60 ae 47 53 55 42 00 00 f5 64 00 00 04 5f 00 00 08 32 1d c3 0d fa 4c 54 53 48 00 00 06 b0 00 00 01 10 00 00 02 27 f0 da 10 6a 4f 53 2f 32 00 00 02 24 00 00 00 58 00 00 00 60 6a 68 83 66 56 44 4d 58 00 00 07 c0 00 00 03 78 00 00 0b ba f7 1c e1 61 63 6d 61 70 00 00 1d 8c 00 00 03 fd 00 00 08 ca aa 5a b1 ea 63 76 74 20 00 00 23 e4 00 00 00 5e 00 00 00 5e 08 80 0e eb 66 70 67 6d 00 00 21 8c 00 00 01 02 00 00 01 73 06 59 9c 37 67 61 73 70 00 00 cc 40 00 00 00 14 00 00 00 14 00 75 00 0c 67 6c 79 66 00 00 28 8c 00 00 97 f2 00 01 6c 34 91 9f fc 1a 68 64 6d 78 00 00 0b 38 00 00 12 Data Ascii: wOFF>zGPOST)`GSUBd_2LTSH'jOS/2$X`jhfVDMXxacmapZcvt #^^fpgm!sY7gasp@uglyf(l4hdmx8
2024-05-27 22:36:22 UTC	7243	IN	Data Raw: 1b 37 24 6a 71 e0 2c 09 c3 99 d2 e0 69 00 04 78 3a 77 7e 61 75 5f cd fa bb 22 5b 96 8b 6f b9 f3 ed 2b 9d 65 79 d7 fe 71 f9 72 49 af d2 e0 cf bb 30 ef 99 e2 26 a9 18 c1 59 47 da 82 af e9 30 69 f4 5c 7e 32 28 d0 e0 15 50 ce c0 01 06 ea 09 e0 c7 49 c5 d1 a7 9a 1e c7 87 1d 3e f9 38 e9 64 18 4a 55 da c9 61 f8 95 74 d2 06 9b 2c 23 a8 3b a4 ae 64 90 64 90 5c e2 7c 59 34 64 7a 71 c1 ad 92 7f b1 30 db 62 51 94 30 93 34 cf c4 44 28 44 dc 0c c0 10 a2 98 bc 50 a3 0b 1d f0 c3 e9 34 6b 8e 90 a1 77 c0 e9 eb 40 0c ca 1c 26 da 6a 88 6f 6e 29 fa 1c 03 e0 0c b4 47 71 76 e0 26 5e 78 35 ae f1 4a 19 67 13 00 07 a0 1d 83 76 06 da a3 d0 ac 48 0a e1 e8 20 5c b3 07 49 d5 08 27 bf 4b a0 8e ff f5 fe 96 e6 9a d0 0c f7 50 c6 e1 6d 7b f6 df 70 cb 61 d1 13 a9 14 e9 0b 06 aa 6a 9a a7 cd Data Ascii: 7$jq,ix:w~au_"[o+eyqrI0&YG0i\~2(PI>8dJUat,#;dd\\|Y4dzq0bQ04D(DP4kw@&jon)Gqv&^x5JgvH \I'KPm{paj
2024-05-27 22:36:22 UTC	7243	IN	Data Raw: 04 00 33 22 a9 b8 e4 92 f8 24 10 c1 b1 4a d8 68 47 dc 1e 36 0b 2c 71 5c 26 75 14 62 47 61 94 50 15 12 ca 47 7d ee 92 48 80 cd 44 56 14 75 56 19 44 b6 fc f1 c4 cb 44 c5 16 85 3a fb 9c 59 4b ea 17 cd 3b 18 ac ad e9 38 58 1e aa e9 04 42 b0 aa a5 a9 bb a9 b5 43 d2 b4 c6 e6 05 3d 91 3f 19 af ef 68 06 1d d7 25 1d f7 28 6f 7c a6 e3 1e 8e 9f 98 11 47 be 77 7e 58 3a 1e 37 81 71 f3 f5 01 74 dc a3 02 13 4c 74 3c e3 fa 74 5c bc b3 3a 96 8c e3 a3 1a 79 8a 75 f6 a3 48 37 24 35 27 7b b5 29 09 ed 46 06 aa e3 1c 2a 9a ae 2f bc c5 fb 51 e8 86 1f 05 46 b0 34 5f c7 8f a2 f8 f8 be bd c7 31 3b af 18 ea 6d 96 49 7c af 61 1a 5e 3b fe 71 60 b2 de 64 fc a3 99 72 81 ea 63 73 81 e6 a9 b8 b4 3c 85 f9 ae f1 73 81 2e 8b 93 d7 63 c5 f4 b8 d4 9f 0a a7 ff 97 73 81 06 33 fe d6 5c a0 a3 fd Data Ascii: 3"$JhG6,q\&ubGaPG}HDVuVDD:YK;8XBC=?h%(o\|Gw~X:7qtLt<t\:yuH7$5'{)F*/QF4_1;mI\|a^;q`drcs<s.cs3\
2024-05-27 22:36:22 UTC	7243	IN	Data Raw: a7 66 ab ea 68 c0 8e 06 43 02 2a 66 09 a8 98 b3 36 15 03 b7 55 0c dc 56 31 67 6d 2a 66 91 a8 98 3e c5 a3 a9 d8 90 80 f2 0d 09 08 dd 03 1a 8c a4 63 58 e3 a7 5a 7a 71 8e a0 45 b8 58 2b 8b 5a 84 dd 2a e5 7c 25 92 cd 4a 25 73 54 82 cc 51 49 3c 5a 2d 0c 38 5f ca db 9c d1 69 9c 7c 59 e3 c9 1b aa 68 90 1e c1 5c 4f 5d 89 87 39 2c 3e 72 fc f8 be 29 ab 72 73 57 74 ed 8a 91 34 7a d6 e4 e6 ae 9a b2 ef b8 94 37 aa 8d 90 79 c7 be fb ea ab 27 35 44 45 8c fa ea ea fa fb f6 21 8f 50 25 aa f5 26 f1 d0 98 bc 8b 22 84 13 e2 53 25 27 f5 a6 6b 7f 16 0f ed da a5 ae b7 d8 3e e0 7a 8b ed 5a a9 bc 1e 7d f9 be 2e 6e a1 1c 92 a9 da 23 d1 2c 92 c9 2a fa 8d a3 b1 8c ca 3a 03 5c 45 fc 49 06 0a 18 98 c5 c0 03 5c 4a fc ba d5 aa aa 38 79 67 82 96 73 15 57 35 e3 6a f4 f8 b5 28 07 90 04 a5 Data Ascii: fhCf6UV1gmf>cXZzqEX+Z\|%J%sTQI<Z-8_i\|Yh\O]9,>r)rsWt4z7y'5DE!P%&"S%'k>zZ}.n#,:\EI\J8ygsW5j(
2024-05-27 22:36:22 UTC	5840	IN	Data Raw: a4 71 6f 6e ea 80 e5 42 47 d3 f5 fe f5 02 1d cb 3f 9a 9e 8f b1 a3 f1 c0 a2 a7 30 c2 ac 14 7e 2b ab 48 5c 10 89 b3 8a 27 2b c0 0b ec 08 1d 9d 21 fd 43 cb c9 2f b5 b8 bf 2f 2b e7 1c 89 8a 73 ae 24 26 2d 3a 37 f3 60 4f 9f 21 d7 88 0d 2e 67 7f f6 21 6f e3 28 00 ab ab 76 cb a7 91 16 21 5a ca 26 af c0 4a 42 17 c4 6b 98 c8 d7 94 51 68 0f 66 6b 30 46 cc cf c2 51 12 39 ca 3e 99 cf 4e 29 9c a1 42 cd 19 2a a2 70 6e 65 be 72 f4 16 38 05 52 f7 61 91 18 16 09 b3 48 8c 0a 10 af 14 22 74 e3 0c 1d 50 61 9c cf ce 50 cb 4a 24 df 00 f2 6b 48 b8 1e 95 fd be 40 98 d3 d2 b1 1e 15 36 3b 46 49 41 b7 63 60 f6 76 d3 a3 0d 1a 92 49 95 33 7a 3b 32 c5 d8 4c 75 cc 8d ab 42 9b 31 44 13 1c 40 2b 0c 3d 73 05 b3 cd c0 a2 5b 25 28 ad 55 8a eb d1 c0 28 58 02 78 d8 04 63 b9 81 7b fa 0c 5c 5b Data Ascii: qonBG?0~+H\'+!C//+s$&-:7`O!.g!o(v!Z&JBkQhfk0FQ9>N)B*pner8RaH"tPaPJ$kH@6;FIAc`vI3z;2LuB1D@+=s[%(U(Xxc{\[
2024-05-27 22:36:22 UTC	10106	IN	Data Raw: 3f d0 87 97 d2 1b 8f 95 4f d3 01 b7 2f 00 53 38 ce f6 af 6a 44 10 3e 4b 0f be 9c 8d 80 22 74 ce 80 22 24 57 8a 22 fc 6d e6 0a 5b c5 50 c9 86 87 7c 1d 2b c8 f7 8c 59 da 55 06 7b e6 67 6f ad 40 c4 11 dd cd 48 b2 81 d6 b1 99 e4 ce 82 23 34 0b b7 dc 64 24 f8 a0 73 4e f0 41 c2 e1 83 1a 34 6f 28 88 41 7d 10 62 f0 41 89 cd 5b d0 78 1a e6 c5 0a 43 0f 5e 06 4e 50 ef df 86 18 19 7c 08 70 82 93 f4 38 01 0f c9 a6 de 99 80 83 5a 05 38 78 02 90 fc b3 81 07 7d 83 95 95 25 25 2d 09 fb 52 8e 8c 5d 33 d9 b3 e3 20 a9 f5 55 90 e4 a5 c3 45 25 9e d6 de c4 4d 7b b7 2f 6b 3a bc 6a 74 fd 3a ac 73 1b ed d7 79 b4 ce 0b 48 9d 1f 3b 18 8c 19 14 58 42 a4 e8 9a 01 32 e8 bc 7c c8 20 ac d8 38 ce 6c 26 ec 20 f0 38 c5 30 ce f0 5f 0a 94 60 bc 48 94 46 10 cf 50 49 bf 10 e6 e7 b3 22 71 51 fc Data Ascii: ?O/S8jD>K"t"$W"m[P\|+YU{go@H#4d$sNA4o(A}bA[xC^NP\|p8Z8x}%%-R]3 UE%M{/k:jt:syH;XB2\| 8l& 80_`HFPI"qQ
2024-05-27 22:36:22 UTC	12548	IN	Data Raw: 2a 7a 8e c6 72 98 e9 99 41 6f 8d 6a 99 d3 51 91 09 4a 7e 99 74 9e 93 37 35 d2 a0 7f 90 a6 54 ec 4c bd 2e a6 d0 49 49 35 89 95 72 0a 6d 83 a9 27 81 e8 82 d2 8e 54 94 60 a4 a4 04 63 6a 4a 3c 53 54 02 d2 55 15 3a cd b5 b2 0a a3 96 44 5d 85 61 6b b2 b0 c2 78 c2 98 ca 92 ec 5a 69 49 76 a2 b6 24 4c 94 45 18 36 c6 75 21 c4 c9 c2 08 e3 b4 f9 41 d6 67 cc fa 85 82 1d 79 9e af 53 9b cb 61 9f 55 a3 7a 2d b0 00 8c a8 fa 16 55 89 85 2d d2 38 74 9b aa 22 eb eb 6b 69 84 42 cb 2c 87 8a 75 16 92 9a d0 72 d7 31 4a cb 99 93 52 0b 75 55 6b bd a5 11 5b b8 e3 4b 36 55 e5 16 31 46 8d 04 8d b1 e0 82 d4 8a 4b f6 a0 e7 87 63 50 7f 8f 6b 5e 96 a3 11 22 47 37 53 44 2b 3e 12 ad 35 c6 b3 44 33 98 71 a2 5d 33 51 b4 f2 7a a8 18 5a 33 57 c4 8f 47 8b 80 a3 e9 a2 35 49 0c 18 79 80 31 33 26 Data Ascii: *zrAojQJ~t75TL.II5rm'T`cjJ<STU:D]akxZiIv$LE6u!AgySaUz-U-8t"kiB,ur1JRuUk[K6U1FKcPk^"G7SD+>5D3q]3QzZ3WG5Iy13&

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49749	24.75.29.77	443	5572	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-27 22:36:22 UTC	630	OUT	GET /assets/fonts/mandtpg-iconfont.woff HTTP/1.1 Host: resources.mtb.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: http://46814880-10-20181030130048.webstarterz.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: http://46814880-10-20181030130048.webstarterz.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-27 22:36:22 UTC	658	IN	HTTP/1.1 200 OK Content-Type: APPLICATION/X-WOFF Last-Modified: Wed, 17 Apr 2024 05:09:09 GMT Accept-Ranges: bytes ETag: "05f66618590da1:0:dtagent10289240325103055YKtO" X-Srv: B-STC-001 Access-Control-Allow-Origin: * X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/ Timing-Allow-Origin: * Server-Timing: dtSInfo;desc="0", dtRpid;desc="1478056391", dtTao;desc="1" Date: Mon, 27 May 2024 22:36:22 GMT Content-Length: 4776 Set-Cookie: TSea15929a027=0856addebbab20004518fc08302e294335c61bdb76473714a844e2711b7af1c750e9bdcafe992e59085411283811300022d4fbe01586b24e8aacd71aa5b521997dc038cfc38a1b411bd3979a6b4e850fa4d48f368ecbb43612dfa998e7f71756; Path=/
2024-05-27 22:36:22 UTC	4776	IN	Data Raw: 77 4f 46 46 00 01 00 00 00 00 12 a8 00 0b 00 00 00 00 1f bc 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 47 53 55 42 00 00 01 08 00 00 00 3b 00 00 00 54 20 8b 25 7a 4f 53 2f 32 00 00 01 44 00 00 00 41 00 00 00 56 3f 24 4b b0 63 6d 61 70 00 00 01 88 00 00 00 f0 00 00 03 5a 7b c1 f0 2f 67 6c 79 66 00 00 02 78 00 00 0c c2 00 00 15 08 a7 be b4 c4 68 65 61 64 00 00 0f 3c 00 00 00 33 00 00 00 36 12 cb f6 0c 68 68 65 61 00 00 0f 70 00 00 00 1e 00 00 00 24 07 bd 04 06 68 6d 74 78 00 00 0f 90 00 00 00 1d 00 00 00 94 8c c8 ff d8 6c 6f 63 61 00 00 0f b0 00 00 00 4c 00 00 00 4c 4f fa 55 62 6d 61 78 70 00 00 0f fc 00 00 00 1f 00 00 00 20 01 3b 00 a5 6e 61 6d 65 00 00 10 1c 00 00 01 5e 00 00 02 b2 a7 4a 4c 17 70 6f 73 74 00 00 11 7c 00 00 01 Data Ascii: wOFFGSUB;T %zOS/2DAV?$KcmapZ{/glyfxhead<36hheap$hmtxlocaLLOUbmaxp ;name^JLpost\|

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 5004, Parent PID: 3748

General

Target ID:	0
Start time:	18:36:10
Start date:	27/05/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 5572, Parent PID: 5004

General

Target ID:	2
Start time:	18:36:13
Start date:	27/05/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1984,i,2315323049855643941,11588584059325083261,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6488, Parent PID: 3748

General

Target ID:	3
Start time:	18:36:15
Start date:	27/05/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly