Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/secq.html?onlinebanking.mtb.com/Login/MTBSignOn

Overview

General Information

Sample URL:http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/secq.html?onlinebanking.mtb.com/Login/MTBSignOn
Analysis ID:1448168
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Stores files to the Windows start menu directory
Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 3712 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 2020 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1984,i,10044513003137732851,7729411015593312326,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 4836 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/secq.html?onlinebanking.mtb.com/Login/MTBSignOn" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/secq.html?onlinebanking.mtb.com/Login/MTBSignOnAvira URL Cloud: detection malicious, Label: phishing
Source: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/secq.html?onlinebanking.mtb.com/Login/MTBSignOnSlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering
Antivirus detection for URL or domain
Source: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/img_trans.gifAvira URL Cloud: Label: phishing
Source: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/Retail.cssAvira URL Cloud: Label: phishing
Source: http://46814880-10-20181030130048.webstarterz.com/Fonts/CORISANDEBold.ttfAvira URL Cloud: Label: phishing
Source: http://46814880-10-20181030130048.webstarterz.com/Fonts/CORISANDELight.woffAvira URL Cloud: Label: phishing
Source: http://46814880-10-20181030130048.webstarterz.com/Fonts/CORISANDELight.ttfAvira URL Cloud: Label: phishing
Source: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/favicon.icoAvira URL Cloud: Label: phishing
Source: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/CustomerService.cssAvira URL Cloud: Label: phishing
Source: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/1css.cssAvira URL Cloud: Label: phishing
Source: http://46814880-10-20181030130048.webstarterz.com/Fonts/CORISANDEBold.woffAvira URL Cloud: Label: phishing
Source: unknownHTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49737 version: TLS 1.0
Source: unknownHTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.5:49719 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.5:49721 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49737 version: TLS 1.0
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /Assets/images/img_trans.gif HTTP/1.1Host: onlinebanking.mtb.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: http://46814880-10-20181030130048.webstarterz.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /Assets/images/img_trans.gif HTTP/1.1Host: onlinebanking.mtb.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /images/header_footer.png HTTP/1.1Host: resources.mtb.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: http://46814880-10-20181030130048.webstarterz.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /images/general.png HTTP/1.1Host: resources.mtb.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: http://46814880-10-20181030130048.webstarterz.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /images/Dropdown-sprite_slk.png HTTP/1.1Host: resources.mtb.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: http://46814880-10-20181030130048.webstarterz.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /images/Dropdown-sprite_slk.png HTTP/1.1Host: resources.mtb.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: dtCookie=v_4_srv_4_sn_F1B43A255340EB55C47CBBFD462FA1A6_perc_100000_ol_0_mul_1_app-3Aa521059fe666ac1f_0_rcs-3Acss_0
Source: global trafficHTTP traffic detected: GET /images/general.png HTTP/1.1Host: resources.mtb.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: dtCookie=v_4_srv_4_sn_F1B43A255340EB55C47CBBFD462FA1A6_perc_100000_ol_0_mul_1_app-3Aa521059fe666ac1f_0_rcs-3Acss_0
Source: global trafficHTTP traffic detected: GET /images/header_footer.png HTTP/1.1Host: resources.mtb.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: dtCookie=v_4_srv_4_sn_F1B43A255340EB55C47CBBFD462FA1A6_perc_100000_ol_0_mul_1_app-3Aa521059fe666ac1f_0_rcs-3Acss_0
Source: global trafficHTTP traffic detected: GET /tedsplay.com/onlinebankingmtb/secq.html?onlinebanking.mtb.com/Login/MTBSignOn HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /tedsplay.com/onlinebankingmtb/img/1css.css HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,*/*;q=0.1Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/secq.html?onlinebanking.mtb.com/Login/MTBSignOnAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /tedsplay.com/onlinebankingmtb/img/Retail.css HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,*/*;q=0.1Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/secq.html?onlinebanking.mtb.com/Login/MTBSignOnAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /tedsplay.com/onlinebankingmtb/img/CustomerService.css HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,*/*;q=0.1Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/secq.html?onlinebanking.mtb.com/Login/MTBSignOnAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /tedsplay.com/onlinebankingmtb/img/img_trans.gif HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/secq.html?onlinebanking.mtb.com/Login/MTBSignOnAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /tedsplay.com/onlinebankingmtb/img/img_trans.gif HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /tedsplay.com/onlinebankingmtb/img/favicon.ico HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/secq.html?onlinebanking.mtb.com/Login/MTBSignOnAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /tedsplay.com/onlinebankingmtb/img/favicon.ico HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /Fonts/CORISANDELight.woff HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveOrigin: http://46814880-10-20181030130048.webstarterz.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/1css.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /Fonts/CORISANDEBold.woff HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveOrigin: http://46814880-10-20181030130048.webstarterz.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/1css.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /Fonts/CORISANDEBold.ttf HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveOrigin: http://46814880-10-20181030130048.webstarterz.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/1css.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /Fonts/CORISANDELight.ttf HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveOrigin: http://46814880-10-20181030130048.webstarterz.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/1css.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: 46814880-10-20181030130048.webstarterz.com
Source: global trafficDNS traffic detected: DNS query: onlinebanking.mtb.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: resources.mtb.com
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 22:38:20 GMTServer: ApacheContent-Length: 341Keep-Alive: timeout=5, max=99Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 46 6f 6e 74 73 2f 43 4f 52 49 53 41 4e 44 45 42 6f 6c 64 2e 77 6f 66 66 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /Fonts/CORISANDEBold.woff was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 22:38:20 GMTServer: ApacheContent-Length: 342Keep-Alive: timeout=5, max=98Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 46 6f 6e 74 73 2f 43 4f 52 49 53 41 4e 44 45 4c 69 67 68 74 2e 77 6f 66 66 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /Fonts/CORISANDELight.woff was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 22:38:20 GMTServer: ApacheContent-Length: 341Keep-Alive: timeout=5, max=98Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 46 6f 6e 74 73 2f 43 4f 52 49 53 41 4e 44 45 4c 69 67 68 74 2e 74 74 66 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /Fonts/CORISANDELight.ttf was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 22:38:20 GMTServer: ApacheContent-Length: 340Keep-Alive: timeout=5, max=97Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 46 6f 6e 74 73 2f 43 4f 52 49 53 41 4e 44 45 42 6f 6c 64 2e 74 74 66 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /Fonts/CORISANDEBold.ttf was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: chromecache_80.2.drString found in binary or memory: http://docs.jquery.com/UI/Resizable#theming
Source: chromecache_80.2.drString found in binary or memory: http://docs.jquery.com/UI/Theming/API
Source: chromecache_80.2.drString found in binary or memory: http://jqueryui.com/about)
Source: chromecache_65.2.drString found in binary or memory: https://onlinebanking.mtb.com/Assets/images/img_trans.gif
Source: chromecache_80.2.drString found in binary or memory: https://resources.mtb.com/images/Dropdown-R.png
Source: chromecache_80.2.drString found in binary or memory: https://resources.mtb.com/images/Dropdown-sprite_slk.png
Source: chromecache_80.2.drString found in binary or memory: https://resources.mtb.com/images/FormElements.png
Source: chromecache_80.2.drString found in binary or memory: https://resources.mtb.com/images/Graphic-Header-Commercial.png
Source: chromecache_80.2.drString found in binary or memory: https://resources.mtb.com/images/Sign-On-Image.jpg
Source: chromecache_80.2.drString found in binary or memory: https://resources.mtb.com/images/general.png
Source: chromecache_80.2.drString found in binary or memory: https://resources.mtb.com/images/header_footer.png
Source: chromecache_80.2.drString found in binary or memory: https://resources.mtb.com/images/icon_backtotop.png
Source: chromecache_80.2.drString found in binary or memory: https://resources.mtb.com/images/numbers.png
Source: chromecache_80.2.drString found in binary or memory: https://resources.mtb.com/images/services.png
Source: chromecache_80.2.drString found in binary or memory: https://resources.mtb.com/images/transparent.png
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownHTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.5:49719 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.5:49721 version: TLS 1.2
Source: classification engineClassification label: mal56.win@16/36@14/8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1984,i,10044513003137732851,7729411015593312326,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/secq.html?onlinebanking.mtb.com/Login/MTBSignOn"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1984,i,10044513003137732851,7729411015593312326,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Google Drive.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder		1
Process Injection		1
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder		1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/secq.html?onlinebanking.mtb.com/Login/MTBSignOn100%Avira URL Cloudphishing
http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/secq.html?onlinebanking.mtb.com/Login/MTBSignOn100%SlashNextCredential Stealing type: Phishing & Social Engineering

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://docs.jquery.com/UI/Resizable#theming0%URL Reputationsafe
http://jqueryui.com/about)0%URL Reputationsafe
http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/img_trans.gif100%Avira URL Cloudphishing
http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/Retail.css100%Avira URL Cloudphishing
https://resources.mtb.com/images/Sign-On-Image.jpg0%Avira URL Cloudsafe
http://46814880-10-20181030130048.webstarterz.com/Fonts/CORISANDEBold.ttf100%Avira URL Cloudphishing
http://docs.jquery.com/UI/Theming/API0%Avira URL Cloudsafe
https://resources.mtb.com/images/Graphic-Header-Commercial.png0%Avira URL Cloudsafe
http://46814880-10-20181030130048.webstarterz.com/Fonts/CORISANDELight.woff100%Avira URL Cloudphishing
https://resources.mtb.com/images/FormElements.png0%Avira URL Cloudsafe
https://resources.mtb.com/images/transparent.png0%Avira URL Cloudsafe
https://resources.mtb.com/images/services.png0%Avira URL Cloudsafe
http://46814880-10-20181030130048.webstarterz.com/Fonts/CORISANDELight.ttf100%Avira URL Cloudphishing
https://onlinebanking.mtb.com/Assets/images/img_trans.gif0%Avira URL Cloudsafe
https://resources.mtb.com/images/numbers.png0%Avira URL Cloudsafe
https://resources.mtb.com/images/general.png0%Avira URL Cloudsafe
https://resources.mtb.com/images/header_footer.png0%Avira URL Cloudsafe
http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/favicon.ico100%Avira URL Cloudphishing
http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/CustomerService.css100%Avira URL Cloudphishing
https://resources.mtb.com/images/Dropdown-R.png0%Avira URL Cloudsafe
https://resources.mtb.com/images/Dropdown-sprite_slk.png0%Avira URL Cloudsafe
https://resources.mtb.com/images/icon_backtotop.png0%Avira URL Cloudsafe
http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/1css.css100%Avira URL Cloudphishing
http://46814880-10-20181030130048.webstarterz.com/Fonts/CORISANDEBold.woff100%Avira URL Cloudphishing

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.210.172
truefalse
    		unknown
    onlinebanking.gslb.mtb.com
    		24.75.29.69
    		truefalse
      		unknown
      46814880-10-20181030130048.webstarterz.com
      		163.44.198.51
      		truefalse
        		unknown
        www.google.com
        		216.58.206.68
        		truefalse
          		unknown
          resources.gslb.mtb.com
          		24.75.29.77
          		truefalse
            		unknown
            fp2e7a.wpc.phicdn.net
            		192.229.221.95
            		truefalse
              		unknown
              onlinebanking.mtb.com
              		unknown
              		unknownfalse
                		unknown
                resources.mtb.com
                		unknown
                		unknownfalse
                  		unknown

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/secq.html?onlinebanking.mtb.com/Login/MTBSignOntrue
                    		unknown
                    http://46814880-10-20181030130048.webstarterz.com/Fonts/CORISANDELight.wofffalse
                    • Avira URL Cloud: phishing
                    		unknown
                    http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/Retail.cssfalse
                    • Avira URL Cloud: phishing
                    		unknown
                    http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/img_trans.giffalse
                    • Avira URL Cloud: phishing
                    		unknown
                    http://46814880-10-20181030130048.webstarterz.com/Fonts/CORISANDEBold.ttffalse
                    • Avira URL Cloud: phishing
                    		unknown
                    http://46814880-10-20181030130048.webstarterz.com/Fonts/CORISANDELight.ttffalse
                    • Avira URL Cloud: phishing
                    		unknown
                    https://onlinebanking.mtb.com/Assets/images/img_trans.giffalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/favicon.icofalse
                    • Avira URL Cloud: phishing
                    		unknown
                    https://resources.mtb.com/images/general.pngfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://resources.mtb.com/images/header_footer.pngfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/CustomerService.cssfalse
                    • Avira URL Cloud: phishing
                    		unknown
                    https://resources.mtb.com/images/Dropdown-sprite_slk.pngfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/1css.cssfalse
                    • Avira URL Cloud: phishing
                    		unknown
                    http://46814880-10-20181030130048.webstarterz.com/Fonts/CORISANDEBold.wofffalse
                    • Avira URL Cloud: phishing
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://resources.mtb.com/images/FormElements.pngchromecache_80.2.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://resources.mtb.com/images/services.pngchromecache_80.2.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://resources.mtb.com/images/transparent.pngchromecache_80.2.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://resources.mtb.com/images/Graphic-Header-Commercial.pngchromecache_80.2.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://resources.mtb.com/images/Sign-On-Image.jpgchromecache_80.2.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://docs.jquery.com/UI/Theming/APIchromecache_80.2.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://docs.jquery.com/UI/Resizable#themingchromecache_80.2.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://resources.mtb.com/images/numbers.pngchromecache_80.2.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://resources.mtb.com/images/Dropdown-R.pngchromecache_80.2.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://jqueryui.com/about)chromecache_80.2.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://resources.mtb.com/images/icon_backtotop.pngchromecache_80.2.drfalse
                    • Avira URL Cloud: safe
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    24.75.29.69
                    		onlinebanking.gslb.mtb.comUnited States
                    		16490MTBUSfalse
                    163.44.198.51
                    		46814880-10-20181030130048.webstarterz.comSingapore
                    		135161GMO-Z-COM-THGMO-ZcomNetDesignHoldingsCoLtdSGfalse
                    24.75.29.77
                    		resources.gslb.mtb.comUnited States
                    		16490MTBUSfalse
                    192.216.61.78
                    		unknownUnited States
                    		12134MTBUSfalse
                    216.58.206.68
                    		www.google.comUnited States
                    		15169GOOGLEUSfalse
                    239.255.255.250
                    		unknownReserved
                    		unknownunknownfalse

                    Private

                    IP
                    192.168.2.4
                    192.168.2.5

                    General Information

                    Joe Sandbox version:40.0.0 Tourmaline
                    Analysis ID:1448168
                    Start date and time:2024-05-28 00:37:27 +02:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 3m 13s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:browseurl.jbs
                    Sample URL:http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/secq.html?onlinebanking.mtb.com/Login/MTBSignOn
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:8
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Detection:MAL
                    Classification:mal56.win@16/36@14/8
                    EGA Information:Failed
                    HCA Information:
                    • Successful, ratio: 100%
                    • Number of executed functions: 0
                    • Number of non-executed functions: 0

                    Warnings

                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                    • Excluded IPs from analysis (whitelisted): 172.217.18.3, 216.58.206.46, 142.251.168.84, 34.104.35.123, 172.217.23.106, 142.250.186.170, 172.217.18.10, 142.250.186.106, 172.217.18.106, 172.217.16.202, 142.250.186.138, 216.58.206.74, 142.250.181.234, 142.250.185.106, 142.250.185.74, 142.250.186.42, 142.250.184.202, 142.250.186.74, 142.250.185.202, 172.217.16.138, 20.114.59.183, 199.232.210.172, 192.229.221.95, 20.166.126.56, 20.3.187.198, 216.58.206.67, 199.232.214.172
                    • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
                    • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size getting too big, too many NtSetInformationFile calls found.
                    • VT rate limit hit for: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/secq.html?onlinebanking.mtb.com/Login/MTBSignOn

                    Simulations

                    Behavior and APIs

                    No simulations

                    Joe Sandbox View / Context

                    IPs

                    No context

                    Domains

                    No context

                    ASNs

                    No context

                    JA3 Fingerprints

                    No context

                    Dropped Files

                    No context

                    Created / dropped Files

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon May 27 21:38:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2677
                    Entropy (8bit):3.985248332261239
                    Encrypted:false
                    SSDEEP:48:8XdtT1FMHpidAKZdA19ehwiZUklqehGfy+3:8bXGhfy
                    MD5:11D2EDCC9CE70D5E6C72593E04F09D10
                    SHA1:DDF46EAD63B6D7764D979B41DEF39E39A98742FC
                    SHA-256:95E389D926C8C2C199D882E5933BD08449E9CD0CEFDFEE21A9401530D8E28A03
                    SHA-512:F25784F18E884D6425C00765D4519642F0DFD91B83324D90DBCAF258711241CCDBA2F2568698673DC84A15B8F53638D8CA26BAD4FAAA5ED5DB3A8C1BF62E885D
                    Malicious:false
                    Reputation:low
                    Preview:L..................F.@.. ...$+.,..........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........!`D......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon May 27 21:38:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2679
                    Entropy (8bit):4.001665555665997
                    Encrypted:false
                    SSDEEP:48:80dtT1FMHpidAKZdA1weh/iZUkAQkqehRfy+2:8+XE9QEfy
                    MD5:3E4AF1D22979EAFEDF40A46DAB150C89
                    SHA1:3F8D5585D9ED288953803E14AE73EF94A5B11648
                    SHA-256:028A843C2B689DD72B3C65103886A7EF0CAA58BEE15A41CF2525D00972795842
                    SHA-512:3AD1FCE7C992EDE4F3877A47B7484402667F9EAADF806CA24211BD048A3B1BB67C8B21F1E44B3FB4594783F60CB107FFD27743928A519CF880A284D48A5A4191
                    Malicious:false
                    Reputation:low
                    Preview:L..................F.@.. ...$+.,..........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........!`D......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2693
                    Entropy (8bit):4.00882025068224
                    Encrypted:false
                    SSDEEP:48:8x+dtT1FsHpidAKZdA14tseh7sFiZUkmgqeh7sHfy+BX:8x8XcnVfy
                    MD5:F0937F73BD2376BF16F65B4CCC7E74E8
                    SHA1:8F45B3979D02A95D510DB8F1F6CED778E5935A8C
                    SHA-256:8705D637E1C840108263BD4759496FFD30FD32A4C28530900D45709100A31F47
                    SHA-512:C6958482FC2FE8E01884452DF718F9F01B387D3A57273EF6BF602729725BAEA7F89246AA608FFE52CBE9445DF3D73D4A3B24910D2F0B6F90F1A7948CE2756B25
                    Malicious:false
                    Reputation:low
                    Preview:L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........!`D......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon May 27 21:38:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2681
                    Entropy (8bit):3.998122568771833
                    Encrypted:false
                    SSDEEP:48:8vLdtT1FMHpidAKZdA1vehDiZUkwqehdfy+R:8v/XPPfy
                    MD5:84D91B82517788B2C9CEBD64C971C6E0
                    SHA1:0DFBE7FD2E880D7350919AE3B8F9606A3DE3D2A5
                    SHA-256:1D7E9AB8DA514F860B92BEED5599A203D4AF4B3CB3D85E06E4E4B100B99F0B01
                    SHA-512:02237719A004537E2C6A29FDDFF948D0179049B974ABF63EBFC71A9511C81FE70B589BA8F15765841FCD2427DF49885C69EEA615ADE189918017C696E02D3C48
                    Malicious:false
                    Reputation:low
                    Preview:L..................F.@.. ...$+.,.....U.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........!`D......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon May 27 21:38:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2681
                    Entropy (8bit):3.9875810294531693
                    Encrypted:false
                    SSDEEP:48:8HRdtT1FMHpidAKZdA1hehBiZUk1W1qeh7fy+C:8HBXv9bfy
                    MD5:45EC35DE1A4E8855D91DB777B5E15B2E
                    SHA1:DD22DB4FFEBE2C295621FD81403DFC14AA12B43E
                    SHA-256:FEB19BDFA71E4A1DC8C994177AA623A2E57C19AE4FA6D265C27B45C54DACD71B
                    SHA-512:D58E806A1E54C92DA726ED2B4DBC5CF92AFE8AAC237FC9D00580D7D51FD6FEF5F69E12E210625481A96A914BA77BF4563B9FAC53801F30BDCDC5E6849D0A9442
                    Malicious:false
                    Reputation:low
                    Preview:L..................F.@.. ...$+.,....o.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........!`D......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon May 27 21:38:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2683
                    Entropy (8bit):3.9977964066282277
                    Encrypted:false
                    SSDEEP:48:80dtT1FMHpidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbVfy+yT+:8+XnT/TbxWOvTbVfy7T
                    MD5:FE980C3EE2BE390EC6E6056741D273EE
                    SHA1:E27DA8131C6018CC2602978BA310DE1C44198F70
                    SHA-256:84B5065AFD3A91F63BAE36BD605EEB528F8F40CE95496F02F5EF603920366240
                    SHA-512:0C6BAFE2E8E2B2722972F67809AE9D7FE8999E9BF3C23647360419D41A43011BE567BFD46CFF0B060F745B5F33312E15FB24BCFE5A5B96E6ADEE73B6884DA0D7
                    Malicious:false
                    Reputation:low
                    Preview:L..................F.@.. ...$+.,.....c.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........!`D......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                    Chrome Cache Entry: 64

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:GIF image data, version 89a, 1 x 1
                    Category:dropped
                    Size (bytes):43
                    Entropy (8bit):3.0314906788435274
                    Encrypted:false
                    SSDEEP:3:CUkwltxlHh/:P/
                    MD5:325472601571F31E1BF00674C368D335
                    SHA1:2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A
                    SHA-256:B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
                    SHA-512:717EA0FF7F3F624C268ECCB244E24EC1305AB21557ABB3D6F1A7E183FF68A2D28F13D1D2AF926C9EF6D1FB16DD8CBE34CD98CACF79091DDDC7874DCEE21ECFDC
                    Malicious:false
                    Reputation:low
                    Preview:GIF89a.............!.......,...........D..;

                    Chrome Cache Entry: 65

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                    Category:downloaded
                    Size (bytes):26033
                    Entropy (8bit):5.190295272388981
                    Encrypted:false
                    SSDEEP:384:D2jC9pGGmEBvK75NbKpnKnobkpKCe+dHU5bndZojqGbRqEJqxJ+HLCkB5N1Q:UU65qywA+LX8DlqE8xJ+HLCkBW
                    MD5:CEA048078DDD78CBADF62FA818BD516D
                    SHA1:60DC1B35711D9B848C7848147DE9057D66428691
                    SHA-256:4B7D4E573F96BA38D2D36DEA49EE9426B7476580177995DF62780C469E16E9E4
                    SHA-512:5F7AFBBBEC7BE3FE40B14E96C9A8E6F860AE2C5E3BBA4215341700B590C1E37484AD3FCB9390F7C49215610148F905352B10637D2EBE1507DE510C69E30ABDDD
                    Malicious:false
                    Reputation:low
                    URL:http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/secq.html?onlinebanking.mtb.com/Login/MTBSignOn
                    Preview:<!DOCTYPE html><html lang="en" class="mtb-kraken-ui"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" />........<title>My Profile | M&amp;T Bank</title>..<link rel="shortcut icon" href="img/favicon.ico" type="image/x-icon">..<meta http-equiv="X-UA-Compatible" content="IE=edge">..<meta http-equiv="Expires" content="-1">..<meta http-equiv="Cache-Control" content="no-cache">..<meta http-equiv="Pragma" content="no-cache">....<link href="img/1css.css" rel="stylesheet">....<link href="img/Retail.css" rel="stylesheet">..........<link href="img/CustomerService.css" rel="stylesheet">..........</head>..<body style="">....<a href="javascript:void(0)?onlinebanking.mtb.com/CustomerService/MyProfileEdit#main-content" id="skip" tabindex="1">Skip to content</a>..<div class="app-banner" id="UserType_NoAccess"> ..<img src="https://onlinebanking.mtb.com/Assets/images/img_trans.gif" class="banner" alt="M&amp;T Bank"

                    Chrome Cache Entry: 66

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:HTML document, ASCII text
                    Category:downloaded
                    Size (bytes):341
                    Entropy (8bit):5.130248017253532
                    Encrypted:false
                    SSDEEP:6:pn0+Dy9xwGObRmEr6VnetdzRx3ej9qcDZt33CezoFEHcLgabzjsKtgsg93wzRbKk:J0+oxBeRmR9etdzRxY9d3yezZfCzjsKn
                    MD5:BB493412E8749A7D7123FD01D8949B80
                    SHA1:75CE31A5BCE190DFE83731C9E3B5B25BAEC75C3A
                    SHA-256:B6A07F7585F5ED57C2D84B4E17B436483B0FCE5AC179E2D041AA3D1B8A7B6856
                    SHA-512:9B73CC70AD3189851BD1F5805465C00174BB19F7DF9F1F6277728FD51E04E53C793FA6F6229AFB85AA633DEFB2ABFD4E3A6E4256EB38ABD61C2F6BF3BF46BF1D
                    Malicious:false
                    Reputation:low
                    URL:http://46814880-10-20181030130048.webstarterz.com/Fonts/CORISANDEBold.woff
                    Preview:<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL /Fonts/CORISANDEBold.woff was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>.

                    Chrome Cache Entry: 67

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:ASCII text, with no line terminators
                    Category:downloaded
                    Size (bytes):76
                    Entropy (8bit):4.54792278349572
                    Encrypted:false
                    SSDEEP:3:xPXi5IiPwiP6dnPp3TnP8kSZgRL:xP6PXPQp3TPiZUL
                    MD5:4A0C165E777C3B45791C0C674DBF540D
                    SHA1:EF2007A280C73F23BFCC0CAB18099D42458841BB
                    SHA-256:ED2349D81D83AB770F44304A7FE16D05ACDDC8A2178404BE946DFA848A65642F
                    SHA-512:9289C62432A4DF37AC292EDAFC53728825113094DC6364F2F89D51EEFF3C84381069AA37E63945BDF7B91376FAFCB526C27556686AC906D054CE9A6C40DC84D3
                    Malicious:false
                    Reputation:low
                    URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISMwnLxmnrbdWYWBIFDYb6wY0SBQ39ahOEEgUNLjiI7BIFDXF78j0SBQ3HbPCPEgUNFY9MOA==?alt=proto
                    Preview:CjYKBw2G+sGNGgAKBw39ahOEGgAKBw0uOIjsGgAKBw1xe/I9GgAKBw3HbPCPGgAKBw0Vj0w4GgA=

                    Chrome Cache Entry: 68

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:PNG image data, 300 x 300, 8-bit/color RGB, non-interlaced
                    Category:dropped
                    Size (bytes):15822
                    Entropy (8bit):7.9575799002181
                    Encrypted:false
                    SSDEEP:384:RCuVI4IrVf3dZRDmmGGjuEQeFmmOg52gbm:RdlOV/hmm3juEQeTK
                    MD5:652A2382A1D4D1159BFFE5DD9C77877D
                    SHA1:84B893FD39255950601DA0C8D65735D28E775892
                    SHA-256:ACFA0CC8B42493333D9032C79E4D91D7BBDD40995A283A3945075DA6FB2F3CFB
                    SHA-512:81D0806D8D2657E623F91824D44DC33F4D5375B96A1768B64C741E5A2CB02D443236F565763C38E651003BF81F4603569F506A5571B95CC05859E1D9D58517FB
                    Malicious:false
                    Reputation:low
                    Preview:.PNG........IHDR...,...,........"....tEXtSoftware.Adobe ImageReadyq.e<...fiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:4CE2F5850C98E41191D88808CA6C83CE" xmpMM:DocumentID="xmp.did:089565F0984011E4B903D8EB7B2BD9E5" xmpMM:InstanceID="xmp.iid:089565EF984011E4B903D8EB7B2BD9E5" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:4CE2F5850C98E41191D88808CA6C83CE" stRef:documentID="xmp.did:4CE2F5850C98E41191D88808CA6C83CE"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.3....9.IDATx..].|...?';$...g ..H..KPP..EQDf..Z[....

                    Chrome Cache Entry: 69

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:PNG image data, 320 x 1024, 8-bit/color RGBA, non-interlaced
                    Category:downloaded
                    Size (bytes):36351
                    Entropy (8bit):7.850446874022779
                    Encrypted:false
                    SSDEEP:768:9R8W3Qlyq0z9DSVNtJc+hInx33sgPtuWu9wPG77govZWTrcsv7v:9GKQJ0kFJc+Exn9FuWHPaIT5v7v
                    MD5:FD1D14909F77C734324C5709F87A8D46
                    SHA1:C07F2A1FB945E769D529ED93F809B16F748D7AC5
                    SHA-256:8CF4922DEBA1A04C67E4E38F44162C1891C6DE06CF3712F35EA9823555971CA5
                    SHA-512:631B06EDDD6F019C1ACD1D7103A70643211BB524494C4F8CE87704A50CFCD276F8F1B6C58F78997C7F250DE34670658E277EF47587F49C0F598A1D1CB9FF3796
                    Malicious:false
                    Reputation:low
                    URL:https://resources.mtb.com/images/general.png
                    Preview:.PNG........IHDR...@............a....tEXtSoftware.Adobe ImageReadyq.e<....IDATx...|.......@0...r.J.....*..V..Z.x..\...Zk......H..b[.\L,U...[.V..m}...4.T......%7...<.3..fvw6.3.$.}?...........9s.Ea<.......(..........G...ho....Z..f.......777.755.756RsK..:t....U..T..K~$U...=9.`..x.c}....:...[.R.....({x.v....l.....x.........-Bc...V..v...k....|n1..J.(.4../J....}............?....=.n.f...MM.[...Q...!J...-.]Q$Ch}}.S....8p.Z....u.......PL+....K.....:.gZ....}.:...D..4.}m...3.s.#?i....;....yZ..?..i.=Mmt.-.........(..."......g.At.q.i...<xP+....9R-.bo:...z.....]SY.:r....u..M.ix..(..s.G`{-U..V...ZZ.Q..S...s.........jm..}.P.~..u..i.}.g.....(//.Q}.|1...aW.....y._...p.;8_[.c.5.|].}..\.r .h^.9...u.G......G5;.h..}.;P[.U}#.j.I.H-...=..+.:h~....<.S..8....7of...J$...d....K.S........67U..-.l...Kh..F...%....[..g..f.o...k..Z..W.U..G...k.e.qch.........}......Ul~..-....]q...:;.T...y....T.....6l....Z.u.>...D..D..wrD.6../.B..W=[..?9.O\.{O<.D............k......

                    Chrome Cache Entry: 70

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:GIF image data, version 89a, 1 x 1
                    Category:downloaded
                    Size (bytes):43
                    Entropy (8bit):3.0314906788435274
                    Encrypted:false
                    SSDEEP:3:CUkwltxlHh/:P/
                    MD5:325472601571F31E1BF00674C368D335
                    SHA1:2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A
                    SHA-256:B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
                    SHA-512:717EA0FF7F3F624C268ECCB244E24EC1305AB21557ABB3D6F1A7E183FF68A2D28F13D1D2AF926C9EF6D1FB16DD8CBE34CD98CACF79091DDDC7874DCEE21ECFDC
                    Malicious:false
                    Reputation:low
                    URL:http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/img_trans.gif
                    Preview:GIF89a.............!.......,...........D..;

                    Chrome Cache Entry: 71

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:GIF image data, version 89a, 1 x 1
                    Category:downloaded
                    Size (bytes):43
                    Entropy (8bit):3.0314906788435274
                    Encrypted:false
                    SSDEEP:3:CUkwltxlHh/:P/
                    MD5:325472601571F31E1BF00674C368D335
                    SHA1:2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A
                    SHA-256:B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
                    SHA-512:717EA0FF7F3F624C268ECCB244E24EC1305AB21557ABB3D6F1A7E183FF68A2D28F13D1D2AF926C9EF6D1FB16DD8CBE34CD98CACF79091DDDC7874DCEE21ECFDC
                    Malicious:false
                    Reputation:low
                    URL:https://onlinebanking.mtb.com/Assets/images/img_trans.gif
                    Preview:GIF89a.............!.......,...........D..;

                    Chrome Cache Entry: 72

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:GIF image data, version 89a, 1 x 1
                    Category:dropped
                    Size (bytes):43
                    Entropy (8bit):3.0314906788435274
                    Encrypted:false
                    SSDEEP:3:CUkwltxlHh/:P/
                    MD5:325472601571F31E1BF00674C368D335
                    SHA1:2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A
                    SHA-256:B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
                    SHA-512:717EA0FF7F3F624C268ECCB244E24EC1305AB21557ABB3D6F1A7E183FF68A2D28F13D1D2AF926C9EF6D1FB16DD8CBE34CD98CACF79091DDDC7874DCEE21ECFDC
                    Malicious:false
                    Reputation:low
                    Preview:GIF89a.............!.......,...........D..;

                    Chrome Cache Entry: 73

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:PNG image data, 997 x 320, 8-bit/color RGBA, non-interlaced
                    Category:dropped
                    Size (bytes):31436
                    Entropy (8bit):7.901778075224938
                    Encrypted:false
                    SSDEEP:768:PJsVZr+Gs/xawkelyuitRv9ClNojaLCjH4VJngUDvlg:C0xawVl/i/lCjocC7wJgUC
                    MD5:C88FE85B3383F97419F3214A3C15FD43
                    SHA1:E41BE6440D6D917FC53132E5FC1ED5FFD50508AB
                    SHA-256:9D4854E5E3A1CBD737FCC46B9E2D0FA2B5A719BBDFA9E3316B749007CFFE1E3E
                    SHA-512:817905F12A263768BDEF6F578C366CBAACC0F33769C51AA82D2B1C5C6D34B451A7C6DA9026F4D22BB47949494201C02C45555467FFCC1A6E0FDE4CE475A005E7
                    Malicious:false
                    Reputation:low
                    Preview:.PNG........IHDR.......@............pHYs..........+......tIME.....2.k.__....tEXtAuthor....H....tEXtDescription...!#....tEXtCopyright....:....tEXtCreation time.5.......tEXtSoftware.]p.:....tEXtDisclaimer.........tEXtWarning........tEXtSource.........tEXtComment........tEXtTitle....'.. .IDATx...yx...?..7.&aId.dI0,...7...Z.V.[[-V..Vk....Zc.....tym.P..}-.....+h*....a.....w....c...;w....<O.{g....{...s..... """"""....|Lt...;v........:..........H...................H...................H...................H...................H...................H...................H...................H.........$.]......OI,.r.41.[.em....0..#}...C...7..p....9_.uS....}s.!...xz6.X.B...m....9..D.V|......./...;..{S......q.).........3.-....G..t.!...........B..<.?..P>l.p.7..D4..vMi.g..;+W .<r<N.>....EE...e...................0M<..{xe.J.L.....3.EY,.....[.7.AJ.....C1eD....B@J..e?5M..m.1s.K^...|].0.o..=h4n.r&~p.Y........{,.)...5v. """""Ru[(.p..W.~BF(....~"~2.....#NBT..M)%.{.

                    Chrome Cache Entry: 74

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (349), with CRLF line terminators
                    Category:downloaded
                    Size (bytes):48688
                    Entropy (8bit):5.0391587417601
                    Encrypted:false
                    SSDEEP:384:Hrj2iY4jKMZSr5YMZIuqA9XkR6fPEn1zCu0Bf5qr6If+DFqbTL:Lja4jf18IjPd2Bf0rPMe
                    MD5:709FA6A3200B9E089B92ABE550CF1777
                    SHA1:5B5D771200311B3296B7C57BDB088F97246BC88B
                    SHA-256:94E99D3AA48374A30A1FF4F7FA6E38EAAD2187B8A78D0BB0EBB0B6076E231416
                    SHA-512:E3AA0FFEF07385C29118440A35A7DF4D07241E109D70D46E8D98C2E83122EB9AD5F282D5A688B93BEB6CC69D61E66755583EC6DEEF45C0E93F7BB5B012805FAC
                    Malicious:false
                    Reputation:low
                    URL:http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/CustomerService.css
                    Preview:.p.bold {.. font-weight: bold;..}.....italic {.. font-style: italic;..}..../* Removed from jQuery */....#divUserModules.gaptop {.. margin-top: 70px;..}....span.field-validation-error.notop {.. margin-top: -3px;..}....td input[type='text'].outline {.. border: 1px solid #cc3300;..}....span.field-validation-error.snugtop {.. margin-top: -20px;..}.....nobottom {.. padding-bottom: 0px;..}.....notop {.. padding-top: 0px;..}../* End Removed from jQuery */....../************** Add Account & Add Account Details & Add Account Review */..form.cs-addAccount #divFindItNow {.. display: none;..}....form.cs-addAccount .colored-box {.. margin-bottom: 10px;..}....form.cs-addAccount .field-validation-error {.. margin-left: 53px;..}....form.cs-addAccount .help-small {.. vertical-align: bottom;.. margin-left: 6px;.. margin-right: 0;..}....form.cs-addAccount div.radio {.. float: left;.. position: relative;..}....form.cs-addAccount #lblRestrictions {.. pad

                    Chrome Cache Entry: 75

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:PNG image data, 27 x 196, 8-bit/color RGBA, non-interlaced
                    Category:downloaded
                    Size (bytes):2214
                    Entropy (8bit):7.8687301423844485
                    Encrypted:false
                    SSDEEP:48:syAikLWsKWdb7aHRPnySA+PTEHRZjhqC10NG3E+ca5TN:sYAJb7aHJntA+mZ9H1+G0+/R
                    MD5:B524494760D944F4085F8DF4EEDA7259
                    SHA1:DECC05C78BA97DA986DEE26BE7318FADCD394A5A
                    SHA-256:06CE076A52C4C19D45BF7DD28EE823E8454E8F371A23BD691970B938847CCF49
                    SHA-512:7D7201BAA449762AD329FCD8F60B1D69EF593D682A4D8AF57E73C24A580F5C537D9108DADEDA9D40041815ACBC8212BED0272F8CC3DDBF63CEA938D3249BC569
                    Malicious:false
                    Reputation:low
                    URL:https://resources.mtb.com/images/Dropdown-sprite_slk.png
                    Preview:.PNG........IHDR.............n.Z.....gAMA......a.....pHYs..........#.u...HIDATx^.\msSE..'.S._....3.8.....~@.3...6...Dg|.oR@@....PHZ......I.&i..I9.{M/./I.(e.l..=..{.}.4eW8..J.z.(../..8Y.H.l.a.T.V.E.Dv..d..j.k...5&.tN..Y&.0..l.V".....T....Yy#G.a..n.I5.Y\.b.....I.e.ks...L..P1..b.7.|.\S[.?|.....&...T.S3......J..CM....|.....&Y...h...y....H^}..}...-.l.Y..#7...O{x........k<..Yzu..pt.s.w.MJ....F..8i.dSz.-........^<...~.H..l..Vn....]..N.....1.G.E.c,Y.%....$........j...,Q..T.$.eF.2..E6[..TC...FY<..T.$..f..R..F.YD.a..iR.. 3..B.....L-..T .8.%R.....3.=..S!..f~...A.r......H.. .w#v:..{..s......Ju^D.....|.qY..-..mi.V....2.;....E....SE...nj.S7.N..U..tz..G...|..#}).K.!!....#..}...K.o...:..........h.8!.6...m8.8........N...v...<O......4'zG.m......:].........TxT.@..{*<..V._....\7.r].+...*.,..M&.=....T...h.............V.7x]......V.u}.m.j..fn...F.T."..WI5,..k.....je.T."[y.F.a...-.+.....Yq..5.d..c......_.8..u./.....]^J..~.y...c`..|...".-.....o.`.w.>.>......:.....*.....

                    Chrome Cache Entry: 76

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:PNG image data, 27 x 196, 8-bit/color RGBA, non-interlaced
                    Category:dropped
                    Size (bytes):2214
                    Entropy (8bit):7.8687301423844485
                    Encrypted:false
                    SSDEEP:48:syAikLWsKWdb7aHRPnySA+PTEHRZjhqC10NG3E+ca5TN:sYAJb7aHJntA+mZ9H1+G0+/R
                    MD5:B524494760D944F4085F8DF4EEDA7259
                    SHA1:DECC05C78BA97DA986DEE26BE7318FADCD394A5A
                    SHA-256:06CE076A52C4C19D45BF7DD28EE823E8454E8F371A23BD691970B938847CCF49
                    SHA-512:7D7201BAA449762AD329FCD8F60B1D69EF593D682A4D8AF57E73C24A580F5C537D9108DADEDA9D40041815ACBC8212BED0272F8CC3DDBF63CEA938D3249BC569
                    Malicious:false
                    Reputation:low
                    Preview:.PNG........IHDR.............n.Z.....gAMA......a.....pHYs..........#.u...HIDATx^.\msSE..'.S._....3.8.....~@.3...6...Dg|.oR@@....PHZ......I.&i..I9.{M/./I.(e.l..=..{.}.4eW8..J.z.(../..8Y.H.l.a.T.V.E.Dv..d..j.k...5&.tN..Y&.0..l.V".....T....Yy#G.a..n.I5.Y\.b.....I.e.ks...L..P1..b.7.|.\S[.?|.....&...T.S3......J..CM....|.....&Y...h...y....H^}..}...-.l.Y..#7...O{x........k<..Yzu..pt.s.w.MJ....F..8i.dSz.-........^<...~.H..l..Vn....]..N.....1.G.E.c,Y.%....$........j...,Q..T.$.eF.2..E6[..TC...FY<..T.$..f..R..F.YD.a..iR.. 3..B.....L-..T .8.%R.....3.=..S!..f~...A.r......H.. .w#v:..{..s......Ju^D.....|.qY..-..mi.V....2.;....E....SE...nj.S7.N..U..tz..G...|..#}).K.!!....#..}...K.o...:..........h.8!.6...m8.8........N...v...<O......4'zG.m......:].........TxT.@..{*<..V._....\7.r].+...*.,..M&.=....T...h.............V.7x]......V.u}.m.j..fn...F.T."..WI5,..k.....je.T."[y.F.a...-.+.....Yq..5.d..c......_.8..u./.....]^J..~.y...c`..|...".-.....o.`.w.>.>......:.....*.....

                    Chrome Cache Entry: 77

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:ASCII text, with CRLF line terminators
                    Category:downloaded
                    Size (bytes):32912
                    Entropy (8bit):5.121718477011088
                    Encrypted:false
                    SSDEEP:192:9r8afhQmquyzWswErgKQpFhizxFBqWadKHt/F2N2QV7RfId3J3F1hePV1whSRSfd:9rXpvizxPqWa00aJGqX4l6J6ywU
                    MD5:E4B55E7618D27A27227C82615624E282
                    SHA1:8A18A93CBBCE98253D9E9EB8384E8FBA5D7C5B0B
                    SHA-256:46893D4A48D48C654BB735868E29EA6C54B259EEBEFE67525BAEF3263AFA54BC
                    SHA-512:136BCF90D5AF9EB78533EF1520C0520C7B28D17E6CB9F08FB533EAD41682D3AFF645944980E732B3BB657E4A714C3CDFDC916D2BBD51FA729254F0455AE29B3F
                    Malicious:false
                    Reputation:low
                    URL:http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/Retail.css
                    Preview:.help-small-shadow..{.. background-position: -80px 0px;..}.....jspDrag..{.. background: #509600;..}.....jspDrag:hover..{.. background: #3a8500;..}....h2, .text-success, .module-title1, .title, .step-color, .page-help, .font-success..{.. color: #5e9c02;..}...error-large + .event-level-message..{.. color: #cc3000;..}.....success-large + .event-level-message..{.. color: #5e9c02;..}...gradient-success..{.. background: -webkit-linear-gradient(top, #ffffff, #d5ebab);.. background: -moz-linear-gradient(top,#ffffff, #d5ebab);.. background: -ms-linear-gradient(top, #ffffff, #d5ebab);.. background: -o-linear-gradient(top,#ffffff, #d5ebab);.. -pie-background: linear-gradient(#ffffff 10%, #d5ebab 90%);.. border: 1px solid #afd466;.. color: #5e9c02;..}....fieldset > legend > div..{.. color: #5e9c02;..}.....upper-intro-area > .current-product-date..{.. width: 300px;..}.....current-product-date..{.. visibility: hidden;..}.....module-gradient li:hover..{

                    Chrome Cache Entry: 78

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:PNG image data, 320 x 1024, 8-bit/color RGBA, non-interlaced
                    Category:dropped
                    Size (bytes):36351
                    Entropy (8bit):7.850446874022779
                    Encrypted:false
                    SSDEEP:768:9R8W3Qlyq0z9DSVNtJc+hInx33sgPtuWu9wPG77govZWTrcsv7v:9GKQJ0kFJc+Exn9FuWHPaIT5v7v
                    MD5:FD1D14909F77C734324C5709F87A8D46
                    SHA1:C07F2A1FB945E769D529ED93F809B16F748D7AC5
                    SHA-256:8CF4922DEBA1A04C67E4E38F44162C1891C6DE06CF3712F35EA9823555971CA5
                    SHA-512:631B06EDDD6F019C1ACD1D7103A70643211BB524494C4F8CE87704A50CFCD276F8F1B6C58F78997C7F250DE34670658E277EF47587F49C0F598A1D1CB9FF3796
                    Malicious:false
                    Reputation:low
                    Preview:.PNG........IHDR...@............a....tEXtSoftware.Adobe ImageReadyq.e<....IDATx...|.......@0...r.J.....*..V..Z.x..\...Zk......H..b[.\L,U...[.V..m}...4.T......%7...<.3..fvw6.3.$.}?...........9s.Ea<.......(..........G...ho....Z..f.......777.755.756RsK..:t....U..T..K~$U...=9.`..x.c}....:...[.R.....({x.v....l.....x.........-Bc...V..v...k....|n1..J.(.4../J....}............?....=.n.f...MM.[...Q...!J...-.]Q$Ch}}.S....8p.Z....u.......PL+....K.....:.gZ....}.:...D..4.}m...3.s.#?i....;....yZ..?..i.=Mmt.-.........(..."......g.At.q.i...<xP+....9R-.bo:...z.....]SY.:r....u..M.ix..(..s.G`{-U..V...ZZ.Q..S...s.........jm..}.P.~..u..i.}.g.....(//.Q}.|1...aW.....y._...p.;8_[.c.5.|].}..\.r .h^.9...u.G......G5;.h..}.;P[.U}#.j.I.H-...=..+.:h~....<.S..8....7of...J$...d....K.S........67U..-.l...Kh..F...%....[..g..f.o...k..Z..W.U..G...k.e.qch.........}......Ul~..-....]q...:;.T...y....T.....6l....Z.u.>...D..D..wrD.6../.B..W=[..?9.O\.{O<.D............k......

                    Chrome Cache Entry: 79

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:PNG image data, 300 x 300, 8-bit/color RGB, non-interlaced
                    Category:downloaded
                    Size (bytes):15822
                    Entropy (8bit):7.9575799002181
                    Encrypted:false
                    SSDEEP:384:RCuVI4IrVf3dZRDmmGGjuEQeFmmOg52gbm:RdlOV/hmm3juEQeTK
                    MD5:652A2382A1D4D1159BFFE5DD9C77877D
                    SHA1:84B893FD39255950601DA0C8D65735D28E775892
                    SHA-256:ACFA0CC8B42493333D9032C79E4D91D7BBDD40995A283A3945075DA6FB2F3CFB
                    SHA-512:81D0806D8D2657E623F91824D44DC33F4D5375B96A1768B64C741E5A2CB02D443236F565763C38E651003BF81F4603569F506A5571B95CC05859E1D9D58517FB
                    Malicious:false
                    Reputation:low
                    URL:http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/favicon.ico
                    Preview:.PNG........IHDR...,...,........"....tEXtSoftware.Adobe ImageReadyq.e<...fiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:4CE2F5850C98E41191D88808CA6C83CE" xmpMM:DocumentID="xmp.did:089565F0984011E4B903D8EB7B2BD9E5" xmpMM:InstanceID="xmp.iid:089565EF984011E4B903D8EB7B2BD9E5" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:4CE2F5850C98E41191D88808CA6C83CE" stRef:documentID="xmp.did:4CE2F5850C98E41191D88808CA6C83CE"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.3....9.IDATx..].|...?';$...g ..H..KPP..EQDf..Z[....

                    Chrome Cache Entry: 80

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:ASCII text, with CRLF line terminators
                    Category:downloaded
                    Size (bytes):149211
                    Entropy (8bit):5.08359318432366
                    Encrypted:false
                    SSDEEP:1536:OR+wYskMdYsn0ieYka4hzv+UEgu6vznc9ek:O8iKEek
                    MD5:F2EBA01CB188CB9EE41142988C23F945
                    SHA1:C352D1C515A2AD7974176D1CECD037FB42D6750D
                    SHA-256:2F0EE803E96BC89258A488B089ACC1A1F81AB057670200A5CE4E5ED7218B0CEB
                    SHA-512:4D5574BE0255BDEF2AC5B85B9CA60DC1FF8DEF45AECCFABAFB65D6A7B1B02344572520DFED3FAF4199C086AAEC302B27DF1202CB6CC3B6CFD9473F65A039BCB8
                    Malicious:false
                    Reputation:low
                    URL:http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/1css.css
                    Preview:/* Minification failed. Returning unminified contents...(8398): run-time error CSS1001: Unterminated comment... */..html..{...margin: 0;...padding: 0;...border: 0;...font-size: 100%;...font: inherit;...vertical-align: baseline;..}....a, div, span, input, select, button, body {...font-family: arial !important;..}....body..{...margin: 0;...padding: 0;...border: 0;...font-size: 100%;...font: inherit;...vertical-align: baseline;..}....body..{...line-height: 1;..}....div..{...margin: 0;...padding: 0;...border: 0;...font-size: 100%;...font: inherit;...vertical-align: baseline;..}....span..{...margin: 0;...padding: 0;...border: 0;...font-size: 100%;...font: inherit;...vertical-align: baseline;..}....applet..{...margin: 0;...padding: 0;...border: 0;...font-size: 100%;...font: inherit;...vertical-align: baseline;..}....object..{...margin: 0;...padding: 0;...border: 0;...font-size: 100%;...font: inherit;...vertical-align: baseline;..}....iframe..{...margin: 0;...padding: 0;...border: 0;...font-s

                    Chrome Cache Entry: 81

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:PNG image data, 997 x 320, 8-bit/color RGBA, non-interlaced
                    Category:downloaded
                    Size (bytes):31436
                    Entropy (8bit):7.901778075224938
                    Encrypted:false
                    SSDEEP:768:PJsVZr+Gs/xawkelyuitRv9ClNojaLCjH4VJngUDvlg:C0xawVl/i/lCjocC7wJgUC
                    MD5:C88FE85B3383F97419F3214A3C15FD43
                    SHA1:E41BE6440D6D917FC53132E5FC1ED5FFD50508AB
                    SHA-256:9D4854E5E3A1CBD737FCC46B9E2D0FA2B5A719BBDFA9E3316B749007CFFE1E3E
                    SHA-512:817905F12A263768BDEF6F578C366CBAACC0F33769C51AA82D2B1C5C6D34B451A7C6DA9026F4D22BB47949494201C02C45555467FFCC1A6E0FDE4CE475A005E7
                    Malicious:false
                    Reputation:low
                    URL:https://resources.mtb.com/images/header_footer.png
                    Preview:.PNG........IHDR.......@............pHYs..........+......tIME.....2.k.__....tEXtAuthor....H....tEXtDescription...!#....tEXtCopyright....:....tEXtCreation time.5.......tEXtSoftware.]p.:....tEXtDisclaimer.........tEXtWarning........tEXtSource.........tEXtComment........tEXtTitle....'.. .IDATx...yx...?..7.&aId.dI0,...7...Z.V.[[-V..Vk....Zc.....tym.P..}-.....+h*....a.....w....c...;w....<O.{g....{...s..... """"""....|Lt...;v........:..........H...................H...................H...................H...................H...................H...................H...................H.........$.]......OI,.r.41.[.em....0..#}...C...7..p....9_.uS....}s.!...xz6.X.B...m....9..D.V|......./...;..{S......q.).........3.-....G..t.!...........B..<.?..P>l.p.7..D4..vMi.g..;+W .<r<N.>....EE...e...................0M<..{xe.J.L.....3.EY,.....[.7.AJ.....C1eD....B@J..e?5M..m.1s.K^...|].0.o..=h4n.r&~p.Y........{,.)...5v. """""Ru[(.p..W.~BF(....~"~2.....#NBT..M)%.{.

                    Static File Info

                    No static file info

                    Network Behavior

                    Network Port Distribution

                    TCP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    May 28, 2024 00:38:08.765650034 CEST49675443192.168.2.523.1.237.91
                    May 28, 2024 00:38:08.765650034 CEST49674443192.168.2.523.1.237.91
                    May 28, 2024 00:38:08.859466076 CEST49673443192.168.2.523.1.237.91
                    May 28, 2024 00:38:14.655724049 CEST4970980192.168.2.5163.44.198.51
                    May 28, 2024 00:38:14.655880928 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:14.660706043 CEST8049709163.44.198.51192.168.2.5
                    May 28, 2024 00:38:14.660963058 CEST4970980192.168.2.5163.44.198.51
                    May 28, 2024 00:38:14.661034107 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:14.661091089 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:14.661142111 CEST4970980192.168.2.5163.44.198.51
                    May 28, 2024 00:38:14.666030884 CEST8049709163.44.198.51192.168.2.5
                    May 28, 2024 00:38:15.880914927 CEST8049709163.44.198.51192.168.2.5
                    May 28, 2024 00:38:15.880968094 CEST8049709163.44.198.51192.168.2.5
                    May 28, 2024 00:38:15.881019115 CEST8049709163.44.198.51192.168.2.5
                    May 28, 2024 00:38:15.881052017 CEST8049709163.44.198.51192.168.2.5
                    May 28, 2024 00:38:15.881083012 CEST4970980192.168.2.5163.44.198.51
                    May 28, 2024 00:38:15.881089926 CEST8049709163.44.198.51192.168.2.5
                    May 28, 2024 00:38:15.881125927 CEST8049709163.44.198.51192.168.2.5
                    May 28, 2024 00:38:15.881150007 CEST4970980192.168.2.5163.44.198.51
                    May 28, 2024 00:38:15.881161928 CEST8049709163.44.198.51192.168.2.5
                    May 28, 2024 00:38:15.881195068 CEST8049709163.44.198.51192.168.2.5
                    May 28, 2024 00:38:15.881197929 CEST4970980192.168.2.5163.44.198.51
                    May 28, 2024 00:38:15.881234884 CEST8049709163.44.198.51192.168.2.5
                    May 28, 2024 00:38:15.881249905 CEST8049709163.44.198.51192.168.2.5
                    May 28, 2024 00:38:15.881253958 CEST4970980192.168.2.5163.44.198.51
                    May 28, 2024 00:38:15.881302118 CEST4970980192.168.2.5163.44.198.51
                    May 28, 2024 00:38:15.886215925 CEST8049709163.44.198.51192.168.2.5
                    May 28, 2024 00:38:15.886251926 CEST8049709163.44.198.51192.168.2.5
                    May 28, 2024 00:38:15.886287928 CEST8049709163.44.198.51192.168.2.5
                    May 28, 2024 00:38:15.886312008 CEST4970980192.168.2.5163.44.198.51
                    May 28, 2024 00:38:15.905766010 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:15.906696081 CEST4971380192.168.2.5163.44.198.51
                    May 28, 2024 00:38:15.907318115 CEST4971480192.168.2.5163.44.198.51
                    May 28, 2024 00:38:15.911148071 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:15.911941051 CEST8049713163.44.198.51192.168.2.5
                    May 28, 2024 00:38:15.912040949 CEST4971380192.168.2.5163.44.198.51
                    May 28, 2024 00:38:15.912213087 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:15.912267923 CEST4971480192.168.2.5163.44.198.51
                    May 28, 2024 00:38:15.912305117 CEST4971380192.168.2.5163.44.198.51
                    May 28, 2024 00:38:15.912482977 CEST4971480192.168.2.5163.44.198.51
                    May 28, 2024 00:38:15.917462111 CEST8049713163.44.198.51192.168.2.5
                    May 28, 2024 00:38:15.917644978 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:15.934154987 CEST4970980192.168.2.5163.44.198.51
                    May 28, 2024 00:38:16.251569033 CEST8049709163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.251617908 CEST8049709163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.251630068 CEST8049709163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.251646996 CEST8049709163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.251658916 CEST8049709163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.251672029 CEST8049709163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.251677990 CEST4970980192.168.2.5163.44.198.51
                    May 28, 2024 00:38:16.251683950 CEST8049709163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.251761913 CEST4970980192.168.2.5163.44.198.51
                    May 28, 2024 00:38:16.251761913 CEST4970980192.168.2.5163.44.198.51
                    May 28, 2024 00:38:16.252475977 CEST8049709163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.252516031 CEST8049709163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.252522945 CEST4970980192.168.2.5163.44.198.51
                    May 28, 2024 00:38:16.252527952 CEST8049709163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.252540112 CEST8049709163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.252592087 CEST4970980192.168.2.5163.44.198.51
                    May 28, 2024 00:38:16.413521051 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.413536072 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.413546085 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.413556099 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.413566113 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.413574934 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.413585901 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.413599968 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.413605928 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.413616896 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.413722038 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:16.413722038 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:16.413722038 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:16.418684959 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.418694973 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.418704987 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.418855906 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:16.446131945 CEST4970980192.168.2.5163.44.198.51
                    May 28, 2024 00:38:16.451057911 CEST8049709163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.459731102 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:16.588140011 CEST49716443192.168.2.524.75.29.69
                    May 28, 2024 00:38:16.588202953 CEST4434971624.75.29.69192.168.2.5
                    May 28, 2024 00:38:16.588289022 CEST49716443192.168.2.524.75.29.69
                    May 28, 2024 00:38:16.589298964 CEST49716443192.168.2.524.75.29.69
                    May 28, 2024 00:38:16.589330912 CEST4434971624.75.29.69192.168.2.5
                    May 28, 2024 00:38:16.811477900 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.811517000 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.811527967 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.811561108 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:16.811695099 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.811733961 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.811745882 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.811745882 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:16.811791897 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:16.811795950 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.811804056 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.811873913 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:16.812674999 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.812685966 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.812697887 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.812731981 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:16.812978029 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.812998056 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.813009977 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.813021898 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.813024998 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:16.813055992 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:16.852809906 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:16.867680073 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.867697001 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.867707968 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.867719889 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.867749929 CEST4971480192.168.2.5163.44.198.51
                    May 28, 2024 00:38:16.867790937 CEST4971480192.168.2.5163.44.198.51
                    May 28, 2024 00:38:16.867825985 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.867836952 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.867846966 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.867866993 CEST4971480192.168.2.5163.44.198.51
                    May 28, 2024 00:38:16.867933035 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.867944956 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.867955923 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.867969036 CEST4971480192.168.2.5163.44.198.51
                    May 28, 2024 00:38:16.867993116 CEST4971480192.168.2.5163.44.198.51
                    May 28, 2024 00:38:16.872565031 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.872585058 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.872596979 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.872637033 CEST4971480192.168.2.5163.44.198.51
                    May 28, 2024 00:38:16.877629042 CEST8049713163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.877913952 CEST8049713163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.877926111 CEST8049713163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.877974033 CEST4971380192.168.2.5163.44.198.51
                    May 28, 2024 00:38:16.878185987 CEST8049713163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.878197908 CEST8049713163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.878222942 CEST4971380192.168.2.5163.44.198.51
                    May 28, 2024 00:38:16.878314972 CEST8049713163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.878354073 CEST4971380192.168.2.5163.44.198.51
                    May 28, 2024 00:38:16.878381968 CEST8049713163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.878395081 CEST8049713163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.878406048 CEST8049713163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.878420115 CEST8049713163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.878429890 CEST4971380192.168.2.5163.44.198.51
                    May 28, 2024 00:38:16.878463030 CEST4971380192.168.2.5163.44.198.51
                    May 28, 2024 00:38:16.884908915 CEST8049713163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.884921074 CEST8049713163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.884963036 CEST4971380192.168.2.5163.44.198.51
                    May 28, 2024 00:38:16.932545900 CEST8049709163.44.198.51192.168.2.5
                    May 28, 2024 00:38:16.974500895 CEST4970980192.168.2.5163.44.198.51
                    May 28, 2024 00:38:17.094120026 CEST4434971624.75.29.69192.168.2.5
                    May 28, 2024 00:38:17.094381094 CEST49716443192.168.2.524.75.29.69
                    May 28, 2024 00:38:17.094440937 CEST4434971624.75.29.69192.168.2.5
                    May 28, 2024 00:38:17.096060991 CEST4434971624.75.29.69192.168.2.5
                    May 28, 2024 00:38:17.096136093 CEST49716443192.168.2.524.75.29.69
                    May 28, 2024 00:38:17.118470907 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.118585110 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.118616104 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.118628025 CEST4971480192.168.2.5163.44.198.51
                    May 28, 2024 00:38:17.118654013 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.118689060 CEST4971480192.168.2.5163.44.198.51
                    May 28, 2024 00:38:17.118761063 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.118794918 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.118829966 CEST4971480192.168.2.5163.44.198.51
                    May 28, 2024 00:38:17.118855000 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.119160891 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.119206905 CEST4971480192.168.2.5163.44.198.51
                    May 28, 2024 00:38:17.119210958 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.119244099 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.119277954 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.119288921 CEST4971480192.168.2.5163.44.198.51
                    May 28, 2024 00:38:17.119311094 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.119343996 CEST4971480192.168.2.5163.44.198.51
                    May 28, 2024 00:38:17.120040894 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.120074987 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.120109081 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.120110989 CEST4971480192.168.2.5163.44.198.51
                    May 28, 2024 00:38:17.120142937 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.120177984 CEST4971480192.168.2.5163.44.198.51
                    May 28, 2024 00:38:17.128999949 CEST8049713163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.129035950 CEST8049713163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.129080057 CEST4971380192.168.2.5163.44.198.51
                    May 28, 2024 00:38:17.129085064 CEST8049713163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.130224943 CEST8049713163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.130230904 CEST8049713163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.130238056 CEST8049713163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.130256891 CEST8049713163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.130264044 CEST4971380192.168.2.5163.44.198.51
                    May 28, 2024 00:38:17.130304098 CEST4971380192.168.2.5163.44.198.51
                    May 28, 2024 00:38:17.130563974 CEST8049713163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.130601883 CEST8049713163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.130614042 CEST8049713163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.130620956 CEST4971380192.168.2.5163.44.198.51
                    May 28, 2024 00:38:17.130651951 CEST4971380192.168.2.5163.44.198.51
                    May 28, 2024 00:38:17.130652905 CEST8049713163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.130659103 CEST8049713163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.130700111 CEST4971380192.168.2.5163.44.198.51
                    May 28, 2024 00:38:17.131448984 CEST8049713163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.131483078 CEST8049713163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.131493092 CEST8049713163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.131530046 CEST4971380192.168.2.5163.44.198.51
                    May 28, 2024 00:38:17.188411951 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.188484907 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.188499928 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.188535929 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.188574076 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.188591003 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.188607931 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.188623905 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.188724041 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:17.188724041 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:17.189301968 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.189342976 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.189376116 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.189393997 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.189408064 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:17.189444065 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:17.189857006 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.189897060 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.189934015 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.189945936 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:17.189951897 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.189970016 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.190023899 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:17.190660954 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.190680027 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.190756083 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:17.318377018 CEST49716443192.168.2.524.75.29.69
                    May 28, 2024 00:38:17.318595886 CEST49716443192.168.2.524.75.29.69
                    May 28, 2024 00:38:17.318617105 CEST4434971624.75.29.69192.168.2.5
                    May 28, 2024 00:38:17.318718910 CEST4434971624.75.29.69192.168.2.5
                    May 28, 2024 00:38:17.329349041 CEST49717443192.168.2.5216.58.206.68
                    May 28, 2024 00:38:17.329381943 CEST44349717216.58.206.68192.168.2.5
                    May 28, 2024 00:38:17.330034018 CEST49717443192.168.2.5216.58.206.68
                    May 28, 2024 00:38:17.330034018 CEST49717443192.168.2.5216.58.206.68
                    May 28, 2024 00:38:17.330070972 CEST44349717216.58.206.68192.168.2.5
                    May 28, 2024 00:38:17.367702961 CEST49716443192.168.2.524.75.29.69
                    May 28, 2024 00:38:17.367749929 CEST4434971624.75.29.69192.168.2.5
                    May 28, 2024 00:38:17.369518995 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.369525909 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.369537115 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.369539022 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.369664907 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.369669914 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.369674921 CEST4971480192.168.2.5163.44.198.51
                    May 28, 2024 00:38:17.369707108 CEST4971480192.168.2.5163.44.198.51
                    May 28, 2024 00:38:17.369916916 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.369930983 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.369935989 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.369976997 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.369995117 CEST4971480192.168.2.5163.44.198.51
                    May 28, 2024 00:38:17.370017052 CEST4971480192.168.2.5163.44.198.51
                    May 28, 2024 00:38:17.370498896 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.370503902 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.370589018 CEST4971480192.168.2.5163.44.198.51
                    May 28, 2024 00:38:17.370656967 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.370703936 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.370716095 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.370723009 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.370732069 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.370765924 CEST4971480192.168.2.5163.44.198.51
                    May 28, 2024 00:38:17.371499062 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.371674061 CEST4971480192.168.2.5163.44.198.51
                    May 28, 2024 00:38:17.380690098 CEST8049713163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.380695105 CEST8049713163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.380724907 CEST8049713163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.380783081 CEST4971380192.168.2.5163.44.198.51
                    May 28, 2024 00:38:17.411941051 CEST49716443192.168.2.524.75.29.69
                    May 28, 2024 00:38:17.446863890 CEST4434971624.75.29.69192.168.2.5
                    May 28, 2024 00:38:17.447052956 CEST4434971624.75.29.69192.168.2.5
                    May 28, 2024 00:38:17.447124004 CEST49716443192.168.2.524.75.29.69
                    May 28, 2024 00:38:17.458287001 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.458292961 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.458379984 CEST4971480192.168.2.5163.44.198.51
                    May 28, 2024 00:38:17.469700098 CEST49716443192.168.2.524.75.29.69
                    May 28, 2024 00:38:17.469744921 CEST4434971624.75.29.69192.168.2.5
                    May 28, 2024 00:38:17.559843063 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.559861898 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.559895992 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.559915066 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.559931040 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.559943914 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:17.559947968 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.559964895 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.559983969 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.559983969 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:17.560002089 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.560007095 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:17.560044050 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:17.560471058 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.560511112 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.560528994 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.560559034 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:17.560570002 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.560591936 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.560599089 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:17.560633898 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.560642958 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:17.560652971 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.560699940 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:17.561489105 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.561506987 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.561527014 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.561542988 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.561556101 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:17.561562061 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.561610937 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:17.774276018 CEST49718443192.168.2.524.75.29.69
                    May 28, 2024 00:38:17.774358988 CEST4434971824.75.29.69192.168.2.5
                    May 28, 2024 00:38:17.777230024 CEST49718443192.168.2.524.75.29.69
                    May 28, 2024 00:38:17.777571917 CEST49718443192.168.2.524.75.29.69
                    May 28, 2024 00:38:17.777607918 CEST4434971824.75.29.69192.168.2.5
                    May 28, 2024 00:38:17.785928965 CEST49719443192.168.2.52.19.244.127
                    May 28, 2024 00:38:17.785963058 CEST443497192.19.244.127192.168.2.5
                    May 28, 2024 00:38:17.789244890 CEST49719443192.168.2.52.19.244.127
                    May 28, 2024 00:38:17.793081045 CEST49719443192.168.2.52.19.244.127
                    May 28, 2024 00:38:17.793097019 CEST443497192.19.244.127192.168.2.5
                    May 28, 2024 00:38:17.920603037 CEST4972080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:17.926716089 CEST8049720163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.927028894 CEST4972080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:17.931078911 CEST4972080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:17.935959101 CEST8049720163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.958163977 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.958178043 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.958183050 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.958194017 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.958199978 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.958205938 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.958210945 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.958218098 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.958307028 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:17.958307028 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:17.958544970 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.958550930 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.958555937 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.958565950 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.958570957 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.958575010 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.958580017 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.958585978 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.958626986 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:17.958671093 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:17.959460020 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.959465981 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.959471941 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.959528923 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.959537983 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.959558010 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.959572077 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:17.959595919 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.959598064 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:17.959619999 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:17.959640980 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:17.959749937 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:17.988161087 CEST44349717216.58.206.68192.168.2.5
                    May 28, 2024 00:38:17.989065886 CEST49717443192.168.2.5216.58.206.68
                    May 28, 2024 00:38:17.989095926 CEST44349717216.58.206.68192.168.2.5
                    May 28, 2024 00:38:17.989953995 CEST44349717216.58.206.68192.168.2.5
                    May 28, 2024 00:38:17.990504980 CEST49717443192.168.2.5216.58.206.68
                    May 28, 2024 00:38:17.995199919 CEST49717443192.168.2.5216.58.206.68
                    May 28, 2024 00:38:17.995256901 CEST44349717216.58.206.68192.168.2.5
                    May 28, 2024 00:38:18.038806915 CEST49717443192.168.2.5216.58.206.68
                    May 28, 2024 00:38:18.038815022 CEST44349717216.58.206.68192.168.2.5
                    May 28, 2024 00:38:18.087167978 CEST49717443192.168.2.5216.58.206.68
                    May 28, 2024 00:38:18.278107882 CEST4434971824.75.29.69192.168.2.5
                    May 28, 2024 00:38:18.283097982 CEST49718443192.168.2.524.75.29.69
                    May 28, 2024 00:38:18.283159018 CEST4434971824.75.29.69192.168.2.5
                    May 28, 2024 00:38:18.284198999 CEST4434971824.75.29.69192.168.2.5
                    May 28, 2024 00:38:18.284311056 CEST49718443192.168.2.524.75.29.69
                    May 28, 2024 00:38:18.284698009 CEST49718443192.168.2.524.75.29.69
                    May 28, 2024 00:38:18.284779072 CEST4434971824.75.29.69192.168.2.5
                    May 28, 2024 00:38:18.284862041 CEST49718443192.168.2.524.75.29.69
                    May 28, 2024 00:38:18.326541901 CEST4434971824.75.29.69192.168.2.5
                    May 28, 2024 00:38:18.340439081 CEST49718443192.168.2.524.75.29.69
                    May 28, 2024 00:38:18.340497971 CEST4434971824.75.29.69192.168.2.5
                    May 28, 2024 00:38:18.367600918 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:18.367609978 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:18.367621899 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:18.367702007 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:18.367714882 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:18.367719889 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:18.367724895 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:18.367729902 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:18.367746115 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:18.367746115 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:18.367819071 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:18.368000031 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:18.368011951 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:18.368091106 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:18.368096113 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:18.368096113 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:18.368154049 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:18.368160009 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:18.368174076 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:18.368240118 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:18.368597031 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:18.368607044 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:18.368613958 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:18.368658066 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:18.368662119 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:18.368674040 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:18.368679047 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:18.368700027 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:18.368837118 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:18.368851900 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:18.368968010 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:18.369396925 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:18.369463921 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:18.369468927 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:18.369478941 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:18.369483948 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:18.369530916 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:18.369535923 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:18.369546890 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:18.369564056 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:18.369632959 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:18.370412111 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:18.370440006 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:18.370543957 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:18.372548103 CEST49675443192.168.2.523.1.237.91
                    May 28, 2024 00:38:18.372548103 CEST49674443192.168.2.523.1.237.91
                    May 28, 2024 00:38:18.391256094 CEST49718443192.168.2.524.75.29.69
                    May 28, 2024 00:38:18.410351992 CEST4434971824.75.29.69192.168.2.5
                    May 28, 2024 00:38:18.410507917 CEST4434971824.75.29.69192.168.2.5
                    May 28, 2024 00:38:18.415359974 CEST49718443192.168.2.524.75.29.69
                    May 28, 2024 00:38:18.427229881 CEST49718443192.168.2.524.75.29.69
                    May 28, 2024 00:38:18.427290916 CEST4434971824.75.29.69192.168.2.5
                    May 28, 2024 00:38:18.463099003 CEST49673443192.168.2.523.1.237.91
                    May 28, 2024 00:38:18.485846996 CEST443497192.19.244.127192.168.2.5
                    May 28, 2024 00:38:18.485944986 CEST49719443192.168.2.52.19.244.127
                    May 28, 2024 00:38:18.489809036 CEST49719443192.168.2.52.19.244.127
                    May 28, 2024 00:38:18.489819050 CEST443497192.19.244.127192.168.2.5
                    May 28, 2024 00:38:18.490211964 CEST443497192.19.244.127192.168.2.5
                    May 28, 2024 00:38:18.531841993 CEST49719443192.168.2.52.19.244.127
                    May 28, 2024 00:38:18.578500032 CEST443497192.19.244.127192.168.2.5
                    May 28, 2024 00:38:18.775693893 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:18.775727987 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:18.775774002 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:18.775789022 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:18.775795937 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:18.775801897 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:18.775814056 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:18.775820017 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:18.775851011 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:18.775851965 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:18.775934935 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:18.779146910 CEST443497192.19.244.127192.168.2.5
                    May 28, 2024 00:38:18.779289961 CEST443497192.19.244.127192.168.2.5
                    May 28, 2024 00:38:18.779416084 CEST49719443192.168.2.52.19.244.127
                    May 28, 2024 00:38:18.821801901 CEST49719443192.168.2.52.19.244.127
                    May 28, 2024 00:38:18.821835995 CEST443497192.19.244.127192.168.2.5
                    May 28, 2024 00:38:18.821847916 CEST49719443192.168.2.52.19.244.127
                    May 28, 2024 00:38:18.821856022 CEST443497192.19.244.127192.168.2.5
                    May 28, 2024 00:38:18.883420944 CEST8049720163.44.198.51192.168.2.5
                    May 28, 2024 00:38:18.927303076 CEST4972080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:18.982559919 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:18.987487078 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:19.035659075 CEST49721443192.168.2.52.19.244.127
                    May 28, 2024 00:38:19.035680056 CEST443497212.19.244.127192.168.2.5
                    May 28, 2024 00:38:19.035742044 CEST49721443192.168.2.52.19.244.127
                    May 28, 2024 00:38:19.046515942 CEST49721443192.168.2.52.19.244.127
                    May 28, 2024 00:38:19.046529055 CEST443497212.19.244.127192.168.2.5
                    May 28, 2024 00:38:19.153878927 CEST49722443192.168.2.524.75.29.77
                    May 28, 2024 00:38:19.153963089 CEST4434972224.75.29.77192.168.2.5
                    May 28, 2024 00:38:19.154000044 CEST49723443192.168.2.524.75.29.77
                    May 28, 2024 00:38:19.154020071 CEST4434972324.75.29.77192.168.2.5
                    May 28, 2024 00:38:19.154046059 CEST49722443192.168.2.524.75.29.77
                    May 28, 2024 00:38:19.154129982 CEST49723443192.168.2.524.75.29.77
                    May 28, 2024 00:38:19.154298067 CEST49724443192.168.2.524.75.29.77
                    May 28, 2024 00:38:19.154366016 CEST4434972424.75.29.77192.168.2.5
                    May 28, 2024 00:38:19.154524088 CEST49724443192.168.2.524.75.29.77
                    May 28, 2024 00:38:19.163157940 CEST49724443192.168.2.524.75.29.77
                    May 28, 2024 00:38:19.163197041 CEST4434972424.75.29.77192.168.2.5
                    May 28, 2024 00:38:19.163331985 CEST49723443192.168.2.524.75.29.77
                    May 28, 2024 00:38:19.163371086 CEST4434972324.75.29.77192.168.2.5
                    May 28, 2024 00:38:19.163465023 CEST49722443192.168.2.524.75.29.77
                    May 28, 2024 00:38:19.163490057 CEST4434972224.75.29.77192.168.2.5
                    May 28, 2024 00:38:19.500720024 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:19.500730991 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:19.500745058 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:19.500767946 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:19.500781059 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:19.500833988 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:19.500838995 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:19.500850916 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:19.500858068 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:19.500941038 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:19.500941038 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:19.500941038 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:19.501265049 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:19.501271009 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:19.501282930 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:19.501321077 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:19.501327038 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:19.501333952 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:19.501342058 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:19.501374960 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:19.552227020 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:19.569497108 CEST4972080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:19.574325085 CEST8049720163.44.198.51192.168.2.5
                    May 28, 2024 00:38:19.667063951 CEST4434972424.75.29.77192.168.2.5
                    May 28, 2024 00:38:19.668442011 CEST4434972324.75.29.77192.168.2.5
                    May 28, 2024 00:38:19.672979116 CEST49724443192.168.2.524.75.29.77
                    May 28, 2024 00:38:19.673021078 CEST4434972424.75.29.77192.168.2.5
                    May 28, 2024 00:38:19.673252106 CEST49723443192.168.2.524.75.29.77
                    May 28, 2024 00:38:19.673285007 CEST4434972324.75.29.77192.168.2.5
                    May 28, 2024 00:38:19.674587011 CEST4434972424.75.29.77192.168.2.5
                    May 28, 2024 00:38:19.674664021 CEST49724443192.168.2.524.75.29.77
                    May 28, 2024 00:38:19.674844980 CEST4434972324.75.29.77192.168.2.5
                    May 28, 2024 00:38:19.674912930 CEST49723443192.168.2.524.75.29.77
                    May 28, 2024 00:38:19.675698042 CEST4434972224.75.29.77192.168.2.5
                    May 28, 2024 00:38:19.681441069 CEST49724443192.168.2.524.75.29.77
                    May 28, 2024 00:38:19.681637049 CEST4434972424.75.29.77192.168.2.5
                    May 28, 2024 00:38:19.681859970 CEST49722443192.168.2.524.75.29.77
                    May 28, 2024 00:38:19.681879044 CEST4434972224.75.29.77192.168.2.5
                    May 28, 2024 00:38:19.682307005 CEST49723443192.168.2.524.75.29.77
                    May 28, 2024 00:38:19.682523966 CEST4434972324.75.29.77192.168.2.5
                    May 28, 2024 00:38:19.682813883 CEST49724443192.168.2.524.75.29.77
                    May 28, 2024 00:38:19.682831049 CEST4434972424.75.29.77192.168.2.5
                    May 28, 2024 00:38:19.682949066 CEST49723443192.168.2.524.75.29.77
                    May 28, 2024 00:38:19.682966948 CEST4434972324.75.29.77192.168.2.5
                    May 28, 2024 00:38:19.683465958 CEST4434972224.75.29.77192.168.2.5
                    May 28, 2024 00:38:19.683547974 CEST49722443192.168.2.524.75.29.77
                    May 28, 2024 00:38:19.685092926 CEST49722443192.168.2.524.75.29.77
                    May 28, 2024 00:38:19.685184002 CEST4434972224.75.29.77192.168.2.5
                    May 28, 2024 00:38:19.685276031 CEST49722443192.168.2.524.75.29.77
                    May 28, 2024 00:38:19.685288906 CEST4434972224.75.29.77192.168.2.5
                    May 28, 2024 00:38:19.703423023 CEST443497212.19.244.127192.168.2.5
                    May 28, 2024 00:38:19.703521967 CEST49721443192.168.2.52.19.244.127
                    May 28, 2024 00:38:19.705151081 CEST49721443192.168.2.52.19.244.127
                    May 28, 2024 00:38:19.705159903 CEST443497212.19.244.127192.168.2.5
                    May 28, 2024 00:38:19.705394030 CEST443497212.19.244.127192.168.2.5
                    May 28, 2024 00:38:19.707565069 CEST49721443192.168.2.52.19.244.127
                    May 28, 2024 00:38:19.724034071 CEST49724443192.168.2.524.75.29.77
                    May 28, 2024 00:38:19.724119902 CEST49723443192.168.2.524.75.29.77
                    May 28, 2024 00:38:19.735527039 CEST49722443192.168.2.524.75.29.77
                    May 28, 2024 00:38:19.754496098 CEST443497212.19.244.127192.168.2.5
                    May 28, 2024 00:38:19.807081938 CEST4434972224.75.29.77192.168.2.5
                    May 28, 2024 00:38:19.807140112 CEST4434972224.75.29.77192.168.2.5
                    May 28, 2024 00:38:19.807307959 CEST4434972224.75.29.77192.168.2.5
                    May 28, 2024 00:38:19.807377100 CEST49722443192.168.2.524.75.29.77
                    May 28, 2024 00:38:19.810209036 CEST4434972424.75.29.77192.168.2.5
                    May 28, 2024 00:38:19.810244083 CEST4434972424.75.29.77192.168.2.5
                    May 28, 2024 00:38:19.810266018 CEST4434972424.75.29.77192.168.2.5
                    May 28, 2024 00:38:19.810302973 CEST4434972424.75.29.77192.168.2.5
                    May 28, 2024 00:38:19.810303926 CEST49724443192.168.2.524.75.29.77
                    May 28, 2024 00:38:19.810340881 CEST4434972424.75.29.77192.168.2.5
                    May 28, 2024 00:38:19.810343027 CEST49724443192.168.2.524.75.29.77
                    May 28, 2024 00:38:19.810355902 CEST4434972424.75.29.77192.168.2.5
                    May 28, 2024 00:38:19.810376883 CEST49724443192.168.2.524.75.29.77
                    May 28, 2024 00:38:19.810420036 CEST49724443192.168.2.524.75.29.77
                    May 28, 2024 00:38:19.814255953 CEST49722443192.168.2.524.75.29.77
                    May 28, 2024 00:38:19.814289093 CEST4434972224.75.29.77192.168.2.5
                    May 28, 2024 00:38:19.818348885 CEST4434972324.75.29.77192.168.2.5
                    May 28, 2024 00:38:19.818411112 CEST4434972324.75.29.77192.168.2.5
                    May 28, 2024 00:38:19.818432093 CEST4434972324.75.29.77192.168.2.5
                    May 28, 2024 00:38:19.818473101 CEST4434972324.75.29.77192.168.2.5
                    May 28, 2024 00:38:19.818476915 CEST49723443192.168.2.524.75.29.77
                    May 28, 2024 00:38:19.818520069 CEST4434972324.75.29.77192.168.2.5
                    May 28, 2024 00:38:19.818527937 CEST49723443192.168.2.524.75.29.77
                    May 28, 2024 00:38:19.818527937 CEST49723443192.168.2.524.75.29.77
                    May 28, 2024 00:38:19.818537951 CEST4434972324.75.29.77192.168.2.5
                    May 28, 2024 00:38:19.818593025 CEST49723443192.168.2.524.75.29.77
                    May 28, 2024 00:38:19.818640947 CEST4434972324.75.29.77192.168.2.5
                    May 28, 2024 00:38:19.833991051 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:19.834676981 CEST4971480192.168.2.5163.44.198.51
                    May 28, 2024 00:38:19.840090036 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:19.840838909 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:19.872726917 CEST49723443192.168.2.524.75.29.77
                    May 28, 2024 00:38:19.894340992 CEST4434972324.75.29.77192.168.2.5
                    May 28, 2024 00:38:19.894376040 CEST4434972324.75.29.77192.168.2.5
                    May 28, 2024 00:38:19.894471884 CEST49723443192.168.2.524.75.29.77
                    May 28, 2024 00:38:19.894551992 CEST49723443192.168.2.524.75.29.77
                    May 28, 2024 00:38:19.894746065 CEST4434972324.75.29.77192.168.2.5
                    May 28, 2024 00:38:19.894828081 CEST49723443192.168.2.524.75.29.77
                    May 28, 2024 00:38:19.895456076 CEST4434972324.75.29.77192.168.2.5
                    May 28, 2024 00:38:19.895489931 CEST4434972324.75.29.77192.168.2.5
                    May 28, 2024 00:38:19.895530939 CEST49723443192.168.2.524.75.29.77
                    May 28, 2024 00:38:19.896198988 CEST4434972324.75.29.77192.168.2.5
                    May 28, 2024 00:38:19.896275997 CEST49723443192.168.2.524.75.29.77
                    May 28, 2024 00:38:19.897283077 CEST4434972424.75.29.77192.168.2.5
                    May 28, 2024 00:38:19.897366047 CEST49724443192.168.2.524.75.29.77
                    May 28, 2024 00:38:19.897974968 CEST4434972424.75.29.77192.168.2.5
                    May 28, 2024 00:38:19.898056030 CEST4434972424.75.29.77192.168.2.5
                    May 28, 2024 00:38:19.898072004 CEST49724443192.168.2.524.75.29.77
                    May 28, 2024 00:38:19.898092031 CEST4434972424.75.29.77192.168.2.5
                    May 28, 2024 00:38:19.898334980 CEST49724443192.168.2.524.75.29.77
                    May 28, 2024 00:38:19.898715019 CEST4434972424.75.29.77192.168.2.5
                    May 28, 2024 00:38:19.898852110 CEST4434972424.75.29.77192.168.2.5
                    May 28, 2024 00:38:19.898935080 CEST49724443192.168.2.524.75.29.77
                    May 28, 2024 00:38:19.917623997 CEST8049720163.44.198.51192.168.2.5
                    May 28, 2024 00:38:19.917685986 CEST8049720163.44.198.51192.168.2.5
                    May 28, 2024 00:38:19.917691946 CEST8049720163.44.198.51192.168.2.5
                    May 28, 2024 00:38:19.917743921 CEST4972080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:19.917773008 CEST8049720163.44.198.51192.168.2.5
                    May 28, 2024 00:38:19.917788029 CEST8049720163.44.198.51192.168.2.5
                    May 28, 2024 00:38:19.917798996 CEST8049720163.44.198.51192.168.2.5
                    May 28, 2024 00:38:19.917839050 CEST8049720163.44.198.51192.168.2.5
                    May 28, 2024 00:38:19.917843103 CEST4972080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:19.917844057 CEST8049720163.44.198.51192.168.2.5
                    May 28, 2024 00:38:19.917887926 CEST4972080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:19.917905092 CEST8049720163.44.198.51192.168.2.5
                    May 28, 2024 00:38:19.917911053 CEST8049720163.44.198.51192.168.2.5
                    May 28, 2024 00:38:19.917922974 CEST8049720163.44.198.51192.168.2.5
                    May 28, 2024 00:38:19.917949915 CEST4972080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:19.922672987 CEST8049720163.44.198.51192.168.2.5
                    May 28, 2024 00:38:19.922678947 CEST8049720163.44.198.51192.168.2.5
                    May 28, 2024 00:38:19.922694921 CEST8049720163.44.198.51192.168.2.5
                    May 28, 2024 00:38:19.922729969 CEST4972080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:19.922760963 CEST4972080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:19.978281975 CEST443497212.19.244.127192.168.2.5
                    May 28, 2024 00:38:19.978362083 CEST443497212.19.244.127192.168.2.5
                    May 28, 2024 00:38:19.978599072 CEST49721443192.168.2.52.19.244.127
                    May 28, 2024 00:38:19.979413033 CEST49721443192.168.2.52.19.244.127
                    May 28, 2024 00:38:19.979424953 CEST443497212.19.244.127192.168.2.5
                    May 28, 2024 00:38:20.121598005 CEST4434970323.1.237.91192.168.2.5
                    May 28, 2024 00:38:20.121721029 CEST49703443192.168.2.523.1.237.91
                    May 28, 2024 00:38:20.170523882 CEST8049720163.44.198.51192.168.2.5
                    May 28, 2024 00:38:20.170536041 CEST8049720163.44.198.51192.168.2.5
                    May 28, 2024 00:38:20.170595884 CEST4972080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:20.182054043 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:20.224636078 CEST4971480192.168.2.5163.44.198.51
                    May 28, 2024 00:38:20.331057072 CEST49723443192.168.2.524.75.29.77
                    May 28, 2024 00:38:20.331057072 CEST49723443192.168.2.524.75.29.77
                    May 28, 2024 00:38:20.331090927 CEST4434972324.75.29.77192.168.2.5
                    May 28, 2024 00:38:20.331121922 CEST49724443192.168.2.524.75.29.77
                    May 28, 2024 00:38:20.331123114 CEST49724443192.168.2.524.75.29.77
                    May 28, 2024 00:38:20.331140041 CEST49723443192.168.2.524.75.29.77
                    May 28, 2024 00:38:20.331160069 CEST4434972424.75.29.77192.168.2.5
                    May 28, 2024 00:38:20.331202984 CEST49724443192.168.2.524.75.29.77
                    May 28, 2024 00:38:20.331587076 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:20.339306116 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:20.342879057 CEST4971480192.168.2.5163.44.198.51
                    May 28, 2024 00:38:20.345612049 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:20.349217892 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:20.497558117 CEST49728443192.168.2.5192.216.61.78
                    May 28, 2024 00:38:20.497637987 CEST44349728192.216.61.78192.168.2.5
                    May 28, 2024 00:38:20.497658014 CEST49729443192.168.2.5192.216.61.78
                    May 28, 2024 00:38:20.497675896 CEST44349729192.216.61.78192.168.2.5
                    May 28, 2024 00:38:20.497728109 CEST49728443192.168.2.5192.216.61.78
                    May 28, 2024 00:38:20.497786045 CEST49729443192.168.2.5192.216.61.78
                    May 28, 2024 00:38:20.497941971 CEST49730443192.168.2.5192.216.61.78
                    May 28, 2024 00:38:20.497961044 CEST44349730192.216.61.78192.168.2.5
                    May 28, 2024 00:38:20.498025894 CEST49730443192.168.2.5192.216.61.78
                    May 28, 2024 00:38:20.498291969 CEST49730443192.168.2.5192.216.61.78
                    May 28, 2024 00:38:20.498327971 CEST44349730192.216.61.78192.168.2.5
                    May 28, 2024 00:38:20.498476982 CEST49729443192.168.2.5192.216.61.78
                    May 28, 2024 00:38:20.498511076 CEST44349729192.216.61.78192.168.2.5
                    May 28, 2024 00:38:20.498641968 CEST49728443192.168.2.5192.216.61.78
                    May 28, 2024 00:38:20.498667002 CEST44349728192.216.61.78192.168.2.5
                    May 28, 2024 00:38:20.696490049 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:20.740186930 CEST4971480192.168.2.5163.44.198.51
                    May 28, 2024 00:38:20.836572886 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:20.882704020 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:21.019325972 CEST44349729192.216.61.78192.168.2.5
                    May 28, 2024 00:38:21.019620895 CEST49729443192.168.2.5192.216.61.78
                    May 28, 2024 00:38:21.019696951 CEST44349729192.216.61.78192.168.2.5
                    May 28, 2024 00:38:21.021261930 CEST44349729192.216.61.78192.168.2.5
                    May 28, 2024 00:38:21.021346092 CEST49729443192.168.2.5192.216.61.78
                    May 28, 2024 00:38:21.022164106 CEST49729443192.168.2.5192.216.61.78
                    May 28, 2024 00:38:21.022229910 CEST44349728192.216.61.78192.168.2.5
                    May 28, 2024 00:38:21.022255898 CEST44349729192.216.61.78192.168.2.5
                    May 28, 2024 00:38:21.022438049 CEST49729443192.168.2.5192.216.61.78
                    May 28, 2024 00:38:21.022531033 CEST44349729192.216.61.78192.168.2.5
                    May 28, 2024 00:38:21.022595882 CEST49728443192.168.2.5192.216.61.78
                    May 28, 2024 00:38:21.022615910 CEST44349728192.216.61.78192.168.2.5
                    May 28, 2024 00:38:21.024210930 CEST44349728192.216.61.78192.168.2.5
                    May 28, 2024 00:38:21.024290085 CEST49728443192.168.2.5192.216.61.78
                    May 28, 2024 00:38:21.024589062 CEST49728443192.168.2.5192.216.61.78
                    May 28, 2024 00:38:21.024697065 CEST44349728192.216.61.78192.168.2.5
                    May 28, 2024 00:38:21.024770975 CEST49728443192.168.2.5192.216.61.78
                    May 28, 2024 00:38:21.024786949 CEST44349728192.216.61.78192.168.2.5
                    May 28, 2024 00:38:21.026560068 CEST44349730192.216.61.78192.168.2.5
                    May 28, 2024 00:38:21.026802063 CEST49730443192.168.2.5192.216.61.78
                    May 28, 2024 00:38:21.026820898 CEST44349730192.216.61.78192.168.2.5
                    May 28, 2024 00:38:21.030345917 CEST44349730192.216.61.78192.168.2.5
                    May 28, 2024 00:38:21.030426025 CEST49730443192.168.2.5192.216.61.78
                    May 28, 2024 00:38:21.030761957 CEST49730443192.168.2.5192.216.61.78
                    May 28, 2024 00:38:21.030848026 CEST44349730192.216.61.78192.168.2.5
                    May 28, 2024 00:38:21.030905962 CEST49730443192.168.2.5192.216.61.78
                    May 28, 2024 00:38:21.068213940 CEST49729443192.168.2.5192.216.61.78
                    May 28, 2024 00:38:21.068213940 CEST49728443192.168.2.5192.216.61.78
                    May 28, 2024 00:38:21.078489065 CEST44349730192.216.61.78192.168.2.5
                    May 28, 2024 00:38:21.083831072 CEST49730443192.168.2.5192.216.61.78
                    May 28, 2024 00:38:21.083848000 CEST44349730192.216.61.78192.168.2.5
                    May 28, 2024 00:38:21.130701065 CEST49730443192.168.2.5192.216.61.78
                    May 28, 2024 00:38:21.160904884 CEST44349729192.216.61.78192.168.2.5
                    May 28, 2024 00:38:21.160932064 CEST44349729192.216.61.78192.168.2.5
                    May 28, 2024 00:38:21.161046982 CEST49729443192.168.2.5192.216.61.78
                    May 28, 2024 00:38:21.161075115 CEST44349729192.216.61.78192.168.2.5
                    May 28, 2024 00:38:21.161123037 CEST44349729192.216.61.78192.168.2.5
                    May 28, 2024 00:38:21.161211967 CEST49729443192.168.2.5192.216.61.78
                    May 28, 2024 00:38:21.163357973 CEST44349730192.216.61.78192.168.2.5
                    May 28, 2024 00:38:21.163434982 CEST44349730192.216.61.78192.168.2.5
                    May 28, 2024 00:38:21.163456917 CEST44349730192.216.61.78192.168.2.5
                    May 28, 2024 00:38:21.163511992 CEST49730443192.168.2.5192.216.61.78
                    May 28, 2024 00:38:21.163528919 CEST44349730192.216.61.78192.168.2.5
                    May 28, 2024 00:38:21.163558006 CEST49730443192.168.2.5192.216.61.78
                    May 28, 2024 00:38:21.163939953 CEST49730443192.168.2.5192.216.61.78
                    May 28, 2024 00:38:21.164333105 CEST44349730192.216.61.78192.168.2.5
                    May 28, 2024 00:38:21.164352894 CEST44349730192.216.61.78192.168.2.5
                    May 28, 2024 00:38:21.164391994 CEST44349730192.216.61.78192.168.2.5
                    May 28, 2024 00:38:21.164406061 CEST49730443192.168.2.5192.216.61.78
                    May 28, 2024 00:38:21.164439917 CEST49730443192.168.2.5192.216.61.78
                    May 28, 2024 00:38:21.166189909 CEST49729443192.168.2.5192.216.61.78
                    May 28, 2024 00:38:21.166223049 CEST44349729192.216.61.78192.168.2.5
                    May 28, 2024 00:38:21.169452906 CEST44349728192.216.61.78192.168.2.5
                    May 28, 2024 00:38:21.169471025 CEST44349728192.216.61.78192.168.2.5
                    May 28, 2024 00:38:21.169501066 CEST44349728192.216.61.78192.168.2.5
                    May 28, 2024 00:38:21.169529915 CEST49728443192.168.2.5192.216.61.78
                    May 28, 2024 00:38:21.169548035 CEST44349728192.216.61.78192.168.2.5
                    May 28, 2024 00:38:21.169615030 CEST49728443192.168.2.5192.216.61.78
                    May 28, 2024 00:38:21.170819044 CEST44349728192.216.61.78192.168.2.5
                    May 28, 2024 00:38:21.170829058 CEST44349728192.216.61.78192.168.2.5
                    May 28, 2024 00:38:21.170881987 CEST49728443192.168.2.5192.216.61.78
                    May 28, 2024 00:38:21.208838940 CEST49730443192.168.2.5192.216.61.78
                    May 28, 2024 00:38:21.265520096 CEST44349730192.216.61.78192.168.2.5
                    May 28, 2024 00:38:21.265556097 CEST44349730192.216.61.78192.168.2.5
                    May 28, 2024 00:38:21.265574932 CEST44349730192.216.61.78192.168.2.5
                    May 28, 2024 00:38:21.265597105 CEST49730443192.168.2.5192.216.61.78
                    May 28, 2024 00:38:21.265631914 CEST44349728192.216.61.78192.168.2.5
                    May 28, 2024 00:38:21.265640974 CEST49730443192.168.2.5192.216.61.78
                    May 28, 2024 00:38:21.265701056 CEST49728443192.168.2.5192.216.61.78
                    May 28, 2024 00:38:21.266083956 CEST44349728192.216.61.78192.168.2.5
                    May 28, 2024 00:38:21.266113997 CEST44349730192.216.61.78192.168.2.5
                    May 28, 2024 00:38:21.266135931 CEST44349730192.216.61.78192.168.2.5
                    May 28, 2024 00:38:21.266154051 CEST44349730192.216.61.78192.168.2.5
                    May 28, 2024 00:38:21.266155958 CEST49728443192.168.2.5192.216.61.78
                    May 28, 2024 00:38:21.266192913 CEST44349730192.216.61.78192.168.2.5
                    May 28, 2024 00:38:21.266199112 CEST49730443192.168.2.5192.216.61.78
                    May 28, 2024 00:38:21.266199112 CEST49730443192.168.2.5192.216.61.78
                    May 28, 2024 00:38:21.266225100 CEST44349730192.216.61.78192.168.2.5
                    May 28, 2024 00:38:21.266273022 CEST49730443192.168.2.5192.216.61.78
                    May 28, 2024 00:38:21.266700029 CEST44349730192.216.61.78192.168.2.5
                    May 28, 2024 00:38:21.266824007 CEST44349730192.216.61.78192.168.2.5
                    May 28, 2024 00:38:21.266825914 CEST49730443192.168.2.5192.216.61.78
                    May 28, 2024 00:38:21.266877890 CEST49730443192.168.2.5192.216.61.78
                    May 28, 2024 00:38:21.267137051 CEST49730443192.168.2.5192.216.61.78
                    May 28, 2024 00:38:21.267153025 CEST44349730192.216.61.78192.168.2.5
                    May 28, 2024 00:38:21.267170906 CEST44349728192.216.61.78192.168.2.5
                    May 28, 2024 00:38:21.267179012 CEST49730443192.168.2.5192.216.61.78
                    May 28, 2024 00:38:21.267180920 CEST44349728192.216.61.78192.168.2.5
                    May 28, 2024 00:38:21.267266035 CEST49730443192.168.2.5192.216.61.78
                    May 28, 2024 00:38:21.267273903 CEST44349728192.216.61.78192.168.2.5
                    May 28, 2024 00:38:21.267318964 CEST49728443192.168.2.5192.216.61.78
                    May 28, 2024 00:38:21.267343044 CEST49728443192.168.2.5192.216.61.78
                    May 28, 2024 00:38:21.268162012 CEST49728443192.168.2.5192.216.61.78
                    May 28, 2024 00:38:21.268173933 CEST44349728192.216.61.78192.168.2.5
                    May 28, 2024 00:38:21.933106899 CEST8049709163.44.198.51192.168.2.5
                    May 28, 2024 00:38:21.933352947 CEST4970980192.168.2.5163.44.198.51
                    May 28, 2024 00:38:22.130454063 CEST8049713163.44.198.51192.168.2.5
                    May 28, 2024 00:38:22.130525112 CEST4971380192.168.2.5163.44.198.51
                    May 28, 2024 00:38:23.148690939 CEST4970980192.168.2.5163.44.198.51
                    May 28, 2024 00:38:23.148742914 CEST4971380192.168.2.5163.44.198.51
                    May 28, 2024 00:38:23.156269073 CEST8049709163.44.198.51192.168.2.5
                    May 28, 2024 00:38:23.156372070 CEST8049713163.44.198.51192.168.2.5
                    May 28, 2024 00:38:24.917979956 CEST8049720163.44.198.51192.168.2.5
                    May 28, 2024 00:38:24.918076992 CEST4972080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:25.436290026 CEST4972080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:25.441344023 CEST8049720163.44.198.51192.168.2.5
                    May 28, 2024 00:38:25.690330982 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:25.690382957 CEST4971480192.168.2.5163.44.198.51
                    May 28, 2024 00:38:25.840333939 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:25.840405941 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:27.158313990 CEST4971480192.168.2.5163.44.198.51
                    May 28, 2024 00:38:27.158699036 CEST4971080192.168.2.5163.44.198.51
                    May 28, 2024 00:38:27.163373947 CEST8049714163.44.198.51192.168.2.5
                    May 28, 2024 00:38:27.163525105 CEST8049710163.44.198.51192.168.2.5
                    May 28, 2024 00:38:27.890362024 CEST44349717216.58.206.68192.168.2.5
                    May 28, 2024 00:38:27.890415907 CEST44349717216.58.206.68192.168.2.5
                    May 28, 2024 00:38:27.890460968 CEST49717443192.168.2.5216.58.206.68
                    May 28, 2024 00:38:29.148773909 CEST49717443192.168.2.5216.58.206.68
                    May 28, 2024 00:38:29.148801088 CEST44349717216.58.206.68192.168.2.5
                    May 28, 2024 00:38:31.107229948 CEST49703443192.168.2.523.1.237.91
                    May 28, 2024 00:38:31.107429981 CEST49703443192.168.2.523.1.237.91
                    May 28, 2024 00:38:31.107728958 CEST49737443192.168.2.523.1.237.91
                    May 28, 2024 00:38:31.107769966 CEST4434973723.1.237.91192.168.2.5
                    May 28, 2024 00:38:31.107845068 CEST49737443192.168.2.523.1.237.91
                    May 28, 2024 00:38:31.108061075 CEST49737443192.168.2.523.1.237.91
                    May 28, 2024 00:38:31.108078957 CEST4434973723.1.237.91192.168.2.5
                    May 28, 2024 00:38:31.117587090 CEST4434970323.1.237.91192.168.2.5
                    May 28, 2024 00:38:31.117599964 CEST4434970323.1.237.91192.168.2.5
                    May 28, 2024 00:38:31.726902008 CEST4434973723.1.237.91192.168.2.5
                    May 28, 2024 00:38:31.727026939 CEST49737443192.168.2.523.1.237.91
                    May 28, 2024 00:38:50.877032042 CEST4434973723.1.237.91192.168.2.5
                    May 28, 2024 00:38:50.877197981 CEST49737443192.168.2.523.1.237.91
                    May 28, 2024 00:39:17.466339111 CEST49741443192.168.2.5216.58.206.68
                    May 28, 2024 00:39:17.466386080 CEST44349741216.58.206.68192.168.2.5
                    May 28, 2024 00:39:17.466497898 CEST49741443192.168.2.5216.58.206.68
                    May 28, 2024 00:39:17.466780901 CEST49741443192.168.2.5216.58.206.68
                    May 28, 2024 00:39:17.466798067 CEST44349741216.58.206.68192.168.2.5
                    May 28, 2024 00:39:18.127197027 CEST44349741216.58.206.68192.168.2.5
                    May 28, 2024 00:39:18.127886057 CEST49741443192.168.2.5216.58.206.68
                    May 28, 2024 00:39:18.127916098 CEST44349741216.58.206.68192.168.2.5
                    May 28, 2024 00:39:18.128771067 CEST44349741216.58.206.68192.168.2.5
                    May 28, 2024 00:39:18.129605055 CEST49741443192.168.2.5216.58.206.68
                    May 28, 2024 00:39:18.129961014 CEST44349741216.58.206.68192.168.2.5
                    May 28, 2024 00:39:18.177814007 CEST49741443192.168.2.5216.58.206.68
                    May 28, 2024 00:39:28.050090075 CEST44349741216.58.206.68192.168.2.5
                    May 28, 2024 00:39:28.050158978 CEST44349741216.58.206.68192.168.2.5
                    May 28, 2024 00:39:28.050349951 CEST49741443192.168.2.5216.58.206.68
                    May 28, 2024 00:39:29.147464991 CEST49741443192.168.2.5216.58.206.68
                    May 28, 2024 00:39:29.147545099 CEST44349741216.58.206.68192.168.2.5

                    UDP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    May 28, 2024 00:38:12.939757109 CEST53498741.1.1.1192.168.2.5
                    May 28, 2024 00:38:12.948647976 CEST53617151.1.1.1192.168.2.5
                    May 28, 2024 00:38:14.041508913 CEST53629841.1.1.1192.168.2.5
                    May 28, 2024 00:38:14.639764071 CEST5400953192.168.2.51.1.1.1
                    May 28, 2024 00:38:14.639914989 CEST5723753192.168.2.51.1.1.1
                    May 28, 2024 00:38:14.647619009 CEST53540091.1.1.1192.168.2.5
                    May 28, 2024 00:38:14.929836035 CEST53572371.1.1.1192.168.2.5
                    May 28, 2024 00:38:16.440701008 CEST5886953192.168.2.51.1.1.1
                    May 28, 2024 00:38:16.441345930 CEST6544553192.168.2.51.1.1.1
                    May 28, 2024 00:38:16.450742006 CEST53572291.1.1.1192.168.2.5
                    May 28, 2024 00:38:16.556323051 CEST53588691.1.1.1192.168.2.5
                    May 28, 2024 00:38:17.320049047 CEST5435753192.168.2.51.1.1.1
                    May 28, 2024 00:38:17.320190907 CEST5150853192.168.2.51.1.1.1
                    May 28, 2024 00:38:17.327137947 CEST53515081.1.1.1192.168.2.5
                    May 28, 2024 00:38:17.327538013 CEST53543571.1.1.1192.168.2.5
                    May 28, 2024 00:38:17.627069950 CEST6483053192.168.2.51.1.1.1
                    May 28, 2024 00:38:17.627069950 CEST6331553192.168.2.51.1.1.1
                    May 28, 2024 00:38:17.629091978 CEST5860653192.168.2.51.1.1.1
                    May 28, 2024 00:38:17.629415989 CEST5186153192.168.2.51.1.1.1
                    May 28, 2024 00:38:17.739315987 CEST53586061.1.1.1192.168.2.5
                    May 28, 2024 00:38:17.906591892 CEST53633151.1.1.1192.168.2.5
                    May 28, 2024 00:38:17.919851065 CEST53648301.1.1.1192.168.2.5
                    May 28, 2024 00:38:18.976763010 CEST5329253192.168.2.51.1.1.1
                    May 28, 2024 00:38:18.977086067 CEST5610053192.168.2.51.1.1.1
                    May 28, 2024 00:38:19.086386919 CEST53532921.1.1.1192.168.2.5
                    May 28, 2024 00:38:20.331568956 CEST6198553192.168.2.51.1.1.1
                    May 28, 2024 00:38:20.331990004 CEST5912753192.168.2.51.1.1.1
                    May 28, 2024 00:38:20.450371981 CEST53619851.1.1.1192.168.2.5
                    May 28, 2024 00:38:22.421994925 CEST53654451.1.1.1192.168.2.5
                    May 28, 2024 00:38:23.593291998 CEST53518611.1.1.1192.168.2.5
                    May 28, 2024 00:38:24.943422079 CEST53561001.1.1.1192.168.2.5
                    May 28, 2024 00:38:26.295150042 CEST53591271.1.1.1192.168.2.5
                    May 28, 2024 00:38:31.598205090 CEST53503501.1.1.1192.168.2.5
                    May 28, 2024 00:38:50.620187998 CEST53566011.1.1.1192.168.2.5
                    May 28, 2024 00:39:12.531415939 CEST53533081.1.1.1192.168.2.5
                    May 28, 2024 00:39:13.717117071 CEST53524031.1.1.1192.168.2.5

                    ICMP Packets

                    TimestampSource IPDest IPChecksumCodeType
                    May 28, 2024 00:38:14.929996967 CEST192.168.2.51.1.1.1c23e(Port unreachable)Destination Unreachable
                    May 28, 2024 00:38:22.422084093 CEST192.168.2.51.1.1.1c1ec(Port unreachable)Destination Unreachable
                    May 28, 2024 00:38:23.594563007 CEST192.168.2.51.1.1.1c1ec(Port unreachable)Destination Unreachable
                    May 28, 2024 00:38:24.943528891 CEST192.168.2.51.1.1.1c1e8(Port unreachable)Destination Unreachable
                    May 28, 2024 00:38:26.295226097 CEST192.168.2.51.1.1.1c1e8(Port unreachable)Destination Unreachable

                    DNS Queries

                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                    May 28, 2024 00:38:14.639764071 CEST192.168.2.51.1.1.10x771fStandard query (0)46814880-10-20181030130048.webstarterz.comA (IP address)IN (0x0001)false
                    May 28, 2024 00:38:14.639914989 CEST192.168.2.51.1.1.10xa946Standard query (0)46814880-10-20181030130048.webstarterz.com65IN (0x0001)false
                    May 28, 2024 00:38:16.440701008 CEST192.168.2.51.1.1.10x802Standard query (0)onlinebanking.mtb.comA (IP address)IN (0x0001)false
                    May 28, 2024 00:38:16.441345930 CEST192.168.2.51.1.1.10xb3d2Standard query (0)onlinebanking.mtb.com65IN (0x0001)false
                    May 28, 2024 00:38:17.320049047 CEST192.168.2.51.1.1.10xc0d8Standard query (0)www.google.comA (IP address)IN (0x0001)false
                    May 28, 2024 00:38:17.320190907 CEST192.168.2.51.1.1.10x7e59Standard query (0)www.google.com65IN (0x0001)false
                    May 28, 2024 00:38:17.627069950 CEST192.168.2.51.1.1.10x5260Standard query (0)46814880-10-20181030130048.webstarterz.comA (IP address)IN (0x0001)false
                    May 28, 2024 00:38:17.627069950 CEST192.168.2.51.1.1.10x1e7dStandard query (0)46814880-10-20181030130048.webstarterz.com65IN (0x0001)false
                    May 28, 2024 00:38:17.629091978 CEST192.168.2.51.1.1.10x2b3fStandard query (0)onlinebanking.mtb.comA (IP address)IN (0x0001)false
                    May 28, 2024 00:38:17.629415989 CEST192.168.2.51.1.1.10x1ea2Standard query (0)onlinebanking.mtb.com65IN (0x0001)false
                    May 28, 2024 00:38:18.976763010 CEST192.168.2.51.1.1.10xee5bStandard query (0)resources.mtb.comA (IP address)IN (0x0001)false
                    May 28, 2024 00:38:18.977086067 CEST192.168.2.51.1.1.10x2c4cStandard query (0)resources.mtb.com65IN (0x0001)false
                    May 28, 2024 00:38:20.331568956 CEST192.168.2.51.1.1.10x14fcStandard query (0)resources.mtb.comA (IP address)IN (0x0001)false
                    May 28, 2024 00:38:20.331990004 CEST192.168.2.51.1.1.10x29d3Standard query (0)resources.mtb.com65IN (0x0001)false

                    DNS Answers

                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                    May 28, 2024 00:38:14.647619009 CEST1.1.1.1192.168.2.50x771fNo error (0)46814880-10-20181030130048.webstarterz.com163.44.198.51A (IP address)IN (0x0001)false
                    May 28, 2024 00:38:16.556323051 CEST1.1.1.1192.168.2.50x802No error (0)onlinebanking.mtb.comonlinebanking.gslb.mtb.comCNAME (Canonical name)IN (0x0001)false
                    May 28, 2024 00:38:16.556323051 CEST1.1.1.1192.168.2.50x802No error (0)onlinebanking.gslb.mtb.com24.75.29.69A (IP address)IN (0x0001)false
                    May 28, 2024 00:38:17.327137947 CEST1.1.1.1192.168.2.50x7e59No error (0)www.google.com65IN (0x0001)false
                    May 28, 2024 00:38:17.327538013 CEST1.1.1.1192.168.2.50xc0d8No error (0)www.google.com216.58.206.68A (IP address)IN (0x0001)false
                    May 28, 2024 00:38:17.739315987 CEST1.1.1.1192.168.2.50x2b3fNo error (0)onlinebanking.mtb.comonlinebanking.gslb.mtb.comCNAME (Canonical name)IN (0x0001)false
                    May 28, 2024 00:38:17.739315987 CEST1.1.1.1192.168.2.50x2b3fNo error (0)onlinebanking.gslb.mtb.com24.75.29.69A (IP address)IN (0x0001)false
                    May 28, 2024 00:38:17.919851065 CEST1.1.1.1192.168.2.50x5260No error (0)46814880-10-20181030130048.webstarterz.com163.44.198.51A (IP address)IN (0x0001)false
                    May 28, 2024 00:38:19.086386919 CEST1.1.1.1192.168.2.50xee5bNo error (0)resources.mtb.comresources.gslb.mtb.comCNAME (Canonical name)IN (0x0001)false
                    May 28, 2024 00:38:19.086386919 CEST1.1.1.1192.168.2.50xee5bNo error (0)resources.gslb.mtb.com24.75.29.77A (IP address)IN (0x0001)false
                    May 28, 2024 00:38:20.450371981 CEST1.1.1.1192.168.2.50x14fcNo error (0)resources.mtb.comresources.gslb.mtb.comCNAME (Canonical name)IN (0x0001)false
                    May 28, 2024 00:38:20.450371981 CEST1.1.1.1192.168.2.50x14fcNo error (0)resources.gslb.mtb.com192.216.61.78A (IP address)IN (0x0001)false
                    May 28, 2024 00:38:22.421994925 CEST1.1.1.1192.168.2.50xb3d2Server failure (2)onlinebanking.mtb.comnonenone65IN (0x0001)false
                    May 28, 2024 00:38:23.593291998 CEST1.1.1.1192.168.2.50x1ea2Server failure (2)onlinebanking.mtb.comnonenone65IN (0x0001)false
                    May 28, 2024 00:38:24.943422079 CEST1.1.1.1192.168.2.50x2c4cServer failure (2)resources.mtb.comnonenone65IN (0x0001)false
                    May 28, 2024 00:38:26.295150042 CEST1.1.1.1192.168.2.50x29d3Server failure (2)resources.mtb.comnonenone65IN (0x0001)false
                    May 28, 2024 00:38:29.457690954 CEST1.1.1.1192.168.2.50x3410No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                    May 28, 2024 00:38:29.457690954 CEST1.1.1.1192.168.2.50x3410No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                    May 28, 2024 00:38:30.318597078 CEST1.1.1.1192.168.2.50x74bbNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                    May 28, 2024 00:38:30.318597078 CEST1.1.1.1192.168.2.50x74bbNo error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                    May 28, 2024 00:38:44.027251959 CEST1.1.1.1192.168.2.50xcab8No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                    May 28, 2024 00:38:44.027251959 CEST1.1.1.1192.168.2.50xcab8No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                    May 28, 2024 00:39:06.084424973 CEST1.1.1.1192.168.2.50x25f9No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                    May 28, 2024 00:39:06.084424973 CEST1.1.1.1192.168.2.50x25f9No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                    May 28, 2024 00:39:25.685681105 CEST1.1.1.1192.168.2.50xf36No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                    May 28, 2024 00:39:25.685681105 CEST1.1.1.1192.168.2.50xf36No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                    May 28, 2024 00:39:31.774616957 CEST1.1.1.1192.168.2.50xd4c3No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                    May 28, 2024 00:39:31.774616957 CEST1.1.1.1192.168.2.50xd4c3No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false

                    HTTP Request Dependency Graph

                    • 46814880-10-20181030130048.webstarterz.com
                      • onlinebanking.mtb.com
                      • resources.mtb.com
                    • fs.microsoft.com

                    HTTP Packets

                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    0192.168.2.549709163.44.198.51802020C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    May 28, 2024 00:38:14.661142111 CEST534OUTGET /tedsplay.com/onlinebankingmtb/secq.html?onlinebanking.mtb.com/Login/MTBSignOn HTTP/1.1
                    Host: 46814880-10-20181030130048.webstarterz.com
                    Connection: keep-alive
                    Upgrade-Insecure-Requests: 1
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                    Accept-Encoding: gzip, deflate
                    Accept-Language: en-US,en;q=0.9
                    May 28, 2024 00:38:15.880914927 CEST1236INHTTP/1.1 200 OK
                    Date: Mon, 27 May 2024 22:38:15 GMT
                    Server: Apache
                    Last-Modified: Tue, 03 Mar 2020 10:29:18 GMT
                    ETag: "65b1-59ff0c6b0db80"
                    Accept-Ranges: bytes
                    Content-Length: 26033
                    Keep-Alive: timeout=5, max=100
                    Connection: Keep-Alive
                    Content-Type: text/html
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 63 6c 61 73 73 3d 22 6d 74 62 2d 6b 72 61 6b 65 6e 2d 75 69 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 0d 0a 0d 0a 0d 0a 0d 0a 3c 74 69 74 6c 65 3e 4d 79 20 50 72 6f 66 69 6c 65 20 7c 20 4d 26 61 6d 70 3b 54 20 42 61 6e 6b 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 [TRUNCATED]
                    Data Ascii: <!DOCTYPE html><html lang="en" class="mtb-kraken-ui"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" /><title>My Profile | M&amp;T Bank</title><link rel="shortcut icon" href="img/favicon.ico" type="image/x-icon"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta http-equiv="Expires" content="-1"><meta http-equiv="Cache-Control" content="no-cache"><meta http-equiv="Pragma" content="no-cache"><link href="img/1css.css" rel="stylesheet"><link href="img/Retail.css" rel="stylesheet"><link href="img/CustomerService.css" rel="stylesheet"></head><body style=""><a href="javascript:void(0)?onlinebanking.mtb.com/CustomerService/MyProfileEdit#main-content" id="skip" tabindex="1">Skip to content</a><div class="app-banner" id="UserType_NoAccess"> <img src="https://onlinebanking.mtb.com/Assets/images/img_trans.gi
                    May 28, 2024 00:38:15.880968094 CEST1236INData Raw: 66 22 20 63 6c 61 73 73 3d 22 62 61 6e 6e 65 72 22 20 61 6c 74 3d 22 4d 26 61 6d 70 3b 54 20 42 61 6e 6b 22 20 75 73 65 6d 61 70 3d 22 23 70 6c 61 6e 65 74 6d 61 70 22 3e 0d 0a 3c 6d 61 70 20 69 64 3d 22 22 20 6e 61 6d 65 3d 22 70 6c 61 6e 65 74
                    Data Ascii: f" class="banner" alt="M&amp;T Bank" usemap="#planetmap"><map id="" name="planetmap"><area shape="rect" coords="20,10,190,50" href="javascript:void(0)?onlinebanking.mtb.com/Accounts/AccountSummary" tabindex="2"></map></div> <ul class
                    May 28, 2024 00:38:15.881019115 CEST1236INData Raw: 72 69 70 74 3a 76 6f 69 64 28 30 29 3f 6f 6e 6c 69 6e 65 62 61 6e 6b 69 6e 67 2e 6d 74 62 2e 63 6f 6d 2f 41 63 63 6f 75 6e 74 73 2f 43 6c 65 61 72 65 64 43 68 65 63 6b 73 22 20 74 61 62 69 6e 64 65 78 3d 22 38 22 3e 56 69 65 77 20 43 6c 65 61 72
                    Data Ascii: ript:void(0)?onlinebanking.mtb.com/Accounts/ClearedChecks" tabindex="8">View Cleared Checks</a></li><li><a href="javascript:void(0)?onlinebanking.mtb.com/Accounts/FileExport" tabindex="9">Export Transaction History</a></li><li><hr class=
                    May 28, 2024 00:38:15.881052017 CEST1236INData Raw: 61 20 68 72 65 66 3d 22 6a 61 76 61 73 63 72 69 70 74 3a 76 6f 69 64 28 30 29 3f 6f 6e 6c 69 6e 65 62 61 6e 6b 69 6e 67 2e 6d 74 62 2e 63 6f 6d 2f 54 72 61 6e 73 66 65 72 73 2f 50 61 79 6d 65 6e 74 73 41 6e 64 54 72 61 6e 73 66 65 72 73 48 6f 6d
                    Data Ascii: a href="javascript:void(0)?onlinebanking.mtb.com/Transfers/PaymentsAndTransfersHome" tabindex="16" class=""><span class="hide"></span>Payments and Transfers</a><div class="mMenu_sub_menu" style="display: none;"><div class="RowContainer"><d
                    May 28, 2024 00:38:15.881089926 CEST896INData Raw: 72 65 66 3d 22 6a 61 76 61 73 63 72 69 70 74 3a 76 6f 69 64 28 30 29 3f 6f 6e 6c 69 6e 65 62 61 6e 6b 69 6e 67 2e 6d 74 62 2e 63 6f 6d 2f 5a 65 6c 6c 65 2f 4d 61 6e 61 67 65 53 65 74 74 69 6e 67 73 22 20 74 61 62 69 6e 64 65 78 3d 22 32 33 22 3e
                    Data Ascii: ref="javascript:void(0)?onlinebanking.mtb.com/Zelle/ManageSettings" tabindex="23">Manage Zelle<sup></sup> Settings</a></li></ul></div><div class="col_1"><h4>Bill Pay</h4><ul class="subMenu"><li><a href="javascript:void(0)?onlineb
                    May 28, 2024 00:38:15.881125927 CEST1236INData Raw: 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 52 6f 77 43 6f 6e 74 61 69 6e 65 72 22 3e 3c 61 20 63 6c 61 73 73 3d 22 76 69 65 77 5f 61 6c 6c 22 20 68 72 65 66 3d 22 6a 61 76 61 73 63 72 69 70 74 3a 76 6f 69 64 28 30 29 3f 6f 6e 6c 69 6e 65 62 61 6e 6b
                    Data Ascii: <div class="RowContainer"><a class="view_all" href="javascript:void(0)?onlinebanking.mtb.com/Services/ServicesHome" tabindex="29">View All Services</a></div><div class="RowContainer"><h4>Tools to Help You Manage Your Finances</h4><div c
                    May 28, 2024 00:38:15.881161928 CEST1236INData Raw: 73 74 20 6f 72 20 53 74 6f 6c 65 6e 20 43 61 72 64 3c 2f 61 3e 3c 2f 6c 69 3e 0d 0a 3c 2f 75 6c 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 5f 31 5f 77 69 64 65 22 3e 0d 0a 3c 75 6c 20 63 6c 61 73 73 3d 22 73 75
                    Data Ascii: st or Stolen Card</a></li></ul></div><div class="col_1_wide"><ul class="subMenu"><li><a href="javascript:void(0)?onlinebanking.mtb.com/CardSelfService/GetOBSService/OrderReplacementCard" tabindex="35"><span class="r-order-replace-car
                    May 28, 2024 00:38:15.881195068 CEST1236INData Raw: 69 76 3e 0d 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 5f 31 5f 77 69 64 65 22 3e 0d 0a 3c 75 6c 20 63 6c 61 73 73 3d 22 73 75 62 4d 65 6e 75 22 3e 0d 0a 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 6a 61 76 61 73 63 72 69 70 74 3a 76 6f 69 64 28
                    Data Ascii: iv><div class="col_1_wide"><ul class="subMenu"><li><a href="javascript:void(0)?www.mtb.com/Overdraft-Protection-Plans" class="ext-link-4" tabindex="40"><span class="r-odprotection"></span>Overdraft Protection Plans</a></li><li><a href=
                    May 28, 2024 00:38:15.881234884 CEST1236INData Raw: 61 73 73 3d 22 73 75 62 4d 65 6e 75 22 3e 0d 0a 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 6a 61 76 61 73 63 72 69 70 74 3a 76 6f 69 64 28 30 29 3f 6f 6e 6c 69 6e 65 62 61 6e 6b 69 6e 67 2e 6d 74 62 2e 63 6f 6d 2f 43 75 73 74 6f 6d 65 72 53 65 72 76
                    Data Ascii: ass="subMenu"><li><a href="javascript:void(0)?onlinebanking.mtb.com/CustomerService/MyProfile" tabindex="45">My Profile</a></li><li><a href="javascript:void(0)?onlinebanking.mtb.com/CustomerService/AccountDisplay" tabindex="46">Account Dis
                    May 28, 2024 00:38:15.881249905 CEST1236INData Raw: 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 5f 31 22 3e 0d 0a 3c 68 34 3e 41 63 63 6f 75 6e 74 20 46 65 61 74 75 72 65 73 3c 2f 68 34 3e 0d 0a 3c 75 6c 20 63 6c 61 73 73 3d 22 73 75 62 4d 65 6e 75 22 3e 0d 0a 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 6a
                    Data Ascii: iv class="col_1"><h4>Account Features</h4><ul class="subMenu"><li><a href="javascript:void(0)?onlinebanking.mtb.com/Products/Alerts" tabindex="54">M&amp;T Bank Alerts</a></li><li><a href="javascript:void(0)?mtb.com/autodeduct" class="e
                    May 28, 2024 00:38:15.886215925 CEST1236INData Raw: 30 29 3f 6d 74 62 2e 63 6f 6d 2f 63 75 73 74 6f 6d 65 72 73 65 72 76 69 63 65 6d 61 69 6c 69 6e 67 61 64 64 72 65 73 73 22 20 63 6c 61 73 73 3d 22 65 78 74 2d 6c 69 6e 6b 2d 34 22 20 74 61 62 69 6e 64 65 78 3d 22 36 32 22 3e 4d 26 61 6d 70 3b 54
                    Data Ascii: 0)?mtb.com/customerservicemailingaddress" class="ext-link-4" tabindex="62">M&amp;T Mailing Address</a></li></ul></div><div class="col_1"><h4>Other Resources</h4><ul class="subMenu"><li><a href="javascript:void(0)?www.mtb.com/olb-ab
                    May 28, 2024 00:38:16.446131945 CEST541OUTGET /tedsplay.com/onlinebankingmtb/img/img_trans.gif HTTP/1.1
                    Host: 46814880-10-20181030130048.webstarterz.com
                    Connection: keep-alive
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                    Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/secq.html?onlinebanking.mtb.com/Login/MTBSignOn
                    Accept-Encoding: gzip, deflate
                    Accept-Language: en-US,en;q=0.9
                    May 28, 2024 00:38:16.932545900 CEST309INHTTP/1.1 200 OK
                    Date: Mon, 27 May 2024 22:38:16 GMT
                    Server: Apache
                    Last-Modified: Tue, 03 Mar 2020 10:00:08 GMT
                    ETag: "2b-59ff05e61fa00"
                    Accept-Ranges: bytes
                    Content-Length: 43
                    Keep-Alive: timeout=5, max=99
                    Connection: Keep-Alive
                    Content-Type: image/gif
                    Data Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 ff ff ff 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b
                    Data Ascii: GIF89a!,D;


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    1192.168.2.549710163.44.198.51802020C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    May 28, 2024 00:38:15.905766010 CEST490OUTGET /tedsplay.com/onlinebankingmtb/img/1css.css HTTP/1.1
                    Host: 46814880-10-20181030130048.webstarterz.com
                    Connection: keep-alive
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    Accept: text/css,*/*;q=0.1
                    Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/secq.html?onlinebanking.mtb.com/Login/MTBSignOn
                    Accept-Encoding: gzip, deflate
                    Accept-Language: en-US,en;q=0.9
                    May 28, 2024 00:38:16.413521051 CEST1236INHTTP/1.1 200 OK
                    Date: Mon, 27 May 2024 22:38:16 GMT
                    Server: Apache
                    Last-Modified: Tue, 03 Mar 2020 09:55:34 GMT
                    ETag: "246db-59ff04e0d1180"
                    Accept-Ranges: bytes
                    Content-Length: 149211
                    Keep-Alive: timeout=5, max=100
                    Connection: Keep-Alive
                    Content-Type: text/css
                    Data Raw: 2f 2a 20 4d 69 6e 69 66 69 63 61 74 69 6f 6e 20 66 61 69 6c 65 64 2e 20 52 65 74 75 72 6e 69 6e 67 20 75 6e 6d 69 6e 69 66 69 65 64 20 63 6f 6e 74 65 6e 74 73 2e 0d 0a 28 38 33 39 38 29 3a 20 72 75 6e 2d 74 69 6d 65 20 65 72 72 6f 72 20 43 53 53 31 30 30 31 3a 20 55 6e 74 65 72 6d 69 6e 61 74 65 64 20 63 6f 6d 6d 65 6e 74 2e 0d 0a 20 2a 2f 0d 0a 68 74 6d 6c 0d 0a 7b 0d 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0d 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0d 0a 09 62 6f 72 64 65 72 3a 20 30 3b 0d 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 0d 0a 09 66 6f 6e 74 3a 20 69 6e 68 65 72 69 74 3b 0d 0a 09 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 62 61 73 65 6c 69 6e 65 3b 0d 0a 7d 0d 0a 0d 0a 61 2c 20 64 69 76 2c 20 73 70 61 6e 2c 20 69 6e 70 75 74 2c 20 73 65 6c 65 63 74 2c 20 62 75 74 74 6f 6e 2c 20 62 6f 64 79 20 7b 0d 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 61 72 69 61 6c 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0d 0a 7d 0d 0a 0d 0a 62 6f 64 79 0d 0a 7b 0d 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0d [TRUNCATED]
                    Data Ascii: /* Minification failed. Returning unminified contents.(8398): run-time error CSS1001: Unterminated comment. */html{margin: 0;padding: 0;border: 0;font-size: 100%;font: inherit;vertical-align: baseline;}a, div, span, input, select, button, body {font-family: arial !important;}body{margin: 0;padding: 0;border: 0;font-size: 100%;font: inherit;vertical-align: baseline;}body{line-height: 1;}div{margin: 0;padding: 0;border: 0;font-size: 100%;font: inherit;vertical-align: baseline;}span{margin: 0;padding: 0;border: 0;font-size: 100%;font: inherit;vertical-align: baseline;}applet{margin: 0;padding: 0;border: 0;font-size: 100%;font: inherit;vertical-align: baseline;}object{margin: 0;padding: 0;border: 0;font-size: 100%;font: inherit;vertical-align: baseline;}iframe{margin: 0
                    May 28, 2024 00:38:16.413536072 CEST1236INData Raw: 3b 0d 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0d 0a 09 62 6f 72 64 65 72 3a 20 30 3b 0d 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 0d 0a 09 66 6f 6e 74 3a 20 69 6e 68 65 72 69 74 3b 0d 0a 09 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a
                    Data Ascii: ;padding: 0;border: 0;font-size: 100%;font: inherit;vertical-align: baseline;}h1{margin: 0;padding: 0;border: 0;font-size: 100%;font: inherit;vertical-align: baseline;}h2{margin: 0;padding
                    May 28, 2024 00:38:16.413546085 CEST1236INData Raw: 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 0d 0a 09 66 6f 6e 74 3a 20 69 6e 68 65 72 69 74 3b 0d 0a 09 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 62 61 73 65 6c 69 6e 65 3b 0d 0a 7d 0d 0a 0d 0a 61 62 62 72 0d 0a 7b 0d 0a 09 6d 61 72 67 69 6e
                    Data Ascii: nt-size: 100%;font: inherit;vertical-align: baseline;}abbr{margin: 0;padding: 0;border: 0;font-size: 100%;font: inherit;vertical-align: baseline;}acronym{margin: 0;padding: 0;border: 0;font-s
                    May 28, 2024 00:38:16.413556099 CEST672INData Raw: 6e 65 3b 0d 0a 7d 0d 0a 0d 0a 69 6e 73 0d 0a 7b 0d 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0d 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0d 0a 09 62 6f 72 64 65 72 3a 20 30 3b 0d 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 0d 0a 09 66 6f 6e 74
                    Data Ascii: ne;}ins{margin: 0;padding: 0;border: 0;font-size: 100%;font: inherit;vertical-align: baseline;}kbd{margin: 0;padding: 0;border: 0;font-size: 100%;font: inherit;vertical-align: baseline;}
                    May 28, 2024 00:38:16.413566113 CEST1236INData Raw: 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 0d 0a 09 66 6f 6e 74 3a 20 69 6e 68 65 72 69 74 3b 0d 0a 09 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 62 61 73 65 6c 69 6e 65 3b 0d 0a 7d 0d 0a 0d 0a 73 74 72 69 6b 65 0d 0a 7b 0d 0a 09 6d 61 72 67
                    Data Ascii: nt-size: 100%;font: inherit;vertical-align: baseline;}strike{margin: 0;padding: 0;border: 0;font-size: 100%;font: inherit;vertical-align: baseline;}strong{margin: 0;padding: 0;border: 0;font-
                    May 28, 2024 00:38:16.413574934 CEST1236INData Raw: 0d 0a 64 6c 0d 0a 7b 0d 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0d 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0d 0a 09 62 6f 72 64 65 72 3a 20 30 3b 0d 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 0d 0a 09 66 6f 6e 74 3a 20 69 6e 68 65 72 69 74
                    Data Ascii: dl{margin: 0;padding: 0;border: 0;font-size: 100%;font: inherit;vertical-align: baseline;}dt{margin: 0;padding: 0;border: 0;font-size: 100%;font: inherit;vertical-align: baseline;}dd{m
                    May 28, 2024 00:38:16.413585901 CEST1236INData Raw: 7d 0d 0a 0d 0a 74 61 62 6c 65 0d 0a 7b 0d 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0d 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0d 0a 09 62 6f 72 64 65 72 3a 20 30 3b 0d 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 0d 0a 09 66 6f 6e 74 3a 20 69
                    Data Ascii: }table{margin: 0;padding: 0;border: 0;font-size: 100%;font: inherit;vertical-align: baseline;}table{border-collapse: collapse;border-spacing: 0;}caption{margin: 0;padding: 0;border: 0;f
                    May 28, 2024 00:38:16.413599968 CEST1236INData Raw: 25 3b 0d 0a 09 66 6f 6e 74 3a 20 69 6e 68 65 72 69 74 3b 0d 0a 09 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 62 61 73 65 6c 69 6e 65 3b 0d 0a 7d 0d 0a 0d 0a 61 73 69 64 65 0d 0a 7b 0d 0a 09 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0d 0a
                    Data Ascii: %;font: inherit;vertical-align: baseline;}aside{display: block;}canvas{margin: 0;padding: 0;border: 0;font-size: 100%;font: inherit;vertical-align: baseline;}details{margin: 0;padding: 0
                    May 28, 2024 00:38:16.413605928 CEST1236INData Raw: 0a 09 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0d 0a 7d 0d 0a 0d 0a 6d 65 6e 75 0d 0a 7b 0d 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0d 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0d 0a 09 62 6f 72 64 65 72 3a 20 30 3b 0d 0a 09 66 6f 6e 74 2d 73 69 7a
                    Data Ascii: display: block;}menu{margin: 0;padding: 0;border: 0;font-size: 100%;font: inherit;vertical-align: baseline;}menu{display: block;}nav{margin: 0;padding: 0;border: 0;font-size: 100%;f
                    May 28, 2024 00:38:16.413616896 CEST552INData Raw: 3a 20 30 3b 0d 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 0d 0a 09 66 6f 6e 74 3a 20 69 6e 68 65 72 69 74 3b 0d 0a 09 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 62 61 73 65 6c 69 6e 65 3b 0d 0a 7d 0d 0a 0d 0a 69 6e 70 75 74 5b 74
                    Data Ascii: : 0;font-size: 100%;font: inherit;vertical-align: baseline;}input[type="text"]{line-height: normal;}input[type="password"]{line-height: normal;}blockquote:before{content:' ';content: none;}blo
                    May 28, 2024 00:38:16.418684959 CEST1236INData Raw: 7b 0d 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 43 6f 72 69 73 61 6e 64 65 42 6f 6c 64 27 3b 0d 0a 20 20 20 20 73 72 63 3a 20 75 72 6c 28 27 2f 46 6f 6e 74 73 2f 43 4f 52 49 53 41 4e 44 45 42 6f 6c 64 2e 65 6f 74 27 29 3b 0d 0a 20
                    Data Ascii: { font-family: 'CorisandeBold'; src: url('/Fonts/CORISANDEBold.eot'); src: url('/Fonts/CORISANDEBold.eot?#iefix') format('embedded-opentype'), url('/Fonts/CORISANDEBold.eot') format('eot'), url('/Fonts/CORISANDEBold.woff') forma
                    May 28, 2024 00:38:18.982559919 CEST539OUTGET /tedsplay.com/onlinebankingmtb/img/favicon.ico HTTP/1.1
                    Host: 46814880-10-20181030130048.webstarterz.com
                    Connection: keep-alive
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                    Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/secq.html?onlinebanking.mtb.com/Login/MTBSignOn
                    Accept-Encoding: gzip, deflate
                    Accept-Language: en-US,en;q=0.9
                    May 28, 2024 00:38:19.500720024 CEST1236INHTTP/1.1 200 OK
                    Date: Mon, 27 May 2024 22:38:19 GMT
                    Server: Apache
                    Last-Modified: Tue, 03 Mar 2020 09:58:34 GMT
                    ETag: "3dce-59ff058c7a680"
                    Accept-Ranges: bytes
                    Content-Length: 15822
                    Keep-Alive: timeout=5, max=99
                    Connection: Keep-Alive
                    Content-Type: image/x-icon
                    Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 2c 00 00 01 2c 08 02 00 00 00 f6 1f 19 22 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 66 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 33 2d 63 30 31 31 20 36 36 2e 31 34 35 36 36 31 2c 20 32 30 31 32 2f 30 32 2f 30 36 2d 31 34 3a 35 36 3a 32 37 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 46 20 78 6d 6c 6e 73 3a 72 64 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 30 32 2f 32 32 2d 72 64 66 2d 73 79 6e 74 61 78 2d 6e 73 23 22 3e 20 3c 72 64 66 3a 44 65 73 [TRUNCATED]
                    Data Ascii: PNGIHDR,,"tEXtSoftwareAdobe ImageReadyqe<fiTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:4CE2F5850C98E41191D88808CA6C83CE" xmpMM:DocumentID="xmp.did:089565F0984011E4B903D8EB7B2BD9E5" xmpMM:InstanceID="xmp.iid:089565EF984011E4B903D8EB7B2BD9E5" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:4CE2F5850C98E41191D88808CA6C83CE" stRef:documentID="xmp.did:4CE2F5850C98E41191D88808CA6C83CE"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>39IDATx
                    May 28, 2024 00:38:19.833991051 CEST482OUTGET /Fonts/CORISANDELight.woff HTTP/1.1
                    Host: 46814880-10-20181030130048.webstarterz.com
                    Connection: keep-alive
                    Origin: http://46814880-10-20181030130048.webstarterz.com
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    Accept: */*
                    Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/1css.css
                    Accept-Encoding: gzip, deflate
                    Accept-Language: en-US,en;q=0.9
                    May 28, 2024 00:38:20.331587076 CEST542INHTTP/1.1 404 Not Found
                    Date: Mon, 27 May 2024 22:38:20 GMT
                    Server: Apache
                    Content-Length: 342
                    Keep-Alive: timeout=5, max=98
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 46 6f 6e 74 73 2f 43 4f 52 49 53 41 4e 44 45 4c 69 67 68 74 2e 77 6f 66 66 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 [TRUNCATED]
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /Fonts/CORISANDELight.woff was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                    May 28, 2024 00:38:20.339306116 CEST480OUTGET /Fonts/CORISANDEBold.ttf HTTP/1.1
                    Host: 46814880-10-20181030130048.webstarterz.com
                    Connection: keep-alive
                    Origin: http://46814880-10-20181030130048.webstarterz.com
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    Accept: */*
                    Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/1css.css
                    Accept-Encoding: gzip, deflate
                    Accept-Language: en-US,en;q=0.9
                    May 28, 2024 00:38:20.836572886 CEST540INHTTP/1.1 404 Not Found
                    Date: Mon, 27 May 2024 22:38:20 GMT
                    Server: Apache
                    Content-Length: 340
                    Keep-Alive: timeout=5, max=97
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 46 6f 6e 74 73 2f 43 4f 52 49 53 41 4e 44 45 42 6f 6c 64 2e 74 74 66 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c [TRUNCATED]
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /Fonts/CORISANDEBold.ttf was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    2192.168.2.549713163.44.198.51802020C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    May 28, 2024 00:38:15.912305117 CEST492OUTGET /tedsplay.com/onlinebankingmtb/img/Retail.css HTTP/1.1
                    Host: 46814880-10-20181030130048.webstarterz.com
                    Connection: keep-alive
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    Accept: text/css,*/*;q=0.1
                    Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/secq.html?onlinebanking.mtb.com/Login/MTBSignOn
                    Accept-Encoding: gzip, deflate
                    Accept-Language: en-US,en;q=0.9
                    May 28, 2024 00:38:16.877629042 CEST1236INHTTP/1.1 200 OK
                    Date: Mon, 27 May 2024 22:38:16 GMT
                    Server: Apache
                    Last-Modified: Tue, 03 Mar 2020 09:41:14 GMT
                    ETag: "8090-59ff01aca8280"
                    Accept-Ranges: bytes
                    Content-Length: 32912
                    Keep-Alive: timeout=5, max=100
                    Connection: Keep-Alive
                    Content-Type: text/css
                    Data Raw: 2e 68 65 6c 70 2d 73 6d 61 6c 6c 2d 73 68 61 64 6f 77 0d 0a 7b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 20 2d 38 30 70 78 20 30 70 78 3b 0d 0a 7d 0d 0a 0d 0a 2e 6a 73 70 44 72 61 67 0d 0a 7b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 35 30 39 36 30 30 3b 0d 0a 7d 0d 0a 0d 0a 2e 6a 73 70 44 72 61 67 3a 68 6f 76 65 72 0d 0a 7b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 33 61 38 35 30 30 3b 0d 0a 7d 0d 0a 0d 0a 68 32 2c 20 2e 74 65 78 74 2d 73 75 63 63 65 73 73 2c 20 2e 6d 6f 64 75 6c 65 2d 74 69 74 6c 65 31 2c 20 2e 74 69 74 6c 65 2c 20 2e 73 74 65 70 2d 63 6f 6c 6f 72 2c 20 2e 70 61 67 65 2d 68 65 6c 70 2c 20 2e 66 6f 6e 74 2d 73 75 63 63 65 73 73 0d 0a 7b 0d 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 35 65 39 63 30 32 3b 0d 0a 7d 0d 0a 2e 65 72 72 6f 72 2d 6c 61 72 67 65 20 2b 20 2e 65 76 65 6e 74 2d 6c 65 76 65 6c 2d 6d 65 73 73 61 67 65 0d 0a 7b 0d 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 63 33 30 30 30 3b 0d 0a 7d 0d 0a 0d 0a 2e 73 75 [TRUNCATED]
                    Data Ascii: .help-small-shadow{ background-position: -80px 0px;}.jspDrag{ background: #509600;}.jspDrag:hover{ background: #3a8500;}h2, .text-success, .module-title1, .title, .step-color, .page-help, .font-success{ color: #5e9c02;}.error-large + .event-level-message{ color: #cc3000;}.success-large + .event-level-message{ color: #5e9c02;}.gradient-success{ background: -webkit-linear-gradient(top, #ffffff, #d5ebab); background: -moz-linear-gradient(top,#ffffff, #d5ebab); background: -ms-linear-gradient(top, #ffffff, #d5ebab); background: -o-linear-gradient(top,#ffffff, #d5ebab); -pie-background: linear-gradient(#ffffff 10%, #d5ebab 90%); border: 1px solid #afd466; color: #5e9c02;}fieldset > legend > div{ color: #5e9c02;}.upper-intro-area > .current-product-date{ width: 300px;}.current-product-date{ visibility: hidden;
                    May 28, 2024 00:38:16.877913952 CEST1236INData Raw: 0d 0a 7d 0d 0a 0d 0a 2e 6d 6f 64 75 6c 65 2d 67 72 61 64 69 65 6e 74 20 6c 69 3a 68 6f 76 65 72 0d 0a 7b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 65 32 66 33 62 64 3b 0d 0a 7d 0d 0a 0d 0a 23 74 62 6c 49 6e 62 6f
                    Data Ascii: }.module-gradient li:hover{ background-color: #e2f3bd;}#tblInbox tr.odd:hover{ background: #e2f3bd;}#tblInbox tr:hover{ background: #e2f3bd;}#tblOutbox tr.odd:hover{ background: #e2f3bd;}
                    May 28, 2024 00:38:16.877926111 CEST1236INData Raw: 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 20 23 66 66 66 66 66 66 2c 20 23 64 35 65 62 61 62 29 3b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 2d 6f 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 23 66 66 66
                    Data Ascii: near-gradient(top, #ffffff, #d5ebab); background: -o-linear-gradient(top,#ffffff, #d5ebab); -pie-background: linear-gradient(#ffffff 10%, #d5ebab 90%);}table.dataTable thead th{ background: -webkit-linear-gradient(top, #
                    May 28, 2024 00:38:16.878185987 CEST1236INData Raw: 66 66 66 66 66 29 3b 0d 0a 7d 0d 0a 0d 0a 2e 63 61 6c 63 75 6c 61 74 6f 72 2d 69 6e 6c 69 6e 65 0d 0a 7b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 64 35 65 62 61 62 3b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 2d 77 65
                    Data Ascii: fffff);}.calculator-inline{ background: #d5ebab; background: -webkit-linear-gradient(top, #d5ebab, #ffffff); background: -moz-linear-gradient(top,#d5ebab, #ffffff); background: -ms-linear-gradient(top, #d5ebab, #fff
                    May 28, 2024 00:38:16.878197908 CEST1236INData Raw: 67 72 6f 75 6e 64 3a 20 2d 6d 6f 7a 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 23 66 66 66 66 66 66 2c 20 23 65 32 66 33 62 64 29 3b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 2d 6d 73 2d 6c 69 6e 65 61 72 2d 67 72
                    Data Ascii: ground: -moz-linear-gradient(top,#ffffff, #e2f3bd); background: -ms-linear-gradient(top, #ffffff, #e2f3bd); background: -o-linear-gradient(top,#ffffff, #e2f3bd); -pie-background: linear-gradient(#ffffff, #e2f3bd); border: 1
                    May 28, 2024 00:38:16.878314972 CEST1120INData Raw: 72 6f 75 6e 64 3a 20 2d 6f 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 23 63 61 65 33 39 39 2c 20 23 66 30 66 37 64 63 29 3b 0d 0a 20 20 20 20 2d 70 69 65 2d 62 61 63 6b 67 72 6f 75 6e 64 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64
                    Data Ascii: round: -o-linear-gradient(top,#cae399, #f0f7dc); -pie-background: linear-gradient(#cae399, #f0f7dc);}.bold-light-gradient{ background: #afd466; background: -webkit-linear-gradient(top, #F3F9E8, #D9EBB9); background:
                    May 28, 2024 00:38:16.878381968 CEST1236INData Raw: 70 2c 23 36 39 41 45 30 38 2c 20 23 33 41 38 32 30 31 29 3b 0d 0a 20 20 20 20 2d 70 69 65 2d 62 61 63 6b 67 72 6f 75 6e 64 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 23 36 39 41 45 30 38 2c 20 23 33 41 38 32 30 31 29 3b 0d 0a 7d 0d 0a
                    Data Ascii: p,#69AE08, #3A8201); -pie-background: linear-gradient(#69AE08, #3A8201);}button.bold-medium-gradient:hover{ background: #95c633; background: -webkit-linear-gradient(top, #3A8201, #69AE08); background: -moz-linear-gr
                    May 28, 2024 00:38:16.878395081 CEST1236INData Raw: 2e 70 6e 67 22 29 20 6e 6f 2d 72 65 70 65 61 74 20 2d 35 36 31 70 78 20 2d 32 30 36 70 78 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 0d 0a 7d 0d 0a 0d 0a 2e 74 69 6c 65 2d 76 69 65 77 20 2e 62 6f 6c 64 2d 6c 69 67 68 74 2d 67 72 61 64 69 65 6e 74 0d
                    Data Ascii: .png") no-repeat -561px -206px transparent;}.tile-view .bold-light-gradient{ border: 1px solid #7ab800;}.payment-section { background: -webkit-linear-gradient(top, #f0f7dc, #cae399); background: -moz-linear-gradien
                    May 28, 2024 00:38:16.878406048 CEST1236INData Raw: 75 6e 64 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 23 66 31 66 38 65 35 2c 20 23 64 31 65 37 61 37 29 3b 0d 0a 7d 0d 0a 0d 0a 2e 75 69 2d 64 61 74 65 70 69 63 6b 65 72 0d 0a 7b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75
                    Data Ascii: und: linear-gradient(#f1f8e5, #d1e7a7);}.ui-datepicker{ background: url("/images/tilesR.png") no-repeat 0 -434px transparent;}.ui-datepicker.ui-datepicker-multi{ background: url("/images/tilesR.png") no-repeat 0 -207p
                    May 28, 2024 00:38:16.878420115 CEST1236INData Raw: 37 32 30 70 78 3b 0d 0a 7d 0d 0a 0d 0a 2e 73 75 63 63 65 73 73 2d 73 6d 61 6c 6c 0d 0a 7b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 20 2d 38 30 70 78 20 2d 34 30 70 78 3b 0d 0a 20 20 20 20 63 75 72 73 6f 72 3a
                    Data Ascii: 720px;}.success-small{ background-position: -80px -40px; cursor: auto;}.success-large{ background-position: -80px -920px; cursor: auto;}.check-mark{ background-position: -80px -680px;}.che
                    May 28, 2024 00:38:16.884908915 CEST1236INData Raw: 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 20 2d 38 30 70 78 20 2d 37 39 39 70 78 3b 0d 0a 7d 0d 0a 0d 0a 2e 72 65 6d 6f 76 65 0d 0a 7b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 20
                    Data Ascii: background-position: -80px -799px;}.remove{ background-position: -80px -440px;}a .calculator{ background-position: -80px -360px;}.show-for-sr-only { position: absolute !important; height: 1px;


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    3192.168.2.549714163.44.198.51802020C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    May 28, 2024 00:38:15.912482977 CEST501OUTGET /tedsplay.com/onlinebankingmtb/img/CustomerService.css HTTP/1.1
                    Host: 46814880-10-20181030130048.webstarterz.com
                    Connection: keep-alive
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    Accept: text/css,*/*;q=0.1
                    Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/secq.html?onlinebanking.mtb.com/Login/MTBSignOn
                    Accept-Encoding: gzip, deflate
                    Accept-Language: en-US,en;q=0.9
                    May 28, 2024 00:38:16.867680073 CEST1236INHTTP/1.1 200 OK
                    Date: Mon, 27 May 2024 22:38:16 GMT
                    Server: Apache
                    Last-Modified: Tue, 03 Mar 2020 09:41:46 GMT
                    ETag: "be30-59ff01cb2ca80"
                    Accept-Ranges: bytes
                    Content-Length: 48688
                    Keep-Alive: timeout=5, max=100
                    Connection: Keep-Alive
                    Content-Type: text/css
                    Data Raw: ef bb bf 70 2e 62 6f 6c 64 20 7b 0d 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0d 0a 7d 0d 0a 0d 0a 2e 69 74 61 6c 69 63 20 7b 0d 0a 20 20 20 20 66 6f 6e 74 2d 73 74 79 6c 65 3a 20 69 74 61 6c 69 63 3b 0d 0a 7d 0d 0a 0d 0a 2f 2a 20 52 65 6d 6f 76 65 64 20 66 72 6f 6d 20 6a 51 75 65 72 79 20 2a 2f 0d 0a 0d 0a 23 64 69 76 55 73 65 72 4d 6f 64 75 6c 65 73 2e 67 61 70 74 6f 70 20 7b 0d 0a 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 37 30 70 78 3b 0d 0a 7d 0d 0a 0d 0a 73 70 61 6e 2e 66 69 65 6c 64 2d 76 61 6c 69 64 61 74 69 6f 6e 2d 65 72 72 6f 72 2e 6e 6f 74 6f 70 20 7b 0d 0a 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 2d 33 70 78 3b 0d 0a 7d 0d 0a 0d 0a 74 64 20 69 6e 70 75 74 5b 74 79 70 65 3d 27 74 65 78 74 27 5d 2e 6f 75 74 6c 69 6e 65 20 7b 0d 0a 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 33 33 30 30 3b 0d 0a 7d 0d 0a 0d 0a 73 70 61 6e 2e 66 69 65 6c 64 2d 76 61 6c 69 64 61 74 69 6f 6e 2d 65 72 72 6f 72 2e 73 6e 75 67 74 6f 70 20 7b [TRUNCATED]
                    Data Ascii: p.bold { font-weight: bold;}.italic { font-style: italic;}/* Removed from jQuery */#divUserModules.gaptop { margin-top: 70px;}span.field-validation-error.notop { margin-top: -3px;}td input[type='text'].outline { border: 1px solid #cc3300;}span.field-validation-error.snugtop { margin-top: -20px;}.nobottom { padding-bottom: 0px;}.notop { padding-top: 0px;}/* End Removed from jQuery *//************** Add Account & Add Account Details & Add Account Review */form.cs-addAccount #divFindItNow { display: none;}form.cs-addAccount .colored-box { margin-bottom: 10px;}form.cs-addAccount .field-validation-error { margin-left: 53px;}form.cs-addAccount .help-small { vertical-align: bottom; margin-left: 6px; margin-right: 0;}form.cs-addAccount div.radio { float: left; position: relative;}form.cs-add
                    May 28, 2024 00:38:16.867697001 CEST1236INData Raw: 41 63 63 6f 75 6e 74 20 23 6c 62 6c 52 65 73 74 72 69 63 74 69 6f 6e 73 20 7b 0d 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 20 30 20 32 30 70 78 3b 0d 0a 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 2d 32 70 78 3b 0d 0a 7d 0d
                    Data Ascii: Account #lblRestrictions { padding: 0 10px 0 20px; margin-top: -2px;}#divError.cs-addAccount .form-level-message { float: left; margin: 0;}form.cs-addAccount #divStep1 .field-validation-error { margin-top:
                    May 28, 2024 00:38:16.867707968 CEST1236INData Raw: 65 66 74 3b 0d 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0d 0a 7d 0d 0a 0d 0a 66 6f 72 6d 2e 63 73 2d 61 64 64 41 63 63 6f 75 6e 74 20 5b 69 64 5e 3d 20 75 6e 69 66 6f 72 6d 2d 44 65 74 61 69 6c 73 20 5d 5b 69 64 24 3d 53 65 6c 65 63 74 65 64
                    Data Ascii: eft; margin: 0;}form.cs-addAccount [id^= uniform-Details ][id$=SelectedDeliverySetting] { width: 236px; margin-left: 10px;}form.cs-addAccount #divAddAccountBusiness [id^= uniform-Details ][id$=SelectedAccount] {
                    May 28, 2024 00:38:16.867719889 CEST672INData Raw: 20 20 20 20 74 6f 70 3a 20 2d 36 70 78 3b 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 66 6f 72 6d 2e 63 73 2d 61 64 64 41 63 63 6f 75 6e 74 20 23 64 69 76 53 74 65 70 33 20 7b 0d 0a 20 20 20 20 66 6c 6f 61 74 3a 20 6c 65 66 74 3b 0d 0a 20 20 20 20 70 61 64
                    Data Ascii: top: -6px; }form.cs-addAccount #divStep3 { float: left; padding-bottom: 12px;}form.cs-addAccount #divAddAccountPersonal input[type="text"] { width: 172px;}form.cs-addAccount #lnkAddAccountBusiness:focus,
                    May 28, 2024 00:38:16.867825985 CEST1236INData Raw: 65 72 73 6f 6e 61 6c 20 2e 66 69 65 6c 64 2d 73 65 74 2d 62 61 72 2d 49 6e 66 6f 2e 62 6f 74 68 20 7b 0d 0a 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 30 3b 0d 0a 7d 0d 0a 0d 0a 23 64 69 76 41 64 64 41 63 63 6f 75 6e 74 50 65 72 73 6f 6e 61
                    Data Ascii: ersonal .field-set-bar-Info.both { margin-top: 0;}#divAddAccountPersonalStep4 .field-set-bar-Info.both, #divAddAccountPersonal .field-set-bar-Info.both { border-top: 1px dotted #cfcfcf;}form.cs-addAccount #divStep3.bizonl
                    May 28, 2024 00:38:16.867836952 CEST1236INData Raw: 63 74 44 69 73 70 6c 61 79 20 69 6e 70 75 74 5b 74 79 70 65 3d 22 74 65 78 74 22 5d 20 7b 0d 0a 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 30 3b 0d 0a 20 20 20 20 77 69 64 74 68 3a 20 32 35 30 70 78 3b 0d 0a 7d 0d 0a 0d 0a 66 6f 72
                    Data Ascii: ctDisplay input[type="text"] { margin-bottom: 0; width: 250px;}form#formAccountDisplay input[type="text"] { margin-bottom: 0; width: 102px;}#formAccountDisplay div.checker { position: relative;}#formA
                    May 28, 2024 00:38:16.867846966 CEST1236INData Raw: 69 73 70 6c 61 79 20 74 68 2e 74 62 6c 2d 6e 69 63 6b 6e 61 6d 65 20 7b 0d 0a 20 20 20 20 77 69 64 74 68 3a 20 35 30 25 3b 0d 0a 7d 0d 0a 0d 0a 23 66 6f 72 6d 41 63 63 6f 75 6e 74 44 69 73 70 6c 61 79 20 74 61 62 6c 65 2e 64 61 74 61 54 61 62 6c
                    Data Ascii: isplay th.tbl-nickname { width: 50%;}#formAccountDisplay table.dataTable th.tbl-viewname { width: 20%;}#formAccountDisplay input.tbl-input { width: 128px;} #formAccountDisplay input.tbl-input.narrow {
                    May 28, 2024 00:38:16.867933035 CEST1236INData Raw: 3a 20 6c 65 66 74 3b 0d 0a 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 31 30 70 78 3b 0d 0a 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 34 70 78 3b 0d 0a 7d 0d 0a 0d 0a 66 6f 72 6d 2e 63 73 2d 61 64 64 2d 75 73 65 72 20 23 64 69
                    Data Ascii: : left; margin-top: 10px; margin-bottom: 4px;}form.cs-add-user #divStep1 .field-validation-error { margin-top: -14px;}form.cs-add-user #divStep2 .field-validation-error { padding-left: 179px;}form.cs-add-u
                    May 28, 2024 00:38:16.867944956 CEST1236INData Raw: 63 73 2d 61 64 64 2d 75 73 65 72 20 64 69 76 2e 73 65 6c 65 63 74 6f 72 20 7b 0d 0a 20 20 20 20 66 6c 6f 61 74 3a 20 6e 6f 6e 65 3b 0d 0a 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 30 3b 0d 0a 7d 0d 0a 0d 0a 66 6f 72 6d 2e 63 73 2d
                    Data Ascii: cs-add-user div.selector { float: none; margin-bottom: 0;}form.cs-add-user [id^=divViewStatements] ul { float: left; margin-top: 5px; margin-bottom: 2px;} form.cs-add-user [id^=divViewStatements] ul li {
                    May 28, 2024 00:38:16.867955923 CEST1236INData Raw: 2d 65 64 69 74 2d 75 73 65 72 20 23 64 69 76 41 63 63 6f 6e 74 50 72 69 76 69 6c 65 67 65 73 20 6c 69 20 7b 0d 0a 20 20 20 20 77 69 64 74 68 3a 20 35 32 30 70 78 3b 0d 0a 20 20 20 20 63 6c 65 61 72 3a 20 6c 65 66 74 3b 0d 0a 7d 0d 0a 0d 0a 66 6f
                    Data Ascii: -edit-user #divAccontPrivileges li { width: 520px; clear: left;}form.cs-add-user [id^=divManageTransfer] label, form.cs-add-user [id^=divManagePayments] label, form.cs-add-user [id^=divManageTransfer] .label-input, form.cs-add-
                    May 28, 2024 00:38:16.872565031 CEST1236INData Raw: 3a 20 33 36 33 70 78 3b 0d 0a 20 20 20 20 77 69 64 74 68 3a 20 31 39 30 70 78 3b 0d 0a 7d 0d 0a 66 6f 72 6d 2e 63 73 2d 61 64 64 2d 75 73 65 72 20 23 64 69 76 53 74 65 70 33 20 5b 69 64 5e 3d 22 64 64 6c 49 6e 64 69 76 69 64 75 61 6c 43 61 72 64
                    Data Ascii: : 363px; width: 190px;}form.cs-add-user #divStep3 [id^="ddlIndividualCard"] .field-validation-error{ padding-left: 163px;}form.cs-add-user #divStep3 #spAddPrivilegesError.field-validation-error{ float: none; paddin
                    May 28, 2024 00:38:19.834676981 CEST481OUTGET /Fonts/CORISANDEBold.woff HTTP/1.1
                    Host: 46814880-10-20181030130048.webstarterz.com
                    Connection: keep-alive
                    Origin: http://46814880-10-20181030130048.webstarterz.com
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    Accept: */*
                    Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/1css.css
                    Accept-Encoding: gzip, deflate
                    Accept-Language: en-US,en;q=0.9
                    May 28, 2024 00:38:20.182054043 CEST541INHTTP/1.1 404 Not Found
                    Date: Mon, 27 May 2024 22:38:20 GMT
                    Server: Apache
                    Content-Length: 341
                    Keep-Alive: timeout=5, max=99
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 46 6f 6e 74 73 2f 43 4f 52 49 53 41 4e 44 45 42 6f 6c 64 2e 77 6f 66 66 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /Fonts/CORISANDEBold.woff was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                    May 28, 2024 00:38:20.342879057 CEST481OUTGET /Fonts/CORISANDELight.ttf HTTP/1.1
                    Host: 46814880-10-20181030130048.webstarterz.com
                    Connection: keep-alive
                    Origin: http://46814880-10-20181030130048.webstarterz.com
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    Accept: */*
                    Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/1css.css
                    Accept-Encoding: gzip, deflate
                    Accept-Language: en-US,en;q=0.9
                    May 28, 2024 00:38:20.696490049 CEST541INHTTP/1.1 404 Not Found
                    Date: Mon, 27 May 2024 22:38:20 GMT
                    Server: Apache
                    Content-Length: 341
                    Keep-Alive: timeout=5, max=98
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=iso-8859-1
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 46 6f 6e 74 73 2f 43 4f 52 49 53 41 4e 44 45 4c 69 67 68 74 2e 74 74 66 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /Fonts/CORISANDELight.ttf was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    4192.168.2.549720163.44.198.51802020C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    May 28, 2024 00:38:17.931078911 CEST342OUTGET /tedsplay.com/onlinebankingmtb/img/img_trans.gif HTTP/1.1
                    Host: 46814880-10-20181030130048.webstarterz.com
                    Connection: keep-alive
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    Accept: */*
                    Accept-Encoding: gzip, deflate
                    Accept-Language: en-US,en;q=0.9
                    May 28, 2024 00:38:18.883420944 CEST310INHTTP/1.1 200 OK
                    Date: Mon, 27 May 2024 22:38:18 GMT
                    Server: Apache
                    Last-Modified: Tue, 03 Mar 2020 10:00:08 GMT
                    ETag: "2b-59ff05e61fa00"
                    Accept-Ranges: bytes
                    Content-Length: 43
                    Keep-Alive: timeout=5, max=100
                    Connection: Keep-Alive
                    Content-Type: image/gif
                    Data Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 ff ff ff 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b
                    Data Ascii: GIF89a!,D;
                    May 28, 2024 00:38:19.569497108 CEST340OUTGET /tedsplay.com/onlinebankingmtb/img/favicon.ico HTTP/1.1
                    Host: 46814880-10-20181030130048.webstarterz.com
                    Connection: keep-alive
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    Accept: */*
                    Accept-Encoding: gzip, deflate
                    Accept-Language: en-US,en;q=0.9
                    May 28, 2024 00:38:19.917623997 CEST1236INHTTP/1.1 200 OK
                    Date: Mon, 27 May 2024 22:38:19 GMT
                    Server: Apache
                    Last-Modified: Tue, 03 Mar 2020 09:58:34 GMT
                    ETag: "3dce-59ff058c7a680"
                    Accept-Ranges: bytes
                    Content-Length: 15822
                    Keep-Alive: timeout=5, max=99
                    Connection: Keep-Alive
                    Content-Type: image/x-icon
                    Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 2c 00 00 01 2c 08 02 00 00 00 f6 1f 19 22 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 66 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 33 2d 63 30 31 31 20 36 36 2e 31 34 35 36 36 31 2c 20 32 30 31 32 2f 30 32 2f 30 36 2d 31 34 3a 35 36 3a 32 37 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 46 20 78 6d 6c 6e 73 3a 72 64 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 30 32 2f 32 32 2d 72 64 66 2d 73 79 6e 74 61 78 2d 6e 73 23 22 3e 20 3c 72 64 66 3a 44 65 73 [TRUNCATED]
                    Data Ascii: PNGIHDR,,"tEXtSoftwareAdobe ImageReadyqe<fiTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:4CE2F5850C98E41191D88808CA6C83CE" xmpMM:DocumentID="xmp.did:089565F0984011E4B903D8EB7B2BD9E5" xmpMM:InstanceID="xmp.iid:089565EF984011E4B903D8EB7B2BD9E5" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:4CE2F5850C98E41191D88808CA6C83CE" stRef:documentID="xmp.did:4CE2F5850C98E41191D88808CA6C83CE"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>39IDATx
                    May 28, 2024 00:38:19.917685986 CEST224INData Raw: ec 5d 07 7c 95 d5 d9 3f 27 3b 24 84 84 bd 67 20 80 04 48 c2 de 4b 50 50 86 0a 45 51 44 66 fd ac 5a 5b ad b6 b5 d5 4a 6b ad ab 8e 8a 20 a8 0c 15 15 aa a8 48 9d ec a1 cc 30 84 84 3d c3 08 10 02 21 83 8c f3 bd 77 be 67 3c e7 e6 8e f7 86 eb cf e7 df
                    Data Ascii: ]|?';$g HKPPEQDfZ[Jk H0=!wg<+}9#!@"HB$D I@ @"$!$D HBI@ @ $!@"HB$D I@ @"$!$D HBI@
                    May 28, 2024 00:38:19.917691946 CEST1236INData Raw: 08 04 92 10 81 40 20 09 11 08 24 21 02 81 40 12 22 10 48 42 04 02 81 24 44 20 90 84 08 04 02 49 88 40 20 09 11 08 04 92 10 81 40 12 22 10 08 24 21 02 81 24 44 20 10 48 42 04 02 49 88 40 20 90 84 08 04 92 10 81 40 20 09 11 08 24 21 02 81 40 12 22
                    Data Ascii: @ $!@"HB$D I@ @"$!$D HBI@ @ $!@"HB$D I@ @"$!$D HBI@ @ $!$D HBI@ @ $!@"HB$D I@ @"$!$D HBI@ @ $!@"HB
                    May 28, 2024 00:38:19.917773008 CEST1236INData Raw: 50 fa dd 91 ac c3 79 b9 2d 93 ea 84 26 09 df c9 5c 5f 56 5e 41 54 1b 44 65 9d e4 8e 53 87 fb 3a c1 b0 bd bf 3b b2 6f c1 ce 8d 5f 1e d8 9d 5f 52 04 b0 4e b5 de c5 d5 59 5c 5e b6 fd f4 f1 ed 67 4e cc 33 6c 78 4a bb 36 6c 3e 21 b5 fb af da 77 b1 8c
                    Data Ascii: Py-&\_V^ATDeS:;o__RNY\^gN3lxJ6l>!wI8CHZ3|L4D4|t=^&Vl2Gr.9Vt[IrN;sm!@c24mIZk%on]OB)k$@wKC!iT
                    May 28, 2024 00:38:19.917788029 CEST1236INData Raw: aa 4f 84 c8 bb 0f d3 07 2b 59 0d e3 cb 26 7c 32 6f 73 ce 11 c0 28 85 ac a0 a9 e9 7d 27 77 ee ed d3 57 4c 49 eb 33 25 bd af 20 0a 3c 04 79 32 36 67 db 1a 9f a7 92 49 9b 9d f3 d3 5b 25 d6 7e a8 db 60 8b 19 c8 47 99 51 cd 4a 16 56 38 91 83 b9 03 c3
                    Data Ascii: O+Y&|2os(}'wWLI3% <y26gI[%~`GQJV8K7F:7>)Qg1D4+H?%"GD")oRbr;jbM /,~n4aFV1Y;wm#`;A1rs
                    May 28, 2024 00:38:19.917798996 CEST1236INData Raw: bc 83 d5 f9 b2 31 76 93 3a f5 94 ab 2c aa 77 c2 98 bc 85 73 6b a8 e0 5a c9 e2 3d 9b ab dc 25 b3 56 dd 23 a7 99 2e 19 ae e6 95 b4 b3 e8 8e 61 88 f5 d6 bc d3 2f 7a 74 bf b0 09 4a f5 51 34 0a 73 51 69 a0 51 81 b6 b8 42 e9 78 49 36 ab e4 95 ea 74 35
                    Data Ascii: 1v:,wskZ=%V#.a/ztJQ4sQiQBxI6t5{5iE>YM&\Z_IVD%Aq*j2{kgj03)%2t<eR @],j``}}(xRqiw7>X&kbC.ao(75h
                    May 28, 2024 00:38:19.917839050 CEST1236INData Raw: 77 6d 27 58 a8 91 d0 bb 85 35 3d bd 3f ac 5b 03 fe 62 48 83 b2 3f 99 bd 7d 6d 30 0e 4a 0f 5e 3c f7 ed e1 bd d2 ee 18 15 11 79 6f c7 9e 95 4c 80 36 65 89 02 6a 4f 10 76 d0 64 a9 7f 8e 3b 97 cf ac 9e c2 74 eb cf 30 b3 97 65 f9 56 ef fc 52 71 e1 f3
                    Data Ascii: wm'X5=?[bH?}m0J^<yoL6ejOvd;t0eVRq<T13,K:(\VfQTr~N>M@+x*XYsl*^]W5*MusFlZ21^c`HJt_pbitJ26]CKtbj@)R.SGjWS;1
                    May 28, 2024 00:38:19.917844057 CEST552INData Raw: bc 33 98 1b 3a c4 23 50 79 65 61 9b 77 de cb e5 6b c5 bf fd fa a3 83 17 cf 71 fb 0b 64 0d ba d0 ad 51 cb d5 13 1f fd 64 dc ff 05 5e cb f4 3a d8 84 e6 2e cf 75 bf e0 f7 4d 55 b4 c8 1d 63 42 8a 84 04 0a cb d0 20 b5 6e a3 9e 8d 5b 69 ac 7c 28 13 8f
                    Data Ascii: 3:#PyeawkqdQd^:.uMUcB n[i|()"WAV%"FGUq~ojG!~Syq/|)O,@_`Ns 3l]XpLn~..+jxOXGp)<cHoG[#PcZ%F
                    May 28, 2024 00:38:19.917905092 CEST1236INData Raw: 87 55 9e 3f e1 b7 63 86 00 15 60 3d b8 67 1c ba 9f 5a 24 1f 10 20 0c 5a 3d 36 cc db be be ac c2 b7 9a 45 7b 73 73 d6 9f 38 a8 9e 6d 1a 7b bc 97 ce 6d a1 1e 9c ae 9a 0b 01 03 a9 83 3e 91 b7 b6 e9 f4 ec e0 31 40 b7 60 22 96 57 a6 e2 ea 06 a3 c0 ed
                    Data Ascii: U?c`=gZ$ Z=6E{ss8m{m>1@`"WRQQ1ESfHtgZfg&e1bS^MH:(z}0@!aMO\;$%CM.SzJv'z`wbo[^{=PXFO2>*HHB
                    May 28, 2024 00:38:19.917911053 CEST1236INData Raw: 33 ce 6b 78 7b e4 bd 4d 6b 58 97 24 25 75 ea 25 52 be 0b 03 aa c5 0a 2a 58 a8 91 d0 2c b3 e7 ff 76 e8 4c c4 16 34 28 25 22 1c 2c a4 cb 89 17 cf a1 a4 b3 b6 ac 52 6d f1 b1 ed 32 12 a2 63 fc dc 4d 65 df 9d 2e 56 5b e9 f8 13 00 ca 2a 2a fe b2 6a 59
                    Data Ascii: 3kx{MkX$%u%R*X,vL4(%",Rm2cMe.V[**jY/d;TZ^aM?8!i3<2S/4+saO*tcob^%xYbhR9w#u8RHW\vn,<sb3C\ 4<(|aE/}N&O5vG
                    May 28, 2024 00:38:19.917922974 CEST1236INData Raw: 21 2d 83 d0 e9 5e 30 16 88 1c cb ae cb db b8 1e c9 f5 3e 95 c1 e7 03 ed 02 da 25 ec 09 0d d1 82 35 68 96 06 23 b2 4a c0 77 41 e2 c8 b0 f9 d4 91 cc 33 27 8c 27 8b f7 6c 2e b0 b9 ce 05 7b d5 30 87 ee f3 b2 ae a1 56 fd e6 8b 73 41 a1 98 bc 70 90 7a
                    Data Ascii: !-^0>%5h#JwA3''l.{0VsApzNy=3}gs04I:_d> 5I)Qf~[/xm5oU3>c;_\Bt9|-[\JiE0;y'_SG~9vZT9BSl


                    HTTPS Proxied Packets

                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    0192.168.2.54971624.75.29.694432020C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    2024-05-27 22:38:17 UTC633OUTGET /Assets/images/img_trans.gif HTTP/1.1
                    Host: onlinebanking.mtb.com
                    Connection: keep-alive
                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                    sec-ch-ua-mobile: ?0
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    sec-ch-ua-platform: "Windows"
                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                    Sec-Fetch-Site: cross-site
                    Sec-Fetch-Mode: no-cors
                    Sec-Fetch-Dest: image
                    Referer: http://46814880-10-20181030130048.webstarterz.com/
                    Accept-Encoding: gzip, deflate, br
                    Accept-Language: en-US,en;q=0.9
                    2024-05-27 22:38:17 UTC1223INHTTP/1.1 200 OK
                    Content-Type: image/gif
                    Last-Modified: Wed, 17 Apr 2024 04:53:22 GMT
                    Accept-Ranges: bytes
                    ETag: "0d592c8390da1:0"
                    X-SRV: B-OLB-203
                    P3P: CP='CAO DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT'
                    X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
                    Access-Control-Allow-Origin: https://digitalbanking.mtb.com
                    Access-Control-Allow-Credentials: true
                    Access-Control-Allow-Headers: Content-Type
                    Access-Control-Allow-Methods: POST,GET,OPTIONS
                    Server-Timing: dtSInfo;desc="0", dtRpid;desc="-938787827"
                    Set-Cookie: dtCookie=v_4_srv_3_sn_D6133C4D8A2FACFE0D2DE2AA69172AE1_perc_100000_ol_0_mul_1_app-3Aa521059fe666ac1f_0_rcs-3Acss_0; Path=/; Domain=.mtb.com
                    Date: Mon, 27 May 2024 22:38:16 GMT
                    Content-Length: 43
                    Set-Cookie: mtbcookie=ffffffffc3a03fd945525d5f4f58455e445a4a42378b;path=/;secure;httponly
                    Set-Cookie: TS01e71088=01fb46a9268d80cb09f3e22ce8968ca2cd09f581c73aa2d3d2b4398bd7f6bf3db42c1a478f24d5823ba46771a108c7bb84edc03a1d; Path=/; Domain=.onlinebanking.mtb.com
                    Set-Cookie: TSba0bc889027=0856addebbab2000c45bf9822f96c52847d79a17bb25bd09e5ef4ef101c26c2685e4417e420ec98008771c3965113000987c17d1cb57090110e93f01e49958e98978a60b536cd166d02c9c01a1c4088fe4ae78edd4d773e687a2160fad7d1b81; Path=/
                    2024-05-27 22:38:17 UTC43INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 ff ff ff 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b
                    Data Ascii: GIF89a!,D;


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    1192.168.2.54971824.75.29.694432020C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    2024-05-27 22:38:18 UTC372OUTGET /Assets/images/img_trans.gif HTTP/1.1
                    Host: onlinebanking.mtb.com
                    Connection: keep-alive
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    Accept: */*
                    Sec-Fetch-Site: none
                    Sec-Fetch-Mode: cors
                    Sec-Fetch-Dest: empty
                    Accept-Encoding: gzip, deflate, br
                    Accept-Language: en-US,en;q=0.9
                    2024-05-27 22:38:18 UTC1223INHTTP/1.1 200 OK
                    Content-Type: image/gif
                    Last-Modified: Wed, 17 Apr 2024 04:45:14 GMT
                    Accept-Ranges: bytes
                    ETag: "0297a98290da1:0"
                    X-SRV: B-OLB-205
                    P3P: CP='CAO DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT'
                    X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
                    Access-Control-Allow-Origin: https://digitalbanking.mtb.com
                    Access-Control-Allow-Credentials: true
                    Access-Control-Allow-Headers: Content-Type
                    Access-Control-Allow-Methods: POST,GET,OPTIONS
                    Server-Timing: dtSInfo;desc="0", dtRpid;desc="1348602600"
                    Set-Cookie: dtCookie=v_4_srv_4_sn_F1B43A255340EB55C47CBBFD462FA1A6_perc_100000_ol_0_mul_1_app-3Aa521059fe666ac1f_0_rcs-3Acss_0; Path=/; Domain=.mtb.com
                    Date: Mon, 27 May 2024 22:38:18 GMT
                    Content-Length: 43
                    Set-Cookie: mtbcookie=ffffffffc3a03fdd45525d5f4f58455e445a4a42378b;path=/;secure;httponly
                    Set-Cookie: TS01e71088=01fb46a9267837a96b77591c09efb321baca239d2ae7d1ca8d48f9307c0175b2692bc5ad765b21714673d63e758551144ed3f7a797; Path=/; Domain=.onlinebanking.mtb.com
                    Set-Cookie: TSba0bc889027=0856addebbab200046461b4816b58abea9adf92d56decc36bd8f4d1a4ac8dfc750099ee69df9d4470870ea238411300067d6ef39d922a595bb9f5bcbc33a651f237c5eb2b2f23f20f97f0dc627c640b3dde10ea5f9744ce6f70011e5ebad5c55; Path=/
                    2024-05-27 22:38:18 UTC43INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 ff ff ff 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b
                    Data Ascii: GIF89a!,D;


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    2192.168.2.5497192.19.244.127443
                    TimestampBytes transferredDirectionData
                    2024-05-27 22:38:18 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    Accept-Encoding: identity
                    User-Agent: Microsoft BITS/7.8
                    Host: fs.microsoft.com
                    2024-05-27 22:38:18 UTC467INHTTP/1.1 200 OK
                    Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                    Content-Type: application/octet-stream
                    ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                    Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                    Server: ECAcc (lpl/EF06)
                    X-CID: 11
                    X-Ms-ApiVersion: Distribute 1.2
                    X-Ms-Region: prod-weu-z1
                    Cache-Control: public, max-age=149479
                    Date: Mon, 27 May 2024 22:38:18 GMT
                    Connection: close
                    X-CID: 2


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    3192.168.2.54972424.75.29.774432020C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    2024-05-27 22:38:19 UTC626OUTGET /images/header_footer.png HTTP/1.1
                    Host: resources.mtb.com
                    Connection: keep-alive
                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                    sec-ch-ua-mobile: ?0
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    sec-ch-ua-platform: "Windows"
                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                    Sec-Fetch-Site: cross-site
                    Sec-Fetch-Mode: no-cors
                    Sec-Fetch-Dest: image
                    Referer: http://46814880-10-20181030130048.webstarterz.com/
                    Accept-Encoding: gzip, deflate, br
                    Accept-Language: en-US,en;q=0.9
                    2024-05-27 22:38:19 UTC582INHTTP/1.1 200 OK
                    Content-Type: image/png
                    Last-Modified: Wed, 17 Apr 2024 05:09:10 GMT
                    Accept-Ranges: bytes
                    ETag: "05f66618590da1:0"
                    X-Srv: B-STC-001
                    Access-Control-Allow-Origin: *
                    X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
                    Server-Timing: dtSInfo;desc="0", dtRpid;desc="-1568534243"
                    Date: Mon, 27 May 2024 22:38:19 GMT
                    Content-Length: 31436
                    Set-Cookie: TSea15929a027=0856addebbab20002dd9f58365daf544f6e9d253a6493f3696c9827f2700f6be6c3289ff70dfc3cc086b4c6e0d1130000e5b4986bbe5aa53c41852303f8430ba21d8383e3663d99dae04f5306e0321c80e8b915be5ff69f8f000404dcb4dfd38; Path=/
                    2024-05-27 22:38:19 UTC14132INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 03 e5 00 00 01 40 08 06 00 00 00 da 8d dd fe 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 00 07 74 49 4d 45 07 e1 0a 1e 0c 32 19 6b bb 5f 5f 00 00 00 07 74 45 58 74 41 75 74 68 6f 72 00 a9 ae cc 48 00 00 00 0c 74 45 58 74 44 65 73 63 72 69 70 74 69 6f 6e 00 13 09 21 23 00 00 00 0a 74 45 58 74 43 6f 70 79 72 69 67 68 74 00 ac 0f cc 3a 00 00 00 0e 74 45 58 74 43 72 65 61 74 69 6f 6e 20 74 69 6d 65 00 35 f7 0f 09 00 00 00 09 74 45 58 74 53 6f 66 74 77 61 72 65 00 5d 70 ff 3a 00 00 00 0b 74 45 58 74 44 69 73 63 6c 61 69 6d 65 72 00 b7 c0 b4 8f 00 00 00 08 74 45 58 74 57 61 72 6e 69 6e 67 00 c0 1b e6 87 00 00 00 07 74 45 58 74 53 6f 75 72 63 65 00 f5 ff 83 eb 00 00 00 08 74 45 58 74
                    Data Ascii: PNGIHDR@pHYs+tIME2k__tEXtAuthorHtEXtDescription!#tEXtCopyright:tEXtCreation time5tEXtSoftware]p:tEXtDisclaimertEXtWarningtEXtSourcetEXt
                    2024-05-27 22:38:19 UTC7243INData Raw: 6d d0 82 dd b5 db da da bc 83 aa 74 8d 10 ce b5 02 10 42 58 42 c4 34 21 92 96 73 50 dd 5f 84 4c a7 ed 33 18 25 25 10 f6 ef 2e 6d 01 51 4d 08 2f a4 03 88 40 08 6f 30 37 e9 fe 1e dd 7d 0c fc 48 c3 30 bc 0f 8d f3 7b 51 5a ca bd dd 16 80 af eb bb 4f 60 56 c8 1f 5a dd 79 bd 90 a9 94 3d a0 80 13 94 33 de 64 80 06 4d 83 f7 46 6b af 4f 87 ae fb 43 bc fb 39 d3 75 13 a6 e9 0b df be 7d 71 cb 85 2c 53 ea f3 f6 51 ad 2b df 3f 0d 2a 2e fe 7e 88 7a 2f 7e be 89 7a 2f 7e be f7 6d 19 27 45 dc ef c6 ed d9 c0 7b 52 c8 09 16 b5 65 56 9a 26 84 53 97 d3 2a ee df ae bd 8d f6 10 e2 5e a3 6d b7 93 79 d9 40 bd 83 96 34 4d 7b 3f 74 1d 52 d9 c7 b0 5e b9 c1 eb c7 fd 3b eb 34 7a 9b a6 17 9c d5 4c e0 e4 42 77 da 0b ad c1 13 04 4a 8b 9e 7b 9f 70 48 29 75 09 d8 21 de fe 89 48 20 0d 29 23
                    Data Ascii: mtBXB4!sP_L3%%.mQM/@o07}H0{QZO`VZy=3dMFkOC9u}q,SQ+?*.~z/~z/~m'E{ReV&S*^my@4M{?tR^;4zLBwJ{pH)u!H )#
                    2024-05-27 22:38:19 UTC7243INData Raw: 50 a0 71 ce 39 4b 6d 71 c2 d8 e0 b0 90 dc de 98 99 83 88 68 d7 c1 89 98 ae 56 12 16 96 01 66 d0 d0 e6 47 52 27 1e 48 db 37 eb 0d 83 a8 17 71 80 a5 ce 40 a4 ef 4d 16 0b 41 f8 bc 16 0b 87 6c 3a 0c 3e 76 08 d2 22 74 b2 2e 16 3a eb 44 ec d8 c3 4b 28 f1 36 8f f0 a1 9d f6 99 b3 f4 45 e7 2a 85 9c 41 1f bd 2f de 37 f1 03 da a4 aa d8 aa be 84 87 9d fa 78 14 65 52 e5 df 2c 6e 77 e2 18 82 a6 99 ec 3d 75 54 76 45 44 44 44 8f c2 a8 6a ae 9a 97 3b 44 db 53 f9 56 07 c9 fb b2 b7 53 3d a9 db 78 81 bc 2f 1b 57 f7 85 71 bd 27 da a1 4f 5d 8f e4 f6 e2 db 4a 6e 0f b3 a6 c8 56 a7 e1 cd 00 b3 c1 86 01 16 13 18 f1 b1 59 d3 00 7d 6f 29 30 cf 19 f5 c6 cc ac e9 d3 eb c9 db ec fb 5e e2 24 0d f3 42 85 e1 66 13 96 58 2c 42 4f ef 66 21 6d 1e 3a 5c 0f d7 ad b1 fc dd 54 3f a8 f7 de bc cf
                    Data Ascii: Pq9KmqhVfGR'H7q@MAl:>v"t.:DK(6E*A/7xeR,nw=uTvEDDDj;DSVS=x/Wq'O]JnVY}o)0^$BfX,BOf!m:\T?
                    2024-05-27 22:38:19 UTC2818INData Raw: d6 fa be cf d9 e4 f8 dc cc 6c 2a b8 1f a5 c8 8b fd 8d 02 75 ef bd 02 d0 f5 7a ed 6e 6e 6e d4 cc 2c 95 cf 17 cb 95 01 ba 9a 99 f5 7d 6f aa 6a df 7e fb ad bd 79 f3 06 a7 a7 a7 5a 1c af a9 2a ea 0c 7a ca 9a 57 d9 73 8b 81 39 00 e0 f5 eb d7 7d 7c c8 0a 56 a2 47 ac 15 91 a7 f1 b1 89 c8 12 21 28 4f 1f 86 de cc bc 88 ec 0b ca 89 e8 e3 4d 05 d5 0e 21 5b ee b0 bd 49 96 ce c1 a6 58 8f d5 2b 44 44 c7 eb 2e 37 5d a7 be 0b 6e 3b 2d 4d 3f 34 06 f7 4e 90 5e 3e af 3a 8d 4b cf f7 06 e5 53 81 7b ec 8d 7d b2 04 bd 9a a7 c5 f3 bc 7c 71 1c ea bd 37 e7 5c 0e 98 bd f7 26 22 26 22 e6 bd 9f cc 92 2f 97 4b dd 6c 36 58 2e 97 66 b1 54 3d 36 7f b7 74 0c 66 a6 5d d7 e5 61 de ba ae 4b d9 73 33 33 7b f2 e4 49 99 59 17 55 c5 62 b1 80 f7 de 2e 2f 2f 05 80 bd 7b f7 4e 54 15 cf 9f 3f 37 00
                    Data Ascii: l*uznnn,}oj~yZ*zWs9}|VG!(OM![IX+DD.7]n;-M?4N^>:KS{}|q7\&"&"/Kl6X.fT=6tf]aKs33{IYUb.//{NT?7


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    4192.168.2.54972324.75.29.774432020C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    2024-05-27 22:38:19 UTC620OUTGET /images/general.png HTTP/1.1
                    Host: resources.mtb.com
                    Connection: keep-alive
                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                    sec-ch-ua-mobile: ?0
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    sec-ch-ua-platform: "Windows"
                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                    Sec-Fetch-Site: cross-site
                    Sec-Fetch-Mode: no-cors
                    Sec-Fetch-Dest: image
                    Referer: http://46814880-10-20181030130048.webstarterz.com/
                    Accept-Encoding: gzip, deflate, br
                    Accept-Language: en-US,en;q=0.9
                    2024-05-27 22:38:19 UTC579INHTTP/1.1 200 OK
                    Content-Type: image/png
                    Last-Modified: Wed, 17 Apr 2024 05:09:10 GMT
                    Accept-Ranges: bytes
                    ETag: "05f66618590da1:0"
                    X-Srv: B-STC-001
                    Access-Control-Allow-Origin: *
                    X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
                    Server-Timing: dtSInfo;desc="0", dtRpid;desc="52044376"
                    Date: Mon, 27 May 2024 22:38:19 GMT
                    Content-Length: 36351
                    Set-Cookie: TSea15929a027=0856addebbab20008e7e3e3fc6834921dbb43f8d3a9a6a755564598060f571191a1aa8c434e2b1b708b2b245641130001b605bad97eaa80ec41852303f8430ba5e86254b329b3f2498b9e41e20ff539e947d95f66ee4230e4db2478fd060700e; Path=/
                    2024-05-27 22:38:19 UTC15805INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 40 00 00 04 00 08 06 00 00 00 90 f0 80 61 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 8d a1 49 44 41 54 78 da ec 9d 0b 7c 14 d5 d9 ff 9f 0d 81 40 30 b2 80 08 72 0d 4a d5 e2 a5 bb f6 b5 b5 2a 95 b4 56 f1 1e 5a 8d 78 ab 89 5c b4 be d6 90 5a 6b c4 ff bf 80 ff 8f 48 d5 16 62 5b ad 5c 4c 2c 55 b9 a8 c4 5b 85 56 0d 16 6d 7d 8b ba 11 34 af 54 90 18 b9 0a 09 cb 25 37 08 ec ff 3c b3 33 cb ee 66 76 77 36 bb 33 e7 24 f9 7d 3f 9f c3 ec cc 9c 99 fc 98 d9 f9 ed f3 9c 39 73 c6 45 61 3c f9 fe df c6 fb 0f 1e 28 ae df ef cf ff da bf 97 f6 1c d8 47 0d 8d 07 68 6f f3 c1 ca 83 87 5a cb b6 fd 66 c9 1a 92 c8 ee dd bb c7 37 37 37 17 37 35 35 e5 37 35
                    Data Ascii: PNGIHDR@atEXtSoftwareAdobe ImageReadyqe<IDATx|@0rJ*VZx\ZkHb[\L,U[Vm}4T%7<3fvw63$}?9sEa<(GhoZf77775575
                    2024-05-27 22:38:19 UTC579INData Raw: d1 49 0d 10 00 c9 b0 c1 1c 3e 7c 38 34 ff bd 05 33 69 fd ae 3a d3 ba 67 0f 1e 49 ff 9a 36 3b 34 cf ed 72 76 d3 a7 4f 9f 88 f9 4b 96 3e 46 9f ee de 66 5a f7 8c 41 c3 e8 6f 93 7e 19 9a e7 36 c3 03 07 0e 38 7a 3c 4f 3b ed b4 76 9a 0d 9a 9b 9b 69 e3 c6 8d f8 d2 19 e7 07 87 00 c8 42 44 ec 7c 27 52 33 bf f0 f2 ea 0d bf a0 b3 4e 1c d1 ae 3e 2f e3 75 e1 75 8f 1e 3d 6a bb be e8 36 be 95 d7 dd 4d 67 0e 1a de ae 3e 2f e3 75 e1 75 d9 dc 9d 66 d3 a6 4d 9a d1 99 99 1f af 03 c7 40 1b 20 90 0a 37 61 0c 1f de de 4c ea f6 d5 d3 0f 96 3c 4c fb 5a 83 17 72 bf ac 3e f4 f6 2d f7 d3 c8 7e 03 db d5 dd ba 75 ab 6d cd 1f ac 6f c4 88 11 a6 fa f2 fe 3c 27 42 5f d5 4f 67 98 ea fb ea ab af 6c d5 17 2b aa e6 48 d0 88 90 8f 1c 39 a2 45 7e 87 0e 1d 8a 65 f6 dd d2 0b d0 06 98 22 68 03 4c
                    Data Ascii: I>|843i:gI6;4rvOK>FfZAo~68z<O;viBD|'R3N>/uu=j6Mg>/uufM@ 7aL<LZr>-~umo<'B_Ogl+H9E~e"hL
                    2024-05-27 22:38:19 UTC6433INData Raw: 08 a4 23 ae df 5c 31 99 27 4a 7e 92 a9 9f 23 0f f3 b3 09 6e de bc 79 5e 53 53 53 3e 1b 9c 6a fa c2 22 41 0c 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d2 84 ab dd 92 d2 82 40 e8 f3 dc e5 2e d5 04 fb 7c be 90 3e af d7 ab 9c be 19 ab 28 a4 6f ce 04 52 4e df e4 05 6b 43 fa 16 4f 1b e7 52 e4 9c ba c5 64 ba 28 c5 a2 b8 2d 6e e6 17 a5 4c 7c 07 66 75 77 7d ba c6 59 2a eb 53 d7 00 c3 0d 2f 11 12 0c 31 dc f0 12 21 c3 10 c3 0d 2f 11 32 0c 31 dc f0 12 21 cb 10 c5 39 f6 f5 e8 d1 c3 33 68 d0 20 3a ee b8 e3 b4 12 8f 83 07 0f 6a 65 f7 ee dd 74 e4 c8 91 6a 71 de bd 76 eb
                    Data Ascii: #\1'J~#ny^SSS>j"A@.|>(oRNkCORd(-nL|fuw}Y*S/1!/21!93h :jetjqv
                    2024-05-27 22:38:19 UTC5804INData Raw: d0 4c 7d 7d 7d 60 fd fa f5 81 a6 a6 26 6d fe cb 2f bf 8c d0 f7 f9 e7 9f 4b d1 c7 1d a1 99 0f b7 96 07 1e 7c d3 1d d8 be 3f a8 f7 85 0d 85 11 fa 16 fe 7b bc 14 7d dc 11 9a 79 6f e3 ae c0 cf 2b fe 15 a8 db 73 50 9b 7f 7a cd 7f 22 f4 3d f2 ea fa 00 01 d0 c5 c9 88 69 db df be 88 b6 dc f7 7b ed 66 48 d1 0b 4f 50 c5 87 ef 28 25 7c c0 80 01 34 76 ec 58 ed 66 48 5d 5d 1d 35 34 34 28 a5 ef 9c 61 85 74 ef 45 5b b4 9b 21 2f 7e 52 44 1f 6d ab 50 4a df f9 a7 9e 48 73 6f f8 2f ed 66 48 f9 3b 9f d3 7b ff d9 85 ab 01 c0 00 c3 e1 3b c0 2a 9a 9f 01 df 01 56 d1 fc 0c f8 0e b0 8a e6 67 c0 77 80 61 7e a0 3b 93 99 b0 81 e1 da 3b 23 da 04 55 83 db 03 c3 db 04 55 83 db 03 c3 db 04 55 a3 e8 a2 6f 68 05 00 44 80 00 00 d0 dd 23 40 7d e0 03 65 d1 07 3e 50 16 7d e0 03 65 d1 07 3e 00
                    Data Ascii: L}}}`&m/K|?{}yo+sPz"=i{fHOP(%|4vXfH]]544(atE[!/~RDmPJHso/fH;{;*Vgwa~;;#UUUohD#@}e>P}e>
                    2024-05-27 22:38:19 UTC7730INData Raw: d1 75 bc 9f 89 8e 1d 1d 6e 22 ac 51 5b b4 05 7d ae 69 c8 a6 bf 25 56 3d 3a 77 bd ae 3f 98 26 68 44 7d e6 be 8d cb e2 42 be 19 aa 61 80 21 de d8 a0 18 c2 be ee d3 2b 61 de d8 a0 18 a2 bc b1 41 a9 06 33 71 f8 23 e3 4b 5a 57 47 c3 c3 c3 d0 e7 27 c6 10 14 8e ec 76 86 75 d9 99 83 11 46 1e d9 e0 5a 60 a0 ad 01 e6 7c 51 eb 72 bf aa a3 a3 a3 d0 57 bc f9 59 6f 8d df 2c de cf 08 e5 56 f8 3a 7e d7 50 dd 80 86 06 18 b3 4e 64 5c 29 92 33 a9 e5 d0 e7 8c d9 76 97 af 87 b0 a9 c0 7b fb f2 c1 4a fd ae 21 02 04 da 11 d6 35 be c5 a2 d9 35 be 4e f0 18 3a e3 46 a8 7c bb fb b1 4f 5c 4b 17 78 6f de 26 bf c1 b2 3f 18 20 00 41 a3 7b 9b 6f 99 dc e6 8a 7b 70 cd 01 cc 66 ef aa 15 33 dd 8d 2b f3 73 4a 7f d7 d9 f6 57 91 e0 9e 65 00 54 22 b9 4f 81 eb f4 d4 d1 71 ee 1a 5d 26 d8 a7 c4 45
                    Data Ascii: un"Q[}i%V=:w?&hD}Ba!+aA3q#KZWG'vuFZ`|QrWYo,V:~PNd\)3v{J!55N:F|O\Kxo&? A{o{pf3+sJWeT"Oq]&E


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    5192.168.2.54972224.75.29.774432020C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    2024-05-27 22:38:19 UTC632OUTGET /images/Dropdown-sprite_slk.png HTTP/1.1
                    Host: resources.mtb.com
                    Connection: keep-alive
                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                    sec-ch-ua-mobile: ?0
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    sec-ch-ua-platform: "Windows"
                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                    Sec-Fetch-Site: cross-site
                    Sec-Fetch-Mode: no-cors
                    Sec-Fetch-Dest: image
                    Referer: http://46814880-10-20181030130048.webstarterz.com/
                    Accept-Encoding: gzip, deflate, br
                    Accept-Language: en-US,en;q=0.9
                    2024-05-27 22:38:19 UTC580INHTTP/1.1 200 OK
                    Content-Type: image/png
                    Last-Modified: Wed, 17 Apr 2024 05:09:10 GMT
                    Accept-Ranges: bytes
                    ETag: "05f66618590da1:0"
                    X-Srv: B-STC-001
                    Access-Control-Allow-Origin: *
                    X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
                    Server-Timing: dtSInfo;desc="0", dtRpid;desc="2099295867"
                    Date: Mon, 27 May 2024 22:38:19 GMT
                    Content-Length: 2214
                    Set-Cookie: TSea15929a027=0856addebbab2000c087955684d02f31e423f7b38a711cf4fc07ec32a336e816c5b337d506ef65d408c2336bd81130000fe35ba4255ec01bc41852303f8430ba9ffef6e8fe22ad78954e07289b714de398b1bafd19cce4b9d141cdaffdcd3752; Path=/
                    2024-05-27 22:38:19 UTC2214INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 1b 00 00 00 c4 08 06 00 00 00 6e bc 5a af 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0b 10 00 00 0b 10 01 ad 23 bd 75 00 00 08 48 49 44 41 54 78 5e ed 5c 6d 73 53 45 14 e6 27 f0 53 d0 5f c0 1f d0 f1 93 33 0a 38 ea e0 f7 ce a8 a3 7e 40 03 33 e2 cb f8 36 02 8e df 44 67 7c a5 6f 52 40 40 a4 8b 16 a8 50 48 5a 92 f6 b6 b9 e5 86 a6 a1 49 9a 26 69 da 90 b6 49 39 ee b3 b9 7b 4d 2f b9 2f 49 ee a6 28 65 e6 99 6c f7 9c 3d cf dd bd 7b cf 7d f6 34 65 57 38 1c de 9b 4a a5 7a 88 28 a4 08 2f ef 92 ff 38 59 c8 48 18 6c f3 61 8d 54 a1 56 ab 45 f8 44 76 ef 12 64 86 ce 6a 9b 6b a4 14 b5 35 26 c8 74 4e b6 b1 59 26 d5 30 c9 e2 6c bd 56 22 d5 a8 93 e9 1a ab 54 0b a4 1a 16 59 79 23 47 aa
                    Data Ascii: PNGIHDRnZgAMAapHYs#uHIDATx^\msSE'S_38~@36Dg|oR@@PHZI&iI9{M//I(el={}4eW8Jz(/8YHlaTVEDvdjk5&tNY&0lV"TYy#G


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    6192.168.2.5497212.19.244.127443
                    TimestampBytes transferredDirectionData
                    2024-05-27 22:38:19 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    Accept-Encoding: identity
                    If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                    Range: bytes=0-2147483646
                    User-Agent: Microsoft BITS/7.8
                    Host: fs.microsoft.com
                    2024-05-27 22:38:19 UTC535INHTTP/1.1 200 OK
                    Content-Type: application/octet-stream
                    Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                    ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                    ApiVersion: Distribute 1.1
                    Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                    X-Azure-Ref: 0WwMRYwAAAABe7whxSEuqSJRuLqzPsqCaTE9OMjFFREdFMTcxNQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y=
                    Cache-Control: public, max-age=149527
                    Date: Mon, 27 May 2024 22:38:19 GMT
                    Content-Length: 55
                    Connection: close
                    X-CID: 2
                    2024-05-27 22:38:19 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                    Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    7192.168.2.549729192.216.61.784432020C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    2024-05-27 22:38:21 UTC495OUTGET /images/Dropdown-sprite_slk.png HTTP/1.1
                    Host: resources.mtb.com
                    Connection: keep-alive
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    Accept: */*
                    Sec-Fetch-Site: none
                    Sec-Fetch-Mode: cors
                    Sec-Fetch-Dest: empty
                    Accept-Encoding: gzip, deflate, br
                    Accept-Language: en-US,en;q=0.9
                    Cookie: dtCookie=v_4_srv_4_sn_F1B43A255340EB55C47CBBFD462FA1A6_perc_100000_ol_0_mul_1_app-3Aa521059fe666ac1f_0_rcs-3Acss_0
                    2024-05-27 22:38:21 UTC580INHTTP/1.1 200 OK
                    Content-Type: image/png
                    Last-Modified: Wed, 17 Apr 2024 05:13:48 GMT
                    Accept-Ranges: bytes
                    ETag: "0ce1978690da1:0"
                    X-Srv: M-STC-002
                    Access-Control-Allow-Origin: *
                    X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
                    Server-Timing: dtSInfo;desc="0", dtRpid;desc="-1494238864"
                    Date: Mon, 27 May 2024 22:38:20 GMT
                    Content-Length: 2214
                    Set-Cookie: TSf60233d5027=08affc4e07ab2000daeb1db724ee9eab25c3a0b6a09cebfa9439d9c3dd4fd03b83f5031758f7f2be08dbd1447311300003d9000b3bd98da05b8176328d1216f772071819c16d2aba8ea461c3006923331d7a673e6438d3a920f412f93cd99c2a; Path=/
                    2024-05-27 22:38:21 UTC2214INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 1b 00 00 00 c4 08 06 00 00 00 6e bc 5a af 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0b 10 00 00 0b 10 01 ad 23 bd 75 00 00 08 48 49 44 41 54 78 5e ed 5c 6d 73 53 45 14 e6 27 f0 53 d0 5f c0 1f d0 f1 93 33 0a 38 ea e0 f7 ce a8 a3 7e 40 03 33 e2 cb f8 36 02 8e df 44 67 7c a5 6f 52 40 40 a4 8b 16 a8 50 48 5a 92 f6 b6 b9 e5 86 a6 a1 49 9a 26 69 da 90 b6 49 39 ee b3 b9 7b 4d 2f b9 2f 49 ee a6 28 65 e6 99 6c f7 9c 3d cf dd bd 7b cf 7d f6 34 65 57 38 1c de 9b 4a a5 7a 88 28 a4 08 2f ef 92 ff 38 59 c8 48 18 6c f3 61 8d 54 a1 56 ab 45 f8 44 76 ef 12 64 86 ce 6a 9b 6b a4 14 b5 35 26 c8 74 4e b6 b1 59 26 d5 30 c9 e2 6c bd 56 22 d5 a8 93 e9 1a ab 54 0b a4 1a 16 59 79 23 47 aa
                    Data Ascii: PNGIHDRnZgAMAapHYs#uHIDATx^\msSE'S_38~@36Dg|oR@@PHZI&iI9{M//I(el={}4eW8Jz(/8YHlaTVEDvdjk5&tNY&0lV"TYy#G


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    8192.168.2.549728192.216.61.784432020C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    2024-05-27 22:38:21 UTC483OUTGET /images/general.png HTTP/1.1
                    Host: resources.mtb.com
                    Connection: keep-alive
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    Accept: */*
                    Sec-Fetch-Site: none
                    Sec-Fetch-Mode: cors
                    Sec-Fetch-Dest: empty
                    Accept-Encoding: gzip, deflate, br
                    Accept-Language: en-US,en;q=0.9
                    Cookie: dtCookie=v_4_srv_4_sn_F1B43A255340EB55C47CBBFD462FA1A6_perc_100000_ol_0_mul_1_app-3Aa521059fe666ac1f_0_rcs-3Acss_0
                    2024-05-27 22:38:21 UTC579INHTTP/1.1 200 OK
                    Content-Type: image/png
                    Last-Modified: Wed, 17 Apr 2024 05:13:48 GMT
                    Accept-Ranges: bytes
                    ETag: "0ce1978690da1:0"
                    X-Srv: M-STC-002
                    Access-Control-Allow-Origin: *
                    X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
                    Server-Timing: dtSInfo;desc="0", dtRpid;desc="951877927"
                    Date: Mon, 27 May 2024 22:38:20 GMT
                    Content-Length: 36351
                    Set-Cookie: TSf60233d5027=08affc4e07ab200092a0aae6e26007870d7da586c700db719c201c9468a1dc480101cd766ed1499d08e728670a1130007ca87a2eac5f95595b8176328d1216f7d7b48c159c4afc7bb0d0a3859b4776feebd76270e107b183cf5a40140f68c04a; Path=/
                    2024-05-27 22:38:21 UTC6892INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 40 00 00 04 00 08 06 00 00 00 90 f0 80 61 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 8d a1 49 44 41 54 78 da ec 9d 0b 7c 14 d5 d9 ff 9f 0d 81 40 30 b2 80 08 72 0d 4a d5 e2 a5 bb f6 b5 b5 2a 95 b4 56 f1 1e 5a 8d 78 ab 89 5c b4 be d6 90 5a 6b c4 ff bf 80 ff 8f 48 d5 16 62 5b ad 5c 4c 2c 55 b9 a8 c4 5b 85 56 0d 16 6d 7d 8b ba 11 34 af 54 90 18 b9 0a 09 cb 25 37 08 ec ff 3c b3 33 cb ee 66 76 77 36 bb 33 e7 24 f9 7d 3f 9f c3 ec cc 9c 99 fc 98 d9 f9 ed f3 9c 39 73 c6 45 61 3c f9 fe df c6 fb 0f 1e 28 ae df ef cf ff da bf 97 f6 1c d8 47 0d 8d 07 68 6f f3 c1 ca 83 87 5a cb b6 fd 66 c9 1a 92 c8 ee dd bb c7 37 37 37 17 37 35 35 e5 37 35
                    Data Ascii: PNGIHDR@atEXtSoftwareAdobe ImageReadyqe<IDATx|@0rJ*VZx\ZkHb[\L,U[Vm}4T%7<3fvw63$}?9sEa<(GhoZf77775575
                    2024-05-27 22:38:21 UTC7243INData Raw: 62 e2 9d 74 7c 56 ec bb 98 dc 3b 20 d5 9b 0c 61 8f 58 9a ea cb 5f 5e a6 a5 e4 8f 5f 7a 73 68 f9 dd ab ff a2 a5 ec 95 05 c5 71 f5 71 1b 9c 1d 37 41 0c cc 6e 74 58 b9 41 12 4e d7 bf 09 02 80 42 29 70 78 61 a3 e3 ee 24 bf fd c1 f5 11 cb 79 9e 97 f3 7a 99 fd 00 d9 e8 46 ba 07 6a 77 a1 c3 97 f3 3c 2f e7 f5 b2 fa 01 a2 1b 0c 0c 10 74 62 03 fc c5 5b 4b e9 ab fd 0d 5a 17 12 b3 f5 bc 9c d7 73 3d 3b 0d 30 56 1f be bb de f8 b3 f6 f7 9f b8 a2 c8 74 3d 2f e7 f5 5c cf e9 7e 80 6c ae 46 9a 6b 16 e5 19 1d a3 19 ae d7 1d ef 00 c3 00 81 b2 06 b8 f8 e3 b5 f4 fe f6 cd f4 dc 95 53 e9 b8 9e e6 23 c5 f0 72 5e cf f5 b8 be 93 11 e0 53 1f be 4d ef 7d f5 39 bd 7e f3 bd 34 20 fb 38 d3 3a bc 9c d7 73 3d ae af 42 37 98 68 13 ec ee dd 60 60 80 40 39 03 5c f1 d9 07 54 f6 e1 df e9 89 8b
                    Data Ascii: bt|V; aX_^_zshqq7AntXANB)pxa$yzFjw</tb[KZs=;0Vt=/\~lFkS#r^SM}9~4 8:s=B7h``@9\T
                    2024-05-27 22:38:21 UTC7243INData Raw: cc 4f 36 46 37 18 36 40 ee 06 c3 26 18 dd 0d 06 11 20 00 0a a6 c0 46 f1 9c 34 8a 56 df 5a 4a cf ae 7f 4f 9b f2 bc 95 ed ec 8e 00 8d 72 7a ff 21 b4 e4 b2 c9 f4 e2 7f 3e d2 a6 3c 6f 65 3b a7 88 d7 0d 06 11 20 00 12 69 69 69 a1 be 7d fb 26 ac e7 1d 3a 9a fe 53 32 8f 46 b9 4f b0 b4 df c6 c6 f4 3c e3 cc 23 ca 58 31 d3 53 dd 27 d2 9b 3f 29 a1 61 c7 b9 2d 75 27 71 3a 3a 64 e3 e3 ae 63 1d 19 2c 15 06 08 80 0d 70 44 c2 29 5a 4e 4e 8e a5 fa a3 07 9c 98 54 ea 47 94 fa ab 07 92 e9 1b 77 52 f6 f1 96 8d 4d df 6f aa fa 78 7b cb 43 97 75 c0 fc fc 5d f9 fb 87 14 18 48 25 3b 3b bb 92 bb 82 70 64 62 65 f0 53 ab 85 f7 c7 fb a5 18 cf 42 5b c5 e5 72 55 1a 23 b7 24 33 02 74 a2 12 36 1a 4c 59 8a 87 b0 cc e6 53 54 d6 95 bf 7f e8 07 08 a4 12 08 04 72 6b 6a 6a 7c c2 0c dc a9 be 75
                    Data Ascii: O6F76@& F4VZJOrz!><oe; iii}&:S2FO<#X1S'?)a-u'q::dc,pD)ZNNTGwRMox{Cu]H%;;pdbeSB[rU#$3t6LYSTrkjj|u
                    2024-05-27 22:38:21 UTC7243INData Raw: 53 c1 04 4d cc 2f a4 cf 76 13 2c 2d 98 25 fe e5 bf 3f 5a 9b 06 e7 55 33 3f b7 16 c9 04 a7 ea 98 e0 dc e5 ac a9 4c 94 72 a1 29 57 9b f2 7c 70 b9 0a 14 e9 df a7 72 fd c7 ad 5c 9f 57 22 d2 4f 26 02 9c 69 72 71 18 5f 02 15 7e b5 a1 af 33 ea 0b 46 04 c5 da 05 31 77 79 ad 7e 61 14 87 22 06 f9 94 eb e6 5c a4 a7 71 45 fa bc 3a 91 ea dc e5 b3 f4 f3 b6 45 9b 06 e7 55 d1 e6 d7 52 5d ce 16 83 91 9f 5f 4f 7d fd 9d cd 00 9f 89 71 71 90 f6 39 f8 eb 23 93 b8 fa 44 14 a8 b4 3e 11 05 2a ad 4f 44 81 76 e9 9b a9 5f 10 d5 fa 05 53 ad 5f 30 33 15 88 fe c6 8b 7f f3 29 d8 86 55 11 16 71 55 68 cb 15 69 c8 d7 75 15 51 74 5b 9b 7a 26 58 ab 92 f9 31 ae 24 bf 10 e1 69 52 f4 7f d2 25 fb 3f 13 95 06 47 e0 f5 7a a5 eb 8b 4a 83 23 98 33 81 a4 eb 8b 4a 83 23 58 3c 6d 9c 8b ba 23 6c 72 66
                    Data Ascii: SM/v,-%?ZU3?Lr)W|pr\W"O&irq_~3F1wy~a"\qE:EUR]_O}qq9#D>*ODv_S_03)UqUhiuQt[z&X1$iR%?GzJ#3J#X<m#lrf
                    2024-05-27 22:38:21 UTC7730INData Raw: d1 75 bc 9f 89 8e 1d 1d 6e 22 ac 51 5b b4 05 7d ae 69 c8 a6 bf 25 56 3d 3a 77 bd ae 3f 98 26 68 44 7d e6 be 8d cb e2 42 be 19 aa 61 80 21 de d8 a0 18 c2 be ee d3 2b 61 de d8 a0 18 a2 bc b1 41 a9 06 33 71 f8 23 e3 4b 5a 57 47 c3 c3 c3 d0 e7 27 c6 10 14 8e ec 76 86 75 d9 99 83 11 46 1e d9 e0 5a 60 a0 ad 01 e6 7c 51 eb 72 bf aa a3 a3 a3 d0 57 bc f9 59 6f 8d df 2c de cf 08 e5 56 f8 3a 7e d7 50 dd 80 86 06 18 b3 4e 64 5c 29 92 33 a9 e5 d0 e7 8c d9 76 97 af 87 b0 a9 c0 7b fb f2 c1 4a fd ae 21 02 04 da 11 d6 35 be c5 a2 d9 35 be 4e f0 18 3a e3 46 a8 7c bb fb b1 4f 5c 4b 17 78 6f de 26 bf c1 b2 3f 18 20 00 41 a3 7b 9b 6f 99 dc e6 8a 7b 70 cd 01 cc 66 ef aa 15 33 dd 8d 2b f3 73 4a 7f d7 d9 f6 57 91 e0 9e 65 00 54 22 b9 4f 81 eb f4 d4 d1 71 ee 1a 5d 26 d8 a7 c4 45
                    Data Ascii: un"Q[}i%V=:w?&hD}Ba!+aA3q#KZWG'vuFZ`|QrWYo,V:~PNd\)3v{J!55N:F|O\Kxo&? A{o{pf3+sJWeT"Oq]&E


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    9192.168.2.549730192.216.61.784432020C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    2024-05-27 22:38:21 UTC489OUTGET /images/header_footer.png HTTP/1.1
                    Host: resources.mtb.com
                    Connection: keep-alive
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    Accept: */*
                    Sec-Fetch-Site: none
                    Sec-Fetch-Mode: cors
                    Sec-Fetch-Dest: empty
                    Accept-Encoding: gzip, deflate, br
                    Accept-Language: en-US,en;q=0.9
                    Cookie: dtCookie=v_4_srv_4_sn_F1B43A255340EB55C47CBBFD462FA1A6_perc_100000_ol_0_mul_1_app-3Aa521059fe666ac1f_0_rcs-3Acss_0
                    2024-05-27 22:38:21 UTC578INHTTP/1.1 200 OK
                    Content-Type: image/png
                    Last-Modified: Wed, 17 Apr 2024 05:13:48 GMT
                    Accept-Ranges: bytes
                    ETag: "0ce1978690da1:0"
                    X-Srv: M-STC-002
                    Access-Control-Allow-Origin: *
                    X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
                    Server-Timing: dtSInfo;desc="0", dtRpid;desc="72323629"
                    Date: Mon, 27 May 2024 22:38:20 GMT
                    Content-Length: 31436
                    Set-Cookie: TSf60233d5027=08affc4e07ab200098d949e174da7e86ccf114cc3fc4d12ae6f28df5878abf5e65dad6bc8b942b8d086d4293881130005634f29cd731be0a5b8176328d1216f780926e7e28a70bdbdcf4ba499b68703e879f0498dbd762ebca07f040455ff617; Path=/
                    2024-05-27 22:38:21 UTC6893INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 03 e5 00 00 01 40 08 06 00 00 00 da 8d dd fe 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 00 07 74 49 4d 45 07 e1 0a 1e 0c 32 19 6b bb 5f 5f 00 00 00 07 74 45 58 74 41 75 74 68 6f 72 00 a9 ae cc 48 00 00 00 0c 74 45 58 74 44 65 73 63 72 69 70 74 69 6f 6e 00 13 09 21 23 00 00 00 0a 74 45 58 74 43 6f 70 79 72 69 67 68 74 00 ac 0f cc 3a 00 00 00 0e 74 45 58 74 43 72 65 61 74 69 6f 6e 20 74 69 6d 65 00 35 f7 0f 09 00 00 00 09 74 45 58 74 53 6f 66 74 77 61 72 65 00 5d 70 ff 3a 00 00 00 0b 74 45 58 74 44 69 73 63 6c 61 69 6d 65 72 00 b7 c0 b4 8f 00 00 00 08 74 45 58 74 57 61 72 6e 69 6e 67 00 c0 1b e6 87 00 00 00 07 74 45 58 74 53 6f 75 72 63 65 00 f5 ff 83 eb 00 00 00 08 74 45 58 74
                    Data Ascii: PNGIHDR@pHYs+tIME2k__tEXtAuthorHtEXtDescription!#tEXtCopyright:tEXtCreation time5tEXtSoftware]p:tEXtDisclaimertEXtWarningtEXtSourcetEXt
                    2024-05-27 22:38:21 UTC7243INData Raw: e1 14 ba 07 5b ca 89 88 88 88 a8 a8 72 b5 fa 66 eb 8a de 99 75 dc e5 b9 ea 0a d6 b7 b7 75 b6 db 7d 67 5b ca 9d 5b 9b d5 21 b3 75 7c 27 ec 6e e8 33 0b d9 6f e7 76 69 61 5d da 3b 54 4f 77 da 1b a1 3c 6c 1b fb 5a c8 cf b6 8f 3d dd 52 de f8 7f 2f e1 e5 8b 7e 08 00 38 e6 77 3f c0 e1 d7 5f 5a d0 8a 4f 3f fd 34 6e b9 e5 16 2c 5d ba d4 9b 77 ab 7e 28 ae 7f f7 9f a8 38 6c ef 5c 4b 9e dc d1 82 37 af bf 13 cd 1f ae c3 e9 4f fc 06 7d 87 0d 04 f6 e3 ee eb 02 39 46 de 23 da 8f f1 bd 4d 44 44 44 7b 5d 77 9d 30 70 02 d9 2c 00 93 43 16 77 aa 85 3b 4f 97 f6 05 4e 9d dd 1d fe 72 ed 0f 43 39 8a b6 8f f2 91 83 cf c5 ee d5 9b 30 6e c6 79 98 fa c0 2d 05 ad b4 71 e3 46 1c 7a e8 a1 68 6e 6e c6 c5 17 5f 8c f9 f3 e7 e3 33 c6 01 98 da dc 07 a3 a7 4f c5 e9 ff bc b3 87 77 db ef c3 3f
                    Data Ascii: [rfuu}g[[!u|'n3ovia];TOw<lZ=R/~8w?_ZO?4n,]w~(8l\K7O}9F#MDDD{]w0p,Cw;ONrC90ny-qFzhnn_3Ow?
                    2024-05-27 22:38:21 UTC7243INData Raw: b5 db da da bc 83 aa 74 8d 10 ce b5 02 10 42 58 42 c4 34 21 92 96 73 50 dd 5f 84 4c a7 ed 33 18 25 25 10 f6 ef 2e 6d 01 51 4d 08 2f a4 03 88 40 08 6f 30 37 e9 fe 1e dd 7d 0c fc 48 c3 30 bc 0f 8d f3 7b 51 5a ca bd dd 16 80 af eb bb 4f 60 56 c8 1f 5a dd 79 bd 90 a9 94 3d a0 80 13 94 33 de 64 80 06 4d 83 f7 46 6b af 4f 87 ae fb 43 bc fb 39 d3 75 13 a6 e9 0b df be 7d 71 cb 85 2c 53 ea f3 f6 51 ad 2b df 3f 0d 2a 2e fe 7e 88 7a 2f 7e be 89 7a 2f 7e be f7 6d 19 27 45 dc ef c6 ed d9 c0 7b 52 c8 09 16 b5 65 56 9a 26 84 53 97 d3 2a ee df ae bd 8d f6 10 e2 5e a3 6d b7 93 79 d9 40 bd 83 96 34 4d 7b 3f 74 1d 52 d9 c7 b0 5e b9 c1 eb c7 fd 3b eb 34 7a 9b a6 17 9c d5 4c e0 e4 42 77 da 0b ad c1 13 04 4a 8b 9e 7b 9f 70 48 29 75 09 d8 21 de fe 89 48 20 0d 29 23 88 44 80 54
                    Data Ascii: tBXB4!sP_L3%%.mQM/@o07}H0{QZO`VZy=3dMFkOC9u}q,SQ+?*.~z/~z/~m'E{ReV&S*^my@4M{?tR^;4zLBwJ{pH)u!H )#DT
                    2024-05-27 22:38:21 UTC10057INData Raw: 39 4b 6d 71 c2 d8 e0 b0 90 dc de 98 99 83 88 68 d7 c1 89 98 ae 56 12 16 96 01 66 d0 d0 e6 47 52 27 1e 48 db 37 eb 0d 83 a8 17 71 80 a5 ce 40 a4 ef 4d 16 0b 41 f8 bc 16 0b 87 6c 3a 0c 3e 76 08 d2 22 74 b2 2e 16 3a eb 44 ec d8 c3 4b 28 f1 36 8f f0 a1 9d f6 99 b3 f4 45 e7 2a 85 9c 41 1f bd 2f de 37 f1 03 da a4 aa d8 aa be 84 87 9d fa 78 14 65 52 e5 df 2c 6e 77 e2 18 82 a6 99 ec 3d 75 54 76 45 44 44 44 8f c2 a8 6a ae 9a 97 3b 44 db 53 f9 56 07 c9 fb b2 b7 53 3d a9 db 78 81 bc 2f 1b 57 f7 85 71 bd 27 da a1 4f 5d 8f e4 f6 e2 db 4a 6e 0f b3 a6 c8 56 a7 e1 cd 00 b3 c1 86 01 16 13 18 f1 b1 59 d3 00 7d 6f 29 30 cf 19 f5 c6 cc ac e9 d3 eb c9 db ec fb 5e e2 24 0d f3 42 85 e1 66 13 96 58 2c 42 4f ef 66 21 6d 1e 3a 5c 0f d7 ad b1 fc dd 54 3f a8 f7 de bc cf 63 96 4b 7c
                    Data Ascii: 9KmqhVfGR'H7q@MAl:>v"t.:DK(6E*A/7xeR,nw=uTvEDDDj;DSVS=x/Wq'O]JnVY}o)0^$BfX,BOf!m:\T?cK|


                    Statistics

                    CPU Usage

                    Click to jump to process

                    Memory Usage

                    Click to jump to process

                    Behavior

                    Click to jump to process

                    System Behavior

                    General

                    Target ID:0
                    Start time:18:38:08
                    Start date:27/05/2024
                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                    Wow64 process (32bit):false
                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                    Imagebase:0x7ff715980000
                    File size:3'242'272 bytes
                    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:low
                    Has exited:false

                    General

                    Target ID:2
                    Start time:18:38:11
                    Start date:27/05/2024
                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                    Wow64 process (32bit):false
                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1984,i,10044513003137732851,7729411015593312326,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                    Imagebase:0x7ff715980000
                    File size:3'242'272 bytes
                    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:low
                    Has exited:false

                    General

                    Target ID:3
                    Start time:18:38:14
                    Start date:27/05/2024
                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                    Wow64 process (32bit):false
                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/secq.html?onlinebanking.mtb.com/Login/MTBSignOn"
                    Imagebase:0x7ff715980000
                    File size:3'242'272 bytes
                    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:low
                    Has exited:true

                    Disassembly

                    No disassembly