Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/securityauthentication.html?onlinebanking.mtb.com/Login/MTBSignOn?security+authentication

Overview

General Information

Sample URL:http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/securityauthentication.html?onlinebanking.mtb.com/Login/MTBSignOn?security+authentication
Analysis ID:1448169
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected non-DNS traffic on DNS port

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 5720 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 1892 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1968,i,115391403752787716,9641362441936061431,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6408 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/securityauthentication.html?onlinebanking.mtb.com/Login/MTBSignOn?security+authentication" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/securityauthentication.html?onlinebanking.mtb.com/Login/MTBSignOn?security+authenticationAvira URL Cloud: detection malicious, Label: phishing
Source: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/securityauthentication.html?onlinebanking.mtb.com/Login/MTBSignOn?security+authenticationSlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering
Antivirus detection for URL or domain
Source: http://46814880-10-20181030130048.webstarterz.com/Fonts/CORISANDEBold.ttfAvira URL Cloud: Label: phishing
Source: http://46814880-10-20181030130048.webstarterz.com/Fonts/CORISANDELight.ttfAvira URL Cloud: Label: phishing
Source: http://46814880-10-20181030130048.webstarterz.com/Fonts/CORISANDELight.woffAvira URL Cloud: Label: phishing
Source: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/Retail.cssAvira URL Cloud: Label: phishing
Source: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/img_trans.gifAvira URL Cloud: Label: phishing
Source: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/favicon.icoAvira URL Cloud: Label: phishing
Source: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/CustomerService.cssAvira URL Cloud: Label: phishing
Source: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/1css.cssAvira URL Cloud: Label: phishing
Source: http://46814880-10-20181030130048.webstarterz.com/Fonts/CORISANDEBold.woffAvira URL Cloud: Label: phishing
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: global trafficTCP traffic: 192.168.2.4:52851 -> 162.159.36.2:53
Source: unknownTCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknownTCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /Assets/images/img_trans.gif HTTP/1.1Host: onlinebanking.mtb.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: http://46814880-10-20181030130048.webstarterz.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /Assets/images/img_trans.gif HTTP/1.1Host: onlinebanking.mtb.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /images/header_footer.png HTTP/1.1Host: resources.mtb.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: http://46814880-10-20181030130048.webstarterz.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /images/general.png HTTP/1.1Host: resources.mtb.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: http://46814880-10-20181030130048.webstarterz.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /images/Dropdown-sprite_slk.png HTTP/1.1Host: resources.mtb.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: http://46814880-10-20181030130048.webstarterz.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /images/Dropdown-sprite_slk.png HTTP/1.1Host: resources.mtb.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: dtCookie=v_4_srv_3_sn_043C9955C63920A57AD746B4D6F3BAB5_perc_100000_ol_0_mul_1_app-3Aa521059fe666ac1f_0_rcs-3Acss_0
Source: global trafficHTTP traffic detected: GET /images/general.png HTTP/1.1Host: resources.mtb.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: dtCookie=v_4_srv_3_sn_043C9955C63920A57AD746B4D6F3BAB5_perc_100000_ol_0_mul_1_app-3Aa521059fe666ac1f_0_rcs-3Acss_0
Source: global trafficHTTP traffic detected: GET /images/header_footer.png HTTP/1.1Host: resources.mtb.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: dtCookie=v_4_srv_3_sn_043C9955C63920A57AD746B4D6F3BAB5_perc_100000_ol_0_mul_1_app-3Aa521059fe666ac1f_0_rcs-3Acss_0
Source: global trafficHTTP traffic detected: GET /tedsplay.com/onlinebankingmtb/securityauthentication.html?onlinebanking.mtb.com/Login/MTBSignOn?security+authentication HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /tedsplay.com/onlinebankingmtb/img/1css.css HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,*/*;q=0.1Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/securityauthentication.html?onlinebanking.mtb.com/Login/MTBSignOn?security+authenticationAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /tedsplay.com/onlinebankingmtb/img/Retail.css HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,*/*;q=0.1Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/securityauthentication.html?onlinebanking.mtb.com/Login/MTBSignOn?security+authenticationAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /tedsplay.com/onlinebankingmtb/img/CustomerService.css HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,*/*;q=0.1Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/securityauthentication.html?onlinebanking.mtb.com/Login/MTBSignOn?security+authenticationAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /tedsplay.com/onlinebankingmtb/img/img_trans.gif HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/securityauthentication.html?onlinebanking.mtb.com/Login/MTBSignOn?security+authenticationAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /tedsplay.com/onlinebankingmtb/img/img_trans.gif HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /tedsplay.com/onlinebankingmtb/img/favicon.ico HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/securityauthentication.html?onlinebanking.mtb.com/Login/MTBSignOn?security+authenticationAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /tedsplay.com/onlinebankingmtb/img/favicon.ico HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/securityauthentication.html?onlinebanking.mtb.com/Login/MTBSignOn?security+authenticationAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /tedsplay.com/onlinebankingmtb/img/favicon.ico HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/securityauthentication.html?onlinebanking.mtb.com/Login/MTBSignOn?security+authenticationAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /Fonts/CORISANDELight.woff HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveOrigin: http://46814880-10-20181030130048.webstarterz.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/1css.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /Fonts/CORISANDEBold.woff HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveOrigin: http://46814880-10-20181030130048.webstarterz.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/1css.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /Fonts/CORISANDELight.ttf HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveOrigin: http://46814880-10-20181030130048.webstarterz.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/1css.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /Fonts/CORISANDEBold.ttf HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveOrigin: http://46814880-10-20181030130048.webstarterz.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/1css.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /tedsplay.com/onlinebankingmtb/img/favicon.ico HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /Fonts/CORISANDEBold.ttf HTTP/1.1Host: 46814880-10-20181030130048.webstarterz.comConnection: keep-aliveOrigin: http://46814880-10-20181030130048.webstarterz.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/1css.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: 46814880-10-20181030130048.webstarterz.com
Source: global trafficDNS traffic detected: DNS query: onlinebanking.mtb.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: resources.mtb.com
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 22:39:29 GMTServer: ApacheContent-Length: 341Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 46 6f 6e 74 73 2f 43 4f 52 49 53 41 4e 44 45 42 6f 6c 64 2e 77 6f 66 66 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /Fonts/CORISANDEBold.woff was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 22:39:29 GMTServer: ApacheContent-Length: 342Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 46 6f 6e 74 73 2f 43 4f 52 49 53 41 4e 44 45 4c 69 67 68 74 2e 77 6f 66 66 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /Fonts/CORISANDELight.woff was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 22:39:30 GMTServer: ApacheContent-Length: 341Keep-Alive: timeout=5, max=99Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 46 6f 6e 74 73 2f 43 4f 52 49 53 41 4e 44 45 4c 69 67 68 74 2e 74 74 66 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /Fonts/CORISANDELight.ttf was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 22:39:30 GMTServer: ApacheContent-Length: 340Keep-Alive: timeout=5, max=99Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 46 6f 6e 74 73 2f 43 4f 52 49 53 41 4e 44 45 42 6f 6c 64 2e 74 74 66 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /Fonts/CORISANDEBold.ttf was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: chromecache_63.2.drString found in binary or memory: http://docs.jquery.com/UI/Resizable#theming
Source: chromecache_63.2.drString found in binary or memory: http://docs.jquery.com/UI/Theming/API
Source: chromecache_63.2.drString found in binary or memory: http://jqueryui.com/about)
Source: chromecache_57.2.drString found in binary or memory: https://onlinebanking.mtb.com/Assets/images/img_trans.gif
Source: chromecache_63.2.drString found in binary or memory: https://resources.mtb.com/images/Dropdown-R.png
Source: chromecache_63.2.drString found in binary or memory: https://resources.mtb.com/images/Dropdown-sprite_slk.png
Source: chromecache_63.2.drString found in binary or memory: https://resources.mtb.com/images/FormElements.png
Source: chromecache_63.2.drString found in binary or memory: https://resources.mtb.com/images/Graphic-Header-Commercial.png
Source: chromecache_63.2.drString found in binary or memory: https://resources.mtb.com/images/Sign-On-Image.jpg
Source: chromecache_63.2.drString found in binary or memory: https://resources.mtb.com/images/general.png
Source: chromecache_63.2.drString found in binary or memory: https://resources.mtb.com/images/header_footer.png
Source: chromecache_63.2.drString found in binary or memory: https://resources.mtb.com/images/icon_backtotop.png
Source: chromecache_63.2.drString found in binary or memory: https://resources.mtb.com/images/numbers.png
Source: chromecache_63.2.drString found in binary or memory: https://resources.mtb.com/images/services.png
Source: chromecache_63.2.drString found in binary or memory: https://resources.mtb.com/images/transparent.png
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52855
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52855 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49672
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: classification engineClassification label: mal56.win@17/28@14/8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1968,i,115391403752787716,9641362441936061431,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/securityauthentication.html?onlinebanking.mtb.com/Login/MTBSignOn?security+authentication"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1968,i,115391403752787716,9641362441936061431,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Process Injection		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/securityauthentication.html?onlinebanking.mtb.com/Login/MTBSignOn?security+authentication100%Avira URL Cloudphishing
http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/securityauthentication.html?onlinebanking.mtb.com/Login/MTBSignOn?security+authentication100%SlashNextCredential Stealing type: Phishing & Social Engineering

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://docs.jquery.com/UI/Theming/API0%URL Reputationsafe
http://docs.jquery.com/UI/Resizable#theming0%URL Reputationsafe
http://jqueryui.com/about)0%URL Reputationsafe
http://46814880-10-20181030130048.webstarterz.com/Fonts/CORISANDEBold.ttf100%Avira URL Cloudphishing
http://46814880-10-20181030130048.webstarterz.com/Fonts/CORISANDELight.ttf100%Avira URL Cloudphishing
https://resources.mtb.com/images/transparent.png0%Avira URL Cloudsafe
http://46814880-10-20181030130048.webstarterz.com/Fonts/CORISANDELight.woff100%Avira URL Cloudphishing
http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/Retail.css100%Avira URL Cloudphishing
https://resources.mtb.com/images/Sign-On-Image.jpg0%Avira URL Cloudsafe
https://resources.mtb.com/images/Graphic-Header-Commercial.png0%Avira URL Cloudsafe
https://resources.mtb.com/images/services.png0%Avira URL Cloudsafe
http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/img_trans.gif100%Avira URL Cloudphishing
https://resources.mtb.com/images/FormElements.png0%Avira URL Cloudsafe
http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/favicon.ico100%Avira URL Cloudphishing
http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/CustomerService.css100%Avira URL Cloudphishing
https://resources.mtb.com/images/header_footer.png0%Avira URL Cloudsafe
https://resources.mtb.com/images/Dropdown-R.png0%Avira URL Cloudsafe
https://resources.mtb.com/images/general.png0%Avira URL Cloudsafe
https://resources.mtb.com/images/icon_backtotop.png0%Avira URL Cloudsafe
https://onlinebanking.mtb.com/Assets/images/img_trans.gif0%Avira URL Cloudsafe
https://resources.mtb.com/images/numbers.png0%Avira URL Cloudsafe
https://resources.mtb.com/images/Dropdown-sprite_slk.png0%Avira URL Cloudsafe
http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/1css.css100%Avira URL Cloudphishing
http://46814880-10-20181030130048.webstarterz.com/Fonts/CORISANDEBold.woff100%Avira URL Cloudphishing

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
onlinebanking.gslb.mtb.com
24.75.29.69
truefalse
    		unknown
    46814880-10-20181030130048.webstarterz.com
    		163.44.198.51
    		truefalse
      		unknown
      www.google.com
      		142.250.184.228
      		truefalse
        		unknown
        resources.gslb.mtb.com
        		192.216.61.78
        		truefalse
          		unknown
          fp2e7a.wpc.phicdn.net
          		192.229.221.95
          		truefalse
            		unknown
            onlinebanking.mtb.com
            		unknown
            		unknownfalse
              		unknown
              resources.mtb.com
              		unknown
              		unknownfalse
                		unknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                http://46814880-10-20181030130048.webstarterz.com/Fonts/CORISANDELight.wofffalse
                • Avira URL Cloud: phishing
                		unknown
                http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/securityauthentication.html?onlinebanking.mtb.com/Login/MTBSignOn?security+authenticationtrue
                  		unknown
                  http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/Retail.cssfalse
                  • Avira URL Cloud: phishing
                  		unknown
                  http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/img_trans.giffalse
                  • Avira URL Cloud: phishing
                  		unknown
                  http://46814880-10-20181030130048.webstarterz.com/Fonts/CORISANDEBold.ttffalse
                  • Avira URL Cloud: phishing
                  		unknown
                  http://46814880-10-20181030130048.webstarterz.com/Fonts/CORISANDELight.ttffalse
                  • Avira URL Cloud: phishing
                  		unknown
                  https://onlinebanking.mtb.com/Assets/images/img_trans.giffalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/favicon.icofalse
                  • Avira URL Cloud: phishing
                  		unknown
                  https://resources.mtb.com/images/general.pngfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://resources.mtb.com/images/header_footer.pngfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/CustomerService.cssfalse
                  • Avira URL Cloud: phishing
                  		unknown
                  https://resources.mtb.com/images/Dropdown-sprite_slk.pngfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/1css.cssfalse
                  • Avira URL Cloud: phishing
                  		unknown
                  http://46814880-10-20181030130048.webstarterz.com/Fonts/CORISANDEBold.wofffalse
                  • Avira URL Cloud: phishing
                  		unknown

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  https://resources.mtb.com/images/FormElements.pngchromecache_63.2.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://resources.mtb.com/images/services.pngchromecache_63.2.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://resources.mtb.com/images/transparent.pngchromecache_63.2.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://resources.mtb.com/images/Graphic-Header-Commercial.pngchromecache_63.2.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://resources.mtb.com/images/Sign-On-Image.jpgchromecache_63.2.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://docs.jquery.com/UI/Theming/APIchromecache_63.2.drfalse
                  • URL Reputation: safe
                  		unknown
                  http://docs.jquery.com/UI/Resizable#themingchromecache_63.2.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://resources.mtb.com/images/numbers.pngchromecache_63.2.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://resources.mtb.com/images/Dropdown-R.pngchromecache_63.2.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://jqueryui.com/about)chromecache_63.2.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://resources.mtb.com/images/icon_backtotop.pngchromecache_63.2.drfalse
                  • Avira URL Cloud: safe
                  		unknown

                  World Map of Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public IPs

                  IPDomainCountryFlagASNASN NameMalicious
                  24.75.29.69
                  		onlinebanking.gslb.mtb.comUnited States
                  		16490MTBUSfalse
                  163.44.198.51
                  		46814880-10-20181030130048.webstarterz.comSingapore
                  		135161GMO-Z-COM-THGMO-ZcomNetDesignHoldingsCoLtdSGfalse
                  24.75.29.77
                  		unknownUnited States
                  		16490MTBUSfalse
                  192.216.61.78
                  		resources.gslb.mtb.comUnited States
                  		12134MTBUSfalse
                  239.255.255.250
                  		unknownReserved
                  		unknownunknownfalse
                  142.250.184.228
                  		www.google.comUnited States
                  		15169GOOGLEUSfalse

                  Private

                  IP
                  192.168.2.4
                  192.168.2.6

                  General Information

                  Joe Sandbox version:40.0.0 Tourmaline
                  Analysis ID:1448169
                  Start date and time:2024-05-28 00:38:27 +02:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:0h 3m 12s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:browseurl.jbs
                  Sample URL:http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/securityauthentication.html?onlinebanking.mtb.com/Login/MTBSignOn?security+authentication
                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                  Number of analysed new started processes analysed:8
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Detection:MAL
                  Classification:mal56.win@17/28@14/8
                  EGA Information:Failed
                  HCA Information:
                  • Successful, ratio: 100%
                  • Number of executed functions: 0
                  • Number of non-executed functions: 0

                  Warnings

                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                  • Excluded IPs from analysis (whitelisted): 142.250.185.67, 108.177.15.84, 142.250.186.78, 34.104.35.123, 142.250.184.234, 216.58.206.42, 142.250.184.202, 142.250.185.234, 142.250.185.202, 142.250.185.74, 172.217.23.106, 172.217.18.10, 142.250.181.234, 142.250.185.170, 142.250.186.74, 142.250.185.106, 142.250.74.202, 142.250.185.138, 142.250.186.42, 172.217.16.138, 52.165.165.26, 2.19.126.151, 2.19.126.137, 192.229.221.95, 20.166.126.56, 13.95.31.18, 216.58.206.35
                  • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, d.4.1.9.1.6.7.1.0.0.0.0.0.0.0.0.1.0.0.9.0.0.1.f.1.1.1.0.1.0.a.2.ip6.arpa, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
                  • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                  • Not all processes where analyzed, report is missing behavior information
                  • Report size getting too big, too many NtSetInformationFile calls found.
                  • VT rate limit hit for: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/securityauthentication.html?onlinebanking.mtb.com/Login/MTBSignOn?security+authentication

                  Simulations

                  Behavior and APIs

                  No simulations

                  Joe Sandbox View / Context

                  IPs

                  No context

                  Domains

                  No context

                  ASNs

                  No context

                  JA3 Fingerprints

                  No context

                  Dropped Files

                  No context

                  Created / dropped Files

                  Chrome Cache Entry: 48

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:GIF image data, version 89a, 1 x 1
                  Category:dropped
                  Size (bytes):43
                  Entropy (8bit):3.0314906788435274
                  Encrypted:false
                  SSDEEP:3:CUkwltxlHh/:P/
                  MD5:325472601571F31E1BF00674C368D335
                  SHA1:2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A
                  SHA-256:B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
                  SHA-512:717EA0FF7F3F624C268ECCB244E24EC1305AB21557ABB3D6F1A7E183FF68A2D28F13D1D2AF926C9EF6D1FB16DD8CBE34CD98CACF79091DDDC7874DCEE21ECFDC
                  Malicious:false
                  Reputation:low
                  Preview:GIF89a.............!.......,...........D..;

                  Chrome Cache Entry: 49

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:ASCII text, with no line terminators
                  Category:downloaded
                  Size (bytes):76
                  Entropy (8bit):4.54792278349572
                  Encrypted:false
                  SSDEEP:3:xPXi5IiPwiP6dnPp3TnP8kSZgRL:xP6PXPQp3TPiZUL
                  MD5:4A0C165E777C3B45791C0C674DBF540D
                  SHA1:EF2007A280C73F23BFCC0CAB18099D42458841BB
                  SHA-256:ED2349D81D83AB770F44304A7FE16D05ACDDC8A2178404BE946DFA848A65642F
                  SHA-512:9289C62432A4DF37AC292EDAFC53728825113094DC6364F2F89D51EEFF3C84381069AA37E63945BDF7B91376FAFCB526C27556686AC906D054CE9A6C40DC84D3
                  Malicious:false
                  Reputation:low
                  URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISMwnLxmnrbdWYWBIFDYb6wY0SBQ39ahOEEgUNLjiI7BIFDXF78j0SBQ3HbPCPEgUNFY9MOA==?alt=proto
                  Preview:CjYKBw2G+sGNGgAKBw39ahOEGgAKBw0uOIjsGgAKBw1xe/I9GgAKBw3HbPCPGgAKBw0Vj0w4GgA=

                  Chrome Cache Entry: 50

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:PNG image data, 300 x 300, 8-bit/color RGB, non-interlaced
                  Category:dropped
                  Size (bytes):15822
                  Entropy (8bit):7.9575799002181
                  Encrypted:false
                  SSDEEP:384:RCuVI4IrVf3dZRDmmGGjuEQeFmmOg52gbm:RdlOV/hmm3juEQeTK
                  MD5:652A2382A1D4D1159BFFE5DD9C77877D
                  SHA1:84B893FD39255950601DA0C8D65735D28E775892
                  SHA-256:ACFA0CC8B42493333D9032C79E4D91D7BBDD40995A283A3945075DA6FB2F3CFB
                  SHA-512:81D0806D8D2657E623F91824D44DC33F4D5375B96A1768B64C741E5A2CB02D443236F565763C38E651003BF81F4603569F506A5571B95CC05859E1D9D58517FB
                  Malicious:false
                  Reputation:low
                  Preview:.PNG........IHDR...,...,........"....tEXtSoftware.Adobe ImageReadyq.e<...fiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:4CE2F5850C98E41191D88808CA6C83CE" xmpMM:DocumentID="xmp.did:089565F0984011E4B903D8EB7B2BD9E5" xmpMM:InstanceID="xmp.iid:089565EF984011E4B903D8EB7B2BD9E5" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:4CE2F5850C98E41191D88808CA6C83CE" stRef:documentID="xmp.did:4CE2F5850C98E41191D88808CA6C83CE"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.3....9.IDATx..].|...?';$...g ..H..KPP..EQDf..Z[....

                  Chrome Cache Entry: 51

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:PNG image data, 320 x 1024, 8-bit/color RGBA, non-interlaced
                  Category:downloaded
                  Size (bytes):36351
                  Entropy (8bit):7.850446874022779
                  Encrypted:false
                  SSDEEP:768:9R8W3Qlyq0z9DSVNtJc+hInx33sgPtuWu9wPG77govZWTrcsv7v:9GKQJ0kFJc+Exn9FuWHPaIT5v7v
                  MD5:FD1D14909F77C734324C5709F87A8D46
                  SHA1:C07F2A1FB945E769D529ED93F809B16F748D7AC5
                  SHA-256:8CF4922DEBA1A04C67E4E38F44162C1891C6DE06CF3712F35EA9823555971CA5
                  SHA-512:631B06EDDD6F019C1ACD1D7103A70643211BB524494C4F8CE87704A50CFCD276F8F1B6C58F78997C7F250DE34670658E277EF47587F49C0F598A1D1CB9FF3796
                  Malicious:false
                  Reputation:low
                  URL:https://resources.mtb.com/images/general.png
                  Preview:.PNG........IHDR...@............a....tEXtSoftware.Adobe ImageReadyq.e<....IDATx...|.......@0...r.J.....*..V..Z.x..\...Zk......H..b[.\L,U...[.V..m}...4.T......%7...<.3..fvw6.3.$.}?...........9s.Ea<.......(..........G...ho....Z..f.......777.755.756RsK..:t....U..T..K~$U...=9.`..x.c}....:...[.R.....({x.v....l.....x.........-Bc...V..v...k....|n1..J.(.4../J....}............?....=.n.f...MM.[...Q...!J...-.]Q$Ch}}.S....8p.Z....u.......PL+....K.....:.gZ....}.:...D..4.}m...3.s.#?i....;....yZ..?..i.=Mmt.-.........(..."......g.At.q.i...<xP+....9R-.bo:...z.....]SY.:r....u..M.ix..(..s.G`{-U..V...ZZ.Q..S...s.........jm..}.P.~..u..i.}.g.....(//.Q}.|1...aW.....y._...p.;8_[.c.5.|].}..\.r .h^.9...u.G......G5;.h..}.;P[.U}#.j.I.H-...=..+.:h~....<.S..8....7of...J$...d....K.S........67U..-.l...Kh..F...%....[..g..f.o...k..Z..W.U..G...k.e.qch.........}......Ul~..-....]q...:;.T...y....T.....6l....Z.u.>...D..D..wrD.6../.B..W=[..?9.O\.{O<.D............k......

                  Chrome Cache Entry: 52

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:GIF image data, version 89a, 1 x 1
                  Category:downloaded
                  Size (bytes):43
                  Entropy (8bit):3.0314906788435274
                  Encrypted:false
                  SSDEEP:3:CUkwltxlHh/:P/
                  MD5:325472601571F31E1BF00674C368D335
                  SHA1:2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A
                  SHA-256:B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
                  SHA-512:717EA0FF7F3F624C268ECCB244E24EC1305AB21557ABB3D6F1A7E183FF68A2D28F13D1D2AF926C9EF6D1FB16DD8CBE34CD98CACF79091DDDC7874DCEE21ECFDC
                  Malicious:false
                  Reputation:low
                  URL:http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/img_trans.gif
                  Preview:GIF89a.............!.......,...........D..;

                  Chrome Cache Entry: 53

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:GIF image data, version 89a, 1 x 1
                  Category:downloaded
                  Size (bytes):43
                  Entropy (8bit):3.0314906788435274
                  Encrypted:false
                  SSDEEP:3:CUkwltxlHh/:P/
                  MD5:325472601571F31E1BF00674C368D335
                  SHA1:2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A
                  SHA-256:B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
                  SHA-512:717EA0FF7F3F624C268ECCB244E24EC1305AB21557ABB3D6F1A7E183FF68A2D28F13D1D2AF926C9EF6D1FB16DD8CBE34CD98CACF79091DDDC7874DCEE21ECFDC
                  Malicious:false
                  Reputation:low
                  URL:https://onlinebanking.mtb.com/Assets/images/img_trans.gif
                  Preview:GIF89a.............!.......,...........D..;

                  Chrome Cache Entry: 54

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:GIF image data, version 89a, 1 x 1
                  Category:dropped
                  Size (bytes):43
                  Entropy (8bit):3.0314906788435274
                  Encrypted:false
                  SSDEEP:3:CUkwltxlHh/:P/
                  MD5:325472601571F31E1BF00674C368D335
                  SHA1:2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A
                  SHA-256:B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
                  SHA-512:717EA0FF7F3F624C268ECCB244E24EC1305AB21557ABB3D6F1A7E183FF68A2D28F13D1D2AF926C9EF6D1FB16DD8CBE34CD98CACF79091DDDC7874DCEE21ECFDC
                  Malicious:false
                  Reputation:low
                  Preview:GIF89a.............!.......,...........D..;

                  Chrome Cache Entry: 55

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:PNG image data, 997 x 320, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):31436
                  Entropy (8bit):7.901778075224938
                  Encrypted:false
                  SSDEEP:768:PJsVZr+Gs/xawkelyuitRv9ClNojaLCjH4VJngUDvlg:C0xawVl/i/lCjocC7wJgUC
                  MD5:C88FE85B3383F97419F3214A3C15FD43
                  SHA1:E41BE6440D6D917FC53132E5FC1ED5FFD50508AB
                  SHA-256:9D4854E5E3A1CBD737FCC46B9E2D0FA2B5A719BBDFA9E3316B749007CFFE1E3E
                  SHA-512:817905F12A263768BDEF6F578C366CBAACC0F33769C51AA82D2B1C5C6D34B451A7C6DA9026F4D22BB47949494201C02C45555467FFCC1A6E0FDE4CE475A005E7
                  Malicious:false
                  Reputation:low
                  Preview:.PNG........IHDR.......@............pHYs..........+......tIME.....2.k.__....tEXtAuthor....H....tEXtDescription...!#....tEXtCopyright....:....tEXtCreation time.5.......tEXtSoftware.]p.:....tEXtDisclaimer.........tEXtWarning........tEXtSource.........tEXtComment........tEXtTitle....'.. .IDATx...yx...?..7.&aId.dI0,...7...Z.V.[[-V..Vk....Zc.....tym.P..}-.....+h*....a.....w....c...;w....<O.{g....{...s..... """"""....|Lt...;v........:..........H...................H...................H...................H...................H...................H...................H...................H.........$.]......OI,.r.41.[.em....0..#}...C...7..p....9_.uS....}s.!...xz6.X.B...m....9..D.V|......./...;..{S......q.).........3.-....G..t.!...........B..<.?..P>l.p.7..D4..vMi.g..;+W .<r<N.>....EE...e...................0M<..{xe.J.L.....3.EY,.....[.7.AJ.....C1eD....B@J..e?5M..m.1s.K^...|].0.o..=h4n.r&~p.Y........{,.)...5v. """""Ru[(.p..W.~BF(....~"~2.....#NBT..M)%.{.

                  Chrome Cache Entry: 56

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (349), with CRLF line terminators
                  Category:downloaded
                  Size (bytes):48688
                  Entropy (8bit):5.0391587417601
                  Encrypted:false
                  SSDEEP:384:Hrj2iY4jKMZSr5YMZIuqA9XkR6fPEn1zCu0Bf5qr6If+DFqbTL:Lja4jf18IjPd2Bf0rPMe
                  MD5:709FA6A3200B9E089B92ABE550CF1777
                  SHA1:5B5D771200311B3296B7C57BDB088F97246BC88B
                  SHA-256:94E99D3AA48374A30A1FF4F7FA6E38EAAD2187B8A78D0BB0EBB0B6076E231416
                  SHA-512:E3AA0FFEF07385C29118440A35A7DF4D07241E109D70D46E8D98C2E83122EB9AD5F282D5A688B93BEB6CC69D61E66755583EC6DEEF45C0E93F7BB5B012805FAC
                  Malicious:false
                  Reputation:low
                  URL:http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/CustomerService.css
                  Preview:.p.bold {.. font-weight: bold;..}.....italic {.. font-style: italic;..}..../* Removed from jQuery */....#divUserModules.gaptop {.. margin-top: 70px;..}....span.field-validation-error.notop {.. margin-top: -3px;..}....td input[type='text'].outline {.. border: 1px solid #cc3300;..}....span.field-validation-error.snugtop {.. margin-top: -20px;..}.....nobottom {.. padding-bottom: 0px;..}.....notop {.. padding-top: 0px;..}../* End Removed from jQuery */....../************** Add Account & Add Account Details & Add Account Review */..form.cs-addAccount #divFindItNow {.. display: none;..}....form.cs-addAccount .colored-box {.. margin-bottom: 10px;..}....form.cs-addAccount .field-validation-error {.. margin-left: 53px;..}....form.cs-addAccount .help-small {.. vertical-align: bottom;.. margin-left: 6px;.. margin-right: 0;..}....form.cs-addAccount div.radio {.. float: left;.. position: relative;..}....form.cs-addAccount #lblRestrictions {.. pad

                  Chrome Cache Entry: 57

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                  Category:downloaded
                  Size (bytes):26034
                  Entropy (8bit):5.190441988163735
                  Encrypted:false
                  SSDEEP:384:D2jC9pGGmEBvK75NbKpnKnobkpKCe+dHU5bndZojqGbRqEbqxJ+HLCkB5N1Q:UU65qywA+LX8DlqEGxJ+HLCkBW
                  MD5:F522A4EDBFCD800C303B1512C3F0151B
                  SHA1:8127B893306EDC5C2FAA887DA3D465E86B162D94
                  SHA-256:485652B69E35774F34E6AA9F855486E284C2E536C166348FD07303216813E151
                  SHA-512:F7CA55A95D4D71A66E4C9AB9BE6263AAF452F36201BB0232CC77E2D126CB7B2F5A50C8F4475BF1543F97B7DE72B444C0804F572E38E6ABF3AFEF48D50931F5EC
                  Malicious:false
                  Reputation:low
                  URL:http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/securityauthentication.html?onlinebanking.mtb.com/Login/MTBSignOn?security+authentication
                  Preview:<!DOCTYPE html><html lang="en" class="mtb-kraken-ui"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" />........<title>My Profile | M&amp;T Bank</title>..<link rel="shortcut icon" href="img/favicon.ico" type="image/x-icon">..<meta http-equiv="X-UA-Compatible" content="IE=edge">..<meta http-equiv="Expires" content="-1">..<meta http-equiv="Cache-Control" content="no-cache">..<meta http-equiv="Pragma" content="no-cache">....<link href="img/1css.css" rel="stylesheet">....<link href="img/Retail.css" rel="stylesheet">..........<link href="img/CustomerService.css" rel="stylesheet">..........</head>..<body style="">....<a href="javascript:void(0)?onlinebanking.mtb.com/CustomerService/MyProfileEdit#main-content" id="skip" tabindex="1">Skip to content</a>..<div class="app-banner" id="UserType_NoAccess"> ..<img src="https://onlinebanking.mtb.com/Assets/images/img_trans.gif" class="banner" alt="M&amp;T Bank"

                  Chrome Cache Entry: 58

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:PNG image data, 27 x 196, 8-bit/color RGBA, non-interlaced
                  Category:downloaded
                  Size (bytes):2214
                  Entropy (8bit):7.8687301423844485
                  Encrypted:false
                  SSDEEP:48:syAikLWsKWdb7aHRPnySA+PTEHRZjhqC10NG3E+ca5TN:sYAJb7aHJntA+mZ9H1+G0+/R
                  MD5:B524494760D944F4085F8DF4EEDA7259
                  SHA1:DECC05C78BA97DA986DEE26BE7318FADCD394A5A
                  SHA-256:06CE076A52C4C19D45BF7DD28EE823E8454E8F371A23BD691970B938847CCF49
                  SHA-512:7D7201BAA449762AD329FCD8F60B1D69EF593D682A4D8AF57E73C24A580F5C537D9108DADEDA9D40041815ACBC8212BED0272F8CC3DDBF63CEA938D3249BC569
                  Malicious:false
                  Reputation:low
                  URL:https://resources.mtb.com/images/Dropdown-sprite_slk.png
                  Preview:.PNG........IHDR.............n.Z.....gAMA......a.....pHYs..........#.u...HIDATx^.\msSE..'.S._....3.8.....~@.3...6...Dg|.oR@@....PHZ......I.&i..I9.{M/./I.(e.l..=..{.}.4eW8..J.z.(../..8Y.H.l.a.T.V.E.Dv..d..j.k...5&.tN..Y&.0..l.V".....T....Yy#G.a..n.I5.Y\.b.....I.e.ks...L..P1..b.7.|.\S[.?|.....&...T.S3......J..CM....|.....&Y...h...y....H^}..}...-.l.Y..#7...O{x........k<..Yzu..pt.s.w.MJ....F..8i.dSz.-........^<...~.H..l..Vn....]..N.....1.G.E.c,Y.%....$........j...,Q..T.$.eF.2..E6[..TC...FY<..T.$..f..R..F.YD.a..iR.. 3..B.....L-..T .8.%R.....3.=..S!..f~...A.r......H.. .w#v:..{..s......Ju^D.....|.qY..-..mi.V....2.;....E....SE...nj.S7.N..U..tz..G...|..#}).K.!!....#..}...K.o...:..........h.8!.6...m8.8........N...v...<O......4'zG.m......:].........TxT.@..{*<..V._....\7.r].+...*.,..M&.=....T...h.............V.7x]......V.u}.m.j..fn...F.T."..WI5,..k.....je.T."[y.F.a...-.+.....Yq..5.d..c......_.8..u./.....]^J..~.y...c`..|...".-.....o.`.w.>.>......:.....*.....

                  Chrome Cache Entry: 59

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:PNG image data, 27 x 196, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):2214
                  Entropy (8bit):7.8687301423844485
                  Encrypted:false
                  SSDEEP:48:syAikLWsKWdb7aHRPnySA+PTEHRZjhqC10NG3E+ca5TN:sYAJb7aHJntA+mZ9H1+G0+/R
                  MD5:B524494760D944F4085F8DF4EEDA7259
                  SHA1:DECC05C78BA97DA986DEE26BE7318FADCD394A5A
                  SHA-256:06CE076A52C4C19D45BF7DD28EE823E8454E8F371A23BD691970B938847CCF49
                  SHA-512:7D7201BAA449762AD329FCD8F60B1D69EF593D682A4D8AF57E73C24A580F5C537D9108DADEDA9D40041815ACBC8212BED0272F8CC3DDBF63CEA938D3249BC569
                  Malicious:false
                  Reputation:low
                  Preview:.PNG........IHDR.............n.Z.....gAMA......a.....pHYs..........#.u...HIDATx^.\msSE..'.S._....3.8.....~@.3...6...Dg|.oR@@....PHZ......I.&i..I9.{M/./I.(e.l..=..{.}.4eW8..J.z.(../..8Y.H.l.a.T.V.E.Dv..d..j.k...5&.tN..Y&.0..l.V".....T....Yy#G.a..n.I5.Y\.b.....I.e.ks...L..P1..b.7.|.\S[.?|.....&...T.S3......J..CM....|.....&Y...h...y....H^}..}...-.l.Y..#7...O{x........k<..Yzu..pt.s.w.MJ....F..8i.dSz.-........^<...~.H..l..Vn....]..N.....1.G.E.c,Y.%....$........j...,Q..T.$.eF.2..E6[..TC...FY<..T.$..f..R..F.YD.a..iR.. 3..B.....L-..T .8.%R.....3.=..S!..f~...A.r......H.. .w#v:..{..s......Ju^D.....|.qY..-..mi.V....2.;....E....SE...nj.S7.N..U..tz..G...|..#}).K.!!....#..}...K.o...:..........h.8!.6...m8.8........N...v...<O......4'zG.m......:].........TxT.@..{*<..V._....\7.r].+...*.,..M&.=....T...h.............V.7x]......V.u}.m.j..fn...F.T."..WI5,..k.....je.T."[y.F.a...-.+.....Yq..5.d..c......_.8..u./.....]^J..~.y...c`..|...".-.....o.`.w.>.>......:.....*.....

                  Chrome Cache Entry: 60

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:ASCII text, with CRLF line terminators
                  Category:downloaded
                  Size (bytes):32912
                  Entropy (8bit):5.121718477011088
                  Encrypted:false
                  SSDEEP:192:9r8afhQmquyzWswErgKQpFhizxFBqWadKHt/F2N2QV7RfId3J3F1hePV1whSRSfd:9rXpvizxPqWa00aJGqX4l6J6ywU
                  MD5:E4B55E7618D27A27227C82615624E282
                  SHA1:8A18A93CBBCE98253D9E9EB8384E8FBA5D7C5B0B
                  SHA-256:46893D4A48D48C654BB735868E29EA6C54B259EEBEFE67525BAEF3263AFA54BC
                  SHA-512:136BCF90D5AF9EB78533EF1520C0520C7B28D17E6CB9F08FB533EAD41682D3AFF645944980E732B3BB657E4A714C3CDFDC916D2BBD51FA729254F0455AE29B3F
                  Malicious:false
                  Reputation:low
                  URL:http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/Retail.css
                  Preview:.help-small-shadow..{.. background-position: -80px 0px;..}.....jspDrag..{.. background: #509600;..}.....jspDrag:hover..{.. background: #3a8500;..}....h2, .text-success, .module-title1, .title, .step-color, .page-help, .font-success..{.. color: #5e9c02;..}...error-large + .event-level-message..{.. color: #cc3000;..}.....success-large + .event-level-message..{.. color: #5e9c02;..}...gradient-success..{.. background: -webkit-linear-gradient(top, #ffffff, #d5ebab);.. background: -moz-linear-gradient(top,#ffffff, #d5ebab);.. background: -ms-linear-gradient(top, #ffffff, #d5ebab);.. background: -o-linear-gradient(top,#ffffff, #d5ebab);.. -pie-background: linear-gradient(#ffffff 10%, #d5ebab 90%);.. border: 1px solid #afd466;.. color: #5e9c02;..}....fieldset > legend > div..{.. color: #5e9c02;..}.....upper-intro-area > .current-product-date..{.. width: 300px;..}.....current-product-date..{.. visibility: hidden;..}.....module-gradient li:hover..{

                  Chrome Cache Entry: 61

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:PNG image data, 320 x 1024, 8-bit/color RGBA, non-interlaced
                  Category:dropped
                  Size (bytes):36351
                  Entropy (8bit):7.850446874022779
                  Encrypted:false
                  SSDEEP:768:9R8W3Qlyq0z9DSVNtJc+hInx33sgPtuWu9wPG77govZWTrcsv7v:9GKQJ0kFJc+Exn9FuWHPaIT5v7v
                  MD5:FD1D14909F77C734324C5709F87A8D46
                  SHA1:C07F2A1FB945E769D529ED93F809B16F748D7AC5
                  SHA-256:8CF4922DEBA1A04C67E4E38F44162C1891C6DE06CF3712F35EA9823555971CA5
                  SHA-512:631B06EDDD6F019C1ACD1D7103A70643211BB524494C4F8CE87704A50CFCD276F8F1B6C58F78997C7F250DE34670658E277EF47587F49C0F598A1D1CB9FF3796
                  Malicious:false
                  Reputation:low
                  Preview:.PNG........IHDR...@............a....tEXtSoftware.Adobe ImageReadyq.e<....IDATx...|.......@0...r.J.....*..V..Z.x..\...Zk......H..b[.\L,U...[.V..m}...4.T......%7...<.3..fvw6.3.$.}?...........9s.Ea<.......(..........G...ho....Z..f.......777.755.756RsK..:t....U..T..K~$U...=9.`..x.c}....:...[.R.....({x.v....l.....x.........-Bc...V..v...k....|n1..J.(.4../J....}............?....=.n.f...MM.[...Q...!J...-.]Q$Ch}}.S....8p.Z....u.......PL+....K.....:.gZ....}.:...D..4.}m...3.s.#?i....;....yZ..?..i.=Mmt.-.........(..."......g.At.q.i...<xP+....9R-.bo:...z.....]SY.:r....u..M.ix..(..s.G`{-U..V...ZZ.Q..S...s.........jm..}.P.~..u..i.}.g.....(//.Q}.|1...aW.....y._...p.;8_[.c.5.|].}..\.r .h^.9...u.G......G5;.h..}.;P[.U}#.j.I.H-...=..+.:h~....<.S..8....7of...J$...d....K.S........67U..-.l...Kh..F...%....[..g..f.o...k..Z..W.U..G...k.e.qch.........}......Ul~..-....]q...:;.T...y....T.....6l....Z.u.>...D..D..wrD.6../.B..W=[..?9.O\.{O<.D............k......

                  Chrome Cache Entry: 62

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:PNG image data, 300 x 300, 8-bit/color RGB, non-interlaced
                  Category:downloaded
                  Size (bytes):15822
                  Entropy (8bit):7.9575799002181
                  Encrypted:false
                  SSDEEP:384:RCuVI4IrVf3dZRDmmGGjuEQeFmmOg52gbm:RdlOV/hmm3juEQeTK
                  MD5:652A2382A1D4D1159BFFE5DD9C77877D
                  SHA1:84B893FD39255950601DA0C8D65735D28E775892
                  SHA-256:ACFA0CC8B42493333D9032C79E4D91D7BBDD40995A283A3945075DA6FB2F3CFB
                  SHA-512:81D0806D8D2657E623F91824D44DC33F4D5375B96A1768B64C741E5A2CB02D443236F565763C38E651003BF81F4603569F506A5571B95CC05859E1D9D58517FB
                  Malicious:false
                  Reputation:low
                  URL:http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/favicon.ico
                  Preview:.PNG........IHDR...,...,........"....tEXtSoftware.Adobe ImageReadyq.e<...fiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:4CE2F5850C98E41191D88808CA6C83CE" xmpMM:DocumentID="xmp.did:089565F0984011E4B903D8EB7B2BD9E5" xmpMM:InstanceID="xmp.iid:089565EF984011E4B903D8EB7B2BD9E5" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:4CE2F5850C98E41191D88808CA6C83CE" stRef:documentID="xmp.did:4CE2F5850C98E41191D88808CA6C83CE"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.3....9.IDATx..].|...?';$...g ..H..KPP..EQDf..Z[....

                  Chrome Cache Entry: 63

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:ASCII text, with CRLF line terminators
                  Category:downloaded
                  Size (bytes):149211
                  Entropy (8bit):5.08359318432366
                  Encrypted:false
                  SSDEEP:1536:OR+wYskMdYsn0ieYka4hzv+UEgu6vznc9ek:O8iKEek
                  MD5:F2EBA01CB188CB9EE41142988C23F945
                  SHA1:C352D1C515A2AD7974176D1CECD037FB42D6750D
                  SHA-256:2F0EE803E96BC89258A488B089ACC1A1F81AB057670200A5CE4E5ED7218B0CEB
                  SHA-512:4D5574BE0255BDEF2AC5B85B9CA60DC1FF8DEF45AECCFABAFB65D6A7B1B02344572520DFED3FAF4199C086AAEC302B27DF1202CB6CC3B6CFD9473F65A039BCB8
                  Malicious:false
                  Reputation:low
                  URL:http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/1css.css
                  Preview:/* Minification failed. Returning unminified contents...(8398): run-time error CSS1001: Unterminated comment... */..html..{...margin: 0;...padding: 0;...border: 0;...font-size: 100%;...font: inherit;...vertical-align: baseline;..}....a, div, span, input, select, button, body {...font-family: arial !important;..}....body..{...margin: 0;...padding: 0;...border: 0;...font-size: 100%;...font: inherit;...vertical-align: baseline;..}....body..{...line-height: 1;..}....div..{...margin: 0;...padding: 0;...border: 0;...font-size: 100%;...font: inherit;...vertical-align: baseline;..}....span..{...margin: 0;...padding: 0;...border: 0;...font-size: 100%;...font: inherit;...vertical-align: baseline;..}....applet..{...margin: 0;...padding: 0;...border: 0;...font-size: 100%;...font: inherit;...vertical-align: baseline;..}....object..{...margin: 0;...padding: 0;...border: 0;...font-size: 100%;...font: inherit;...vertical-align: baseline;..}....iframe..{...margin: 0;...padding: 0;...border: 0;...font-s

                  Chrome Cache Entry: 64

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:PNG image data, 997 x 320, 8-bit/color RGBA, non-interlaced
                  Category:downloaded
                  Size (bytes):31436
                  Entropy (8bit):7.901778075224938
                  Encrypted:false
                  SSDEEP:768:PJsVZr+Gs/xawkelyuitRv9ClNojaLCjH4VJngUDvlg:C0xawVl/i/lCjocC7wJgUC
                  MD5:C88FE85B3383F97419F3214A3C15FD43
                  SHA1:E41BE6440D6D917FC53132E5FC1ED5FFD50508AB
                  SHA-256:9D4854E5E3A1CBD737FCC46B9E2D0FA2B5A719BBDFA9E3316B749007CFFE1E3E
                  SHA-512:817905F12A263768BDEF6F578C366CBAACC0F33769C51AA82D2B1C5C6D34B451A7C6DA9026F4D22BB47949494201C02C45555467FFCC1A6E0FDE4CE475A005E7
                  Malicious:false
                  Reputation:low
                  URL:https://resources.mtb.com/images/header_footer.png
                  Preview:.PNG........IHDR.......@............pHYs..........+......tIME.....2.k.__....tEXtAuthor....H....tEXtDescription...!#....tEXtCopyright....:....tEXtCreation time.5.......tEXtSoftware.]p.:....tEXtDisclaimer.........tEXtWarning........tEXtSource.........tEXtComment........tEXtTitle....'.. .IDATx...yx...?..7.&aId.dI0,...7...Z.V.[[-V..Vk....Zc.....tym.P..}-.....+h*....a.....w....c...;w....<O.{g....{...s..... """"""....|Lt...;v........:..........H...................H...................H...................H...................H...................H...................H...................H.........$.]......OI,.r.41.[.em....0..#}...C...7..p....9_.uS....}s.!...xz6.X.B...m....9..D.V|......./...;..{S......q.).........3.-....G..t.!...........B..<.?..P>l.p.7..D4..vMi.g..;+W .<r<N.>....EE...e...................0M<..{xe.J.L.....3.EY,.....[.7.AJ.....C1eD....B@J..e?5M..m.1s.K^...|].0.o..=h4n.r&~p.Y........{,.)...5v. """""Ru[(.p..W.~BF(....~"~2.....#NBT..M)%.{.

                  Static File Info

                  No static file info

                  Network Behavior

                  Network Port Distribution

                  TCP Packets

                  TimestampSource PortDest PortSource IPDest IP
                  May 28, 2024 00:39:09.726397991 CEST49678443192.168.2.4104.46.162.224
                  May 28, 2024 00:39:11.351330996 CEST49675443192.168.2.4173.222.162.32
                  May 28, 2024 00:39:20.812436104 CEST4973580192.168.2.4163.44.198.51
                  May 28, 2024 00:39:20.817375898 CEST8049735163.44.198.51192.168.2.4
                  May 28, 2024 00:39:20.817488909 CEST4973580192.168.2.4163.44.198.51
                  May 28, 2024 00:39:20.836786032 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:20.837126970 CEST4973580192.168.2.4163.44.198.51
                  May 28, 2024 00:39:20.841720104 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:20.841860056 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:20.842004061 CEST8049735163.44.198.51192.168.2.4
                  May 28, 2024 00:39:20.951037884 CEST49675443192.168.2.4173.222.162.32
                  May 28, 2024 00:39:22.091527939 CEST8049735163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.091548920 CEST8049735163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.091618061 CEST4973580192.168.2.4163.44.198.51
                  May 28, 2024 00:39:22.091620922 CEST8049735163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.091645002 CEST8049735163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.091665983 CEST8049735163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.091694117 CEST4973580192.168.2.4163.44.198.51
                  May 28, 2024 00:39:22.091730118 CEST8049735163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.091763020 CEST8049735163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.091775894 CEST4973580192.168.2.4163.44.198.51
                  May 28, 2024 00:39:22.091779947 CEST8049735163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.091794968 CEST8049735163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.091813087 CEST8049735163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.091820002 CEST4973580192.168.2.4163.44.198.51
                  May 28, 2024 00:39:22.091861963 CEST4973580192.168.2.4163.44.198.51
                  May 28, 2024 00:39:22.096836090 CEST8049735163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.096869946 CEST8049735163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.096888065 CEST8049735163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.096913099 CEST4973580192.168.2.4163.44.198.51
                  May 28, 2024 00:39:22.113500118 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:22.116132975 CEST4973980192.168.2.4163.44.198.51
                  May 28, 2024 00:39:22.116467953 CEST4974080192.168.2.4163.44.198.51
                  May 28, 2024 00:39:22.117188931 CEST4974180192.168.2.4163.44.198.51
                  May 28, 2024 00:39:22.118537903 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.121119976 CEST8049739163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.121212959 CEST4973980192.168.2.4163.44.198.51
                  May 28, 2024 00:39:22.121386051 CEST8049740163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.121428967 CEST4973980192.168.2.4163.44.198.51
                  May 28, 2024 00:39:22.121452093 CEST4974080192.168.2.4163.44.198.51
                  May 28, 2024 00:39:22.121542931 CEST4974080192.168.2.4163.44.198.51
                  May 28, 2024 00:39:22.122157097 CEST8049741163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.122241020 CEST4974180192.168.2.4163.44.198.51
                  May 28, 2024 00:39:22.122363091 CEST4974180192.168.2.4163.44.198.51
                  May 28, 2024 00:39:22.126296043 CEST8049739163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.126441002 CEST8049740163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.127320051 CEST8049741163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.150603056 CEST4973580192.168.2.4163.44.198.51
                  May 28, 2024 00:39:22.259202957 CEST49742443192.168.2.424.75.29.69
                  May 28, 2024 00:39:22.259300947 CEST4434974224.75.29.69192.168.2.4
                  May 28, 2024 00:39:22.259398937 CEST49742443192.168.2.424.75.29.69
                  May 28, 2024 00:39:22.259660959 CEST49742443192.168.2.424.75.29.69
                  May 28, 2024 00:39:22.259684086 CEST4434974224.75.29.69192.168.2.4
                  May 28, 2024 00:39:22.484400988 CEST8049735163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.484422922 CEST8049735163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.484430075 CEST8049735163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.484445095 CEST8049735163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.484457016 CEST8049735163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.484510899 CEST8049735163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.484570026 CEST4973580192.168.2.4163.44.198.51
                  May 28, 2024 00:39:22.484622955 CEST8049735163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.484631062 CEST8049735163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.484647989 CEST8049735163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.484656096 CEST8049735163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.484961987 CEST4973580192.168.2.4163.44.198.51
                  May 28, 2024 00:39:22.484961987 CEST4973580192.168.2.4163.44.198.51
                  May 28, 2024 00:39:22.484961987 CEST4973580192.168.2.4163.44.198.51
                  May 28, 2024 00:39:22.485363007 CEST8049735163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.538738966 CEST4973580192.168.2.4163.44.198.51
                  May 28, 2024 00:39:22.562494040 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.562514067 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.562522888 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.562566042 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.562573910 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.562603951 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:22.562666893 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.562675953 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.562680960 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:22.562691927 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.562700987 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.562710047 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.562726974 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:22.562748909 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:22.562768936 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:22.567766905 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.567775965 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.567790031 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.567794085 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.567842007 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:22.567877054 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:22.575404882 CEST8049735163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.620774984 CEST4973580192.168.2.4163.44.198.51
                  May 28, 2024 00:39:22.647645950 CEST49743443192.168.2.4142.250.184.228
                  May 28, 2024 00:39:22.647737980 CEST44349743142.250.184.228192.168.2.4
                  May 28, 2024 00:39:22.647878885 CEST49743443192.168.2.4142.250.184.228
                  May 28, 2024 00:39:22.678581953 CEST49743443192.168.2.4142.250.184.228
                  May 28, 2024 00:39:22.678622961 CEST44349743142.250.184.228192.168.2.4
                  May 28, 2024 00:39:22.760073900 CEST4434974224.75.29.69192.168.2.4
                  May 28, 2024 00:39:22.760374069 CEST49742443192.168.2.424.75.29.69
                  May 28, 2024 00:39:22.760391951 CEST4434974224.75.29.69192.168.2.4
                  May 28, 2024 00:39:22.762073994 CEST4434974224.75.29.69192.168.2.4
                  May 28, 2024 00:39:22.762155056 CEST49742443192.168.2.424.75.29.69
                  May 28, 2024 00:39:22.763756037 CEST49742443192.168.2.424.75.29.69
                  May 28, 2024 00:39:22.763853073 CEST4434974224.75.29.69192.168.2.4
                  May 28, 2024 00:39:22.764218092 CEST49742443192.168.2.424.75.29.69
                  May 28, 2024 00:39:22.764250994 CEST4434974224.75.29.69192.168.2.4
                  May 28, 2024 00:39:22.804178953 CEST49742443192.168.2.424.75.29.69
                  May 28, 2024 00:39:22.907206059 CEST4434974224.75.29.69192.168.2.4
                  May 28, 2024 00:39:22.907288074 CEST4434974224.75.29.69192.168.2.4
                  May 28, 2024 00:39:22.907357931 CEST49742443192.168.2.424.75.29.69
                  May 28, 2024 00:39:22.909092903 CEST49742443192.168.2.424.75.29.69
                  May 28, 2024 00:39:22.909142971 CEST4434974224.75.29.69192.168.2.4
                  May 28, 2024 00:39:22.935786009 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.935807943 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.935882092 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:22.935990095 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.936038017 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.936048985 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.936090946 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:22.936099052 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.936105967 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.936116934 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.936161041 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:22.936197996 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:22.936709881 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.936760902 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.936774969 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.936789036 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.936794996 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.936800003 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.936830044 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:22.936988115 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:22.937589884 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:22.978559971 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:23.102551937 CEST49745443192.168.2.424.75.29.69
                  May 28, 2024 00:39:23.102638960 CEST4434974524.75.29.69192.168.2.4
                  May 28, 2024 00:39:23.102724075 CEST49745443192.168.2.424.75.29.69
                  May 28, 2024 00:39:23.103348017 CEST49745443192.168.2.424.75.29.69
                  May 28, 2024 00:39:23.103379011 CEST4434974524.75.29.69192.168.2.4
                  May 28, 2024 00:39:23.248363972 CEST8049741163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.255336046 CEST8049739163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.255351067 CEST8049739163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.255428076 CEST4973980192.168.2.4163.44.198.51
                  May 28, 2024 00:39:23.255620956 CEST8049739163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.255697012 CEST8049739163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.255702972 CEST8049739163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.255713940 CEST8049739163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.255718946 CEST8049739163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.255755901 CEST4973980192.168.2.4163.44.198.51
                  May 28, 2024 00:39:23.255755901 CEST8049739163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.255763054 CEST8049739163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.255780935 CEST8049739163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.255810022 CEST4973980192.168.2.4163.44.198.51
                  May 28, 2024 00:39:23.255841970 CEST4973980192.168.2.4163.44.198.51
                  May 28, 2024 00:39:23.260334015 CEST8049739163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.260353088 CEST8049739163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.260363102 CEST8049739163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.260412931 CEST4973980192.168.2.4163.44.198.51
                  May 28, 2024 00:39:23.291475058 CEST4974180192.168.2.4163.44.198.51
                  May 28, 2024 00:39:23.304997921 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.305008888 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.305022001 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.305028915 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.305084944 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:23.305144072 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:23.305222988 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.305228949 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.305248976 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.305253983 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.305264950 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.305272102 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.305291891 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:23.305320024 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:23.306097031 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.306152105 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.306158066 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.306174994 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.306215048 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:23.326224089 CEST8049740163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.326231956 CEST8049740163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.326237917 CEST8049740163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.326296091 CEST4974080192.168.2.4163.44.198.51
                  May 28, 2024 00:39:23.326323986 CEST8049740163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.326329947 CEST8049740163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.326344013 CEST8049740163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.326349974 CEST8049740163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.326356888 CEST8049740163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.326371908 CEST4974080192.168.2.4163.44.198.51
                  May 28, 2024 00:39:23.326400042 CEST4974080192.168.2.4163.44.198.51
                  May 28, 2024 00:39:23.326421976 CEST8049740163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.326428890 CEST8049740163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.326469898 CEST4974080192.168.2.4163.44.198.51
                  May 28, 2024 00:39:23.331304073 CEST8049740163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.331383944 CEST8049740163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.331389904 CEST8049740163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.331396103 CEST8049740163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.331434965 CEST4974080192.168.2.4163.44.198.51
                  May 28, 2024 00:39:23.331475019 CEST4974080192.168.2.4163.44.198.51
                  May 28, 2024 00:39:23.345357895 CEST44349743142.250.184.228192.168.2.4
                  May 28, 2024 00:39:23.345627069 CEST49743443192.168.2.4142.250.184.228
                  May 28, 2024 00:39:23.345663071 CEST44349743142.250.184.228192.168.2.4
                  May 28, 2024 00:39:23.347142935 CEST44349743142.250.184.228192.168.2.4
                  May 28, 2024 00:39:23.347219944 CEST49743443192.168.2.4142.250.184.228
                  May 28, 2024 00:39:23.395553112 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.436109066 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:23.512115955 CEST49743443192.168.2.4142.250.184.228
                  May 28, 2024 00:39:23.512382984 CEST44349743142.250.184.228192.168.2.4
                  May 28, 2024 00:39:23.554672956 CEST49743443192.168.2.4142.250.184.228
                  May 28, 2024 00:39:23.554701090 CEST44349743142.250.184.228192.168.2.4
                  May 28, 2024 00:39:23.580626965 CEST8049739163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.580636978 CEST8049739163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.580643892 CEST8049739163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.580699921 CEST4973980192.168.2.4163.44.198.51
                  May 28, 2024 00:39:23.580749035 CEST8049739163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.580771923 CEST8049739163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.580835104 CEST4973980192.168.2.4163.44.198.51
                  May 28, 2024 00:39:23.581027985 CEST8049739163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.581042051 CEST8049739163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.581053972 CEST8049739163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.581060886 CEST8049739163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.581094980 CEST4973980192.168.2.4163.44.198.51
                  May 28, 2024 00:39:23.581110954 CEST8049739163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.581118107 CEST8049739163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.581160069 CEST4973980192.168.2.4163.44.198.51
                  May 28, 2024 00:39:23.581919909 CEST8049739163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.581927061 CEST8049739163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.581976891 CEST4973980192.168.2.4163.44.198.51
                  May 28, 2024 00:39:23.582145929 CEST8049739163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.582165956 CEST8049739163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.582197905 CEST4973980192.168.2.4163.44.198.51
                  May 28, 2024 00:39:23.588177919 CEST4434974524.75.29.69192.168.2.4
                  May 28, 2024 00:39:23.595767021 CEST49745443192.168.2.424.75.29.69
                  May 28, 2024 00:39:23.595783949 CEST4434974524.75.29.69192.168.2.4
                  May 28, 2024 00:39:23.596702099 CEST4434974524.75.29.69192.168.2.4
                  May 28, 2024 00:39:23.596767902 CEST49745443192.168.2.424.75.29.69
                  May 28, 2024 00:39:23.598156929 CEST49745443192.168.2.424.75.29.69
                  May 28, 2024 00:39:23.598223925 CEST4434974524.75.29.69192.168.2.4
                  May 28, 2024 00:39:23.602056980 CEST49743443192.168.2.4142.250.184.228
                  May 28, 2024 00:39:23.605484009 CEST49745443192.168.2.424.75.29.69
                  May 28, 2024 00:39:23.605494976 CEST4434974524.75.29.69192.168.2.4
                  May 28, 2024 00:39:23.621431112 CEST4973980192.168.2.4163.44.198.51
                  May 28, 2024 00:39:23.658163071 CEST49745443192.168.2.424.75.29.69
                  May 28, 2024 00:39:23.689516068 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.689559937 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.689569950 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.689642906 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.689641953 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:23.689649105 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.689661980 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.689738035 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:23.689738035 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:23.690115929 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.690170050 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.690176010 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.690222979 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.690228939 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.690229893 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:23.690241098 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.690284967 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:23.690284967 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:23.691057920 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.691076994 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.691082001 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.691132069 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:23.691557884 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.691562891 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.691574097 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.691579103 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.691607952 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:23.691649914 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:23.710458040 CEST8049740163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.710464001 CEST8049740163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.710474968 CEST8049740163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.710552931 CEST4974080192.168.2.4163.44.198.51
                  May 28, 2024 00:39:23.710616112 CEST8049740163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.710665941 CEST4974080192.168.2.4163.44.198.51
                  May 28, 2024 00:39:23.710679054 CEST8049740163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.710685015 CEST8049740163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.710695982 CEST8049740163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.710732937 CEST4974080192.168.2.4163.44.198.51
                  May 28, 2024 00:39:23.711308956 CEST8049740163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.711347103 CEST8049740163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.711399078 CEST8049740163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.711402893 CEST4974080192.168.2.4163.44.198.51
                  May 28, 2024 00:39:23.711442947 CEST8049740163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.711453915 CEST8049740163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.711488962 CEST4974080192.168.2.4163.44.198.51
                  May 28, 2024 00:39:23.711508989 CEST4974080192.168.2.4163.44.198.51
                  May 28, 2024 00:39:23.711515903 CEST8049740163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.711519957 CEST8049740163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.711530924 CEST8049740163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.711564064 CEST4974080192.168.2.4163.44.198.51
                  May 28, 2024 00:39:23.712259054 CEST8049740163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.712263107 CEST8049740163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.712316990 CEST4974080192.168.2.4163.44.198.51
                  May 28, 2024 00:39:23.725841999 CEST4434974524.75.29.69192.168.2.4
                  May 28, 2024 00:39:23.725955963 CEST4434974524.75.29.69192.168.2.4
                  May 28, 2024 00:39:23.726016045 CEST49745443192.168.2.424.75.29.69
                  May 28, 2024 00:39:23.743170023 CEST49745443192.168.2.424.75.29.69
                  May 28, 2024 00:39:23.743227959 CEST4434974524.75.29.69192.168.2.4
                  May 28, 2024 00:39:23.825316906 CEST4974680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:23.830249071 CEST8049746163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.830318928 CEST4974680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:23.830651999 CEST4974680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:23.835875988 CEST8049746163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.904566050 CEST8049739163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.904712915 CEST8049739163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.904716969 CEST8049739163.44.198.51192.168.2.4
                  May 28, 2024 00:39:23.904786110 CEST4973980192.168.2.4163.44.198.51
                  May 28, 2024 00:39:23.987044096 CEST49747443192.168.2.4184.28.90.27
                  May 28, 2024 00:39:23.987117052 CEST44349747184.28.90.27192.168.2.4
                  May 28, 2024 00:39:23.987209082 CEST49747443192.168.2.4184.28.90.27
                  May 28, 2024 00:39:24.000191927 CEST49747443192.168.2.4184.28.90.27
                  May 28, 2024 00:39:24.000235081 CEST44349747184.28.90.27192.168.2.4
                  May 28, 2024 00:39:24.061762094 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.061805964 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.061817884 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.061825037 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.061836004 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.061841965 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.061847925 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.061873913 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:24.061948061 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:24.062218904 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.062243938 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.062248945 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.062259912 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.062263966 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.062299013 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:24.062324047 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:24.062747955 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.062791109 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.062796116 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.062844992 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.062848091 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:24.062856913 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.062864065 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.062896967 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:24.062927961 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:24.079940081 CEST8049740163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.079979897 CEST8049740163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.079992056 CEST8049740163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.080051899 CEST4974080192.168.2.4163.44.198.51
                  May 28, 2024 00:39:24.080068111 CEST8049740163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.080075026 CEST8049740163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.080087900 CEST8049740163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.080096006 CEST8049740163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.080125093 CEST4974080192.168.2.4163.44.198.51
                  May 28, 2024 00:39:24.080374956 CEST8049740163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.080416918 CEST8049740163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.080424070 CEST8049740163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.080442905 CEST4974080192.168.2.4163.44.198.51
                  May 28, 2024 00:39:24.080482006 CEST4974080192.168.2.4163.44.198.51
                  May 28, 2024 00:39:24.080497026 CEST8049740163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.080502987 CEST8049740163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.080516100 CEST8049740163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.080526114 CEST8049740163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.080553055 CEST4974080192.168.2.4163.44.198.51
                  May 28, 2024 00:39:24.080578089 CEST4974080192.168.2.4163.44.198.51
                  May 28, 2024 00:39:24.173922062 CEST8049740163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.224786997 CEST4974080192.168.2.4163.44.198.51
                  May 28, 2024 00:39:24.415693998 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.415735960 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.415740967 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.415802002 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:24.415807962 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.415816069 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.415828943 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.415834904 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.415842056 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.415847063 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.415867090 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:24.415906906 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:24.415906906 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:24.416657925 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.416675091 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.416731119 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:24.416901112 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.416960955 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.416960955 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:24.416971922 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.416977882 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.416986942 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.417025089 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:24.417490005 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.417495012 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.417500973 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.417511940 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.417515993 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.417557001 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:24.417582989 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:24.655558109 CEST44349747184.28.90.27192.168.2.4
                  May 28, 2024 00:39:24.655667067 CEST49747443192.168.2.4184.28.90.27
                  May 28, 2024 00:39:24.658154011 CEST49747443192.168.2.4184.28.90.27
                  May 28, 2024 00:39:24.658169031 CEST44349747184.28.90.27192.168.2.4
                  May 28, 2024 00:39:24.658526897 CEST44349747184.28.90.27192.168.2.4
                  May 28, 2024 00:39:24.707179070 CEST49747443192.168.2.4184.28.90.27
                  May 28, 2024 00:39:24.750500917 CEST44349747184.28.90.27192.168.2.4
                  May 28, 2024 00:39:24.770759106 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.770804882 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.770812988 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.770880938 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:24.770920992 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.771045923 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.771050930 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.771061897 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.771119118 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:24.771176100 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.771244049 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.771249056 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.771270990 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:24.771301985 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:24.771310091 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.771316051 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.771330118 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.771336079 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.771352053 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.771379948 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:24.771410942 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:24.772104979 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.772120953 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.772131920 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.772170067 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.772176027 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:24.772183895 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:24.772234917 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:24.925662994 CEST44349747184.28.90.27192.168.2.4
                  May 28, 2024 00:39:24.925710917 CEST44349747184.28.90.27192.168.2.4
                  May 28, 2024 00:39:24.925827026 CEST49747443192.168.2.4184.28.90.27
                  May 28, 2024 00:39:24.925987959 CEST49747443192.168.2.4184.28.90.27
                  May 28, 2024 00:39:24.926045895 CEST44349747184.28.90.27192.168.2.4
                  May 28, 2024 00:39:24.926079988 CEST49747443192.168.2.4184.28.90.27
                  May 28, 2024 00:39:24.926095963 CEST44349747184.28.90.27192.168.2.4
                  May 28, 2024 00:39:24.967489958 CEST49748443192.168.2.4184.28.90.27
                  May 28, 2024 00:39:24.967541933 CEST44349748184.28.90.27192.168.2.4
                  May 28, 2024 00:39:24.967636108 CEST49748443192.168.2.4184.28.90.27
                  May 28, 2024 00:39:24.968058109 CEST49748443192.168.2.4184.28.90.27
                  May 28, 2024 00:39:24.968075991 CEST44349748184.28.90.27192.168.2.4
                  May 28, 2024 00:39:25.001466036 CEST8049746163.44.198.51192.168.2.4
                  May 28, 2024 00:39:25.045064926 CEST4974680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:25.126841068 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:25.126905918 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:25.126914978 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:25.126928091 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:25.126934052 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:25.126944065 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:25.126950026 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:25.126955986 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:25.126986980 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:25.127079964 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:25.127465963 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:25.127516985 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:25.127522945 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:25.127542019 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:25.127547026 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:25.127583027 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:25.127609015 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:25.441696882 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:25.446548939 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:25.469844103 CEST49749443192.168.2.4192.216.61.78
                  May 28, 2024 00:39:25.469888926 CEST44349749192.216.61.78192.168.2.4
                  May 28, 2024 00:39:25.470047951 CEST49749443192.168.2.4192.216.61.78
                  May 28, 2024 00:39:25.470563889 CEST49750443192.168.2.4192.216.61.78
                  May 28, 2024 00:39:25.470577002 CEST44349750192.216.61.78192.168.2.4
                  May 28, 2024 00:39:25.470763922 CEST49750443192.168.2.4192.216.61.78
                  May 28, 2024 00:39:25.470977068 CEST49751443192.168.2.4192.216.61.78
                  May 28, 2024 00:39:25.470984936 CEST44349751192.216.61.78192.168.2.4
                  May 28, 2024 00:39:25.471066952 CEST49751443192.168.2.4192.216.61.78
                  May 28, 2024 00:39:25.498131990 CEST49751443192.168.2.4192.216.61.78
                  May 28, 2024 00:39:25.498151064 CEST44349751192.216.61.78192.168.2.4
                  May 28, 2024 00:39:25.498738050 CEST49750443192.168.2.4192.216.61.78
                  May 28, 2024 00:39:25.498748064 CEST44349750192.216.61.78192.168.2.4
                  May 28, 2024 00:39:25.499337912 CEST49749443192.168.2.4192.216.61.78
                  May 28, 2024 00:39:25.499350071 CEST44349749192.216.61.78192.168.2.4
                  May 28, 2024 00:39:25.534946918 CEST8049746163.44.198.51192.168.2.4
                  May 28, 2024 00:39:25.535032988 CEST4974680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:25.535610914 CEST8049739163.44.198.51192.168.2.4
                  May 28, 2024 00:39:25.535687923 CEST4973980192.168.2.4163.44.198.51
                  May 28, 2024 00:39:25.535733938 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:25.535792112 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:25.535825968 CEST8049735163.44.198.51192.168.2.4
                  May 28, 2024 00:39:25.535875082 CEST4973580192.168.2.4163.44.198.51
                  May 28, 2024 00:39:25.535922050 CEST8049741163.44.198.51192.168.2.4
                  May 28, 2024 00:39:25.535995007 CEST4973680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:25.535998106 CEST4974180192.168.2.4163.44.198.51
                  May 28, 2024 00:39:25.536277056 CEST4974680192.168.2.4163.44.198.51
                  May 28, 2024 00:39:25.536432028 CEST4973580192.168.2.4163.44.198.51
                  May 28, 2024 00:39:25.536525011 CEST4974180192.168.2.4163.44.198.51
                  May 28, 2024 00:39:25.536690950 CEST4973980192.168.2.4163.44.198.51
                  May 28, 2024 00:39:25.536883116 CEST4974080192.168.2.4163.44.198.51
                  May 28, 2024 00:39:25.537632942 CEST8049740163.44.198.51192.168.2.4
                  May 28, 2024 00:39:25.537691116 CEST4974080192.168.2.4163.44.198.51
                  May 28, 2024 00:39:25.538609982 CEST4974080192.168.2.4163.44.198.51
                  May 28, 2024 00:39:25.539283037 CEST4975280192.168.2.4163.44.198.51
                  May 28, 2024 00:39:25.540834904 CEST8049736163.44.198.51192.168.2.4
                  May 28, 2024 00:39:25.541079998 CEST8049746163.44.198.51192.168.2.4
                  May 28, 2024 00:39:25.541199923 CEST8049735163.44.198.51192.168.2.4
                  May 28, 2024 00:39:25.541312933 CEST8049741163.44.198.51192.168.2.4
                  May 28, 2024 00:39:25.541488886 CEST8049739163.44.198.51192.168.2.4
                  May 28, 2024 00:39:25.541681051 CEST8049740163.44.198.51192.168.2.4
                  May 28, 2024 00:39:25.542478085 CEST8049740163.44.198.51192.168.2.4
                  May 28, 2024 00:39:25.543468952 CEST8049740163.44.198.51192.168.2.4
                  May 28, 2024 00:39:25.544084072 CEST8049752163.44.198.51192.168.2.4
                  May 28, 2024 00:39:25.544187069 CEST4975280192.168.2.4163.44.198.51
                  May 28, 2024 00:39:25.544437885 CEST4975280192.168.2.4163.44.198.51
                  May 28, 2024 00:39:25.549309969 CEST8049752163.44.198.51192.168.2.4
                  May 28, 2024 00:39:25.647121906 CEST44349748184.28.90.27192.168.2.4
                  May 28, 2024 00:39:25.647233009 CEST49748443192.168.2.4184.28.90.27
                  May 28, 2024 00:39:25.660051107 CEST49748443192.168.2.4184.28.90.27
                  May 28, 2024 00:39:25.660096884 CEST44349748184.28.90.27192.168.2.4
                  May 28, 2024 00:39:25.660842896 CEST44349748184.28.90.27192.168.2.4
                  May 28, 2024 00:39:25.668401957 CEST49748443192.168.2.4184.28.90.27
                  May 28, 2024 00:39:25.714518070 CEST44349748184.28.90.27192.168.2.4
                  May 28, 2024 00:39:25.931138039 CEST44349748184.28.90.27192.168.2.4
                  May 28, 2024 00:39:25.931209087 CEST44349748184.28.90.27192.168.2.4
                  May 28, 2024 00:39:25.931346893 CEST49748443192.168.2.4184.28.90.27
                  May 28, 2024 00:39:25.935906887 CEST49748443192.168.2.4184.28.90.27
                  May 28, 2024 00:39:25.935950041 CEST44349748184.28.90.27192.168.2.4
                  May 28, 2024 00:39:25.999548912 CEST44349749192.216.61.78192.168.2.4
                  May 28, 2024 00:39:26.005541086 CEST44349750192.216.61.78192.168.2.4
                  May 28, 2024 00:39:26.005640030 CEST49749443192.168.2.4192.216.61.78
                  May 28, 2024 00:39:26.005669117 CEST44349749192.216.61.78192.168.2.4
                  May 28, 2024 00:39:26.005899906 CEST49750443192.168.2.4192.216.61.78
                  May 28, 2024 00:39:26.005909920 CEST44349750192.216.61.78192.168.2.4
                  May 28, 2024 00:39:26.006134033 CEST44349751192.216.61.78192.168.2.4
                  May 28, 2024 00:39:26.006999969 CEST44349750192.216.61.78192.168.2.4
                  May 28, 2024 00:39:26.007081985 CEST49750443192.168.2.4192.216.61.78
                  May 28, 2024 00:39:26.007302046 CEST44349749192.216.61.78192.168.2.4
                  May 28, 2024 00:39:26.007503033 CEST49749443192.168.2.4192.216.61.78
                  May 28, 2024 00:39:26.011257887 CEST49751443192.168.2.4192.216.61.78
                  May 28, 2024 00:39:26.011265993 CEST44349751192.216.61.78192.168.2.4
                  May 28, 2024 00:39:26.012839079 CEST44349751192.216.61.78192.168.2.4
                  May 28, 2024 00:39:26.012912035 CEST49751443192.168.2.4192.216.61.78
                  May 28, 2024 00:39:26.017810106 CEST49749443192.168.2.4192.216.61.78
                  May 28, 2024 00:39:26.017909050 CEST44349749192.216.61.78192.168.2.4
                  May 28, 2024 00:39:26.019040108 CEST49750443192.168.2.4192.216.61.78
                  May 28, 2024 00:39:26.019099951 CEST44349750192.216.61.78192.168.2.4
                  May 28, 2024 00:39:26.019521952 CEST49751443192.168.2.4192.216.61.78
                  May 28, 2024 00:39:26.019623041 CEST44349751192.216.61.78192.168.2.4
                  May 28, 2024 00:39:26.019788027 CEST49749443192.168.2.4192.216.61.78
                  May 28, 2024 00:39:26.019804955 CEST44349749192.216.61.78192.168.2.4
                  May 28, 2024 00:39:26.019949913 CEST49750443192.168.2.4192.216.61.78
                  May 28, 2024 00:39:26.019963026 CEST44349750192.216.61.78192.168.2.4
                  May 28, 2024 00:39:26.020188093 CEST49751443192.168.2.4192.216.61.78
                  May 28, 2024 00:39:26.020203114 CEST44349751192.216.61.78192.168.2.4
                  May 28, 2024 00:39:26.068960905 CEST49751443192.168.2.4192.216.61.78
                  May 28, 2024 00:39:26.068960905 CEST49749443192.168.2.4192.216.61.78
                  May 28, 2024 00:39:26.068960905 CEST49750443192.168.2.4192.216.61.78
                  May 28, 2024 00:39:26.139919043 CEST44349751192.216.61.78192.168.2.4
                  May 28, 2024 00:39:26.139944077 CEST44349751192.216.61.78192.168.2.4
                  May 28, 2024 00:39:26.140017033 CEST49751443192.168.2.4192.216.61.78
                  May 28, 2024 00:39:26.140027046 CEST44349751192.216.61.78192.168.2.4
                  May 28, 2024 00:39:26.140165091 CEST44349750192.216.61.78192.168.2.4
                  May 28, 2024 00:39:26.140214920 CEST44349750192.216.61.78192.168.2.4
                  May 28, 2024 00:39:26.140276909 CEST49750443192.168.2.4192.216.61.78
                  May 28, 2024 00:39:26.140284061 CEST44349750192.216.61.78192.168.2.4
                  May 28, 2024 00:39:26.140291929 CEST44349750192.216.61.78192.168.2.4
                  May 28, 2024 00:39:26.140327930 CEST49750443192.168.2.4192.216.61.78
                  May 28, 2024 00:39:26.140526056 CEST44349751192.216.61.78192.168.2.4
                  May 28, 2024 00:39:26.140547991 CEST44349749192.216.61.78192.168.2.4
                  May 28, 2024 00:39:26.140574932 CEST49751443192.168.2.4192.216.61.78
                  May 28, 2024 00:39:26.140623093 CEST44349749192.216.61.78192.168.2.4
                  May 28, 2024 00:39:26.140633106 CEST44349749192.216.61.78192.168.2.4
                  May 28, 2024 00:39:26.140666962 CEST49749443192.168.2.4192.216.61.78
                  May 28, 2024 00:39:26.140675068 CEST44349749192.216.61.78192.168.2.4
                  May 28, 2024 00:39:26.140697002 CEST49749443192.168.2.4192.216.61.78
                  May 28, 2024 00:39:26.140716076 CEST49749443192.168.2.4192.216.61.78
                  May 28, 2024 00:39:26.145102024 CEST44349749192.216.61.78192.168.2.4
                  May 28, 2024 00:39:26.145117998 CEST44349749192.216.61.78192.168.2.4
                  May 28, 2024 00:39:26.145147085 CEST44349749192.216.61.78192.168.2.4
                  May 28, 2024 00:39:26.145225048 CEST49749443192.168.2.4192.216.61.78
                  May 28, 2024 00:39:26.145234108 CEST44349749192.216.61.78192.168.2.4
                  May 28, 2024 00:39:26.145272017 CEST49749443192.168.2.4192.216.61.78
                  May 28, 2024 00:39:26.146445036 CEST49751443192.168.2.4192.216.61.78
                  May 28, 2024 00:39:26.146460056 CEST44349751192.216.61.78192.168.2.4
                  May 28, 2024 00:39:26.230984926 CEST44349750192.216.61.78192.168.2.4
                  May 28, 2024 00:39:26.230995893 CEST44349750192.216.61.78192.168.2.4
                  May 28, 2024 00:39:26.231028080 CEST44349750192.216.61.78192.168.2.4
                  May 28, 2024 00:39:26.231039047 CEST44349750192.216.61.78192.168.2.4
                  May 28, 2024 00:39:26.231085062 CEST49750443192.168.2.4192.216.61.78
                  May 28, 2024 00:39:26.231110096 CEST44349750192.216.61.78192.168.2.4
                  May 28, 2024 00:39:26.231139898 CEST49750443192.168.2.4192.216.61.78
                  May 28, 2024 00:39:26.233422041 CEST44349749192.216.61.78192.168.2.4
                  May 28, 2024 00:39:26.233513117 CEST49749443192.168.2.4192.216.61.78
                  May 28, 2024 00:39:26.233521938 CEST44349749192.216.61.78192.168.2.4
                  May 28, 2024 00:39:26.233550072 CEST44349749192.216.61.78192.168.2.4
                  May 28, 2024 00:39:26.233568907 CEST49749443192.168.2.4192.216.61.78
                  May 28, 2024 00:39:26.233577013 CEST44349749192.216.61.78192.168.2.4
                  May 28, 2024 00:39:26.233592987 CEST44349750192.216.61.78192.168.2.4
                  May 28, 2024 00:39:26.233593941 CEST49749443192.168.2.4192.216.61.78
                  May 28, 2024 00:39:26.233606100 CEST44349750192.216.61.78192.168.2.4
                  May 28, 2024 00:39:26.233647108 CEST49750443192.168.2.4192.216.61.78
                  May 28, 2024 00:39:26.233653069 CEST44349750192.216.61.78192.168.2.4
                  May 28, 2024 00:39:26.233669996 CEST44349749192.216.61.78192.168.2.4
                  May 28, 2024 00:39:26.233697891 CEST44349750192.216.61.78192.168.2.4
                  May 28, 2024 00:39:26.233721972 CEST49750443192.168.2.4192.216.61.78
                  May 28, 2024 00:39:26.233745098 CEST49749443192.168.2.4192.216.61.78
                  May 28, 2024 00:39:26.233772039 CEST49750443192.168.2.4192.216.61.78
                  May 28, 2024 00:39:26.234261990 CEST49749443192.168.2.4192.216.61.78
                  May 28, 2024 00:39:26.234277964 CEST44349749192.216.61.78192.168.2.4
                  May 28, 2024 00:39:26.234291077 CEST49749443192.168.2.4192.216.61.78
                  May 28, 2024 00:39:26.234333038 CEST49749443192.168.2.4192.216.61.78
                  May 28, 2024 00:39:26.235270977 CEST49750443192.168.2.4192.216.61.78
                  May 28, 2024 00:39:26.235275984 CEST44349750192.216.61.78192.168.2.4
                  May 28, 2024 00:39:26.238162041 CEST4975380192.168.2.4163.44.198.51
                  May 28, 2024 00:39:26.238424063 CEST4975480192.168.2.4163.44.198.51
                  May 28, 2024 00:39:26.245455980 CEST8049753163.44.198.51192.168.2.4
                  May 28, 2024 00:39:26.245572090 CEST4975380192.168.2.4163.44.198.51
                  May 28, 2024 00:39:26.245610952 CEST8049754163.44.198.51192.168.2.4
                  May 28, 2024 00:39:26.245663881 CEST4975480192.168.2.4163.44.198.51
                  May 28, 2024 00:39:26.245820045 CEST4975380192.168.2.4163.44.198.51
                  May 28, 2024 00:39:26.245872021 CEST4975480192.168.2.4163.44.198.51
                  May 28, 2024 00:39:26.253545046 CEST8049753163.44.198.51192.168.2.4
                  May 28, 2024 00:39:26.253555059 CEST8049754163.44.198.51192.168.2.4
                  May 28, 2024 00:39:26.807039022 CEST49755443192.168.2.424.75.29.77
                  May 28, 2024 00:39:26.807074070 CEST49756443192.168.2.424.75.29.77
                  May 28, 2024 00:39:26.807082891 CEST4434975524.75.29.77192.168.2.4
                  May 28, 2024 00:39:26.807096004 CEST4434975624.75.29.77192.168.2.4
                  May 28, 2024 00:39:26.807183981 CEST49756443192.168.2.424.75.29.77
                  May 28, 2024 00:39:26.807194948 CEST49755443192.168.2.424.75.29.77
                  May 28, 2024 00:39:26.807291985 CEST49757443192.168.2.424.75.29.77
                  May 28, 2024 00:39:26.807302952 CEST4434975724.75.29.77192.168.2.4
                  May 28, 2024 00:39:26.807404995 CEST49757443192.168.2.424.75.29.77
                  May 28, 2024 00:39:26.809843063 CEST49757443192.168.2.424.75.29.77
                  May 28, 2024 00:39:26.809851885 CEST4434975724.75.29.77192.168.2.4
                  May 28, 2024 00:39:26.810066938 CEST49756443192.168.2.424.75.29.77
                  May 28, 2024 00:39:26.810075998 CEST4434975624.75.29.77192.168.2.4
                  May 28, 2024 00:39:26.810493946 CEST49755443192.168.2.424.75.29.77
                  May 28, 2024 00:39:26.810507059 CEST4434975524.75.29.77192.168.2.4
                  May 28, 2024 00:39:27.313836098 CEST4434975624.75.29.77192.168.2.4
                  May 28, 2024 00:39:27.318569899 CEST4434975724.75.29.77192.168.2.4
                  May 28, 2024 00:39:27.319127083 CEST4434975524.75.29.77192.168.2.4
                  May 28, 2024 00:39:27.365842104 CEST49757443192.168.2.424.75.29.77
                  May 28, 2024 00:39:27.365907907 CEST49756443192.168.2.424.75.29.77
                  May 28, 2024 00:39:27.365973949 CEST49755443192.168.2.424.75.29.77
                  May 28, 2024 00:39:27.719329119 CEST49755443192.168.2.424.75.29.77
                  May 28, 2024 00:39:27.719358921 CEST4434975524.75.29.77192.168.2.4
                  May 28, 2024 00:39:27.719769001 CEST49757443192.168.2.424.75.29.77
                  May 28, 2024 00:39:27.719784975 CEST4434975724.75.29.77192.168.2.4
                  May 28, 2024 00:39:27.720026970 CEST49756443192.168.2.424.75.29.77
                  May 28, 2024 00:39:27.720037937 CEST4434975624.75.29.77192.168.2.4
                  May 28, 2024 00:39:27.720418930 CEST4434975524.75.29.77192.168.2.4
                  May 28, 2024 00:39:27.720612049 CEST49755443192.168.2.424.75.29.77
                  May 28, 2024 00:39:27.720817089 CEST4434975724.75.29.77192.168.2.4
                  May 28, 2024 00:39:27.721930981 CEST49757443192.168.2.424.75.29.77
                  May 28, 2024 00:39:27.723818064 CEST4434975624.75.29.77192.168.2.4
                  May 28, 2024 00:39:27.723911047 CEST4434975624.75.29.77192.168.2.4
                  May 28, 2024 00:39:27.724109888 CEST49756443192.168.2.424.75.29.77
                  May 28, 2024 00:39:27.724582911 CEST49755443192.168.2.424.75.29.77
                  May 28, 2024 00:39:27.724669933 CEST4434975524.75.29.77192.168.2.4
                  May 28, 2024 00:39:27.727099895 CEST49757443192.168.2.424.75.29.77
                  May 28, 2024 00:39:27.727165937 CEST4434975724.75.29.77192.168.2.4
                  May 28, 2024 00:39:27.728638887 CEST49756443192.168.2.424.75.29.77
                  May 28, 2024 00:39:27.728820086 CEST4434975624.75.29.77192.168.2.4
                  May 28, 2024 00:39:27.728874922 CEST49755443192.168.2.424.75.29.77
                  May 28, 2024 00:39:27.728892088 CEST4434975524.75.29.77192.168.2.4
                  May 28, 2024 00:39:27.729460955 CEST49757443192.168.2.424.75.29.77
                  May 28, 2024 00:39:27.729460955 CEST49756443192.168.2.424.75.29.77
                  May 28, 2024 00:39:27.729468107 CEST4434975724.75.29.77192.168.2.4
                  May 28, 2024 00:39:27.729480982 CEST4434975624.75.29.77192.168.2.4
                  May 28, 2024 00:39:27.772068024 CEST49756443192.168.2.424.75.29.77
                  May 28, 2024 00:39:27.772068024 CEST49757443192.168.2.424.75.29.77
                  May 28, 2024 00:39:27.772094011 CEST49755443192.168.2.424.75.29.77
                  May 28, 2024 00:39:27.853682995 CEST4434975524.75.29.77192.168.2.4
                  May 28, 2024 00:39:27.853713989 CEST4434975524.75.29.77192.168.2.4
                  May 28, 2024 00:39:27.853790998 CEST4434975524.75.29.77192.168.2.4
                  May 28, 2024 00:39:27.853840113 CEST49755443192.168.2.424.75.29.77
                  May 28, 2024 00:39:27.853840113 CEST49755443192.168.2.424.75.29.77
                  May 28, 2024 00:39:27.858077049 CEST4434975724.75.29.77192.168.2.4
                  May 28, 2024 00:39:27.858097076 CEST4434975724.75.29.77192.168.2.4
                  May 28, 2024 00:39:27.858103991 CEST4434975724.75.29.77192.168.2.4
                  May 28, 2024 00:39:27.858191013 CEST49757443192.168.2.424.75.29.77
                  May 28, 2024 00:39:27.858200073 CEST4434975724.75.29.77192.168.2.4
                  May 28, 2024 00:39:27.858272076 CEST49757443192.168.2.424.75.29.77
                  May 28, 2024 00:39:27.868566990 CEST49755443192.168.2.424.75.29.77
                  May 28, 2024 00:39:27.868587017 CEST4434975524.75.29.77192.168.2.4
                  May 28, 2024 00:39:27.871134043 CEST4434975724.75.29.77192.168.2.4
                  May 28, 2024 00:39:27.871144056 CEST4434975724.75.29.77192.168.2.4
                  May 28, 2024 00:39:27.871189117 CEST4434975724.75.29.77192.168.2.4
                  May 28, 2024 00:39:27.871212959 CEST4434975724.75.29.77192.168.2.4
                  May 28, 2024 00:39:27.871226072 CEST4434975724.75.29.77192.168.2.4
                  May 28, 2024 00:39:27.871244907 CEST49757443192.168.2.424.75.29.77
                  May 28, 2024 00:39:27.871421099 CEST49757443192.168.2.424.75.29.77
                  May 28, 2024 00:39:27.950630903 CEST4434975724.75.29.77192.168.2.4
                  May 28, 2024 00:39:27.951080084 CEST4434975724.75.29.77192.168.2.4
                  May 28, 2024 00:39:27.951138020 CEST49757443192.168.2.424.75.29.77
                  May 28, 2024 00:39:27.951147079 CEST4434975724.75.29.77192.168.2.4
                  May 28, 2024 00:39:27.951845884 CEST4434975724.75.29.77192.168.2.4
                  May 28, 2024 00:39:27.952025890 CEST4434975724.75.29.77192.168.2.4
                  May 28, 2024 00:39:27.952100039 CEST4434975724.75.29.77192.168.2.4
                  May 28, 2024 00:39:27.962857962 CEST49757443192.168.2.424.75.29.77
                  May 28, 2024 00:39:27.963834047 CEST49757443192.168.2.424.75.29.77
                  May 28, 2024 00:39:27.963843107 CEST4434975724.75.29.77192.168.2.4
                  May 28, 2024 00:39:28.138503075 CEST4434975624.75.29.77192.168.2.4
                  May 28, 2024 00:39:28.138547897 CEST4434975624.75.29.77192.168.2.4
                  May 28, 2024 00:39:28.138572931 CEST4434975624.75.29.77192.168.2.4
                  May 28, 2024 00:39:28.138590097 CEST4434975624.75.29.77192.168.2.4
                  May 28, 2024 00:39:28.138614893 CEST49756443192.168.2.424.75.29.77
                  May 28, 2024 00:39:28.138618946 CEST4434975624.75.29.77192.168.2.4
                  May 28, 2024 00:39:28.138653994 CEST4434975624.75.29.77192.168.2.4
                  May 28, 2024 00:39:28.138681889 CEST4434975624.75.29.77192.168.2.4
                  May 28, 2024 00:39:28.138704062 CEST49756443192.168.2.424.75.29.77
                  May 28, 2024 00:39:28.138704062 CEST49756443192.168.2.424.75.29.77
                  May 28, 2024 00:39:28.138783932 CEST49756443192.168.2.424.75.29.77
                  May 28, 2024 00:39:28.138789892 CEST4434975624.75.29.77192.168.2.4
                  May 28, 2024 00:39:28.178539038 CEST49756443192.168.2.424.75.29.77
                  May 28, 2024 00:39:28.216600895 CEST4434975624.75.29.77192.168.2.4
                  May 28, 2024 00:39:28.216615915 CEST4434975624.75.29.77192.168.2.4
                  May 28, 2024 00:39:28.216670990 CEST4434975624.75.29.77192.168.2.4
                  May 28, 2024 00:39:28.216737032 CEST49756443192.168.2.424.75.29.77
                  May 28, 2024 00:39:28.216754913 CEST4434975624.75.29.77192.168.2.4
                  May 28, 2024 00:39:28.216770887 CEST4434975624.75.29.77192.168.2.4
                  May 28, 2024 00:39:28.216773033 CEST49756443192.168.2.424.75.29.77
                  May 28, 2024 00:39:28.216869116 CEST49756443192.168.2.424.75.29.77
                  May 28, 2024 00:39:28.217407942 CEST49756443192.168.2.424.75.29.77
                  May 28, 2024 00:39:28.217430115 CEST4434975624.75.29.77192.168.2.4
                  May 28, 2024 00:39:29.939938068 CEST8049754163.44.198.51192.168.2.4
                  May 28, 2024 00:39:29.951117992 CEST8049752163.44.198.51192.168.2.4
                  May 28, 2024 00:39:29.951132059 CEST8049752163.44.198.51192.168.2.4
                  May 28, 2024 00:39:29.951142073 CEST8049752163.44.198.51192.168.2.4
                  May 28, 2024 00:39:29.951242924 CEST8049752163.44.198.51192.168.2.4
                  May 28, 2024 00:39:29.951261997 CEST8049752163.44.198.51192.168.2.4
                  May 28, 2024 00:39:29.951277971 CEST8049752163.44.198.51192.168.2.4
                  May 28, 2024 00:39:29.951287031 CEST8049752163.44.198.51192.168.2.4
                  May 28, 2024 00:39:29.951302052 CEST8049752163.44.198.51192.168.2.4
                  May 28, 2024 00:39:29.951308966 CEST8049752163.44.198.51192.168.2.4
                  May 28, 2024 00:39:29.951319933 CEST8049752163.44.198.51192.168.2.4
                  May 28, 2024 00:39:29.959009886 CEST4975280192.168.2.4163.44.198.51
                  May 28, 2024 00:39:29.959074020 CEST4975280192.168.2.4163.44.198.51
                  May 28, 2024 00:39:29.964054108 CEST8049752163.44.198.51192.168.2.4
                  May 28, 2024 00:39:29.964093924 CEST8049752163.44.198.51192.168.2.4
                  May 28, 2024 00:39:29.964194059 CEST4975280192.168.2.4163.44.198.51
                  May 28, 2024 00:39:29.970777988 CEST8049753163.44.198.51192.168.2.4
                  May 28, 2024 00:39:29.990767956 CEST4975480192.168.2.4163.44.198.51
                  May 28, 2024 00:39:30.014842033 CEST4975380192.168.2.4163.44.198.51
                  May 28, 2024 00:39:30.081285000 CEST4975480192.168.2.4163.44.198.51
                  May 28, 2024 00:39:30.081362009 CEST4975380192.168.2.4163.44.198.51
                  May 28, 2024 00:39:30.086299896 CEST8049754163.44.198.51192.168.2.4
                  May 28, 2024 00:39:30.086323023 CEST8049753163.44.198.51192.168.2.4
                  May 28, 2024 00:39:30.198056936 CEST8049752163.44.198.51192.168.2.4
                  May 28, 2024 00:39:30.198071957 CEST8049752163.44.198.51192.168.2.4
                  May 28, 2024 00:39:30.198189974 CEST4975280192.168.2.4163.44.198.51
                  May 28, 2024 00:39:30.214076996 CEST4975880192.168.2.4163.44.198.51
                  May 28, 2024 00:39:30.219057083 CEST8049758163.44.198.51192.168.2.4
                  May 28, 2024 00:39:30.219124079 CEST4975880192.168.2.4163.44.198.51
                  May 28, 2024 00:39:30.219367981 CEST4975880192.168.2.4163.44.198.51
                  May 28, 2024 00:39:30.224175930 CEST8049758163.44.198.51192.168.2.4
                  May 28, 2024 00:39:30.511279106 CEST8049753163.44.198.51192.168.2.4
                  May 28, 2024 00:39:30.511346102 CEST4975380192.168.2.4163.44.198.51
                  May 28, 2024 00:39:30.511497974 CEST4975380192.168.2.4163.44.198.51
                  May 28, 2024 00:39:30.512120008 CEST4975280192.168.2.4163.44.198.51
                  May 28, 2024 00:39:30.517251968 CEST8049753163.44.198.51192.168.2.4
                  May 28, 2024 00:39:30.517764091 CEST8049752163.44.198.51192.168.2.4
                  May 28, 2024 00:39:30.580048084 CEST8049754163.44.198.51192.168.2.4
                  May 28, 2024 00:39:30.630795956 CEST4975480192.168.2.4163.44.198.51
                  May 28, 2024 00:39:30.862370014 CEST8049752163.44.198.51192.168.2.4
                  May 28, 2024 00:39:30.914921045 CEST4975280192.168.2.4163.44.198.51
                  May 28, 2024 00:39:31.198236942 CEST8049758163.44.198.51192.168.2.4
                  May 28, 2024 00:39:31.198245049 CEST8049758163.44.198.51192.168.2.4
                  May 28, 2024 00:39:31.198255062 CEST8049758163.44.198.51192.168.2.4
                  May 28, 2024 00:39:31.198261976 CEST8049758163.44.198.51192.168.2.4
                  May 28, 2024 00:39:31.198287010 CEST8049758163.44.198.51192.168.2.4
                  May 28, 2024 00:39:31.198293924 CEST8049758163.44.198.51192.168.2.4
                  May 28, 2024 00:39:31.198311090 CEST4975880192.168.2.4163.44.198.51
                  May 28, 2024 00:39:31.198318958 CEST8049758163.44.198.51192.168.2.4
                  May 28, 2024 00:39:31.198326111 CEST8049758163.44.198.51192.168.2.4
                  May 28, 2024 00:39:31.198343992 CEST8049758163.44.198.51192.168.2.4
                  May 28, 2024 00:39:31.198344946 CEST4975880192.168.2.4163.44.198.51
                  May 28, 2024 00:39:31.198357105 CEST8049758163.44.198.51192.168.2.4
                  May 28, 2024 00:39:31.198367119 CEST4975880192.168.2.4163.44.198.51
                  May 28, 2024 00:39:31.198401928 CEST4975880192.168.2.4163.44.198.51
                  May 28, 2024 00:39:31.203351974 CEST8049758163.44.198.51192.168.2.4
                  May 28, 2024 00:39:31.203418970 CEST8049758163.44.198.51192.168.2.4
                  May 28, 2024 00:39:31.203490019 CEST4975880192.168.2.4163.44.198.51
                  May 28, 2024 00:39:31.451486111 CEST8049758163.44.198.51192.168.2.4
                  May 28, 2024 00:39:31.451498032 CEST8049758163.44.198.51192.168.2.4
                  May 28, 2024 00:39:31.451550961 CEST4975880192.168.2.4163.44.198.51
                  May 28, 2024 00:39:32.340281010 CEST49672443192.168.2.4173.222.162.32
                  May 28, 2024 00:39:32.340348005 CEST44349672173.222.162.32192.168.2.4
                  May 28, 2024 00:39:33.238399029 CEST44349743142.250.184.228192.168.2.4
                  May 28, 2024 00:39:33.238475084 CEST44349743142.250.184.228192.168.2.4
                  May 28, 2024 00:39:33.238521099 CEST49743443192.168.2.4142.250.184.228
                  May 28, 2024 00:39:33.632416964 CEST49743443192.168.2.4142.250.184.228
                  May 28, 2024 00:39:33.632456064 CEST44349743142.250.184.228192.168.2.4
                  May 28, 2024 00:39:35.591479063 CEST8049754163.44.198.51192.168.2.4
                  May 28, 2024 00:39:35.591567993 CEST4975480192.168.2.4163.44.198.51
                  May 28, 2024 00:39:35.863379002 CEST8049752163.44.198.51192.168.2.4
                  May 28, 2024 00:39:35.866199970 CEST4975280192.168.2.4163.44.198.51
                  May 28, 2024 00:39:36.198242903 CEST8049758163.44.198.51192.168.2.4
                  May 28, 2024 00:39:36.198498964 CEST4975880192.168.2.4163.44.198.51
                  May 28, 2024 00:39:37.509087086 CEST4975880192.168.2.4163.44.198.51
                  May 28, 2024 00:39:37.509162903 CEST4975480192.168.2.4163.44.198.51
                  May 28, 2024 00:39:37.509232998 CEST4975280192.168.2.4163.44.198.51
                  May 28, 2024 00:39:37.514215946 CEST8049758163.44.198.51192.168.2.4
                  May 28, 2024 00:39:37.514234066 CEST8049754163.44.198.51192.168.2.4
                  May 28, 2024 00:39:37.514240980 CEST8049752163.44.198.51192.168.2.4
                  May 28, 2024 00:40:00.266328096 CEST5285153192.168.2.4162.159.36.2
                  May 28, 2024 00:40:00.272131920 CEST5352851162.159.36.2192.168.2.4
                  May 28, 2024 00:40:00.272201061 CEST5285153192.168.2.4162.159.36.2
                  May 28, 2024 00:40:00.272253990 CEST5285153192.168.2.4162.159.36.2
                  May 28, 2024 00:40:00.277097940 CEST5352851162.159.36.2192.168.2.4
                  May 28, 2024 00:40:00.737308979 CEST5352851162.159.36.2192.168.2.4
                  May 28, 2024 00:40:00.738176107 CEST5285153192.168.2.4162.159.36.2
                  May 28, 2024 00:40:00.744923115 CEST5352851162.159.36.2192.168.2.4
                  May 28, 2024 00:40:00.744982004 CEST5285153192.168.2.4162.159.36.2
                  May 28, 2024 00:40:22.633658886 CEST52855443192.168.2.4142.250.184.228
                  May 28, 2024 00:40:22.633702040 CEST44352855142.250.184.228192.168.2.4
                  May 28, 2024 00:40:22.634038925 CEST52855443192.168.2.4142.250.184.228
                  May 28, 2024 00:40:22.634243011 CEST52855443192.168.2.4142.250.184.228
                  May 28, 2024 00:40:22.634273052 CEST44352855142.250.184.228192.168.2.4
                  May 28, 2024 00:40:23.278182983 CEST44352855142.250.184.228192.168.2.4
                  May 28, 2024 00:40:23.279050112 CEST52855443192.168.2.4142.250.184.228
                  May 28, 2024 00:40:23.279083014 CEST44352855142.250.184.228192.168.2.4
                  May 28, 2024 00:40:23.279437065 CEST44352855142.250.184.228192.168.2.4
                  May 28, 2024 00:40:23.280775070 CEST52855443192.168.2.4142.250.184.228
                  May 28, 2024 00:40:23.280848980 CEST44352855142.250.184.228192.168.2.4
                  May 28, 2024 00:40:23.334364891 CEST52855443192.168.2.4142.250.184.228
                  May 28, 2024 00:40:28.663336992 CEST4972480192.168.2.493.184.221.240
                  May 28, 2024 00:40:28.678250074 CEST804972493.184.221.240192.168.2.4
                  May 28, 2024 00:40:28.678324938 CEST4972480192.168.2.493.184.221.240
                  May 28, 2024 00:40:33.191135883 CEST44352855142.250.184.228192.168.2.4
                  May 28, 2024 00:40:33.191227913 CEST44352855142.250.184.228192.168.2.4
                  May 28, 2024 00:40:33.191409111 CEST52855443192.168.2.4142.250.184.228
                  May 28, 2024 00:40:33.510256052 CEST52855443192.168.2.4142.250.184.228
                  May 28, 2024 00:40:33.510302067 CEST44352855142.250.184.228192.168.2.4

                  UDP Packets

                  TimestampSource PortDest PortSource IPDest IP
                  May 28, 2024 00:39:19.309956074 CEST53560821.1.1.1192.168.2.4
                  May 28, 2024 00:39:19.338597059 CEST53530321.1.1.1192.168.2.4
                  May 28, 2024 00:39:20.339574099 CEST53606501.1.1.1192.168.2.4
                  May 28, 2024 00:39:20.516413927 CEST5325453192.168.2.41.1.1.1
                  May 28, 2024 00:39:20.516762018 CEST5521153192.168.2.41.1.1.1
                  May 28, 2024 00:39:20.792166948 CEST53552111.1.1.1192.168.2.4
                  May 28, 2024 00:39:20.809535027 CEST53532541.1.1.1192.168.2.4
                  May 28, 2024 00:39:22.116808891 CEST6120753192.168.2.41.1.1.1
                  May 28, 2024 00:39:22.116914988 CEST5858653192.168.2.41.1.1.1
                  May 28, 2024 00:39:22.230508089 CEST53612071.1.1.1192.168.2.4
                  May 28, 2024 00:39:22.598937035 CEST6271653192.168.2.41.1.1.1
                  May 28, 2024 00:39:22.599775076 CEST6285653192.168.2.41.1.1.1
                  May 28, 2024 00:39:22.605858088 CEST53627161.1.1.1192.168.2.4
                  May 28, 2024 00:39:22.606575012 CEST53628561.1.1.1192.168.2.4
                  May 28, 2024 00:39:22.744730949 CEST53526271.1.1.1192.168.2.4
                  May 28, 2024 00:39:22.924438953 CEST6095953192.168.2.41.1.1.1
                  May 28, 2024 00:39:22.924897909 CEST5052953192.168.2.41.1.1.1
                  May 28, 2024 00:39:23.033967018 CEST53609591.1.1.1192.168.2.4
                  May 28, 2024 00:39:23.529406071 CEST6361153192.168.2.41.1.1.1
                  May 28, 2024 00:39:23.529844999 CEST5981953192.168.2.41.1.1.1
                  May 28, 2024 00:39:23.801467896 CEST53636111.1.1.1192.168.2.4
                  May 28, 2024 00:39:23.824610949 CEST53598191.1.1.1192.168.2.4
                  May 28, 2024 00:39:25.308136940 CEST6165053192.168.2.41.1.1.1
                  May 28, 2024 00:39:25.311836004 CEST5635253192.168.2.41.1.1.1
                  May 28, 2024 00:39:25.422250032 CEST53616501.1.1.1192.168.2.4
                  May 28, 2024 00:39:26.654829979 CEST5724253192.168.2.41.1.1.1
                  May 28, 2024 00:39:26.655572891 CEST6233653192.168.2.41.1.1.1
                  May 28, 2024 00:39:26.768193960 CEST53572421.1.1.1192.168.2.4
                  May 28, 2024 00:39:28.079149008 CEST53585861.1.1.1192.168.2.4
                  May 28, 2024 00:39:28.079262972 CEST53505291.1.1.1192.168.2.4
                  May 28, 2024 00:39:31.275819063 CEST53563521.1.1.1192.168.2.4
                  May 28, 2024 00:39:32.623256922 CEST53623361.1.1.1192.168.2.4
                  May 28, 2024 00:39:37.688405991 CEST53547451.1.1.1192.168.2.4
                  May 28, 2024 00:39:40.247173071 CEST138138192.168.2.4192.168.2.255
                  May 28, 2024 00:39:56.506191969 CEST53520711.1.1.1192.168.2.4
                  May 28, 2024 00:40:00.265866041 CEST5359605162.159.36.2192.168.2.4
                  May 28, 2024 00:40:00.771986961 CEST53518131.1.1.1192.168.2.4
                  May 28, 2024 00:40:18.399769068 CEST53567221.1.1.1192.168.2.4
                  May 28, 2024 00:40:18.938359976 CEST53621031.1.1.1192.168.2.4

                  ICMP Packets

                  TimestampSource IPDest IPChecksumCodeType
                  May 28, 2024 00:39:19.363780975 CEST192.168.2.41.1.1.1c233(Port unreachable)Destination Unreachable
                  May 28, 2024 00:39:28.079224110 CEST192.168.2.41.1.1.1c1eb(Port unreachable)Destination Unreachable
                  May 28, 2024 00:39:31.275943995 CEST192.168.2.41.1.1.1c1e7(Port unreachable)Destination Unreachable
                  May 28, 2024 00:39:32.623414993 CEST192.168.2.41.1.1.1c1e7(Port unreachable)Destination Unreachable

                  DNS Queries

                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                  May 28, 2024 00:39:20.516413927 CEST192.168.2.41.1.1.10x7bf5Standard query (0)46814880-10-20181030130048.webstarterz.comA (IP address)IN (0x0001)false
                  May 28, 2024 00:39:20.516762018 CEST192.168.2.41.1.1.10x5428Standard query (0)46814880-10-20181030130048.webstarterz.com65IN (0x0001)false
                  May 28, 2024 00:39:22.116808891 CEST192.168.2.41.1.1.10x9c77Standard query (0)onlinebanking.mtb.comA (IP address)IN (0x0001)false
                  May 28, 2024 00:39:22.116914988 CEST192.168.2.41.1.1.10x610eStandard query (0)onlinebanking.mtb.com65IN (0x0001)false
                  May 28, 2024 00:39:22.598937035 CEST192.168.2.41.1.1.10x7926Standard query (0)www.google.comA (IP address)IN (0x0001)false
                  May 28, 2024 00:39:22.599775076 CEST192.168.2.41.1.1.10xe82Standard query (0)www.google.com65IN (0x0001)false
                  May 28, 2024 00:39:22.924438953 CEST192.168.2.41.1.1.10xd3eStandard query (0)onlinebanking.mtb.comA (IP address)IN (0x0001)false
                  May 28, 2024 00:39:22.924897909 CEST192.168.2.41.1.1.10x4862Standard query (0)onlinebanking.mtb.com65IN (0x0001)false
                  May 28, 2024 00:39:23.529406071 CEST192.168.2.41.1.1.10xc5b3Standard query (0)46814880-10-20181030130048.webstarterz.comA (IP address)IN (0x0001)false
                  May 28, 2024 00:39:23.529844999 CEST192.168.2.41.1.1.10xa165Standard query (0)46814880-10-20181030130048.webstarterz.com65IN (0x0001)false
                  May 28, 2024 00:39:25.308136940 CEST192.168.2.41.1.1.10x5e5Standard query (0)resources.mtb.comA (IP address)IN (0x0001)false
                  May 28, 2024 00:39:25.311836004 CEST192.168.2.41.1.1.10x1211Standard query (0)resources.mtb.com65IN (0x0001)false
                  May 28, 2024 00:39:26.654829979 CEST192.168.2.41.1.1.10x2df7Standard query (0)resources.mtb.comA (IP address)IN (0x0001)false
                  May 28, 2024 00:39:26.655572891 CEST192.168.2.41.1.1.10xcd0bStandard query (0)resources.mtb.com65IN (0x0001)false

                  DNS Answers

                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                  May 28, 2024 00:39:20.809535027 CEST1.1.1.1192.168.2.40x7bf5No error (0)46814880-10-20181030130048.webstarterz.com163.44.198.51A (IP address)IN (0x0001)false
                  May 28, 2024 00:39:22.230508089 CEST1.1.1.1192.168.2.40x9c77No error (0)onlinebanking.mtb.comonlinebanking.gslb.mtb.comCNAME (Canonical name)IN (0x0001)false
                  May 28, 2024 00:39:22.230508089 CEST1.1.1.1192.168.2.40x9c77No error (0)onlinebanking.gslb.mtb.com24.75.29.69A (IP address)IN (0x0001)false
                  May 28, 2024 00:39:22.605858088 CEST1.1.1.1192.168.2.40x7926No error (0)www.google.com142.250.184.228A (IP address)IN (0x0001)false
                  May 28, 2024 00:39:22.606575012 CEST1.1.1.1192.168.2.40xe82No error (0)www.google.com65IN (0x0001)false
                  May 28, 2024 00:39:23.033967018 CEST1.1.1.1192.168.2.40xd3eNo error (0)onlinebanking.mtb.comonlinebanking.gslb.mtb.comCNAME (Canonical name)IN (0x0001)false
                  May 28, 2024 00:39:23.033967018 CEST1.1.1.1192.168.2.40xd3eNo error (0)onlinebanking.gslb.mtb.com24.75.29.69A (IP address)IN (0x0001)false
                  May 28, 2024 00:39:23.801467896 CEST1.1.1.1192.168.2.40xc5b3No error (0)46814880-10-20181030130048.webstarterz.com163.44.198.51A (IP address)IN (0x0001)false
                  May 28, 2024 00:39:25.422250032 CEST1.1.1.1192.168.2.40x5e5No error (0)resources.mtb.comresources.gslb.mtb.comCNAME (Canonical name)IN (0x0001)false
                  May 28, 2024 00:39:25.422250032 CEST1.1.1.1192.168.2.40x5e5No error (0)resources.gslb.mtb.com192.216.61.78A (IP address)IN (0x0001)false
                  May 28, 2024 00:39:26.768193960 CEST1.1.1.1192.168.2.40x2df7No error (0)resources.mtb.comresources.gslb.mtb.comCNAME (Canonical name)IN (0x0001)false
                  May 28, 2024 00:39:26.768193960 CEST1.1.1.1192.168.2.40x2df7No error (0)resources.gslb.mtb.com24.75.29.77A (IP address)IN (0x0001)false
                  May 28, 2024 00:39:28.079149008 CEST1.1.1.1192.168.2.40x610eServer failure (2)onlinebanking.mtb.comnonenone65IN (0x0001)false
                  May 28, 2024 00:39:28.079262972 CEST1.1.1.1192.168.2.40x4862Server failure (2)onlinebanking.mtb.comnonenone65IN (0x0001)false
                  May 28, 2024 00:39:31.275819063 CEST1.1.1.1192.168.2.40x1211Server failure (2)resources.mtb.comnonenone65IN (0x0001)false
                  May 28, 2024 00:39:32.623256922 CEST1.1.1.1192.168.2.40xcd0bServer failure (2)resources.mtb.comnonenone65IN (0x0001)false
                  May 28, 2024 00:39:34.747648001 CEST1.1.1.1192.168.2.40x8728No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                  May 28, 2024 00:39:34.747648001 CEST1.1.1.1192.168.2.40x8728No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                  May 28, 2024 00:39:48.218111992 CEST1.1.1.1192.168.2.40xca9fNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                  May 28, 2024 00:39:48.218111992 CEST1.1.1.1192.168.2.40xca9fNo error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                  May 28, 2024 00:40:11.607361078 CEST1.1.1.1192.168.2.40x7378No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                  May 28, 2024 00:40:11.607361078 CEST1.1.1.1192.168.2.40x7378No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                  May 28, 2024 00:40:32.157391071 CEST1.1.1.1192.168.2.40x1195No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                  May 28, 2024 00:40:32.157391071 CEST1.1.1.1192.168.2.40x1195No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false

                  HTTP Request Dependency Graph

                  • 46814880-10-20181030130048.webstarterz.com
                    • onlinebanking.mtb.com
                    • resources.mtb.com
                  • fs.microsoft.com

                  HTTP Packets

                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  0192.168.2.449735163.44.198.51801892C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  May 28, 2024 00:39:20.837126970 CEST576OUTGET /tedsplay.com/onlinebankingmtb/securityauthentication.html?onlinebanking.mtb.com/Login/MTBSignOn?security+authentication HTTP/1.1
                  Host: 46814880-10-20181030130048.webstarterz.com
                  Connection: keep-alive
                  Upgrade-Insecure-Requests: 1
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                  Accept-Encoding: gzip, deflate
                  Accept-Language: en-US,en;q=0.9
                  May 28, 2024 00:39:22.091527939 CEST1236INHTTP/1.1 200 OK
                  Date: Mon, 27 May 2024 22:39:21 GMT
                  Server: Apache
                  Last-Modified: Tue, 03 Mar 2020 10:37:28 GMT
                  ETag: "65b2-59ff0e3e5aa00"
                  Accept-Ranges: bytes
                  Content-Length: 26034
                  Keep-Alive: timeout=5, max=100
                  Connection: Keep-Alive
                  Content-Type: text/html
                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 63 6c 61 73 73 3d 22 6d 74 62 2d 6b 72 61 6b 65 6e 2d 75 69 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 0d 0a 0d 0a 0d 0a 0d 0a 3c 74 69 74 6c 65 3e 4d 79 20 50 72 6f 66 69 6c 65 20 7c 20 4d 26 61 6d 70 3b 54 20 42 61 6e 6b 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 [TRUNCATED]
                  Data Ascii: <!DOCTYPE html><html lang="en" class="mtb-kraken-ui"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" /><title>My Profile | M&amp;T Bank</title><link rel="shortcut icon" href="img/favicon.ico" type="image/x-icon"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta http-equiv="Expires" content="-1"><meta http-equiv="Cache-Control" content="no-cache"><meta http-equiv="Pragma" content="no-cache"><link href="img/1css.css" rel="stylesheet"><link href="img/Retail.css" rel="stylesheet"><link href="img/CustomerService.css" rel="stylesheet"></head><body style=""><a href="javascript:void(0)?onlinebanking.mtb.com/CustomerService/MyProfileEdit#main-content" id="skip" tabindex="1">Skip to content</a><div class="app-banner" id="UserType_NoAccess"> <img src="https://onlinebanking.mtb.com/Assets/images/img_trans.gi
                  May 28, 2024 00:39:22.091548920 CEST224INData Raw: 66 22 20 63 6c 61 73 73 3d 22 62 61 6e 6e 65 72 22 20 61 6c 74 3d 22 4d 26 61 6d 70 3b 54 20 42 61 6e 6b 22 20 75 73 65 6d 61 70 3d 22 23 70 6c 61 6e 65 74 6d 61 70 22 3e 0d 0a 3c 6d 61 70 20 69 64 3d 22 22 20 6e 61 6d 65 3d 22 70 6c 61 6e 65 74
                  Data Ascii: f" class="banner" alt="M&amp;T Bank" usemap="#planetmap"><map id="" name="planetmap"><area shape="rect" coords="20,10,190,50" href="javascript:void(0)?onlinebanking.mtb.com/Accounts/AccountSummary" tabindex="2"></map>
                  May 28, 2024 00:39:22.091620922 CEST1236INData Raw: 0a 3c 2f 64 69 76 3e 20 0d 0a 3c 75 6c 20 63 6c 61 73 73 3d 22 75 74 69 6c 69 74 79 4d 65 6e 75 22 3e 0d 0a 3c 6c 69 3e 3c 61 20 69 64 3d 22 6c 6e 6b 4d 65 73 73 61 67 65 43 6f 75 6e 74 22 20 68 72 65 66 3d 22 6a 61 76 61 73 63 72 69 70 74 3a 76
                  Data Ascii: </div> <ul class="utilityMenu"><li><a id="lnkMessageCount" href="javascript:void(0)?onlinebanking.mtb.com/CustomerService/MessageSummary" tabindex="3">Messages <span style="color: red">(1)</span></a></li><li><button type="button" id="
                  May 28, 2024 00:39:22.091645002 CEST1236INData Raw: 3e 0d 0a 3c 6c 69 3e 0d 0a 3c 68 72 20 63 6c 61 73 73 3d 22 73 6d 5f 72 75 6c 65 20 72 75 6c 65 74 6f 70 22 3e 3c 61 20 68 72 65 66 3d 22 6a 61 76 61 73 63 72 69 70 74 3a 76 6f 69 64 28 30 29 3f 6f 6e 6c 69 6e 65 62 61 6e 6b 69 6e 67 2e 6d 74 62
                  Data Ascii: ><li><hr class="sm_rule ruletop"><a href="javascript:void(0)?onlinebanking.mtb.com/CustomerService/AccountDisplay" tabindex="10">Manage Account Display</a></li><li><a href="javascript:void(0)?www.mtb.com/mtb-rewards-sign-in" class="ext-l
                  May 28, 2024 00:39:22.091665983 CEST1236INData Raw: 22 52 6f 77 43 6f 6e 74 61 69 6e 65 72 22 3e 0d 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 5f 31 22 3e 0d 0a 3c 68 34 3e 54 72 61 6e 73 66 65 72 73 3c 2f 68 34 3e 0d 0a 3c 75 6c 20 63 6c 61 73 73 3d 22 73 75 62 4d 65 6e 75 22 3e 0d 0a 3c 6c
                  Data Ascii: "RowContainer"><div class="col_1"><h4>Transfers</h4><ul class="subMenu"><li><a href="javascript:void(0)?onlinebanking.mtb.com/Products/Transfers" tabindex="17">Transfer Between Your <br>M&amp;T Accounts</a></li><li><a href="javascrip
                  May 28, 2024 00:39:22.091730118 CEST1236INData Raw: 69 70 74 3a 76 6f 69 64 28 30 29 3f 6f 6e 6c 69 6e 65 62 61 6e 6b 69 6e 67 2e 6d 74 62 2e 63 6f 6d 2f 50 72 6f 64 75 63 74 73 2f 42 69 6c 6c 50 61 79 22 20 74 61 62 69 6e 64 65 78 3d 22 32 34 22 3e 50 61 79 20 42 69 6c 6c 73 3c 2f 61 3e 3c 2f 6c
                  Data Ascii: ipt:void(0)?onlinebanking.mtb.com/Products/BillPay" tabindex="24">Pay Bills</a></li><li><a href="javascript:void(0)?onlinebanking.mtb.com/Payments/Activity" tabindex="25">View Bill Payment Activity</a></li><li><a href="javascript:void(0)?o
                  May 28, 2024 00:39:22.091763020 CEST1236INData Raw: 2f 6c 69 3e 0d 0a 3c 2f 75 6c 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 5f 31 5f 77 69 64 65 22 3e 0d 0a 3c 75 6c 20 63 6c 61 73 73 3d 22 73 75 62 4d 65 6e 75 22 3e 0d 0a 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22
                  Data Ascii: /li></ul></div><div class="col_1_wide"><ul class="subMenu"><li><a href="javascript:void(0)?onlinebanking.mtb.com/Products/MobileDeposit" tabindex="32"><span class="r-mobiledeposit"></span>Mobile Deposit</a></li><li><a href="javascr
                  May 28, 2024 00:39:22.091779947 CEST1236INData Raw: 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 5f 31 5f 77 69 64 65 22 3e 0d 0a 3c 75 6c 20 63 6c 61 73 73 3d 22 73 75 62 4d 65 6e 75 22 3e 0d 0a 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 6a 61 76 61 73 63 72 69 70 74 3a 76 6f 69 64 28 30 29 3f 6f 6e 6c
                  Data Ascii: div class="col_1_wide"><ul class="subMenu"><li><a href="javascript:void(0)?onlinebanking.mtb.com/CustomerService/MyProfileEdit#" id="applyCreditCard" tabindex="37">Apply for a Credit Card</a></li></ul></div></div><div class="RowC
                  May 28, 2024 00:39:22.091794968 CEST1236INData Raw: 22 3e 3c 2f 73 70 61 6e 3e 4f 70 65 6e 20 61 6e 20 41 63 63 6f 75 6e 74 20 6f 72 20 41 70 70 6c 79 20 66 6f 72 20 61 20 43 72 65 64 69 74 20 43 61 72 64 3c 2f 61 3e 3c 2f 6c 69 3e 0d 0a 3c 2f 75 6c 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76
                  Data Ascii: "></span>Open an Account or Apply for a Credit Card</a></li></ul></div></div><hr class="lg_rule ruletop"><div class="RowContainer"><div class="col_3"><ul class="subMenu"><li><a href="javascript:void(0)?onlinebanking.mtb.com/Ser
                  May 28, 2024 00:39:22.091813087 CEST1236INData Raw: 0d 0a 3c 75 6c 20 63 6c 61 73 73 3d 22 73 75 62 4d 65 6e 75 22 3e 0d 0a 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 6a 61 76 61 73 63 72 69 70 74 3a 76 6f 69 64 28 30 29 3f 6f 6e 6c 69 6e 65 62 61 6e 6b 69 6e 67 2e 6d 74 62 2e 63 6f 6d 2f 43 75 73 74
                  Data Ascii: <ul class="subMenu"><li><a href="javascript:void(0)?onlinebanking.mtb.com/CustomerService/CheckCopyRequest" tabindex="49">Request a Check Copy</a></li><li><a href="javascript:void(0)?onlinebanking.mtb.com/Accounts/ClearedChecks" tabindex
                  May 28, 2024 00:39:22.096836090 CEST1236INData Raw: 62 69 74 20 43 61 72 64 20 3c 62 72 3e 4f 76 65 72 64 72 61 66 74 20 43 68 6f 69 63 65 3c 2f 61 3e 3c 2f 6c 69 3e 0d 0a 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 6a 61 76 61 73 63 72 69 70 74 3a 76 6f 69 64 28 30 29 3f 6d 74 62 2e 63 6f 6d 2f 6f 6c
                  Data Ascii: bit Card <br>Overdraft Choice</a></li><li><a href="javascript:void(0)?mtb.com/olb-customcard" class="ext-link-4" tabindex="58">Customize Your Card</a></li></ul></div></div><div class="RowContainer"><div class="col_1"><h4>Contact


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  1192.168.2.449736163.44.198.51801892C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  May 28, 2024 00:39:22.113500118 CEST532OUTGET /tedsplay.com/onlinebankingmtb/img/1css.css HTTP/1.1
                  Host: 46814880-10-20181030130048.webstarterz.com
                  Connection: keep-alive
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  Accept: text/css,*/*;q=0.1
                  Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/securityauthentication.html?onlinebanking.mtb.com/Login/MTBSignOn?security+authentication
                  Accept-Encoding: gzip, deflate
                  Accept-Language: en-US,en;q=0.9
                  May 28, 2024 00:39:22.562494040 CEST1236INHTTP/1.1 200 OK
                  Date: Mon, 27 May 2024 22:39:22 GMT
                  Server: Apache
                  Last-Modified: Tue, 03 Mar 2020 09:55:34 GMT
                  ETag: "246db-59ff04e0d1180"
                  Accept-Ranges: bytes
                  Content-Length: 149211
                  Keep-Alive: timeout=5, max=100
                  Connection: Keep-Alive
                  Content-Type: text/css
                  Data Raw: 2f 2a 20 4d 69 6e 69 66 69 63 61 74 69 6f 6e 20 66 61 69 6c 65 64 2e 20 52 65 74 75 72 6e 69 6e 67 20 75 6e 6d 69 6e 69 66 69 65 64 20 63 6f 6e 74 65 6e 74 73 2e 0d 0a 28 38 33 39 38 29 3a 20 72 75 6e 2d 74 69 6d 65 20 65 72 72 6f 72 20 43 53 53 31 30 30 31 3a 20 55 6e 74 65 72 6d 69 6e 61 74 65 64 20 63 6f 6d 6d 65 6e 74 2e 0d 0a 20 2a 2f 0d 0a 68 74 6d 6c 0d 0a 7b 0d 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0d 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0d 0a 09 62 6f 72 64 65 72 3a 20 30 3b 0d 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 0d 0a 09 66 6f 6e 74 3a 20 69 6e 68 65 72 69 74 3b 0d 0a 09 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 62 61 73 65 6c 69 6e 65 3b 0d 0a 7d 0d 0a 0d 0a 61 2c 20 64 69 76 2c 20 73 70 61 6e 2c 20 69 6e 70 75 74 2c 20 73 65 6c 65 63 74 2c 20 62 75 74 74 6f 6e 2c 20 62 6f 64 79 20 7b 0d 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 61 72 69 61 6c 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0d 0a 7d 0d 0a 0d 0a 62 6f 64 79 0d 0a 7b 0d 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0d [TRUNCATED]
                  Data Ascii: /* Minification failed. Returning unminified contents.(8398): run-time error CSS1001: Unterminated comment. */html{margin: 0;padding: 0;border: 0;font-size: 100%;font: inherit;vertical-align: baseline;}a, div, span, input, select, button, body {font-family: arial !important;}body{margin: 0;padding: 0;border: 0;font-size: 100%;font: inherit;vertical-align: baseline;}body{line-height: 1;}div{margin: 0;padding: 0;border: 0;font-size: 100%;font: inherit;vertical-align: baseline;}span{margin: 0;padding: 0;border: 0;font-size: 100%;font: inherit;vertical-align: baseline;}applet{margin: 0;padding: 0;border: 0;font-size: 100%;font: inherit;vertical-align: baseline;}object{margin: 0;padding: 0;border: 0;font-size: 100%;font: inherit;vertical-align: baseline;}iframe{margin: 0
                  May 28, 2024 00:39:22.562514067 CEST224INData Raw: 3b 0d 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0d 0a 09 62 6f 72 64 65 72 3a 20 30 3b 0d 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 0d 0a 09 66 6f 6e 74 3a 20 69 6e 68 65 72 69 74 3b 0d 0a 09 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a
                  Data Ascii: ;padding: 0;border: 0;font-size: 100%;font: inherit;vertical-align: baseline;}h1{margin: 0;padding: 0;border: 0;font-size: 100%;font: inherit;vertical-align: baseline;}h2{m
                  May 28, 2024 00:39:22.562522888 CEST1236INData Raw: 61 72 67 69 6e 3a 20 30 3b 0d 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0d 0a 09 62 6f 72 64 65 72 3a 20 30 3b 0d 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 0d 0a 09 66 6f 6e 74 3a 20 69 6e 68 65 72 69 74 3b 0d 0a 09 76 65 72 74 69 63 61
                  Data Ascii: argin: 0;padding: 0;border: 0;font-size: 100%;font: inherit;vertical-align: baseline;}h3{margin: 0;padding: 0;border: 0;font-size: 100%;font: inherit;vertical-align: baseline;}h4{margin: 0;
                  May 28, 2024 00:39:22.562566042 CEST1236INData Raw: 62 6f 72 64 65 72 3a 20 30 3b 0d 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 0d 0a 09 66 6f 6e 74 3a 20 69 6e 68 65 72 69 74 3b 0d 0a 09 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 62 61 73 65 6c 69 6e 65 3b 0d 0a 7d 0d 0a 0d 0a 61
                  Data Ascii: border: 0;font-size: 100%;font: inherit;vertical-align: baseline;}address{margin: 0;padding: 0;border: 0;font-size: 100%;font: inherit;vertical-align: baseline;}big{margin: 0;padding: 0;borde
                  May 28, 2024 00:39:22.562573910 CEST1236INData Raw: 67 6e 3a 20 62 61 73 65 6c 69 6e 65 3b 0d 0a 7d 0d 0a 0d 0a 71 0d 0a 7b 0d 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0d 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0d 0a 09 62 6f 72 64 65 72 3a 20 30 3b 0d 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25
                  Data Ascii: gn: baseline;}q{margin: 0;padding: 0;border: 0;font-size: 100%;font: inherit;vertical-align: baseline;}q{quotes: none;}s{margin: 0;padding: 0;border: 0;font-size: 100%;font: inherit;
                  May 28, 2024 00:39:22.562666893 CEST1236INData Raw: 30 3b 0d 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0d 0a 09 62 6f 72 64 65 72 3a 20 30 3b 0d 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 0d 0a 09 66 6f 6e 74 3a 20 69 6e 68 65 72 69 74 3b 0d 0a 09 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e
                  Data Ascii: 0;padding: 0;border: 0;font-size: 100%;font: inherit;vertical-align: baseline;}u{margin: 0;padding: 0;border: 0;font-size: 100%;font: inherit;vertical-align: baseline;}i{margin: 0;padding:
                  May 28, 2024 00:39:22.562675953 CEST1236INData Raw: 09 70 61 64 64 69 6e 67 3a 20 30 3b 0d 0a 09 62 6f 72 64 65 72 3a 20 30 3b 0d 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 0d 0a 09 66 6f 6e 74 3a 20 69 6e 68 65 72 69 74 3b 0d 0a 09 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 62 61
                  Data Ascii: padding: 0;border: 0;font-size: 100%;font: inherit;vertical-align: baseline;}form{margin: 0;padding: 0;border: 0;font-size: 100%;font: inherit;vertical-align: baseline;}label{margin: 0;paddi
                  May 28, 2024 00:39:22.562691927 CEST552INData Raw: 0d 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0d 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0d 0a 09 62 6f 72 64 65 72 3a 20 30 3b 0d 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 0d 0a 09 66 6f 6e 74 3a 20 69 6e 68 65 72 69 74 3b 0d 0a 09 76 65 72
                  Data Ascii: margin: 0;padding: 0;border: 0;font-size: 100%;font: inherit;vertical-align: baseline;}td{margin: 0;padding: 0;border: 0;font-size: 100%;font: inherit;vertical-align: baseline;}article{mar
                  May 28, 2024 00:39:22.562700987 CEST1236INData Raw: 6e 3a 20 30 3b 0d 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0d 0a 09 62 6f 72 64 65 72 3a 20 30 3b 0d 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 0d 0a 09 66 6f 6e 74 3a 20 69 6e 68 65 72 69 74 3b 0d 0a 09 76 65 72 74 69 63 61 6c 2d 61 6c
                  Data Ascii: n: 0;padding: 0;border: 0;font-size: 100%;font: inherit;vertical-align: baseline;}details{margin: 0;padding: 0;border: 0;font-size: 100%;font: inherit;vertical-align: baseline;}details{displa
                  May 28, 2024 00:39:22.562710047 CEST1236INData Raw: 69 74 3b 0d 0a 09 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 62 61 73 65 6c 69 6e 65 3b 0d 0a 7d 0d 0a 0d 0a 6d 65 6e 75 0d 0a 7b 0d 0a 09 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0d 0a 7d 0d 0a 0d 0a 6e 61 76 0d 0a 7b 0d 0a 09 6d 61 72
                  Data Ascii: it;vertical-align: baseline;}menu{display: block;}nav{margin: 0;padding: 0;border: 0;font-size: 100%;font: inherit;vertical-align: baseline;}nav{display: block;}output{margin: 0;
                  May 28, 2024 00:39:22.567766905 CEST1236INData Raw: 68 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0d 0a 7d 0d 0a 0d 0a 69 6e 70 75 74 5b 74 79 70 65 3d 22 70 61 73 73 77 6f 72 64 22 5d 0d 0a 7b 0d 0a 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0d 0a 7d 0d 0a 0d 0a 62 6c 6f 63 6b
                  Data Ascii: height: normal;}input[type="password"]{line-height: normal;}blockquote:before{content:' ';content: none;}blockquote:after{content:' ';content: none;}q:before{content:' ';content: none;}
                  May 28, 2024 00:39:25.441696882 CEST581OUTGET /tedsplay.com/onlinebankingmtb/img/favicon.ico HTTP/1.1
                  Host: 46814880-10-20181030130048.webstarterz.com
                  Connection: keep-alive
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                  Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/securityauthentication.html?onlinebanking.mtb.com/Login/MTBSignOn?security+authentication
                  Accept-Encoding: gzip, deflate
                  Accept-Language: en-US,en;q=0.9


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  2192.168.2.449739163.44.198.51801892C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  May 28, 2024 00:39:22.121428967 CEST534OUTGET /tedsplay.com/onlinebankingmtb/img/Retail.css HTTP/1.1
                  Host: 46814880-10-20181030130048.webstarterz.com
                  Connection: keep-alive
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  Accept: text/css,*/*;q=0.1
                  Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/securityauthentication.html?onlinebanking.mtb.com/Login/MTBSignOn?security+authentication
                  Accept-Encoding: gzip, deflate
                  Accept-Language: en-US,en;q=0.9
                  May 28, 2024 00:39:23.255336046 CEST1236INHTTP/1.1 200 OK
                  Date: Mon, 27 May 2024 22:39:23 GMT
                  Server: Apache
                  Last-Modified: Tue, 03 Mar 2020 09:41:14 GMT
                  ETag: "8090-59ff01aca8280"
                  Accept-Ranges: bytes
                  Content-Length: 32912
                  Keep-Alive: timeout=5, max=100
                  Connection: Keep-Alive
                  Content-Type: text/css
                  Data Raw: 2e 68 65 6c 70 2d 73 6d 61 6c 6c 2d 73 68 61 64 6f 77 0d 0a 7b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 20 2d 38 30 70 78 20 30 70 78 3b 0d 0a 7d 0d 0a 0d 0a 2e 6a 73 70 44 72 61 67 0d 0a 7b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 35 30 39 36 30 30 3b 0d 0a 7d 0d 0a 0d 0a 2e 6a 73 70 44 72 61 67 3a 68 6f 76 65 72 0d 0a 7b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 33 61 38 35 30 30 3b 0d 0a 7d 0d 0a 0d 0a 68 32 2c 20 2e 74 65 78 74 2d 73 75 63 63 65 73 73 2c 20 2e 6d 6f 64 75 6c 65 2d 74 69 74 6c 65 31 2c 20 2e 74 69 74 6c 65 2c 20 2e 73 74 65 70 2d 63 6f 6c 6f 72 2c 20 2e 70 61 67 65 2d 68 65 6c 70 2c 20 2e 66 6f 6e 74 2d 73 75 63 63 65 73 73 0d 0a 7b 0d 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 35 65 39 63 30 32 3b 0d 0a 7d 0d 0a 2e 65 72 72 6f 72 2d 6c 61 72 67 65 20 2b 20 2e 65 76 65 6e 74 2d 6c 65 76 65 6c 2d 6d 65 73 73 61 67 65 0d 0a 7b 0d 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 63 33 30 30 30 3b 0d 0a 7d 0d 0a 0d 0a 2e 73 75 [TRUNCATED]
                  Data Ascii: .help-small-shadow{ background-position: -80px 0px;}.jspDrag{ background: #509600;}.jspDrag:hover{ background: #3a8500;}h2, .text-success, .module-title1, .title, .step-color, .page-help, .font-success{ color: #5e9c02;}.error-large + .event-level-message{ color: #cc3000;}.success-large + .event-level-message{ color: #5e9c02;}.gradient-success{ background: -webkit-linear-gradient(top, #ffffff, #d5ebab); background: -moz-linear-gradient(top,#ffffff, #d5ebab); background: -ms-linear-gradient(top, #ffffff, #d5ebab); background: -o-linear-gradient(top,#ffffff, #d5ebab); -pie-background: linear-gradient(#ffffff 10%, #d5ebab 90%); border: 1px solid #afd466; color: #5e9c02;}fieldset > legend > div{ color: #5e9c02;}.upper-intro-area > .current-product-date{ width: 300px;}.current-product-date{ visibility: hidden;
                  May 28, 2024 00:39:23.255351067 CEST224INData Raw: 0d 0a 7d 0d 0a 0d 0a 2e 6d 6f 64 75 6c 65 2d 67 72 61 64 69 65 6e 74 20 6c 69 3a 68 6f 76 65 72 0d 0a 7b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 65 32 66 33 62 64 3b 0d 0a 7d 0d 0a 0d 0a 23 74 62 6c 49 6e 62 6f
                  Data Ascii: }.module-gradient li:hover{ background-color: #e2f3bd;}#tblInbox tr.odd:hover{ background: #e2f3bd;}#tblInbox tr:hover{ background: #e2f3bd;}#tblOutbox tr.odd:hover{ backgr
                  May 28, 2024 00:39:23.255620956 CEST1236INData Raw: 6f 75 6e 64 3a 20 23 65 32 66 33 62 64 3b 0d 0a 7d 0d 0a 0d 0a 23 74 62 6c 4f 75 74 62 6f 78 20 74 72 3a 68 6f 76 65 72 0d 0a 7b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 32 66 33 62 64 3b 0d 0a 7d 0d 0a 0d 0a 2e 73 6f 66 74 2d
                  Data Ascii: ound: #e2f3bd;}#tblOutbox tr:hover{ background: #e2f3bd;}.soft-light-gradient{ background: -webkit-linear-gradient(top, #ffffff, #d5ebab); background: -moz-linear-gradient(top,#ffffff, #d5ebab); background:
                  May 28, 2024 00:39:23.255697012 CEST1236INData Raw: 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 20 23 66 66 66 66 66 66 2c 20 23 64 35 65 62 61 62 29 3b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 2d 6d 6f 7a 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 23 66 66
                  Data Ascii: ear-gradient(top, #ffffff, #d5ebab); background: -moz-linear-gradient(top,#ffffff, #d5ebab); background: -ms-linear-gradient(top, #ffffff, #d5ebab); background: -o-linear-gradient(top,#ffffff, #d5ebab); -pie-background: lin
                  May 28, 2024 00:39:23.255702972 CEST1236INData Raw: 28 74 6f 70 2c 20 23 64 35 65 62 61 62 2c 20 23 66 66 66 66 66 66 29 3b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 2d 6f 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 23 64 35 65 62 61 62 2c 20 23 66 66 66 66 66 66 29
                  Data Ascii: (top, #d5ebab, #ffffff); background: -o-linear-gradient(top,#d5ebab, #ffffff); -pie-background: linear-gradient(#d5ebab, #ffffff);}.service-tile{ background: #d5ebab; background: -webkit-linear-gradient(top, #d5ebab
                  May 28, 2024 00:39:23.255713940 CEST1236INData Raw: 62 64 29 3b 0d 0a 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 61 66 64 34 36 36 3b 0d 0a 7d 0d 0a 0d 0a 2e 73 6f 66 74 2d 6d 65 64 69 75 6d 2d 67 72 61 64 69 65 6e 74 0d 0a 7b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e
                  Data Ascii: bd); border: 1px solid #afd466;}.soft-medium-gradient{ background: #cae399; background: -webkit-linear-gradient(top, #f0f7dc, #cae399); background: -moz-linear-gradient(top,#f0f7dc, #cae399); background: -ms-li
                  May 28, 2024 00:39:23.255718946 CEST1236INData Raw: 29 3b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 2d 6d 6f 7a 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 20 23 46 33 46 39 45 38 2c 20 23 44 39 45 42 42 39 29 3b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20
                  Data Ascii: ); background: -moz-linear-gradient(top, #F3F9E8, #D9EBB9); background: -ms-linear-gradient(top, #F3F9E8, #D9EBB9); background: -o-linear-gradient(top, #F3F9E8, #D9EBB9); -pie-background: linear-gradient(#F3F9E8, #D9EBB9);
                  May 28, 2024 00:39:23.255755901 CEST1236INData Raw: 61 63 6b 67 72 6f 75 6e 64 3a 20 2d 6f 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 23 33 41 38 32 30 31 2c 20 23 36 39 41 45 30 38 29 3b 0d 0a 20 20 20 20 2d 70 69 65 2d 62 61 63 6b 67 72 6f 75 6e 64 3a 20 6c 69 6e 65 61 72 2d
                  Data Ascii: ackground: -o-linear-gradient(top,#3A8201, #69AE08); -pie-background: linear-gradient(#3A8201, #69AE08);}.bold-dark-gradient{ background: #004834; background: -webkit-linear-gradient(top, #007856, #004834); backgrou
                  May 28, 2024 00:39:23.255763054 CEST1236INData Raw: 72 6f 75 6e 64 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 20 23 66 30 66 37 64 63 2c 20 23 63 61 65 33 39 39 29 3b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 63 61 65 33 39 39 3b 0d 0a 20 20
                  Data Ascii: round: linear-gradient(top, #f0f7dc, #cae399); background-color: #cae399; border: 1px solid #7ab800;}.ui-tabs .ui-tabs-nav li a{ background-color: #e2f3bd;}.ui-tabs .ui-tabs-nav li a:hover{ background-color:
                  May 28, 2024 00:39:23.255780935 CEST1236INData Raw: 64 69 61 6c 6f 67 20 2e 75 69 2d 64 69 61 6c 6f 67 2d 74 69 74 6c 65 62 61 72 2d 63 6c 6f 73 65 0d 0a 7b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 20 2d 38 30 70 78 20 2d 34 30 30 70 78 3b 0d 0a 7d 0d 0a 0d 0a
                  Data Ascii: dialog .ui-dialog-titlebar-close{ background-position: -80px -400px;}.calculator-close{ background-position: -80px -400px;}#divIntroBoxLayout h2 span{ background-position: -180px -120px;}.page-help span
                  May 28, 2024 00:39:23.260334015 CEST1236INData Raw: 74 69 6f 6e 3a 20 2d 38 30 70 78 20 2d 32 34 30 70 78 3b 0d 0a 7d 0d 0a 0d 0a 2e 74 69 6c 65 2d 76 69 65 77 2d 69 63 6f 6e 0d 0a 7b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 20 2d 38 30 70 78 20 2d 32 38 30 70
                  Data Ascii: tion: -80px -240px;}.tile-view-icon{ background-position: -80px -280px;}.table-buttons{ background-position: 0px -240px;}.table-buttons:hover{ background-position: -60px -240px;}.search{ back


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  3192.168.2.449740163.44.198.51801892C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  May 28, 2024 00:39:22.121542931 CEST543OUTGET /tedsplay.com/onlinebankingmtb/img/CustomerService.css HTTP/1.1
                  Host: 46814880-10-20181030130048.webstarterz.com
                  Connection: keep-alive
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  Accept: text/css,*/*;q=0.1
                  Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/securityauthentication.html?onlinebanking.mtb.com/Login/MTBSignOn?security+authentication
                  Accept-Encoding: gzip, deflate
                  Accept-Language: en-US,en;q=0.9
                  May 28, 2024 00:39:23.326224089 CEST1236INHTTP/1.1 200 OK
                  Date: Mon, 27 May 2024 22:39:23 GMT
                  Server: Apache
                  Last-Modified: Tue, 03 Mar 2020 09:41:46 GMT
                  ETag: "be30-59ff01cb2ca80"
                  Accept-Ranges: bytes
                  Content-Length: 48688
                  Keep-Alive: timeout=5, max=100
                  Connection: Keep-Alive
                  Content-Type: text/css
                  Data Raw: ef bb bf 70 2e 62 6f 6c 64 20 7b 0d 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0d 0a 7d 0d 0a 0d 0a 2e 69 74 61 6c 69 63 20 7b 0d 0a 20 20 20 20 66 6f 6e 74 2d 73 74 79 6c 65 3a 20 69 74 61 6c 69 63 3b 0d 0a 7d 0d 0a 0d 0a 2f 2a 20 52 65 6d 6f 76 65 64 20 66 72 6f 6d 20 6a 51 75 65 72 79 20 2a 2f 0d 0a 0d 0a 23 64 69 76 55 73 65 72 4d 6f 64 75 6c 65 73 2e 67 61 70 74 6f 70 20 7b 0d 0a 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 37 30 70 78 3b 0d 0a 7d 0d 0a 0d 0a 73 70 61 6e 2e 66 69 65 6c 64 2d 76 61 6c 69 64 61 74 69 6f 6e 2d 65 72 72 6f 72 2e 6e 6f 74 6f 70 20 7b 0d 0a 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 2d 33 70 78 3b 0d 0a 7d 0d 0a 0d 0a 74 64 20 69 6e 70 75 74 5b 74 79 70 65 3d 27 74 65 78 74 27 5d 2e 6f 75 74 6c 69 6e 65 20 7b 0d 0a 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 33 33 30 30 3b 0d 0a 7d 0d 0a 0d 0a 73 70 61 6e 2e 66 69 65 6c 64 2d 76 61 6c 69 64 61 74 69 6f 6e 2d 65 72 72 6f 72 2e 73 6e 75 67 74 6f 70 20 7b [TRUNCATED]
                  Data Ascii: p.bold { font-weight: bold;}.italic { font-style: italic;}/* Removed from jQuery */#divUserModules.gaptop { margin-top: 70px;}span.field-validation-error.notop { margin-top: -3px;}td input[type='text'].outline { border: 1px solid #cc3300;}span.field-validation-error.snugtop { margin-top: -20px;}.nobottom { padding-bottom: 0px;}.notop { padding-top: 0px;}/* End Removed from jQuery *//************** Add Account & Add Account Details & Add Account Review */form.cs-addAccount #divFindItNow { display: none;}form.cs-addAccount .colored-box { margin-bottom: 10px;}form.cs-addAccount .field-validation-error { margin-left: 53px;}form.cs-addAccount .help-small { vertical-align: bottom; margin-left: 6px; margin-right: 0;}form.cs-addAccount div.radio { float: left; position: relative;}form.cs-add
                  May 28, 2024 00:39:23.326231956 CEST1236INData Raw: 41 63 63 6f 75 6e 74 20 23 6c 62 6c 52 65 73 74 72 69 63 74 69 6f 6e 73 20 7b 0d 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 20 30 20 32 30 70 78 3b 0d 0a 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 2d 32 70 78 3b 0d 0a 7d 0d
                  Data Ascii: Account #lblRestrictions { padding: 0 10px 0 20px; margin-top: -2px;}#divError.cs-addAccount .form-level-message { float: left; margin: 0;}form.cs-addAccount #divStep1 .field-validation-error { margin-top:
                  May 28, 2024 00:39:23.326237917 CEST448INData Raw: 65 66 74 3b 0d 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0d 0a 7d 0d 0a 0d 0a 66 6f 72 6d 2e 63 73 2d 61 64 64 41 63 63 6f 75 6e 74 20 5b 69 64 5e 3d 20 75 6e 69 66 6f 72 6d 2d 44 65 74 61 69 6c 73 20 5d 5b 69 64 24 3d 53 65 6c 65 63 74 65 64
                  Data Ascii: eft; margin: 0;}form.cs-addAccount [id^= uniform-Details ][id$=SelectedDeliverySetting] { width: 236px; margin-left: 10px;}form.cs-addAccount #divAddAccountBusiness [id^= uniform-Details ][id$=SelectedAccount] {
                  May 28, 2024 00:39:23.326323986 CEST1236INData Raw: 64 69 76 53 74 65 70 33 20 6c 61 62 65 6c 2c 20 2e 63 73 2d 61 64 64 41 63 63 6f 75 6e 74 20 23 64 69 76 53 74 65 70 33 20 2e 6c 61 62 65 6c 2d 69 6e 70 75 74 20 7b 0d 0a 20 20 20 20 77 69 64 74 68 3a 20 39 31 70 78 3b 0d 0a 7d 0d 0a 0d 0a 66 6f
                  Data Ascii: divStep3 label, .cs-addAccount #divStep3 .label-input { width: 91px;}form.cs-addAccount .multi-column-field-error { margin-left: 0; padding-right: 23px;}form.cs-addAccount #divAddAccountBusiness .account-details {
                  May 28, 2024 00:39:23.326329947 CEST224INData Raw: 62 6f 74 74 6f 6d 20 7b 0d 0a 20 20 20 20 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 32 30 70 78 3b 0d 0a 7d 0d 0a 0d 0a 66 6f 72 6d 2e 63 73 2d 61 64 64 41 63 63 6f 75 6e 74 20 23 64 69 76 41 64 64 41 63 63 6f 75 6e 74 50 65 72 73 6f 6e 61
                  Data Ascii: bottom { padding-bottom: 20px;}form.cs-addAccount #divAddAccountPersonalStep4 > .field-set-bar-Info { float: left; clear: both;}#divAddAccountPersonalStep4 .field-set-bar-Info.both, #divAddAccountP
                  May 28, 2024 00:39:23.326344013 CEST1236INData Raw: 65 72 73 6f 6e 61 6c 20 2e 66 69 65 6c 64 2d 73 65 74 2d 62 61 72 2d 49 6e 66 6f 2e 62 6f 74 68 20 7b 0d 0a 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 30 3b 0d 0a 7d 0d 0a 0d 0a 23 64 69 76 41 64 64 41 63 63 6f 75 6e 74 50 65 72 73 6f 6e 61
                  Data Ascii: ersonal .field-set-bar-Info.both { margin-top: 0;}#divAddAccountPersonalStep4 .field-set-bar-Info.both, #divAddAccountPersonal .field-set-bar-Info.both { border-top: 1px dotted #cfcfcf;}form.cs-addAccount #divStep3.bizonl
                  May 28, 2024 00:39:23.326349974 CEST1236INData Raw: 63 74 44 69 73 70 6c 61 79 20 69 6e 70 75 74 5b 74 79 70 65 3d 22 74 65 78 74 22 5d 20 7b 0d 0a 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 30 3b 0d 0a 20 20 20 20 77 69 64 74 68 3a 20 32 35 30 70 78 3b 0d 0a 7d 0d 0a 0d 0a 66 6f 72
                  Data Ascii: ctDisplay input[type="text"] { margin-bottom: 0; width: 250px;}form#formAccountDisplay input[type="text"] { margin-bottom: 0; width: 102px;}#formAccountDisplay div.checker { position: relative;}#formA
                  May 28, 2024 00:39:23.326356888 CEST1236INData Raw: 69 73 70 6c 61 79 20 74 68 2e 74 62 6c 2d 6e 69 63 6b 6e 61 6d 65 20 7b 0d 0a 20 20 20 20 77 69 64 74 68 3a 20 35 30 25 3b 0d 0a 7d 0d 0a 0d 0a 23 66 6f 72 6d 41 63 63 6f 75 6e 74 44 69 73 70 6c 61 79 20 74 61 62 6c 65 2e 64 61 74 61 54 61 62 6c
                  Data Ascii: isplay th.tbl-nickname { width: 50%;}#formAccountDisplay table.dataTable th.tbl-viewname { width: 20%;}#formAccountDisplay input.tbl-input { width: 128px;} #formAccountDisplay input.tbl-input.narrow {
                  May 28, 2024 00:39:23.326421976 CEST1236INData Raw: 3a 20 6c 65 66 74 3b 0d 0a 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 31 30 70 78 3b 0d 0a 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 34 70 78 3b 0d 0a 7d 0d 0a 0d 0a 66 6f 72 6d 2e 63 73 2d 61 64 64 2d 75 73 65 72 20 23 64 69
                  Data Ascii: : left; margin-top: 10px; margin-bottom: 4px;}form.cs-add-user #divStep1 .field-validation-error { margin-top: -14px;}form.cs-add-user #divStep2 .field-validation-error { padding-left: 179px;}form.cs-add-u
                  May 28, 2024 00:39:23.326428890 CEST1236INData Raw: 63 73 2d 61 64 64 2d 75 73 65 72 20 64 69 76 2e 73 65 6c 65 63 74 6f 72 20 7b 0d 0a 20 20 20 20 66 6c 6f 61 74 3a 20 6e 6f 6e 65 3b 0d 0a 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 30 3b 0d 0a 7d 0d 0a 0d 0a 66 6f 72 6d 2e 63 73 2d
                  Data Ascii: cs-add-user div.selector { float: none; margin-bottom: 0;}form.cs-add-user [id^=divViewStatements] ul { float: left; margin-top: 5px; margin-bottom: 2px;} form.cs-add-user [id^=divViewStatements] ul li {
                  May 28, 2024 00:39:23.331304073 CEST1236INData Raw: 2d 65 64 69 74 2d 75 73 65 72 20 23 64 69 76 41 63 63 6f 6e 74 50 72 69 76 69 6c 65 67 65 73 20 6c 69 20 7b 0d 0a 20 20 20 20 77 69 64 74 68 3a 20 35 32 30 70 78 3b 0d 0a 20 20 20 20 63 6c 65 61 72 3a 20 6c 65 66 74 3b 0d 0a 7d 0d 0a 0d 0a 66 6f
                  Data Ascii: -edit-user #divAccontPrivileges li { width: 520px; clear: left;}form.cs-add-user [id^=divManageTransfer] label, form.cs-add-user [id^=divManagePayments] label, form.cs-add-user [id^=divManageTransfer] .label-input, form.cs-add-
                  May 28, 2024 00:39:25.536883116 CEST581OUTGET /tedsplay.com/onlinebankingmtb/img/favicon.ico HTTP/1.1
                  Host: 46814880-10-20181030130048.webstarterz.com
                  Connection: keep-alive
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                  Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/securityauthentication.html?onlinebanking.mtb.com/Login/MTBSignOn?security+authentication
                  Accept-Encoding: gzip, deflate
                  Accept-Language: en-US,en;q=0.9


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  4192.168.2.449741163.44.198.51801892C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  May 28, 2024 00:39:22.122363091 CEST583OUTGET /tedsplay.com/onlinebankingmtb/img/img_trans.gif HTTP/1.1
                  Host: 46814880-10-20181030130048.webstarterz.com
                  Connection: keep-alive
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                  Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/securityauthentication.html?onlinebanking.mtb.com/Login/MTBSignOn?security+authentication
                  Accept-Encoding: gzip, deflate
                  Accept-Language: en-US,en;q=0.9
                  May 28, 2024 00:39:23.248363972 CEST310INHTTP/1.1 200 OK
                  Date: Mon, 27 May 2024 22:39:23 GMT
                  Server: Apache
                  Last-Modified: Tue, 03 Mar 2020 10:00:08 GMT
                  ETag: "2b-59ff05e61fa00"
                  Accept-Ranges: bytes
                  Content-Length: 43
                  Keep-Alive: timeout=5, max=100
                  Connection: Keep-Alive
                  Content-Type: image/gif
                  Data Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 ff ff ff 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b
                  Data Ascii: GIF89a!,D;


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  5192.168.2.449746163.44.198.51801892C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  May 28, 2024 00:39:23.830651999 CEST342OUTGET /tedsplay.com/onlinebankingmtb/img/img_trans.gif HTTP/1.1
                  Host: 46814880-10-20181030130048.webstarterz.com
                  Connection: keep-alive
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  Accept: */*
                  Accept-Encoding: gzip, deflate
                  Accept-Language: en-US,en;q=0.9
                  May 28, 2024 00:39:25.001466036 CEST310INHTTP/1.1 200 OK
                  Date: Mon, 27 May 2024 22:39:24 GMT
                  Server: Apache
                  Last-Modified: Tue, 03 Mar 2020 10:00:08 GMT
                  ETag: "2b-59ff05e61fa00"
                  Accept-Ranges: bytes
                  Content-Length: 43
                  Keep-Alive: timeout=5, max=100
                  Connection: Keep-Alive
                  Content-Type: image/gif
                  Data Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 ff ff ff 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b
                  Data Ascii: GIF89a!,D;


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  6192.168.2.449752163.44.198.51801892C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  May 28, 2024 00:39:25.544437885 CEST581OUTGET /tedsplay.com/onlinebankingmtb/img/favicon.ico HTTP/1.1
                  Host: 46814880-10-20181030130048.webstarterz.com
                  Connection: keep-alive
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                  Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/securityauthentication.html?onlinebanking.mtb.com/Login/MTBSignOn?security+authentication
                  Accept-Encoding: gzip, deflate
                  Accept-Language: en-US,en;q=0.9
                  May 28, 2024 00:39:29.951117992 CEST1236INHTTP/1.1 200 OK
                  Date: Mon, 27 May 2024 22:39:29 GMT
                  Server: Apache
                  Last-Modified: Tue, 03 Mar 2020 09:58:34 GMT
                  ETag: "3dce-59ff058c7a680"
                  Accept-Ranges: bytes
                  Content-Length: 15822
                  Keep-Alive: timeout=5, max=100
                  Connection: Keep-Alive
                  Content-Type: image/x-icon
                  Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 2c 00 00 01 2c 08 02 00 00 00 f6 1f 19 22 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 66 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 33 2d 63 30 31 31 20 36 36 2e 31 34 35 36 36 31 2c 20 32 30 31 32 2f 30 32 2f 30 36 2d 31 34 3a 35 36 3a 32 37 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 46 20 78 6d 6c 6e 73 3a 72 64 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 30 32 2f 32 32 2d 72 64 66 2d 73 79 6e 74 61 78 2d 6e 73 23 22 3e 20 3c 72 64 66 3a 44 65 73 [TRUNCATED]
                  Data Ascii: PNGIHDR,,"tEXtSoftwareAdobe ImageReadyqe<fiTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:4CE2F5850C98E41191D88808CA6C83CE" xmpMM:DocumentID="xmp.did:089565F0984011E4B903D8EB7B2BD9E5" xmpMM:InstanceID="xmp.iid:089565EF984011E4B903D8EB7B2BD9E5" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:4CE2F5850C98E41191D88808CA6C83CE" stRef:documentID="xmp.did:4CE2F5850C98E41191D88808CA6C83CE"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>39IDATx
                  May 28, 2024 00:39:29.951132059 CEST1236INData Raw: da ec 5d 07 7c 95 d5 d9 3f 27 3b 24 84 84 bd 67 20 80 04 48 c2 de 4b 50 50 86 0a 45 51 44 66 fd ac 5a 5b ad b6 b5 d5 4a 6b ad ab 8e 8a 20 a8 0c 15 15 aa a8 48 9d ec a1 cc 30 84 84 3d c3 08 10 02 21 83 8c f3 bd 77 be 67 3c e7 e6 8e f7 86 eb cf e7
                  Data Ascii: ]|?';$g HKPPEQDfZ[Jk H0=!wg<+}9#!@"HB$D I@ @"$!$D HBI@ @ $!@"HB$D I@ @"$!$D HBI@ @ $!@"
                  May 28, 2024 00:39:29.951142073 CEST1236INData Raw: f5 1a 8f 4e 49 53 6f 20 bf a4 f8 72 71 d1 a9 82 4b fb ce 9f 3e 9e 7f 51 50 97 a4 8f f2 e0 52 e2 18 14 f1 74 ff 5b bd b1 91 3e cb ca 74 ca 6e f5 53 28 f5 b0 16 4d ab d7 7e 71 b3 b6 ac 0a 65 12 9e 29 b8 bc cc b1 dd 10 ce 47 27 cf af a2 5d 38 7d 03
                  Data Ascii: NISo rqK>QPRt[>tnS(M~qe)G']8}H}HZ^Y|wx;7{%N4KmQd(llozsrMEFUhm$T9JW^JqY>Ti Ctu.Py-&\_
                  May 28, 2024 00:39:29.951242924 CEST1236INData Raw: 6d d3 de 1a 71 4f 98 14 f0 21 90 59 58 49 5f 1e d8 75 db c7 b3 fc 0f c0 e0 19 e2 fa ba 6a 91 51 4b c6 ce 30 8c 2b 6b 1c 3f d2 29 1a 83 62 c7 f8 c8 32 21 8a 33 d0 ef 6f 5b bb fe 9c 5b ee 01 8e 07 c5 1f c3 7c 1f 32 ee a8 47 35 67 3d 44 9f 8a c1 0d
                  Data Ascii: mqO!YXI_ujQK0+k?)b2!3o[[|2G5g=D27l;uAjt:\--+[Oz{y<cO)!kgRez@2]|%(3`v_*;/_]qo5`QO+Y&|2os
                  May 28, 2024 00:39:29.951261997 CEST1236INData Raw: 98 b8 82 e7 6c 5f 5b f5 0c 2c ab a8 78 7b c7 3a 35 b8 79 6a 5a 1f 60 02 bc 72 9c 06 f1 80 7e e9 de ed dc 26 ea 21 ff c0 f4 79 54 8f 8a 09 f0 4b eb 18 36 bf 87 cd 94 01 3e 8f cc b3 27 bc 5a 48 e2 7e 11 11 1e 6e 58 b0 41 f0 c7 30 38 d4 59 d9 02 aa
                  Data Ascii: l_[,x{:5yjZ`r~&!yTK6>'ZH~nXA08Y}g]>yWS:qgj'{*&;O:U{g;1ilg /X[0,!pJw\<[")5HQHu$GpN:m=U[~_1v:,w
                  May 28, 2024 00:39:29.951277971 CEST1236INData Raw: 48 42 06 e6 67 43 89 14 d7 a9 86 ba ef 36 21 d5 5e e5 ed ed d2 93 62 e2 84 86 6a 8c c8 e2 5e 70 4f 2b 19 f7 94 2e f9 69 6b e0 07 5c 3a 7c 9e bd f3 6c e1 15 f3 4e ec 4b b6 5d ed 06 7d dd 41 7d e0 9a 86 cf 5d f4 25 0f ad 46 ed 6a f1 da dc 68 5d f3
                  Data Ascii: HBgC6!^bj^pO+.ik\:|lNK]}A}]%Fjh]`-_$Bc"`tI3;RIQPq;jCPTlA[g*?bBPWNiDIf-8mMev#6wm'X5=?[b
                  May 28, 2024 00:39:29.951287031 CEST1236INData Raw: 25 b3 7e 3c 75 c4 b1 3d fd 79 e5 a7 7d e7 3f 6f ef 71 2f d6 80 20 4a 8b 0b fb c7 c6 86 47 be 78 e3 d8 95 f7 fc 9e ef 70 18 d2 2c 54 43 ea 05 05 5b c9 6e 25 9a e8 a8 10 72 cc 78 1d 9f 55 2d 32 ea 1e fe 10 dc c3 fb 85 10 61 7e bc a8 99 7d 1b 00 de
                  Data Ascii: %~<u=y}?oq/ JGxp,TC[n%rxU-2a~}>^5|h@m fida]*V2o>1;t3qcT#$$%!y1 &u;.L}Wm0cF4RD9`T3:#Pyeawk
                  May 28, 2024 00:39:29.951302052 CEST1236INData Raw: aa 93 a3 b6 b4 71 79 45 85 c7 2f 5f 84 bf 54 f5 d9 aa cf 45 07 89 31 71 4d 6b d4 8c 08 0b 8b 0a 0f f7 71 47 d0 cc 20 68 f0 bb c5 2f a9 6a 49 e8 63 22 a6 5f f5 89 e3 22 a3 27 74 e8 36 db e6 26 e1 4c 6f 21 27 83 02 27 5a e2 18 19 3b d5 bc 1d eb 9f
                  Data Ascii: qyE/_TE1qMkqG h/jIc"_"'t6&Lo!''Z;4[]<v~OS`Roy4w37\-cU}d(g\_V^Ld0Kk_,ognkHI)2~ggOHm*$jTmkMa!kzV)[Z
                  May 28, 2024 00:39:29.951308966 CEST1236INData Raw: 05 cf 01 b0 f6 8c b1 3e de db f5 83 3a 0d 53 fd ee 52 c2 c4 d2 77 40 74 05 34 4a 40 6d 55 6f b1 fb dc a9 7e f3 9f 3f 9a 7f 11 d8 08 c0 4a d8 94 a6 d4 6e f0 c6 cd 77 a9 1f 15 4e c3 16 8e 99 7c 57 6a 77 78 e3 67 50 c5 44 b0 10 09 77 6b ab 8e 66 0f
                  Data Ascii: >:SRw@t4J@mUo~?JnwN|WjwxgPDwkfZR~IQ cC^h`6>zo]O|sN"B5[A{\1i:0V5CX]j,8x/(U\>!&no3I0Q(st{mVrrkf)/
                  May 28, 2024 00:39:29.951319933 CEST1236INData Raw: f7 6c d6 5a 26 92 79 2c d2 3e 2a 3c a2 4e b5 ea 7e df 9c c1 c3 97 87 8e 73 de 27 d3 54 9d d1 dd a9 aa a1 50 7a be b0 a0 ff 82 17 1c 2d 2e 3c e0 ed cc f5 ea 29 d7 98 76 e9 c1 21 9e 10 79 e7 ba 59 ce 58 90 77 1f d5 1b 1f 82 de 51 ab 8f 32 a7 a7 f5
                  Data Ascii: lZ&y,>*<N~s'TPz-.<)v!yYXwQ25KnST5L^vHXC$=\:q!U^*eI#0X&::wj={c6^875(K[mgLJ>$(pO6g@pQ0b$t&X
                  May 28, 2024 00:39:29.964054108 CEST1236INData Raw: dc 44 a5 26 75 d4 93 89 a5 1c f1 df d5 a1 9b 95 45 4a 78 0b 9e d7 81 e1 e8 2d e2 a5 47 d4 8d ea 51 31 d1 92 30 04 2a c1 68 a2 85 ec 85 cc bf 53 ce e2 ac e4 61 8b b6 2b ee 7a 28 21 26 d6 ab fb 52 33 9e d4 5f b9 f0 c2 8d 77 04 fd 58 42 a2 11 83 58
                  Data Ascii: D&uEJx-GQ10*hSa+z(!&R3_wXBXGa[n{h[E7OKkF|N_AB"lV=_?wo0Y7PA=pj%O;]E+Z=~!fl!Q%cW7I)dPAi'R,mj;1n
                  May 28, 2024 00:39:30.512120008 CEST480OUTGET /Fonts/CORISANDEBold.ttf HTTP/1.1
                  Host: 46814880-10-20181030130048.webstarterz.com
                  Connection: keep-alive
                  Origin: http://46814880-10-20181030130048.webstarterz.com
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  Accept: */*
                  Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/1css.css
                  Accept-Encoding: gzip, deflate
                  Accept-Language: en-US,en;q=0.9
                  May 28, 2024 00:39:30.862370014 CEST540INHTTP/1.1 404 Not Found
                  Date: Mon, 27 May 2024 22:39:30 GMT
                  Server: Apache
                  Content-Length: 340
                  Keep-Alive: timeout=5, max=99
                  Connection: Keep-Alive
                  Content-Type: text/html; charset=iso-8859-1
                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 46 6f 6e 74 73 2f 43 4f 52 49 53 41 4e 44 45 42 6f 6c 64 2e 74 74 66 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c [TRUNCATED]
                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /Fonts/CORISANDEBold.ttf was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  7192.168.2.449753163.44.198.51801892C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  May 28, 2024 00:39:26.245820045 CEST482OUTGET /Fonts/CORISANDELight.woff HTTP/1.1
                  Host: 46814880-10-20181030130048.webstarterz.com
                  Connection: keep-alive
                  Origin: http://46814880-10-20181030130048.webstarterz.com
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  Accept: */*
                  Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/1css.css
                  Accept-Encoding: gzip, deflate
                  Accept-Language: en-US,en;q=0.9
                  May 28, 2024 00:39:29.970777988 CEST543INHTTP/1.1 404 Not Found
                  Date: Mon, 27 May 2024 22:39:29 GMT
                  Server: Apache
                  Content-Length: 342
                  Keep-Alive: timeout=5, max=100
                  Connection: Keep-Alive
                  Content-Type: text/html; charset=iso-8859-1
                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 46 6f 6e 74 73 2f 43 4f 52 49 53 41 4e 44 45 4c 69 67 68 74 2e 77 6f 66 66 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 [TRUNCATED]
                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /Fonts/CORISANDELight.woff was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                  May 28, 2024 00:39:30.081362009 CEST480OUTGET /Fonts/CORISANDEBold.ttf HTTP/1.1
                  Host: 46814880-10-20181030130048.webstarterz.com
                  Connection: keep-alive
                  Origin: http://46814880-10-20181030130048.webstarterz.com
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  Accept: */*
                  Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/1css.css
                  Accept-Encoding: gzip, deflate
                  Accept-Language: en-US,en;q=0.9


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  8192.168.2.449754163.44.198.51801892C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  May 28, 2024 00:39:26.245872021 CEST481OUTGET /Fonts/CORISANDEBold.woff HTTP/1.1
                  Host: 46814880-10-20181030130048.webstarterz.com
                  Connection: keep-alive
                  Origin: http://46814880-10-20181030130048.webstarterz.com
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  Accept: */*
                  Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/1css.css
                  Accept-Encoding: gzip, deflate
                  Accept-Language: en-US,en;q=0.9
                  May 28, 2024 00:39:29.939938068 CEST542INHTTP/1.1 404 Not Found
                  Date: Mon, 27 May 2024 22:39:29 GMT
                  Server: Apache
                  Content-Length: 341
                  Keep-Alive: timeout=5, max=100
                  Connection: Keep-Alive
                  Content-Type: text/html; charset=iso-8859-1
                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 46 6f 6e 74 73 2f 43 4f 52 49 53 41 4e 44 45 42 6f 6c 64 2e 77 6f 66 66 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /Fonts/CORISANDEBold.woff was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                  May 28, 2024 00:39:30.081285000 CEST481OUTGET /Fonts/CORISANDELight.ttf HTTP/1.1
                  Host: 46814880-10-20181030130048.webstarterz.com
                  Connection: keep-alive
                  Origin: http://46814880-10-20181030130048.webstarterz.com
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  Accept: */*
                  Referer: http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/img/1css.css
                  Accept-Encoding: gzip, deflate
                  Accept-Language: en-US,en;q=0.9
                  May 28, 2024 00:39:30.580048084 CEST541INHTTP/1.1 404 Not Found
                  Date: Mon, 27 May 2024 22:39:30 GMT
                  Server: Apache
                  Content-Length: 341
                  Keep-Alive: timeout=5, max=99
                  Connection: Keep-Alive
                  Content-Type: text/html; charset=iso-8859-1
                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 46 6f 6e 74 73 2f 43 4f 52 49 53 41 4e 44 45 4c 69 67 68 74 2e 74 74 66 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /Fonts/CORISANDELight.ttf was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  9192.168.2.449758163.44.198.51801892C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  May 28, 2024 00:39:30.219367981 CEST340OUTGET /tedsplay.com/onlinebankingmtb/img/favicon.ico HTTP/1.1
                  Host: 46814880-10-20181030130048.webstarterz.com
                  Connection: keep-alive
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  Accept: */*
                  Accept-Encoding: gzip, deflate
                  Accept-Language: en-US,en;q=0.9
                  May 28, 2024 00:39:31.198236942 CEST1236INHTTP/1.1 200 OK
                  Date: Mon, 27 May 2024 22:39:31 GMT
                  Server: Apache
                  Last-Modified: Tue, 03 Mar 2020 09:58:34 GMT
                  ETag: "3dce-59ff058c7a680"
                  Accept-Ranges: bytes
                  Content-Length: 15822
                  Keep-Alive: timeout=5, max=100
                  Connection: Keep-Alive
                  Content-Type: image/x-icon
                  Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 2c 00 00 01 2c 08 02 00 00 00 f6 1f 19 22 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 66 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 33 2d 63 30 31 31 20 36 36 2e 31 34 35 36 36 31 2c 20 32 30 31 32 2f 30 32 2f 30 36 2d 31 34 3a 35 36 3a 32 37 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 46 20 78 6d 6c 6e 73 3a 72 64 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 30 32 2f 32 32 2d 72 64 66 2d 73 79 6e 74 61 78 2d 6e 73 23 22 3e 20 3c 72 64 66 3a 44 65 73 [TRUNCATED]
                  Data Ascii: PNGIHDR,,"tEXtSoftwareAdobe ImageReadyqe<fiTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:4CE2F5850C98E41191D88808CA6C83CE" xmpMM:DocumentID="xmp.did:089565F0984011E4B903D8EB7B2BD9E5" xmpMM:InstanceID="xmp.iid:089565EF984011E4B903D8EB7B2BD9E5" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:4CE2F5850C98E41191D88808CA6C83CE" stRef:documentID="xmp.did:4CE2F5850C98E41191D88808CA6C83CE"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>39IDATx
                  May 28, 2024 00:39:31.198245049 CEST1236INData Raw: da ec 5d 07 7c 95 d5 d9 3f 27 3b 24 84 84 bd 67 20 80 04 48 c2 de 4b 50 50 86 0a 45 51 44 66 fd ac 5a 5b ad b6 b5 d5 4a 6b ad ab 8e 8a 20 a8 0c 15 15 aa a8 48 9d ec a1 cc 30 84 84 3d c3 08 10 02 21 83 8c f3 bd 77 be 67 3c e7 e6 8e f7 86 eb cf e7
                  Data Ascii: ]|?';$g HKPPEQDfZ[Jk H0=!wg<+}9#!@"HB$D I@ @"$!$D HBI@ @ $!@"HB$D I@ @"$!$D HBI@ @ $!@"
                  May 28, 2024 00:39:31.198255062 CEST1236INData Raw: f5 1a 8f 4e 49 53 6f 20 bf a4 f8 72 71 d1 a9 82 4b fb ce 9f 3e 9e 7f 51 50 97 a4 8f f2 e0 52 e2 18 14 f1 74 ff 5b bd b1 91 3e cb ca 74 ca 6e f5 53 28 f5 b0 16 4d ab d7 7e 71 b3 b6 ac 0a 65 12 9e 29 b8 bc cc b1 dd 10 ce 47 27 cf af a2 5d 38 7d 03
                  Data Ascii: NISo rqK>QPRt[>tnS(M~qe)G']8}H}HZ^Y|wx;7{%N4KmQd(llozsrMEFUhm$T9JW^JqY>Ti Ctu.Py-&\_
                  May 28, 2024 00:39:31.198261976 CEST1236INData Raw: 6d d3 de 1a 71 4f 98 14 f0 21 90 59 58 49 5f 1e d8 75 db c7 b3 fc 0f c0 e0 19 e2 fa ba 6a 91 51 4b c6 ce 30 8c 2b 6b 1c 3f d2 29 1a 83 62 c7 f8 c8 32 21 8a 33 d0 ef 6f 5b bb fe 9c 5b ee 01 8e 07 c5 1f c3 7c 1f 32 ee a8 47 35 67 3d 44 9f 8a c1 0d
                  Data Ascii: mqO!YXI_ujQK0+k?)b2!3o[[|2G5g=D27l;uAjt:\--+[Oz{y<cO)!kgRez@2]|%(3`v_*;/_]qo5`QO+Y&|2os
                  May 28, 2024 00:39:31.198287010 CEST1236INData Raw: 98 b8 82 e7 6c 5f 5b f5 0c 2c ab a8 78 7b c7 3a 35 b8 79 6a 5a 1f 60 02 bc 72 9c 06 f1 80 7e e9 de ed dc 26 ea 21 ff c0 f4 79 54 8f 8a 09 f0 4b eb 18 36 bf 87 cd 94 01 3e 8f cc b3 27 bc 5a 48 e2 7e 11 11 1e 6e 58 b0 41 f0 c7 30 38 d4 59 d9 02 aa
                  Data Ascii: l_[,x{:5yjZ`r~&!yTK6>'ZH~nXA08Y}g]>yWS:qgj'{*&;O:U{g;1ilg /X[0,!pJw\<[")5HQHu$GpN:m=U[~_1v:,w
                  May 28, 2024 00:39:31.198293924 CEST1236INData Raw: 48 42 06 e6 67 43 89 14 d7 a9 86 ba ef 36 21 d5 5e e5 ed ed d2 93 62 e2 84 86 6a 8c c8 e2 5e 70 4f 2b 19 f7 94 2e f9 69 6b e0 07 5c 3a 7c 9e bd f3 6c e1 15 f3 4e ec 4b b6 5d ed 06 7d dd 41 7d e0 9a 86 cf 5d f4 25 0f ad 46 ed 6a f1 da dc 68 5d f3
                  Data Ascii: HBgC6!^bj^pO+.ik\:|lNK]}A}]%Fjh]`-_$Bc"`tI3;RIQPq;jCPTlA[g*?bBPWNiDIf-8mMev#6wm'X5=?[b
                  May 28, 2024 00:39:31.198318958 CEST1236INData Raw: 25 b3 7e 3c 75 c4 b1 3d fd 79 e5 a7 7d e7 3f 6f ef 71 2f d6 80 20 4a 8b 0b fb c7 c6 86 47 be 78 e3 d8 95 f7 fc 9e ef 70 18 d2 2c 54 43 ea 05 05 5b c9 6e 25 9a e8 a8 10 72 cc 78 1d 9f 55 2d 32 ea 1e fe 10 dc c3 fb 85 10 61 7e bc a8 99 7d 1b 00 de
                  Data Ascii: %~<u=y}?oq/ JGxp,TC[n%rxU-2a~}>^5|h@m fida]*V2o>1;t3qcT#$$%!y1 &u;.L}Wm0cF4RD9`T3:#Pyeawk
                  May 28, 2024 00:39:31.198326111 CEST1236INData Raw: aa 93 a3 b6 b4 71 79 45 85 c7 2f 5f 84 bf 54 f5 d9 aa cf 45 07 89 31 71 4d 6b d4 8c 08 0b 8b 0a 0f f7 71 47 d0 cc 20 68 f0 bb c5 2f a9 6a 49 e8 63 22 a6 5f f5 89 e3 22 a3 27 74 e8 36 db e6 26 e1 4c 6f 21 27 83 02 27 5a e2 18 19 3b d5 bc 1d eb 9f
                  Data Ascii: qyE/_TE1qMkqG h/jIc"_"'t6&Lo!''Z;4[]<v~OS`Roy4w37\-cU}d(g\_V^Ld0Kk_,ognkHI)2~ggOHm*$jTmkMa!kzV)[Z
                  May 28, 2024 00:39:31.198343992 CEST1236INData Raw: 05 cf 01 b0 f6 8c b1 3e de db f5 83 3a 0d 53 fd ee 52 c2 c4 d2 77 40 74 05 34 4a 40 6d 55 6f b1 fb dc a9 7e f3 9f 3f 9a 7f 11 d8 08 c0 4a d8 94 a6 d4 6e f0 c6 cd 77 a9 1f 15 4e c3 16 8e 99 7c 57 6a 77 78 e3 67 50 c5 44 b0 10 09 77 6b ab 8e 66 0f
                  Data Ascii: >:SRw@t4J@mUo~?JnwN|WjwxgPDwkfZR~IQ cC^h`6>zo]O|sN"B5[A{\1i:0V5CX]j,8x/(U\>!&no3I0Q(st{mVrrkf)/
                  May 28, 2024 00:39:31.198357105 CEST1236INData Raw: f7 6c d6 5a 26 92 79 2c d2 3e 2a 3c a2 4e b5 ea 7e df 9c c1 c3 97 87 8e 73 de 27 d3 54 9d d1 dd a9 aa a1 50 7a be b0 a0 ff 82 17 1c 2d 2e 3c e0 ed cc f5 ea 29 d7 98 76 e9 c1 21 9e 10 79 e7 ba 59 ce 58 90 77 1f d5 1b 1f 82 de 51 ab 8f 32 a7 a7 f5
                  Data Ascii: lZ&y,>*<N~s'TPz-.<)v!yYXwQ25KnST5L^vHXC$=\:q!U^*eI#0X&::wj={c6^875(K[mgLJ>$(pO6g@pQ0b$t&X
                  May 28, 2024 00:39:31.203351974 CEST1236INData Raw: dc 44 a5 26 75 d4 93 89 a5 1c f1 df d5 a1 9b 95 45 4a 78 0b 9e d7 81 e1 e8 2d e2 a5 47 d4 8d ea 51 31 d1 92 30 04 2a c1 68 a2 85 ec 85 cc bf 53 ce e2 ac e4 61 8b b6 2b ee 7a 28 21 26 d6 ab fb 52 33 9e d4 5f b9 f0 c2 8d 77 04 fd 58 42 a2 11 83 58
                  Data Ascii: D&uEJx-GQ10*hSa+z(!&R3_wXBXGa[n{h[E7OKkF|N_AB"lV=_?wo0Y7PA=pj%O;]E+Z=~!fl!Q%cW7I)dPAi'R,mj;1n


                  HTTPS Proxied Packets

                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  0192.168.2.44974224.75.29.694431892C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  2024-05-27 22:39:22 UTC633OUTGET /Assets/images/img_trans.gif HTTP/1.1
                  Host: onlinebanking.mtb.com
                  Connection: keep-alive
                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                  sec-ch-ua-mobile: ?0
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  sec-ch-ua-platform: "Windows"
                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                  Sec-Fetch-Site: cross-site
                  Sec-Fetch-Mode: no-cors
                  Sec-Fetch-Dest: image
                  Referer: http://46814880-10-20181030130048.webstarterz.com/
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  2024-05-27 22:39:22 UTC1224INHTTP/1.1 200 OK
                  Content-Type: image/gif
                  Last-Modified: Wed, 17 Apr 2024 04:45:12 GMT
                  Accept-Ranges: bytes
                  ETag: "0fc4888290da1:0"
                  X-SRV: B-OLB-220
                  P3P: CP='CAO DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT'
                  X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
                  Access-Control-Allow-Origin: https://digitalbanking.mtb.com
                  Access-Control-Allow-Credentials: true
                  Access-Control-Allow-Headers: Content-Type
                  Access-Control-Allow-Methods: POST,GET,OPTIONS
                  Server-Timing: dtSInfo;desc="0", dtRpid;desc="-1824425139"
                  Set-Cookie: dtCookie=v_4_srv_6_sn_FBE8471112EA398128D5D0F58D6FAC3A_perc_100000_ol_0_mul_1_app-3Aa521059fe666ac1f_0_rcs-3Acss_0; Path=/; Domain=.mtb.com
                  Date: Mon, 27 May 2024 22:39:22 GMT
                  Content-Length: 43
                  Set-Cookie: mtbcookie=ffffffffc3a03ffb45525d5f4f58455e445a4a42378b;path=/;secure;httponly
                  Set-Cookie: TS01e71088=01fb46a9267d182e685cde0b3fa5124c055215d8bbe21b43087f7a4ee115742cd4597af390188e56f546ce5b2073aba279b8f49660; Path=/; Domain=.onlinebanking.mtb.com
                  Set-Cookie: TSba0bc889027=0856addebbab20008bf59333456c2034618840786ae558d2da971afb90fe14e9df4ba7e5a5197c6308c09e965a113000661992507ff81816bc4de674986301643f80745b91041948aa02c114d137933a22021ce9cb3a6fc3d6143590992cfbaf; Path=/
                  2024-05-27 22:39:22 UTC43INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 ff ff ff 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b
                  Data Ascii: GIF89a!,D;


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  1192.168.2.44974524.75.29.694431892C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  2024-05-27 22:39:23 UTC372OUTGET /Assets/images/img_trans.gif HTTP/1.1
                  Host: onlinebanking.mtb.com
                  Connection: keep-alive
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  Accept: */*
                  Sec-Fetch-Site: none
                  Sec-Fetch-Mode: cors
                  Sec-Fetch-Dest: empty
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  2024-05-27 22:39:23 UTC1224INHTTP/1.1 200 OK
                  Content-Type: image/gif
                  Last-Modified: Wed, 17 Apr 2024 04:45:12 GMT
                  Accept-Ranges: bytes
                  ETag: "0fc4888290da1:0"
                  X-SRV: B-OLB-220
                  P3P: CP='CAO DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT'
                  X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
                  Access-Control-Allow-Origin: https://digitalbanking.mtb.com
                  Access-Control-Allow-Credentials: true
                  Access-Control-Allow-Headers: Content-Type
                  Access-Control-Allow-Methods: POST,GET,OPTIONS
                  Server-Timing: dtSInfo;desc="0", dtRpid;desc="-1073260253"
                  Set-Cookie: dtCookie=v_4_srv_3_sn_043C9955C63920A57AD746B4D6F3BAB5_perc_100000_ol_0_mul_1_app-3Aa521059fe666ac1f_0_rcs-3Acss_0; Path=/; Domain=.mtb.com
                  Date: Mon, 27 May 2024 22:39:23 GMT
                  Content-Length: 43
                  Set-Cookie: mtbcookie=ffffffffc3a03ffb45525d5f4f58455e445a4a42378b;path=/;secure;httponly
                  Set-Cookie: TS01e71088=01fb46a926dcc6fa7e7fc1e7445c8e26232684012ca7c8ba2dd086534dd90b52fdd481b9b6aa531d6e0889679d02e16907c6d16880; Path=/; Domain=.onlinebanking.mtb.com
                  Set-Cookie: TSba0bc889027=0856addebbab2000630773e3a90b6140cf76573c5128c7dbaeee1fe7f13d9e0db9f960b0ef0f53c308c4d9f79911300085a82805486b7f69f255ba7c6802c92ebc3578f54b12b529c5e99e2e93bc6329fe571add0b7c473fb23a964fbe18bddf; Path=/
                  2024-05-27 22:39:23 UTC43INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 ff ff ff 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b
                  Data Ascii: GIF89a!,D;


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  2192.168.2.449747184.28.90.27443
                  TimestampBytes transferredDirectionData
                  2024-05-27 22:39:24 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                  Connection: Keep-Alive
                  Accept: */*
                  Accept-Encoding: identity
                  User-Agent: Microsoft BITS/7.8
                  Host: fs.microsoft.com
                  2024-05-27 22:39:24 UTC467INHTTP/1.1 200 OK
                  Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                  Content-Type: application/octet-stream
                  ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                  Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                  Server: ECAcc (lpl/EF06)
                  X-CID: 11
                  X-Ms-ApiVersion: Distribute 1.2
                  X-Ms-Region: prod-weu-z1
                  Cache-Control: public, max-age=149390
                  Date: Mon, 27 May 2024 22:39:24 GMT
                  Connection: close
                  X-CID: 2


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  3192.168.2.449748184.28.90.27443
                  TimestampBytes transferredDirectionData
                  2024-05-27 22:39:25 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                  Connection: Keep-Alive
                  Accept: */*
                  Accept-Encoding: identity
                  If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                  Range: bytes=0-2147483646
                  User-Agent: Microsoft BITS/7.8
                  Host: fs.microsoft.com
                  2024-05-27 22:39:25 UTC515INHTTP/1.1 200 OK
                  ApiVersion: Distribute 1.1
                  Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                  Content-Type: application/octet-stream
                  ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                  Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                  Server: ECAcc (lpl/EF06)
                  X-CID: 11
                  X-Ms-ApiVersion: Distribute 1.2
                  X-Ms-Region: prod-weu-z1
                  Cache-Control: public, max-age=149472
                  Date: Mon, 27 May 2024 22:39:25 GMT
                  Content-Length: 55
                  Connection: close
                  X-CID: 2
                  2024-05-27 22:39:25 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                  Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  4192.168.2.449749192.216.61.784431892C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  2024-05-27 22:39:26 UTC626OUTGET /images/header_footer.png HTTP/1.1
                  Host: resources.mtb.com
                  Connection: keep-alive
                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                  sec-ch-ua-mobile: ?0
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  sec-ch-ua-platform: "Windows"
                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                  Sec-Fetch-Site: cross-site
                  Sec-Fetch-Mode: no-cors
                  Sec-Fetch-Dest: image
                  Referer: http://46814880-10-20181030130048.webstarterz.com/
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  2024-05-27 22:39:26 UTC578INHTTP/1.1 200 OK
                  Content-Type: image/png
                  Last-Modified: Wed, 17 Apr 2024 05:13:48 GMT
                  Accept-Ranges: bytes
                  ETag: "0ce1978690da1:0"
                  X-Srv: M-STC-002
                  Access-Control-Allow-Origin: *
                  X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
                  Server-Timing: dtSInfo;desc="0", dtRpid;desc="72323629"
                  Date: Mon, 27 May 2024 22:39:25 GMT
                  Content-Length: 31436
                  Set-Cookie: TSf60233d5027=08affc4e07ab2000de93d7763d18ca977f7a4d211b41dcdf8ff3978d823ba4417c02f9ccb939448c08c1f12eb8113000db29dd484ca986633b2ee8dd3af0982d795c638ba29bd79820c24e10770c8d2f816f73ae3a8e5dd8951df531ecad59f1; Path=/
                  2024-05-27 22:39:26 UTC6893INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 03 e5 00 00 01 40 08 06 00 00 00 da 8d dd fe 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 00 07 74 49 4d 45 07 e1 0a 1e 0c 32 19 6b bb 5f 5f 00 00 00 07 74 45 58 74 41 75 74 68 6f 72 00 a9 ae cc 48 00 00 00 0c 74 45 58 74 44 65 73 63 72 69 70 74 69 6f 6e 00 13 09 21 23 00 00 00 0a 74 45 58 74 43 6f 70 79 72 69 67 68 74 00 ac 0f cc 3a 00 00 00 0e 74 45 58 74 43 72 65 61 74 69 6f 6e 20 74 69 6d 65 00 35 f7 0f 09 00 00 00 09 74 45 58 74 53 6f 66 74 77 61 72 65 00 5d 70 ff 3a 00 00 00 0b 74 45 58 74 44 69 73 63 6c 61 69 6d 65 72 00 b7 c0 b4 8f 00 00 00 08 74 45 58 74 57 61 72 6e 69 6e 67 00 c0 1b e6 87 00 00 00 07 74 45 58 74 53 6f 75 72 63 65 00 f5 ff 83 eb 00 00 00 08 74 45 58 74
                  Data Ascii: PNGIHDR@pHYs+tIME2k__tEXtAuthorHtEXtDescription!#tEXtCopyright:tEXtCreation time5tEXtSoftware]p:tEXtDisclaimertEXtWarningtEXtSourcetEXt
                  2024-05-27 22:39:26 UTC10163INData Raw: e1 14 ba 07 5b ca 89 88 88 88 a8 a8 72 b5 fa 66 eb 8a de 99 75 dc e5 b9 ea 0a d6 b7 b7 75 b6 db 7d 67 5b ca 9d 5b 9b d5 21 b3 75 7c 27 ec 6e e8 33 0b d9 6f e7 76 69 61 5d da 3b 54 4f 77 da 1b a1 3c 6c 1b fb 5a c8 cf b6 8f 3d dd 52 de f8 7f 2f e1 e5 8b 7e 08 00 38 e6 77 3f c0 e1 d7 5f 5a d0 8a 4f 3f fd 34 6e b9 e5 16 2c 5d ba d4 9b 77 ab 7e 28 ae 7f f7 9f a8 38 6c ef 5c 4b 9e dc d1 82 37 af bf 13 cd 1f ae c3 e9 4f fc 06 7d 87 0d 04 f6 e3 ee eb 02 39 46 de 23 da 8f f1 bd 4d 44 44 44 7b 5d 77 9d 30 70 02 d9 2c 00 93 43 16 77 aa 85 3b 4f 97 f6 05 4e 9d dd 1d fe 72 ed 0f 43 39 8a b6 8f f2 91 83 cf c5 ee d5 9b 30 6e c6 79 98 fa c0 2d 05 ad b4 71 e3 46 1c 7a e8 a1 68 6e 6e c6 c5 17 5f 8c f9 f3 e7 e3 33 c6 01 98 da dc 07 a3 a7 4f c5 e9 ff bc b3 87 77 db ef c3 3f
                  Data Ascii: [rfuu}g[[!u|'n3ovia];TOw<lZ=R/~8w?_ZO?4n,]w~(8l\K7O}9F#MDDD{]w0p,Cw;ONrC90ny-qFzhnn_3Ow?
                  2024-05-27 22:39:26 UTC11566INData Raw: 8b d7 74 53 2e ec fe 46 d4 7b f1 f3 4d d4 7b f1 f3 4d 5d d1 d5 f7 47 4f af df dd ef df 8e d6 97 2f 74 ef 93 9f af 7c f7 29 2f 58 b6 17 18 32 bf 23 2d eb 44 44 44 44 44 44 d4 3b 14 d2 e8 f8 a9 cb 86 dd 16 ca 89 88 88 88 88 88 88 72 f8 d4 05 ee 42 e4 1c cf 9f 88 88 88 88 88 88 88 7a 0e 43 39 11 11 11 11 11 11 51 91 b0 fb fa be 8d 03 bd 11 11 11 11 11 91 8b dd bf 7b 21 86 f2 7d 1b 3f 74 44 44 44 44 44 44 bd 18 bb af 13 11 11 11 11 11 11 15 09 43 39 11 11 11 11 11 11 51 91 30 94 13 11 11 11 11 11 11 15 09 43 39 11 11 11 11 11 11 51 91 30 94 13 11 11 11 11 11 11 15 09 43 39 11 11 11 11 11 11 51 91 30 94 13 11 11 11 11 11 11 15 09 43 39 11 11 11 11 11 11 51 91 30 94 e7 26 8a bd 03 44 44 44 44 44 44 d4 7b 45 ba a9 9e 5c e1 35 5f b0 ed ea f2 2e 6d bf a1 a1 01 b1
                  Data Ascii: tS.F{M{M]GO/t|)/X2#-DDDDDD;rBzC9Q{!}?tDDDDDDC9Q0C9Q0C9Q0C9Q0&DDDDDD{E\5_.m
                  2024-05-27 22:39:26 UTC2814INData Raw: d9 e4 f8 dc cc 6c 2a b8 1f a5 c8 8b fd 8d 02 75 ef bd 02 d0 f5 7a ed 6e 6e 6e d4 cc 2c 95 cf 17 cb 95 01 ba 9a 99 f5 7d 6f aa 6a df 7e fb ad bd 79 f3 06 a7 a7 a7 5a 1c af a9 2a ea 0c 7a ca 9a 57 d9 73 8b 81 39 00 e0 f5 eb d7 7d 7c c8 0a 56 a2 47 ac 15 91 a7 f1 b1 89 c8 12 21 28 4f 1f 86 de cc bc 88 ec 0b ca 89 e8 e3 4d 05 d5 0e 21 5b ee b0 bd 49 96 ce c1 a6 58 8f d5 2b 44 44 c7 eb 2e 37 5d a7 be 0b 6e 3b 2d 4d 3f 34 06 f7 4e 90 5e 3e af 3a 8d 4b cf f7 06 e5 53 81 7b ec 8d 7d b2 04 bd 9a a7 c5 f3 bc 7c 71 1c ea bd 37 e7 5c 0e 98 bd f7 26 22 26 22 e6 bd 9f cc 92 2f 97 4b dd 6c 36 58 2e 97 66 b1 54 3d 36 7f b7 74 0c 66 a6 5d d7 e5 61 de ba ae 4b d9 73 33 33 7b f2 e4 49 99 59 17 55 c5 62 b1 80 f7 de 2e 2f 2f 05 80 bd 7b f7 4e 54 15 cf 9f 3f 37 00 12 8f 33 5f
                  Data Ascii: l*uznnn,}oj~yZ*zWs9}|VG!(OM![IX+DD.7]n;-M?4N^>:KS{}|q7\&"&"/Kl6X.fT=6tf]aKs33{IYUb.//{NT?73_


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  5192.168.2.449750192.216.61.784431892C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  2024-05-27 22:39:26 UTC620OUTGET /images/general.png HTTP/1.1
                  Host: resources.mtb.com
                  Connection: keep-alive
                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                  sec-ch-ua-mobile: ?0
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  sec-ch-ua-platform: "Windows"
                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                  Sec-Fetch-Site: cross-site
                  Sec-Fetch-Mode: no-cors
                  Sec-Fetch-Dest: image
                  Referer: http://46814880-10-20181030130048.webstarterz.com/
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  2024-05-27 22:39:26 UTC579INHTTP/1.1 200 OK
                  Content-Type: image/png
                  Last-Modified: Wed, 17 Apr 2024 05:13:48 GMT
                  Accept-Ranges: bytes
                  ETag: "0ce1978690da1:0"
                  X-Srv: M-STC-002
                  Access-Control-Allow-Origin: *
                  X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
                  Server-Timing: dtSInfo;desc="0", dtRpid;desc="951877927"
                  Date: Mon, 27 May 2024 22:39:25 GMT
                  Content-Length: 36351
                  Set-Cookie: TSf60233d5027=08affc4e07ab20000406eb9a856ed937eecfc248a15795d59243d6fa74327f480cbdfc72c08ca8eb088f96da91113000f80ea3a8687242f43b2ee8dd3af0982d393a617bb1f0099bb886fd1b4217c990a2d17338cfe1ba251df678f397da5503; Path=/
                  2024-05-27 22:39:26 UTC6892INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 40 00 00 04 00 08 06 00 00 00 90 f0 80 61 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 8d a1 49 44 41 54 78 da ec 9d 0b 7c 14 d5 d9 ff 9f 0d 81 40 30 b2 80 08 72 0d 4a d5 e2 a5 bb f6 b5 b5 2a 95 b4 56 f1 1e 5a 8d 78 ab 89 5c b4 be d6 90 5a 6b c4 ff bf 80 ff 8f 48 d5 16 62 5b ad 5c 4c 2c 55 b9 a8 c4 5b 85 56 0d 16 6d 7d 8b ba 11 34 af 54 90 18 b9 0a 09 cb 25 37 08 ec ff 3c b3 33 cb ee 66 76 77 36 bb 33 e7 24 f9 7d 3f 9f c3 ec cc 9c 99 fc 98 d9 f9 ed f3 9c 39 73 c6 45 61 3c f9 fe df c6 fb 0f 1e 28 ae df ef cf ff da bf 97 f6 1c d8 47 0d 8d 07 68 6f f3 c1 ca 83 87 5a cb b6 fd 66 c9 1a 92 c8 ee dd bb c7 37 37 37 17 37 35 35 e5 37 35
                  Data Ascii: PNGIHDR@atEXtSoftwareAdobe ImageReadyqe<IDATx|@0rJ*VZx\ZkHb[\L,U[Vm}4T%7<3fvw63$}?9sEa<(GhoZf77775575
                  2024-05-27 22:39:26 UTC14486INData Raw: 62 e2 9d 74 7c 56 ec bb 98 dc 3b 20 d5 9b 0c 61 8f 58 9a ea cb 5f 5e a6 a5 e4 8f 5f 7a 73 68 f9 dd ab ff a2 a5 ec 95 05 c5 71 f5 71 1b 9c 1d 37 41 0c cc 6e 74 58 b9 41 12 4e d7 bf 09 02 80 42 29 70 78 61 a3 e3 ee 24 bf fd c1 f5 11 cb 79 9e 97 f3 7a 99 fd 00 d9 e8 46 ba 07 6a 77 a1 c3 97 f3 3c 2f e7 f5 b2 fa 01 a2 1b 0c 0c 10 74 62 03 fc c5 5b 4b e9 ab fd 0d 5a 17 12 b3 f5 bc 9c d7 73 3d 3b 0d 30 56 1f be bb de f8 b3 f6 f7 9f b8 a2 c8 74 3d 2f e7 f5 5c cf e9 7e 80 6c ae 46 9a 6b 16 e5 19 1d a3 19 ae d7 1d ef 00 c3 00 81 b2 06 b8 f8 e3 b5 f4 fe f6 cd f4 dc 95 53 e9 b8 9e e6 23 c5 f0 72 5e cf f5 b8 be 93 11 e0 53 1f be 4d ef 7d f5 39 bd 7e f3 bd 34 20 fb 38 d3 3a bc 9c d7 73 3d ae af 42 37 98 68 13 ec ee dd 60 60 80 40 39 03 5c f1 d9 07 54 f6 e1 df e9 89 8b
                  Data Ascii: bt|V; aX_^_zshqq7AntXANB)pxa$yzFjw</tb[KZs=;0Vt=/\~lFkS#r^SM}9~4 8:s=B7h``@9\T
                  2024-05-27 22:39:26 UTC14973INData Raw: 53 c1 04 4d cc 2f a4 cf 76 13 2c 2d 98 25 fe e5 bf 3f 5a 9b 06 e7 55 33 3f b7 16 c9 04 a7 ea 98 e0 dc e5 ac a9 4c 94 72 a1 29 57 9b f2 7c 70 b9 0a 14 e9 df a7 72 fd c7 ad 5c 9f 57 22 d2 4f 26 02 9c 69 72 71 18 5f 02 15 7e b5 a1 af 33 ea 0b 46 04 c5 da 05 31 77 79 ad 7e 61 14 87 22 06 f9 94 eb e6 5c a4 a7 71 45 fa bc 3a 91 ea dc e5 b3 f4 f3 b6 45 9b 06 e7 55 d1 e6 d7 52 5d ce 16 83 91 9f 5f 4f 7d fd 9d cd 00 9f 89 71 71 90 f6 39 f8 eb 23 93 b8 fa 44 14 a8 b4 3e 11 05 2a ad 4f 44 81 76 e9 9b a9 5f 10 d5 fa 05 53 ad 5f 30 33 15 88 fe c6 8b 7f f3 29 d8 86 55 11 16 71 55 68 cb 15 69 c8 d7 75 15 51 74 5b 9b 7a 26 58 ab 92 f9 31 ae 24 bf 10 e1 69 52 f4 7f d2 25 fb 3f 13 95 06 47 e0 f5 7a a5 eb 8b 4a 83 23 98 33 81 a4 eb 8b 4a 83 23 58 3c 6d 9c 8b ba 23 6c 72 66
                  Data Ascii: SM/v,-%?ZU3?Lr)W|pr\W"O&irq_~3F1wy~a"\qE:EUR]_O}qq9#D>*ODv_S_03)UqUhiuQt[z&X1$iR%?GzJ#3J#X<m#lrf


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  6192.168.2.449751192.216.61.784431892C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  2024-05-27 22:39:26 UTC632OUTGET /images/Dropdown-sprite_slk.png HTTP/1.1
                  Host: resources.mtb.com
                  Connection: keep-alive
                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                  sec-ch-ua-mobile: ?0
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  sec-ch-ua-platform: "Windows"
                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                  Sec-Fetch-Site: cross-site
                  Sec-Fetch-Mode: no-cors
                  Sec-Fetch-Dest: image
                  Referer: http://46814880-10-20181030130048.webstarterz.com/
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  2024-05-27 22:39:26 UTC580INHTTP/1.1 200 OK
                  Content-Type: image/png
                  Last-Modified: Wed, 17 Apr 2024 05:13:48 GMT
                  Accept-Ranges: bytes
                  ETag: "0ce1978690da1:0"
                  X-Srv: M-STC-002
                  Access-Control-Allow-Origin: *
                  X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
                  Server-Timing: dtSInfo;desc="0", dtRpid;desc="-1494238864"
                  Date: Mon, 27 May 2024 22:39:25 GMT
                  Content-Length: 2214
                  Set-Cookie: TSf60233d5027=08affc4e07ab2000fd9fead50a48ef9180f7c27e94ec4330dac6fccd6a0c3ced411bb806e0cc53df08fd4154681130001f2b16d2032825b33b2ee8dd3af0982d3d0cb34b7bbc6a0948280b3759f3191fbccf31afa6f378e3dae7ae75a29a0f03; Path=/
                  2024-05-27 22:39:26 UTC2214INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 1b 00 00 00 c4 08 06 00 00 00 6e bc 5a af 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0b 10 00 00 0b 10 01 ad 23 bd 75 00 00 08 48 49 44 41 54 78 5e ed 5c 6d 73 53 45 14 e6 27 f0 53 d0 5f c0 1f d0 f1 93 33 0a 38 ea e0 f7 ce a8 a3 7e 40 03 33 e2 cb f8 36 02 8e df 44 67 7c a5 6f 52 40 40 a4 8b 16 a8 50 48 5a 92 f6 b6 b9 e5 86 a6 a1 49 9a 26 69 da 90 b6 49 39 ee b3 b9 7b 4d 2f b9 2f 49 ee a6 28 65 e6 99 6c f7 9c 3d cf dd bd 7b cf 7d f6 34 65 57 38 1c de 9b 4a a5 7a 88 28 a4 08 2f ef 92 ff 38 59 c8 48 18 6c f3 61 8d 54 a1 56 ab 45 f8 44 76 ef 12 64 86 ce 6a 9b 6b a4 14 b5 35 26 c8 74 4e b6 b1 59 26 d5 30 c9 e2 6c bd 56 22 d5 a8 93 e9 1a ab 54 0b a4 1a 16 59 79 23 47 aa
                  Data Ascii: PNGIHDRnZgAMAapHYs#uHIDATx^\msSE'S_38~@36Dg|oR@@PHZI&iI9{M//I(el={}4eW8Jz(/8YHlaTVEDvdjk5&tNY&0lV"TYy#G


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  7192.168.2.44975524.75.29.774431892C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  2024-05-27 22:39:27 UTC495OUTGET /images/Dropdown-sprite_slk.png HTTP/1.1
                  Host: resources.mtb.com
                  Connection: keep-alive
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  Accept: */*
                  Sec-Fetch-Site: none
                  Sec-Fetch-Mode: cors
                  Sec-Fetch-Dest: empty
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  Cookie: dtCookie=v_4_srv_3_sn_043C9955C63920A57AD746B4D6F3BAB5_perc_100000_ol_0_mul_1_app-3Aa521059fe666ac1f_0_rcs-3Acss_0
                  2024-05-27 22:39:27 UTC580INHTTP/1.1 200 OK
                  Content-Type: image/png
                  Last-Modified: Wed, 17 Apr 2024 05:09:10 GMT
                  Accept-Ranges: bytes
                  ETag: "05f66618590da1:0"
                  X-Srv: B-STC-001
                  Access-Control-Allow-Origin: *
                  X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
                  Server-Timing: dtSInfo;desc="0", dtRpid;desc="2099295867"
                  Date: Mon, 27 May 2024 22:39:26 GMT
                  Content-Length: 2214
                  Set-Cookie: TSea15929a027=0856addebbab20003a4f12e7f59741977efd1f79be43bf07fab0dc4019ac2c620b632808369da5b0080bb24c79113000782845fe4f92cb827168a4f42577d2cbd88e6d34620a5cf058922d3acc2f3fe663b57d678342852846bcea4ed352f2f4; Path=/
                  2024-05-27 22:39:27 UTC2214INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 1b 00 00 00 c4 08 06 00 00 00 6e bc 5a af 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0b 10 00 00 0b 10 01 ad 23 bd 75 00 00 08 48 49 44 41 54 78 5e ed 5c 6d 73 53 45 14 e6 27 f0 53 d0 5f c0 1f d0 f1 93 33 0a 38 ea e0 f7 ce a8 a3 7e 40 03 33 e2 cb f8 36 02 8e df 44 67 7c a5 6f 52 40 40 a4 8b 16 a8 50 48 5a 92 f6 b6 b9 e5 86 a6 a1 49 9a 26 69 da 90 b6 49 39 ee b3 b9 7b 4d 2f b9 2f 49 ee a6 28 65 e6 99 6c f7 9c 3d cf dd bd 7b cf 7d f6 34 65 57 38 1c de 9b 4a a5 7a 88 28 a4 08 2f ef 92 ff 38 59 c8 48 18 6c f3 61 8d 54 a1 56 ab 45 f8 44 76 ef 12 64 86 ce 6a 9b 6b a4 14 b5 35 26 c8 74 4e b6 b1 59 26 d5 30 c9 e2 6c bd 56 22 d5 a8 93 e9 1a ab 54 0b a4 1a 16 59 79 23 47 aa
                  Data Ascii: PNGIHDRnZgAMAapHYs#uHIDATx^\msSE'S_38~@36Dg|oR@@PHZI&iI9{M//I(el={}4eW8Jz(/8YHlaTVEDvdjk5&tNY&0lV"TYy#G


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  8192.168.2.44975724.75.29.774431892C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  2024-05-27 22:39:27 UTC483OUTGET /images/general.png HTTP/1.1
                  Host: resources.mtb.com
                  Connection: keep-alive
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  Accept: */*
                  Sec-Fetch-Site: none
                  Sec-Fetch-Mode: cors
                  Sec-Fetch-Dest: empty
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  Cookie: dtCookie=v_4_srv_3_sn_043C9955C63920A57AD746B4D6F3BAB5_perc_100000_ol_0_mul_1_app-3Aa521059fe666ac1f_0_rcs-3Acss_0
                  2024-05-27 22:39:27 UTC579INHTTP/1.1 200 OK
                  Content-Type: image/png
                  Last-Modified: Wed, 17 Apr 2024 05:09:10 GMT
                  Accept-Ranges: bytes
                  ETag: "05f66618590da1:0"
                  X-Srv: B-STC-001
                  Access-Control-Allow-Origin: *
                  X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
                  Server-Timing: dtSInfo;desc="0", dtRpid;desc="52044376"
                  Date: Mon, 27 May 2024 22:39:26 GMT
                  Content-Length: 36351
                  Set-Cookie: TSea15929a027=0856addebbab20002655fdb57be32f9beebd93d2416558673cec98bb23e09ee48bdcfa7d1e31a82808c0886d85113000cc04a5c622d6a98e7168a4f42577d2cbcc3426ddd44880fed7853841dae43fac05f9861e877b0cf73ee2b026a26ca6a8; Path=/
                  2024-05-27 22:39:27 UTC6892INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 40 00 00 04 00 08 06 00 00 00 90 f0 80 61 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 8d a1 49 44 41 54 78 da ec 9d 0b 7c 14 d5 d9 ff 9f 0d 81 40 30 b2 80 08 72 0d 4a d5 e2 a5 bb f6 b5 b5 2a 95 b4 56 f1 1e 5a 8d 78 ab 89 5c b4 be d6 90 5a 6b c4 ff bf 80 ff 8f 48 d5 16 62 5b ad 5c 4c 2c 55 b9 a8 c4 5b 85 56 0d 16 6d 7d 8b ba 11 34 af 54 90 18 b9 0a 09 cb 25 37 08 ec ff 3c b3 33 cb ee 66 76 77 36 bb 33 e7 24 f9 7d 3f 9f c3 ec cc 9c 99 fc 98 d9 f9 ed f3 9c 39 73 c6 45 61 3c f9 fe df c6 fb 0f 1e 28 ae df ef cf ff da bf 97 f6 1c d8 47 0d 8d 07 68 6f f3 c1 ca 83 87 5a cb b6 fd 66 c9 1a 92 c8 ee dd bb c7 37 37 37 17 37 35 35 e5 37 35
                  Data Ascii: PNGIHDR@atEXtSoftwareAdobe ImageReadyqe<IDATx|@0rJ*VZx\ZkHb[\L,U[Vm}4T%7<3fvw63$}?9sEa<(GhoZf77775575
                  2024-05-27 22:39:27 UTC13083INData Raw: 62 e2 9d 74 7c 56 ec bb 98 dc 3b 20 d5 9b 0c 61 8f 58 9a ea cb 5f 5e a6 a5 e4 8f 5f 7a 73 68 f9 dd ab ff a2 a5 ec 95 05 c5 71 f5 71 1b 9c 1d 37 41 0c cc 6e 74 58 b9 41 12 4e d7 bf 09 02 80 42 29 70 78 61 a3 e3 ee 24 bf fd c1 f5 11 cb 79 9e 97 f3 7a 99 fd 00 d9 e8 46 ba 07 6a 77 a1 c3 97 f3 3c 2f e7 f5 b2 fa 01 a2 1b 0c 0c 10 74 62 03 fc c5 5b 4b e9 ab fd 0d 5a 17 12 b3 f5 bc 9c d7 73 3d 3b 0d 30 56 1f be bb de f8 b3 f6 f7 9f b8 a2 c8 74 3d 2f e7 f5 5c cf e9 7e 80 6c ae 46 9a 6b 16 e5 19 1d a3 19 ae d7 1d ef 00 c3 00 81 b2 06 b8 f8 e3 b5 f4 fe f6 cd f4 dc 95 53 e9 b8 9e e6 23 c5 f0 72 5e cf f5 b8 be 93 11 e0 53 1f be 4d ef 7d f5 39 bd 7e f3 bd 34 20 fb 38 d3 3a bc 9c d7 73 3d ae af 42 37 98 68 13 ec ee dd 60 60 80 40 39 03 5c f1 d9 07 54 f6 e1 df e9 89 8b
                  Data Ascii: bt|V; aX_^_zshqq7AntXANB)pxa$yzFjw</tb[KZs=;0Vt=/\~lFkS#r^SM}9~4 8:s=B7h``@9\T
                  2024-05-27 22:39:27 UTC1403INData Raw: 99 19 71 b2 1f 5e 16 ff 3f 70 ff f5 52 c5 7a 3c 9e b8 eb ab ab ab a5 ea 7b e8 d2 40 dc f5 0f ac 96 7b d3 70 d1 d4 0b e3 ae 9f b2 f0 5d 02 a0 3b 91 89 43 00 10 b5 74 ae a8 05 d1 b4 4d 06 28 3b c2 4b 84 ec 08 2f 11 b2 23 bc 44 a8 1a e1 c1 04 61 7e b2 e0 9b 20 95 1d d8 ae d2 41 8d d0 d7 b5 f5 85 4c 90 d0 88 0f f3 93 60 80 65 1d d8 ae cc 41 8d d0 d7 b5 f5 c1 04 61 7e 12 0d 30 d8 9f 6f 7e 12 db cc 77 f2 91 38 bd 3f 5f 52 fa 9c 7c 24 4e ef cf 97 94 3e 27 1f 89 d3 fb f3 25 a5 4f e6 23 71 e1 26 a8 68 ba 1e 32 41 45 24 29 6b 7e 3a ca 9a 9f 76 3e 43 9f 82 8f c2 4d b7 60 7e 52 9e 12 d0 1f 85 4b a8 cf e9 a7 40 0c f4 47 e1 12 ea 73 fa 29 10 03 fd 51 b8 84 fa 64 3d 05 02 80 5c 03 0c 9a e0 78 c2 60 08 a9 98 60 5c 7d 18 0c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                  Data Ascii: q^?pRz<{@{p];CtM(;K/#Da~ AL`eAa~0o~w8?_R|$N>'%O#q&h2AE$)k~:v>CM`~RK@Gs)Qd=\x``\}
                  2024-05-27 22:39:27 UTC7243INData Raw: 53 c1 04 4d cc 2f a4 cf 76 13 2c 2d 98 25 fe e5 bf 3f 5a 9b 06 e7 55 33 3f b7 16 c9 04 a7 ea 98 e0 dc e5 ac a9 4c 94 72 a1 29 57 9b f2 7c 70 b9 0a 14 e9 df a7 72 fd c7 ad 5c 9f 57 22 d2 4f 26 02 9c 69 72 71 18 5f 02 15 7e b5 a1 af 33 ea 0b 46 04 c5 da 05 31 77 79 ad 7e 61 14 87 22 06 f9 94 eb e6 5c a4 a7 71 45 fa bc 3a 91 ea dc e5 b3 f4 f3 b6 45 9b 06 e7 55 d1 e6 d7 52 5d ce 16 83 91 9f 5f 4f 7d fd 9d cd 00 9f 89 71 71 90 f6 39 f8 eb 23 93 b8 fa 44 14 a8 b4 3e 11 05 2a ad 4f 44 81 76 e9 9b a9 5f 10 d5 fa 05 53 ad 5f 30 33 15 88 fe c6 8b 7f f3 29 d8 86 55 11 16 71 55 68 cb 15 69 c8 d7 75 15 51 74 5b 9b 7a 26 58 ab 92 f9 31 ae 24 bf 10 e1 69 52 f4 7f d2 25 fb 3f 13 95 06 47 e0 f5 7a a5 eb 8b 4a 83 23 98 33 81 a4 eb 8b 4a 83 23 58 3c 6d 9c 8b ba 23 6c 72 66
                  Data Ascii: SM/v,-%?ZU3?Lr)W|pr\W"O&irq_~3F1wy~a"\qE:EUR]_O}qq9#D>*ODv_S_03)UqUhiuQt[z&X1$iR%?GzJ#3J#X<m#lrf
                  2024-05-27 22:39:27 UTC7243INData Raw: d1 75 bc 9f 89 8e 1d 1d 6e 22 ac 51 5b b4 05 7d ae 69 c8 a6 bf 25 56 3d 3a 77 bd ae 3f 98 26 68 44 7d e6 be 8d cb e2 42 be 19 aa 61 80 21 de d8 a0 18 c2 be ee d3 2b 61 de d8 a0 18 a2 bc b1 41 a9 06 33 71 f8 23 e3 4b 5a 57 47 c3 c3 c3 d0 e7 27 c6 10 14 8e ec 76 86 75 d9 99 83 11 46 1e d9 e0 5a 60 a0 ad 01 e6 7c 51 eb 72 bf aa a3 a3 a3 d0 57 bc f9 59 6f 8d df 2c de cf 08 e5 56 f8 3a 7e d7 50 dd 80 86 06 18 b3 4e 64 5c 29 92 33 a9 e5 d0 e7 8c d9 76 97 af 87 b0 a9 c0 7b fb f2 c1 4a fd ae 21 02 04 da 11 d6 35 be c5 a2 d9 35 be 4e f0 18 3a e3 46 a8 7c bb fb b1 4f 5c 4b 17 78 6f de 26 bf c1 b2 3f 18 20 00 41 a3 7b 9b 6f 99 dc e6 8a 7b 70 cd 01 cc 66 ef aa 15 33 dd 8d 2b f3 73 4a 7f d7 d9 f6 57 91 e0 9e 65 00 54 22 b9 4f 81 eb f4 d4 d1 71 ee 1a 5d 26 d8 a7 c4 45
                  Data Ascii: un"Q[}i%V=:w?&hD}Ba!+aA3q#KZWG'vuFZ`|QrWYo,V:~PNd\)3v{J!55N:F|O\Kxo&? A{o{pf3+sJWeT"Oq]&E
                  2024-05-27 22:39:27 UTC487INData Raw: 17 aa 3e d5 3e 58 50 9f 65 bb 50 f5 a9 f6 c1 82 fa 2c db 05 11 0d a4 c9 78 4a dd 0a 15 15 e8 18 b1 b0 99 b4 a9 ef 52 2b cc cf 17 bd 7c ae 57 90 8f cd 51 7e 19 a0 95 b8 cb 75 f1 88 f4 43 5f 05 e8 53 29 10 a7 ea f7 a9 a8 00 26 58 f9 91 df 7d a4 c1 f8 ce 1a 02 40 0f 83 31 9f 57 dc 24 2a 48 af ea 31 84 09 56 90 f9 f1 39 e5 73 ab 9a 5b 12 3a 8c ef 84 01 02 9d 0c 66 90 ce 75 da f4 e9 6e 82 9a 48 2a 1b f3 23 a3 a3 8b 48 a3 f1 9d 75 a8 76 40 43 13 5c a9 d2 24 31 4b 6a 73 25 88 cd 04 7b 34 d1 12 d3 fd 9c ea 7c 25 08 22 40 a0 ab 11 72 45 79 58 45 82 4d 28 91 f2 c4 32 c4 e9 61 1d 7b f9 61 80 40 67 13 e4 21 39 6b 54 f4 00 ca 13 3e 77 6b 74 1d df 89 14 18 e8 6e 82 da a4 9b a0 a8 f3 d7 a8 b3 3e 44 80 00 80 aa 05 06 08 00 80 01 5a 48 65 e7 1b b7 f6 8f 59 76 8e 2e 87 ed
                  Data Ascii: >>XPeP,xJR+|WQ~uC_S)&X}@1W$*H1V9s[:funH*#Huv@C\$1Kjs%{4|%"@rEyXEM(2a{a@g!9kT>wktn>DZHeYv.


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  9192.168.2.44975624.75.29.774431892C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  2024-05-27 22:39:27 UTC489OUTGET /images/header_footer.png HTTP/1.1
                  Host: resources.mtb.com
                  Connection: keep-alive
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  Accept: */*
                  Sec-Fetch-Site: none
                  Sec-Fetch-Mode: cors
                  Sec-Fetch-Dest: empty
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  Cookie: dtCookie=v_4_srv_3_sn_043C9955C63920A57AD746B4D6F3BAB5_perc_100000_ol_0_mul_1_app-3Aa521059fe666ac1f_0_rcs-3Acss_0
                  2024-05-27 22:39:28 UTC582INHTTP/1.1 200 OK
                  Content-Type: image/png
                  Last-Modified: Wed, 17 Apr 2024 05:09:10 GMT
                  Accept-Ranges: bytes
                  ETag: "05f66618590da1:0"
                  X-Srv: B-STC-001
                  Access-Control-Allow-Origin: *
                  X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
                  Server-Timing: dtSInfo;desc="0", dtRpid;desc="-1568534243"
                  Date: Mon, 27 May 2024 22:39:28 GMT
                  Content-Length: 31436
                  Set-Cookie: TSea15929a027=0856addebbab200008f41d28c5a50ff89a15357addd330104d324f0b7798e5d1d53f816641baeec108ce26cfc11130000a74e9f2094d75cf86de3620e21f0339a6d08d555a1da1d6ff2e80d524f01c38f5360489cc50f01a0fceaabdba6ee8f8; Path=/
                  2024-05-27 22:39:28 UTC15802INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 03 e5 00 00 01 40 08 06 00 00 00 da 8d dd fe 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 00 07 74 49 4d 45 07 e1 0a 1e 0c 32 19 6b bb 5f 5f 00 00 00 07 74 45 58 74 41 75 74 68 6f 72 00 a9 ae cc 48 00 00 00 0c 74 45 58 74 44 65 73 63 72 69 70 74 69 6f 6e 00 13 09 21 23 00 00 00 0a 74 45 58 74 43 6f 70 79 72 69 67 68 74 00 ac 0f cc 3a 00 00 00 0e 74 45 58 74 43 72 65 61 74 69 6f 6e 20 74 69 6d 65 00 35 f7 0f 09 00 00 00 09 74 45 58 74 53 6f 66 74 77 61 72 65 00 5d 70 ff 3a 00 00 00 0b 74 45 58 74 44 69 73 63 6c 61 69 6d 65 72 00 b7 c0 b4 8f 00 00 00 08 74 45 58 74 57 61 72 6e 69 6e 67 00 c0 1b e6 87 00 00 00 07 74 45 58 74 53 6f 75 72 63 65 00 f5 ff 83 eb 00 00 00 08 74 45 58 74
                  Data Ascii: PNGIHDR@pHYs+tIME2k__tEXtAuthorHtEXtDescription!#tEXtCopyright:tEXtCreation time5tEXtSoftware]p:tEXtDisclaimertEXtWarningtEXtSourcetEXt
                  2024-05-27 22:39:28 UTC582INData Raw: a3 06 cb b2 8c b8 19 97 52 4a 21 cb ec 15 9c 7b a4 4b 29 a5 66 59 96 e9 84 76 f5 32 62 31 54 1f 2a ad e1 f6 11 4f a7 d3 d2 e9 71 1d 0c e5 3d c6 17 ca 7f fd eb 5f 5b 00 c4 84 09 13 bc 16 73 67 91 a8 aa aa 12 4d 80 ec df dc 2c ca cb cb b1 ab b4 54 00 40 59 4b 8b 05 40 ec 8e c7 45 69 6b 2b da ec 6b c9 45 ac ad 4d c8 be 7d cd 7e 00 12 d1 a8 88 26 12 6e f8 15 c9 48 44 44 23 11 58 96 a5 a7 53 29 11 8b c5 34 00 42 5a 96 d0 d3 ba 66 44 0c 21 ad a8 d0 75 c3 1d d9 5d 33 0c 43 e8 86 26 0c cd 10 52 4a 4d d7 34 11 2d 29 91 a6 69 0a 69 45 34 19 b1 34 e7 da 0a 11 05 84 a9 69 22 a2 eb ba 94 52 98 a6 d9 7e ff 74 bb cf 83 10 9a 26 34 21 34 61 0a 61 69 f6 90 fb 52 4a 6f 39 10 b1 5b c7 23 11 fb 66 e9 a6 d3 02 af 49 01 6f 20 43 4b 58 42 40 d7 34 61 49 09 5d 6a 02 30 85 65 9f
                  Data Ascii: RJ!{K)fYv2b1T*Oq=_[sgM,T@YK@Eik+kEM}~&nHDD#XS)4BZfD!u]3C&RJM4-)iiE44i"R~t&4!4aaiRJo9[#fIo CKXB@4aI]j0e
                  2024-05-27 22:39:28 UTC15052INData Raw: 4f 4a 08 00 58 b6 6c 99 04 80 39 73 e6 e4 fa dd 77 9a 2f 94 3f fe f8 e3 50 76 c0 eb 62 a0 74 0d f7 3d 4a 29 0d a5 25 5a 15 7a 0d b9 32 1f 40 0d ec eb 13 9a 04 aa aa da eb b5 0f a8 80 dd cd 5b 0e b1 2c b1 45 d3 04 ec 40 ef 0e 3d 28 06 4a 29 9c ee e3 c2 79 37 0a 7b b1 a5 de af ce 3e 4b d2 de ad dc 6b f9 96 7d fb fa bb 9b 2b eb d9 dd df bd 33 39 02 4e 1d e5 4e 17 f5 b6 c0 8b 2d f5 b6 57 ea d5 27 e3 d2 3b 70 4e 20 57 47 49 54 9f 03 ca fc 40 d5 ea 6b 51 4e 92 94 da af 21 2e d5 0f b5 80 cc f8 1b d2 19 bc a6 7c ff c1 6b d2 88 7a 2f 7e be 89 7a 2f 7e be f7 6d 5d ed 4d 1a 76 3f e1 f6 75 fc 8d 67 52 24 dc e9 3d 80 bf 21 2d d8 d0 e6 7f 5f f8 06 b2 16 ed 61 42 d8 b7 1b 77 d7 95 52 a2 7d 1b 00 b0 c7 02 20 f7 04 2e 8f 2d 83 7d 7b b7 56 27 0a a1 bd 4e e1 d6 09 a7 0c da
                  Data Ascii: OJXl9sw/?Pvbt=J)%Zz2@[,E@=(J)y7{>Kk}+39NN-W';pN WGIT@kQN!.|kz/~z/~m]Mv?ugR$=!-_aBwR} .-}{V'N


                  Statistics

                  CPU Usage

                  Click to jump to process

                  Memory Usage

                  Click to jump to process

                  Behavior

                  Click to jump to process

                  System Behavior

                  General

                  Target ID:0
                  Start time:18:39:14
                  Start date:27/05/2024
                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                  Imagebase:0x7ff76e190000
                  File size:3'242'272 bytes
                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:low
                  Has exited:false

                  General

                  Target ID:2
                  Start time:18:39:17
                  Start date:27/05/2024
                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1968,i,115391403752787716,9641362441936061431,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                  Imagebase:0x7ff76e190000
                  File size:3'242'272 bytes
                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:low
                  Has exited:false

                  General

                  Target ID:3
                  Start time:18:39:19
                  Start date:27/05/2024
                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/securityauthentication.html?onlinebanking.mtb.com/Login/MTBSignOn?security+authentication"
                  Imagebase:0x7ff76e190000
                  File size:3'242'272 bytes
                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:low
                  Has exited:true

                  Disassembly

                  No disassembly