Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://cc.naver.com/cc?a=pst.link&m=1&nsc=Mblog.post&u=https://prestamosgarantizados.com/vvr/#phg4Plg4Ppjx3vandLh6rWPyLh6rwLh6q07qvz9Bjx3z9BR15WPy

Overview

General Information

Sample URL:https://cc.naver.com/cc?a=pst.link&m=1&nsc=Mblog.post&u=https://prestamosgarantizados.com/vvr/#phg4Plg4Ppjx3vandLh6rWPyLh6rwLh6q07qvz9Bjx3z9BR15WPy
Analysis ID:1577760
Infos:

Detection

HTMLPhisher
Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected phishing page
Suricata IDS alerts for network traffic
Yara detected HtmlPhish54
AI detected suspicious Javascript
Detected hidden input values containing email addresses (often used in phishing pages)
HTML body contains low number of good links
HTML page contains hidden javascript code
HTML title does not match URL
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 6816 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 3608 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1888,i,10370185980324039885,8009006180425534524,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6636 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cc.naver.com/cc?a=pst.link&m=1&nsc=Mblog.post&u=https://prestamosgarantizados.com/vvr/#phg4Plg4Ppjx3vandLh6rWPyLh6rwLh6q07qvz9Bjx3z9BR15WPy" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

HTML

SourceRuleDescriptionAuthorStrings
0.3.id.script.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
    2.2.pages.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security

      Sigma Signatures

      No Sigma rule has matched

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-18T17:54:10.247214+010028570901Successful Credential Theft Detected89.117.109.41443192.168.2.1649709TCP

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      Phishing

      barindex
      AI detected phishing page
      Source: https://810041cb-1c6faa7f.cpni.org/adfs/ls/?login_hint=philip.vandermerwe%40qvc.com&client-request-id=487a8161-3846-433b-8152-bad4f5bc46ad&username=philip.vandermerwe%40qvc.com&wa=wsignin1.0&wtrealm=urn:federation:MicrosoftOnline&wctx=estsredirect%3D2%26estsrequest%3DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQSG6s83CysnRuDdl35usdt7SpGZcJG6F9gZHzByDiJSaogIzMns0CvLDEvJbUoN7WoPNWhsCwZpOYWk6B_UbpnSnixWypQLrEkMz_vETMeDRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnRj7h7hxSp3Wv2nNoby283yZDjFqp_h6eNcFFjmqJ_u6esaFlYe5maWVGmp7ZxRpF8REBWUYmTpVOiV6m8Q7Jlsa2RlOIFNaAIb0yk2hg9sjB3sDLPYGQ5wMh7gZfjBd-zY0ZcnPxx_57FBgOGBAAMA0Joe Sandbox AI: Score: 9 Reasons: The brand 'Qurate Retail Group' is a known brand associated with retail and e-commerce., The URL '810041cb-1c6faa7f.cpni.org' does not match the legitimate domain 'qurateretailgroup.com'., The domain 'cpni.org' is unrelated to Qurate Retail Group and could be a compromised or unrelated domain., The presence of a UUID-like subdomain '810041cb-1c6faa7f' is unusual and suspicious., The email input field suggests a login page, which is a common target for phishing attempts. DOM: 4.4.pages.csv
      Source: https://810041cb-1c6faa7f.cpni.org/adfs/ls/?login_hint=philip.vandermerwe%40qvc.com&client-request-id=487a8161-3846-433b-8152-bad4f5bc46ad&username=philip.vandermerwe%40qvc.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQSG6s83CysnRuDdl35usdt7SpGZcJG6F9gZHzByDiJSaogIzMns0CvLDEvJbUoN7WoPNWhsCwZpOYWk6B_UbpnSnixWypQLrEkMz_vETMeDRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnRj7h7hxSp3Wv2nNoby283yZDjFqp_h6eNcFFjmqJ_u6esaFlYe5maWVGmp7ZxRpF8REBWUYmTpVOiV6m8Q7Jlsa2RlOIFNaAIb0yk2hg9sjB3sDLPYGQ5wMh7gZfjBd-zY0ZcnPxx_57FBgOGBAAMA0#Joe Sandbox AI: Score: 8 Reasons: The brand 'Qurate Retail Group' is a known brand associated with retail and e-commerce., The URL '810041cb-1c6faa7f.cpni.org' does not match the legitimate domain for Qurate Retail Group, which is 'qurateretailgroup.com'., The domain 'cpni.org' is unrelated to Qurate Retail Group and could be a sign of phishing., The use of a subdomain with random characters '810041cb-1c6faa7f' is suspicious and often used in phishing attempts., The email input field uses a legitimate QVC email domain, which is part of Qurate Retail Group, but the URL does not match the legitimate domain. DOM: 3.3.pages.csv
      Yara detected HtmlPhish54
      Source: Yara matchFile source: 0.3.id.script.csv, type: HTML
      Source: Yara matchFile source: 2.2.pages.csv, type: HTML
      AI detected suspicious Javascript
      Source: 0.0.id.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://prestamosgarantizados.com/vvr/#phg4Plg4Ppj... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to a suspicious domain. The script uses obfuscated code to decrypt email addresses and checks them against a blocklist, potentially for malicious purposes. The final redirection to the 'accounts.cpni.org' domain is highly suspicious and likely part of a phishing or credential harvesting scheme.
      Source: https://810041cb-1c6faa7f.cpni.org/adfs/ls/?login_hint=philip.vandermerwe%40qvc.com&client-request-id=487a8161-3846-433b-8152-bad4f5bc46ad&username=philip.vandermerwe%40qvc.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQSG6s83CysnRuDdl35usdt7SpGZcJG6F9gZHzByDiJSaogIzMns0CvLDEvJbUoN7WoPNWhsCwZpOYWk6B_UbpnSnixWypQLrEkMz_vETMeDRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnRj7h7hxSp3Wv2nNoby283yZDjFqp_h6eNcFFjmqJ_u6esaFlYe5maWVGmp7ZxRpF8REBWUYmTpVOiV6m8Q7Jlsa2RlOIFNaAIb0yk2hg9sjB3sDLPYGQ5wMh7gZfjBd-zY0ZcnPxx_57FBgOGBAAMA0#HTTP Parser: philip.vandermerwe@qvc.com
      Source: https://810041cb-1c6faa7f.cpni.org/adfs/ls/?login_hint=philip.vandermerwe%40qvc.com&client-request-id=487a8161-3846-433b-8152-bad4f5bc46ad&username=philip.vandermerwe%40qvc.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQSG6s83CysnRuDdl35usdt7SpGZcJG6F9gZHzByDiJSaogIzMns0CvLDEvJbUoN7WoPNWhsCwZpOYWk6B_UbpnSnixWypQLrEkMz_vETMeDRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnRj7h7hxSp3Wv2nNoby283yZDjFqp_h6eNcFFjmqJ_u6esaFlYe5maWVGmp7ZxRpF8REBWUYmTpVOiV6m8Q7Jlsa2RlOIFNaAIb0yk2hg9sjB3sDLPYGQ5wMh7gZfjBd-zY0ZcnPxx_57FBgOGBAAMA0#HTTP Parser: Number of links: 0
      Source: https://810041cb-1c6faa7f.cpni.org/adfs/ls/?login_hint=philip.vandermerwe%40qvc.com&client-request-id=487a8161-3846-433b-8152-bad4f5bc46ad&username=philip.vandermerwe%40qvc.com&wa=wsignin1.0&wtrealm=urn:federation:MicrosoftOnline&wctx=estsredirect%3D2%26estsrequest%3DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQSG6s83CysnRuDdl35usdt7SpGZcJG6F9gZHzByDiJSaogIzMns0CvLDEvJbUoN7WoPNWhsCwZpOYWk6B_UbpnSnixWypQLrEkMz_vETMeDRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnRj7h7hxSp3Wv2nNoby283yZDjFqp_h6eNcFFjmqJ_u6esaFlYe5maWVGmp7ZxRpF8REBWUYmTpVOiV6m8Q7Jlsa2RlOIFNaAIb0yk2hg9sjB3sDLPYGQ5wMh7gZfjBd-zY0ZcnPxx_57FBgOGBAAMA0HTTP Parser: Number of links: 0
      Source: https://accounts.cpni.org/?sessionID=tgy0n46d44l&timestamp=1734540843900&uuid=25267636-6fde-406b-9d7b-c7c62ab6fddd&username=philip.vandermerwe%40qvc.comHTTP Parser: Base64 decoded: a[href="http://www.salidzini.lv/"][style="display: block; width: 88px; height: 31px; overflow: hidden; position: relative;"]
      Source: https://810041cb-1c6faa7f.cpni.org/adfs/ls/?login_hint=philip.vandermerwe%40qvc.com&client-request-id=487a8161-3846-433b-8152-bad4f5bc46ad&username=philip.vandermerwe%40qvc.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQSG6s83CysnRuDdl35usdt7SpGZcJG6F9gZHzByDiJSaogIzMns0CvLDEvJbUoN7WoPNWhsCwZpOYWk6B_UbpnSnixWypQLrEkMz_vETMeDRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnRj7h7hxSp3Wv2nNoby283yZDjFqp_h6eNcFFjmqJ_u6esaFlYe5maWVGmp7ZxRpF8REBWUYmTpVOiV6m8Q7Jlsa2RlOIFNaAIb0yk2hg9sjB3sDLPYGQ5wMh7gZfjBd-zY0ZcnPxx_57FBgOGBAAMA0#HTTP Parser: Title: Sign In does not match URL
      Source: https://810041cb-1c6faa7f.cpni.org/adfs/ls/?login_hint=philip.vandermerwe%40qvc.com&client-request-id=487a8161-3846-433b-8152-bad4f5bc46ad&username=philip.vandermerwe%40qvc.com&wa=wsignin1.0&wtrealm=urn:federation:MicrosoftOnline&wctx=estsredirect%3D2%26estsrequest%3DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQSG6s83CysnRuDdl35usdt7SpGZcJG6F9gZHzByDiJSaogIzMns0CvLDEvJbUoN7WoPNWhsCwZpOYWk6B_UbpnSnixWypQLrEkMz_vETMeDRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnRj7h7hxSp3Wv2nNoby283yZDjFqp_h6eNcFFjmqJ_u6esaFlYe5maWVGmp7ZxRpF8REBWUYmTpVOiV6m8Q7Jlsa2RlOIFNaAIb0yk2hg9sjB3sDLPYGQ5wMh7gZfjBd-zY0ZcnPxx_57FBgOGBAAMA0HTTP Parser: Title: Sign In does not match URL
      Source: https://810041cb-1c6faa7f.cpni.org/adfs/ls/?login_hint=philip.vandermerwe%40qvc.com&client-request-id=487a8161-3846-433b-8152-bad4f5bc46ad&username=philip.vandermerwe%40qvc.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQSG6s83CysnRuDdl35usdt7SpGZcJG6F9gZHzByDiJSaogIzMns0CvLDEvJbUoN7WoPNWhsCwZpOYWk6B_UbpnSnixWypQLrEkMz_vETMeDRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnRj7h7hxSp3Wv2nNoby283yZDjFqp_h6eNcFFjmqJ_u6esaFlYe5maWVGmp7ZxRpF8REBWUYmTpVOiV6m8Q7Jlsa2RlOIFNaAIb0yk2hg9sjB3sDLPYGQ5wMh7gZfjBd-zY0ZcnPxx_57FBgOGBAAMA0#HTTP Parser: <input type="password" .../> found
      Source: https://810041cb-1c6faa7f.cpni.org/adfs/ls/?login_hint=philip.vandermerwe%40qvc.com&client-request-id=487a8161-3846-433b-8152-bad4f5bc46ad&username=philip.vandermerwe%40qvc.com&wa=wsignin1.0&wtrealm=urn:federation:MicrosoftOnline&wctx=estsredirect%3D2%26estsrequest%3DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQSG6s83CysnRuDdl35usdt7SpGZcJG6F9gZHzByDiJSaogIzMns0CvLDEvJbUoN7WoPNWhsCwZpOYWk6B_UbpnSnixWypQLrEkMz_vETMeDRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnRj7h7hxSp3Wv2nNoby283yZDjFqp_h6eNcFFjmqJ_u6esaFlYe5maWVGmp7ZxRpF8REBWUYmTpVOiV6m8Q7Jlsa2RlOIFNaAIb0yk2hg9sjB3sDLPYGQ5wMh7gZfjBd-zY0ZcnPxx_57FBgOGBAAMA0HTTP Parser: <input type="password" .../> found
      Source: https://prestamosgarantizados.com/vvr/#phg4Plg4Ppjx3vandLh6rWPyLh6rwLh6q07qvz9Bjx3z9BR15WPyHTTP Parser: No favicon
      Source: https://accounts.cpni.org/?sessionID=tgy0n46d44l&timestamp=1734540843900&uuid=25267636-6fde-406b-9d7b-c7c62ab6fddd&username=philip.vandermerwe%40qvc.comHTTP Parser: No favicon
      Source: https://810041cb-1c6faa7f.cpni.org/adfs/ls/?login_hint=philip.vandermerwe%40qvc.com&client-request-id=487a8161-3846-433b-8152-bad4f5bc46ad&username=philip.vandermerwe%40qvc.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQSG6s83CysnRuDdl35usdt7SpGZcJG6F9gZHzByDiJSaogIzMns0CvLDEvJbUoN7WoPNWhsCwZpOYWk6B_UbpnSnixWypQLrEkMz_vETMeDRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnRj7h7hxSp3Wv2nNoby283yZDjFqp_h6eNcFFjmqJ_u6esaFlYe5maWVGmp7ZxRpF8REBWUYmTpVOiV6m8Q7Jlsa2RlOIFNaAIb0yk2hg9sjB3sDLPYGQ5wMh7gZfjBd-zY0ZcnPxx_57FBgOGBAAMA0#HTTP Parser: No favicon
      Source: https://810041cb-1c6faa7f.cpni.org/adfs/ls/?login_hint=philip.vandermerwe%40qvc.com&client-request-id=487a8161-3846-433b-8152-bad4f5bc46ad&username=philip.vandermerwe%40qvc.com&wa=wsignin1.0&wtrealm=urn:federation:MicrosoftOnline&wctx=estsredirect%3D2%26estsrequest%3DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQSG6s83CysnRuDdl35usdt7SpGZcJG6F9gZHzByDiJSaogIzMns0CvLDEvJbUoN7WoPNWhsCwZpOYWk6B_UbpnSnixWypQLrEkMz_vETMeDRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnRj7h7hxSp3Wv2nNoby283yZDjFqp_h6eNcFFjmqJ_u6esaFlYe5maWVGmp7ZxRpF8REBWUYmTpVOiV6m8Q7Jlsa2RlOIFNaAIb0yk2hg9sjB3sDLPYGQ5wMh7gZfjBd-zY0ZcnPxx_57FBgOGBAAMA0HTTP Parser: No favicon
      Source: https://810041cb-1c6faa7f.cpni.org/adfs/ls/?login_hint=philip.vandermerwe%40qvc.com&client-request-id=487a8161-3846-433b-8152-bad4f5bc46ad&username=philip.vandermerwe%40qvc.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQSG6s83CysnRuDdl35usdt7SpGZcJG6F9gZHzByDiJSaogIzMns0CvLDEvJbUoN7WoPNWhsCwZpOYWk6B_UbpnSnixWypQLrEkMz_vETMeDRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnRj7h7hxSp3Wv2nNoby283yZDjFqp_h6eNcFFjmqJ_u6esaFlYe5maWVGmp7ZxRpF8REBWUYmTpVOiV6m8Q7Jlsa2RlOIFNaAIb0yk2hg9sjB3sDLPYGQ5wMh7gZfjBd-zY0ZcnPxx_57FBgOGBAAMA0#HTTP Parser: No <meta name="author".. found
      Source: https://810041cb-1c6faa7f.cpni.org/adfs/ls/?login_hint=philip.vandermerwe%40qvc.com&client-request-id=487a8161-3846-433b-8152-bad4f5bc46ad&username=philip.vandermerwe%40qvc.com&wa=wsignin1.0&wtrealm=urn:federation:MicrosoftOnline&wctx=estsredirect%3D2%26estsrequest%3DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQSG6s83CysnRuDdl35usdt7SpGZcJG6F9gZHzByDiJSaogIzMns0CvLDEvJbUoN7WoPNWhsCwZpOYWk6B_UbpnSnixWypQLrEkMz_vETMeDRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnRj7h7hxSp3Wv2nNoby283yZDjFqp_h6eNcFFjmqJ_u6esaFlYe5maWVGmp7ZxRpF8REBWUYmTpVOiV6m8Q7Jlsa2RlOIFNaAIb0yk2hg9sjB3sDLPYGQ5wMh7gZfjBd-zY0ZcnPxx_57FBgOGBAAMA0HTTP Parser: No <meta name="author".. found
      Source: https://810041cb-1c6faa7f.cpni.org/adfs/ls/?login_hint=philip.vandermerwe%40qvc.com&client-request-id=487a8161-3846-433b-8152-bad4f5bc46ad&username=philip.vandermerwe%40qvc.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQSG6s83CysnRuDdl35usdt7SpGZcJG6F9gZHzByDiJSaogIzMns0CvLDEvJbUoN7WoPNWhsCwZpOYWk6B_UbpnSnixWypQLrEkMz_vETMeDRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnRj7h7hxSp3Wv2nNoby283yZDjFqp_h6eNcFFjmqJ_u6esaFlYe5maWVGmp7ZxRpF8REBWUYmTpVOiV6m8Q7Jlsa2RlOIFNaAIb0yk2hg9sjB3sDLPYGQ5wMh7gZfjBd-zY0ZcnPxx_57FBgOGBAAMA0#HTTP Parser: No <meta name="copyright".. found
      Source: https://810041cb-1c6faa7f.cpni.org/adfs/ls/?login_hint=philip.vandermerwe%40qvc.com&client-request-id=487a8161-3846-433b-8152-bad4f5bc46ad&username=philip.vandermerwe%40qvc.com&wa=wsignin1.0&wtrealm=urn:federation:MicrosoftOnline&wctx=estsredirect%3D2%26estsrequest%3DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQSG6s83CysnRuDdl35usdt7SpGZcJG6F9gZHzByDiJSaogIzMns0CvLDEvJbUoN7WoPNWhsCwZpOYWk6B_UbpnSnixWypQLrEkMz_vETMeDRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnRj7h7hxSp3Wv2nNoby283yZDjFqp_h6eNcFFjmqJ_u6esaFlYe5maWVGmp7ZxRpF8REBWUYmTpVOiV6m8Q7Jlsa2RlOIFNaAIb0yk2hg9sjB3sDLPYGQ5wMh7gZfjBd-zY0ZcnPxx_57FBgOGBAAMA0HTTP Parser: No <meta name="copyright".. found

      Networking

      barindex
      Suricata IDS alerts for network traffic
      Source: Network trafficSuricata IDS: 2857090 - Severity 1 - ETPRO PHISHING JS/PsyduckPockeball Payload Inbound : 89.117.109.41:443 -> 192.168.2.16:49709
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /vvr/ HTTP/1.1Host: prestamosgarantizados.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /vvr/wsp.svg HTTP/1.1Host: prestamosgarantizados.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://prestamosgarantizados.com/vvr/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /vvr/wsp.svg HTTP/1.1Host: prestamosgarantizados.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /?sessionID=tgy0n46d44l&timestamp=1734540843900&uuid=25267636-6fde-406b-9d7b-c7c62ab6fddd&username=philip.vandermerwe%40qvc.com HTTP/1.1Host: accounts.cpni.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://prestamosgarantizados.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /?sessionID=tgy0n46d44l&timestamp=1734540843900&uuid=25267636-6fde-406b-9d7b-c7c62ab6fddd&username=philip.vandermerwe%40qvc.com HTTP/1.1Host: accounts.cpni.orgConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://accounts.cpni.org/?sessionID=tgy0n46d44l&timestamp=1734540843900&uuid=25267636-6fde-406b-9d7b-c7c62ab6fddd&username=philip.vandermerwe%40qvc.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8o0KST="MWM2ZmFhN2YtNTg0Ni00ZTZlLWFmMTktNjEyMTQ3MzBkYjQ5OmRkMmI0ODczLTI5MDktNDE4ZS1iZDQwLTgzYzNlNDE4ZDBjOA=="
      Source: global trafficHTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_zKox_QMcTIVut7mG_Z9Eew2.js HTTP/1.1Host: a6fe9466-1c6faa7f.cpni.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://accounts.cpni.orgsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://accounts.cpni.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /1c6faa7f58464e6eaf1961214730db49/ HTTP/1.1Host: accounts.cpni.orgConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://accounts.cpni.orgSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8o0KST="MWM2ZmFhN2YtNTg0Ni00ZTZlLWFmMTktNjEyMTQ3MzBkYjQ5OmRkMmI0ODczLTI5MDktNDE4ZS1iZDQwLTgzYzNlNDE4ZDBjOA=="Sec-WebSocket-Key: /mEJeJZPb73tMtGsY7+APw==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
      Source: global trafficHTTP traffic detected: GET /?sessionID=tgy0n46d44l&timestamp=1734540843900&uuid=25267636-6fde-406b-9d7b-c7c62ab6fddd&username=philip.vandermerwe%40qvc.com&sso_reload=true HTTP/1.1Host: accounts.cpni.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://accounts.cpni.org/?sessionID=tgy0n46d44l&timestamp=1734540843900&uuid=25267636-6fde-406b-9d7b-c7c62ab6fddd&username=philip.vandermerwe%40qvc.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8o0KST="MWM2ZmFhN2YtNTg0Ni00ZTZlLWFmMTktNjEyMTQ3MzBkYjQ5OmRkMmI0ODczLTI5MDktNDE4ZS1iZDQwLTgzYzNlNDE4ZDBjOA=="; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1
      Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: accounts.cpni.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.cpni.org/?sessionID=tgy0n46d44l&timestamp=1734540843900&uuid=25267636-6fde-406b-9d7b-c7c62ab6fddd&username=philip.vandermerwe%40qvc.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8o0KST="MWM2ZmFhN2YtNTg0Ni00ZTZlLWFmMTktNjEyMTQ3MzBkYjQ5OmRkMmI0ODczLTI5MDktNDE4ZS1iZDQwLTgzYzNlNDE4ZDBjOA=="; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1
      Source: global trafficHTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_zKox_QMcTIVut7mG_Z9Eew2.js HTTP/1.1Host: a6fe9466-1c6faa7f.cpni.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8o0KST="MWM2ZmFhN2YtNTg0Ni00ZTZlLWFmMTktNjEyMTQ3MzBkYjQ5OmRkMmI0ODczLTI5MDktNDE4ZS1iZDQwLTgzYzNlNDE4ZDBjOA=="
      Source: global trafficHTTP traffic detected: GET /adfs/ls/?login_hint=philip.vandermerwe%40qvc.com&client-request-id=487a8161-3846-433b-8152-bad4f5bc46ad&username=philip.vandermerwe%40qvc.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQSG6s83CysnRuDdl35usdt7SpGZcJG6F9gZHzByDiJSaogIzMns0CvLDEvJbUoN7WoPNWhsCwZpOYWk6B_UbpnSnixWypQLrEkMz_vETMeDRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnRj7h7hxSp3Wv2nNoby283yZDjFqp_h6eNcFFjmqJ_u6esaFlYe5maWVGmp7ZxRpF8REBWUYmTpVOiV6m8Q7Jlsa2RlOIFNaAIb0yk2hg9sjB3sDLPYGQ5wMh7gZfjBd-zY0ZcnPxx_57FBgOGBAAMA0 HTTP/1.1Host: 810041cb-1c6faa7f.cpni.orgConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://accounts.cpni.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8o0KST="MWM2ZmFhN2YtNTg0Ni00ZTZlLWFmMTktNjEyMTQ3MzBkYjQ5OmRkMmI0ODczLTI5MDktNDE4ZS1iZDQwLTgzYzNlNDE4ZDBjOA=="
      Source: global trafficHTTP traffic detected: GET /1c6faa7f58464e6eaf1961214730db49/ HTTP/1.1Host: accounts.cpni.orgConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://accounts.cpni.orgSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8o0KST="MWM2ZmFhN2YtNTg0Ni00ZTZlLWFmMTktNjEyMTQ3MzBkYjQ5OmRkMmI0ODczLTI5MDktNDE4ZS1iZDQwLTgzYzNlNDE4ZDBjOA=="; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1Sec-WebSocket-Key: tgd5iVBPFYrnsMhJ6L2dqA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
      Source: global trafficHTTP traffic detected: GET /adfs/portal/css/style.css?id=D74D4D6943F32AE6F7F11D14D601DBB0E1A58919176EE512150366B6279AAF99 HTTP/1.1Host: 810041cb-1c6faa7f.cpni.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://810041cb-1c6faa7f.cpni.org/adfs/ls/?login_hint=philip.vandermerwe%40qvc.com&client-request-id=487a8161-3846-433b-8152-bad4f5bc46ad&username=philip.vandermerwe%40qvc.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQSG6s83CysnRuDdl35usdt7SpGZcJG6F9gZHzByDiJSaogIzMns0CvLDEvJbUoN7WoPNWhsCwZpOYWk6B_UbpnSnixWypQLrEkMz_vETMeDRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnRj7h7hxSp3Wv2nNoby283yZDjFqp_h6eNcFFjmqJ_u6esaFlYe5maWVGmp7ZxRpF8REBWUYmTpVOiV6m8Q7Jlsa2RlOIFNaAIb0yk2hg9sjB3sDLPYGQ5wMh7gZfjBd-zY0ZcnPxx_57FBgOGBAAMA0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8o0KST="MWM2ZmFhN2YtNTg0Ni00ZTZlLWFmMTktNjEyMTQ3MzBkYjQ5OmRkMmI0ODczLTI5MDktNDE4ZS1iZDQwLTgzYzNlNDE4ZDBjOA=="
      Source: global trafficHTTP traffic detected: GET /adfs/portal/logo/logo.png?id=87C494B1F166450BB45C74440F1A3221E5E310B79691E5269309FBF740B07E81 HTTP/1.1Host: 810041cb-1c6faa7f.cpni.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://810041cb-1c6faa7f.cpni.org/adfs/ls/?login_hint=philip.vandermerwe%40qvc.com&client-request-id=487a8161-3846-433b-8152-bad4f5bc46ad&username=philip.vandermerwe%40qvc.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQSG6s83CysnRuDdl35usdt7SpGZcJG6F9gZHzByDiJSaogIzMns0CvLDEvJbUoN7WoPNWhsCwZpOYWk6B_UbpnSnixWypQLrEkMz_vETMeDRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnRj7h7hxSp3Wv2nNoby283yZDjFqp_h6eNcFFjmqJ_u6esaFlYe5maWVGmp7ZxRpF8REBWUYmTpVOiV6m8Q7Jlsa2RlOIFNaAIb0yk2hg9sjB3sDLPYGQ5wMh7gZfjBd-zY0ZcnPxx_57FBgOGBAAMA0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8o0KST="MWM2ZmFhN2YtNTg0Ni00ZTZlLWFmMTktNjEyMTQ3MzBkYjQ5OmRkMmI0ODczLTI5MDktNDE4ZS1iZDQwLTgzYzNlNDE4ZDBjOA=="
      Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 810041cb-1c6faa7f.cpni.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://810041cb-1c6faa7f.cpni.org/adfs/ls/?login_hint=philip.vandermerwe%40qvc.com&client-request-id=487a8161-3846-433b-8152-bad4f5bc46ad&username=philip.vandermerwe%40qvc.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQSG6s83CysnRuDdl35usdt7SpGZcJG6F9gZHzByDiJSaogIzMns0CvLDEvJbUoN7WoPNWhsCwZpOYWk6B_UbpnSnixWypQLrEkMz_vETMeDRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnRj7h7hxSp3Wv2nNoby283yZDjFqp_h6eNcFFjmqJ_u6esaFlYe5maWVGmp7ZxRpF8REBWUYmTpVOiV6m8Q7Jlsa2RlOIFNaAIb0yk2hg9sjB3sDLPYGQ5wMh7gZfjBd-zY0ZcnPxx_57FBgOGBAAMA0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8o0KST="MWM2ZmFhN2YtNTg0Ni00ZTZlLWFmMTktNjEyMTQ3MzBkYjQ5OmRkMmI0ODczLTI5MDktNDE4ZS1iZDQwLTgzYzNlNDE4ZDBjOA=="
      Source: global trafficHTTP traffic detected: GET /adfs/portal/illustration/illustration.png?id=EFD0587FCF15BE144628CF2E7B6F442B4EEA740AA73D8D91C64E9E2B6C0353E4 HTTP/1.1Host: 810041cb-1c6faa7f.cpni.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://810041cb-1c6faa7f.cpni.org/adfs/ls/?login_hint=philip.vandermerwe%40qvc.com&client-request-id=487a8161-3846-433b-8152-bad4f5bc46ad&username=philip.vandermerwe%40qvc.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQSG6s83CysnRuDdl35usdt7SpGZcJG6F9gZHzByDiJSaogIzMns0CvLDEvJbUoN7WoPNWhsCwZpOYWk6B_UbpnSnixWypQLrEkMz_vETMeDRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnRj7h7hxSp3Wv2nNoby283yZDjFqp_h6eNcFFjmqJ_u6esaFlYe5maWVGmp7ZxRpF8REBWUYmTpVOiV6m8Q7Jlsa2RlOIFNaAIb0yk2hg9sjB3sDLPYGQ5wMh7gZfjBd-zY0ZcnPxx_57FBgOGBAAMA0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8o0KST="MWM2ZmFhN2YtNTg0Ni00ZTZlLWFmMTktNjEyMTQ3MzBkYjQ5OmRkMmI0ODczLTI5MDktNDE4ZS1iZDQwLTgzYzNlNDE4ZDBjOA=="
      Source: global trafficHTTP traffic detected: GET /adfs/portal/logo/logo.png?id=87C494B1F166450BB45C74440F1A3221E5E310B79691E5269309FBF740B07E81 HTTP/1.1Host: 810041cb-1c6faa7f.cpni.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8o0KST="MWM2ZmFhN2YtNTg0Ni00ZTZlLWFmMTktNjEyMTQ3MzBkYjQ5OmRkMmI0ODczLTI5MDktNDE4ZS1iZDQwLTgzYzNlNDE4ZDBjOA=="
      Source: global trafficHTTP traffic detected: GET /adfs/portal/illustration/illustration.png?id=EFD0587FCF15BE144628CF2E7B6F442B4EEA740AA73D8D91C64E9E2B6C0353E4 HTTP/1.1Host: 810041cb-1c6faa7f.cpni.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8o0KST="MWM2ZmFhN2YtNTg0Ni00ZTZlLWFmMTktNjEyMTQ3MzBkYjQ5OmRkMmI0ODczLTI5MDktNDE4ZS1iZDQwLTgzYzNlNDE4ZDBjOA=="
      Source: global trafficHTTP traffic detected: GET /adfs/portal/css/style.css?id=D74D4D6943F32AE6F7F11D14D601DBB0E1A58919176EE512150366B6279AAF99 HTTP/1.1Host: 810041cb-1c6faa7f.cpni.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"If-None-Match: D74D4D6943F32AE6F7F11D14D601DBB0E1A58919176EE512150366B6279AAF99sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://810041cb-1c6faa7f.cpni.org/adfs/ls/?login_hint=philip.vandermerwe%40qvc.com&client-request-id=487a8161-3846-433b-8152-bad4f5bc46ad&username=philip.vandermerwe%40qvc.com&wa=wsignin1.0&wtrealm=urn:federation:MicrosoftOnline&wctx=estsredirect%3D2%26estsrequest%3DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQSG6s83CysnRuDdl35usdt7SpGZcJG6F9gZHzByDiJSaogIzMns0CvLDEvJbUoN7WoPNWhsCwZpOYWk6B_UbpnSnixWypQLrEkMz_vETMeDRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnRj7h7hxSp3Wv2nNoby283yZDjFqp_h6eNcFFjmqJ_u6esaFlYe5maWVGmp7ZxRpF8REBWUYmTpVOiV6m8Q7Jlsa2RlOIFNaAIb0yk2hg9sjB3sDLPYGQ5wMh7gZfjBd-zY0ZcnPxx_57FBgOGBAAMA0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8o0KST="MWM2ZmFhN2YtNTg0Ni00ZTZlLWFmMTktNjEyMTQ3MzBkYjQ5OmRkMmI0ODczLTI5MDktNDE4ZS1iZDQwLTgzYzNlNDE4ZDBjOA=="
      Source: global trafficHTTP traffic detected: GET /adfs/portal/logo/logo.png?id=87C494B1F166450BB45C74440F1A3221E5E310B79691E5269309FBF740B07E81 HTTP/1.1Host: 810041cb-1c6faa7f.cpni.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"If-None-Match: 87C494B1F166450BB45C74440F1A3221E5E310B79691E5269309FBF740B07E81sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://810041cb-1c6faa7f.cpni.org/adfs/ls/?login_hint=philip.vandermerwe%40qvc.com&client-request-id=487a8161-3846-433b-8152-bad4f5bc46ad&username=philip.vandermerwe%40qvc.com&wa=wsignin1.0&wtrealm=urn:federation:MicrosoftOnline&wctx=estsredirect%3D2%26estsrequest%3DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQSG6s83CysnRuDdl35usdt7SpGZcJG6F9gZHzByDiJSaogIzMns0CvLDEvJbUoN7WoPNWhsCwZpOYWk6B_UbpnSnixWypQLrEkMz_vETMeDRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnRj7h7hxSp3Wv2nNoby283yZDjFqp_h6eNcFFjmqJ_u6esaFlYe5maWVGmp7ZxRpF8REBWUYmTpVOiV6m8Q7Jlsa2RlOIFNaAIb0yk2hg9sjB3sDLPYGQ5wMh7gZfjBd-zY0ZcnPxx_57FBgOGBAAMA0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8o0KST="MWM2ZmFhN2YtNTg0Ni00ZTZlLWFmMTktNjEyMTQ3MzBkYjQ5OmRkMmI0ODczLTI5MDktNDE4ZS1iZDQwLTgzYzNlNDE4ZDBjOA=="
      Source: global trafficHTTP traffic detected: GET /adfs/portal/illustration/illustration.png?id=EFD0587FCF15BE144628CF2E7B6F442B4EEA740AA73D8D91C64E9E2B6C0353E4 HTTP/1.1Host: 810041cb-1c6faa7f.cpni.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://810041cb-1c6faa7f.cpni.org/adfs/ls/?login_hint=philip.vandermerwe%40qvc.com&client-request-id=487a8161-3846-433b-8152-bad4f5bc46ad&username=philip.vandermerwe%40qvc.com&wa=wsignin1.0&wtrealm=urn:federation:MicrosoftOnline&wctx=estsredirect%3D2%26estsrequest%3DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQSG6s83CysnRuDdl35usdt7SpGZcJG6F9gZHzByDiJSaogIzMns0CvLDEvJbUoN7WoPNWhsCwZpOYWk6B_UbpnSnixWypQLrEkMz_vETMeDRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnRj7h7hxSp3Wv2nNoby283yZDjFqp_h6eNcFFjmqJ_u6esaFlYe5maWVGmp7ZxRpF8REBWUYmTpVOiV6m8Q7Jlsa2RlOIFNaAIb0yk2hg9sjB3sDLPYGQ5wMh7gZfjBd-zY0ZcnPxx_57FBgOGBAAMA0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8o0KST="MWM2ZmFhN2YtNTg0Ni00ZTZlLWFmMTktNjEyMTQ3MzBkYjQ5OmRkMmI0ODczLTI5MDktNDE4ZS1iZDQwLTgzYzNlNDE4ZDBjOA=="If-None-Match: EFD0587FCF15BE144628CF2E7B6F442B4EEA740AA73D8D91C64E9E2B6C0353E4
      Source: global trafficHTTP traffic detected: GET /adfs/portal/illustration/illustration.png?id=EFD0587FCF15BE144628CF2E7B6F442B4EEA740AA73D8D91C64E9E2B6C0353E4 HTTP/1.1Host: 810041cb-1c6faa7f.cpni.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 8o0KST="MWM2ZmFhN2YtNTg0Ni00ZTZlLWFmMTktNjEyMTQ3MzBkYjQ5OmRkMmI0ODczLTI5MDktNDE4ZS1iZDQwLTgzYzNlNDE4ZDBjOA=="If-None-Match: EFD0587FCF15BE144628CF2E7B6F442B4EEA740AA73D8D91C64E9E2B6C0353E4
      Source: global trafficDNS traffic detected: DNS query: cc.naver.com
      Source: global trafficDNS traffic detected: DNS query: prestamosgarantizados.com
      Source: global trafficDNS traffic detected: DNS query: www.google.com
      Source: global trafficDNS traffic detected: DNS query: accounts.cpni.org
      Source: global trafficDNS traffic detected: DNS query: a6fe9466-1c6faa7f.cpni.org
      Source: global trafficDNS traffic detected: DNS query: c64504ed-1c6faa7f.cpni.org
      Source: global trafficDNS traffic detected: DNS query: 810041cb-1c6faa7f.cpni.org
      Source: unknownHTTP traffic detected: POST /?sessionID=tgy0n46d44l&timestamp=1734540843900&uuid=25267636-6fde-406b-9d7b-c7c62ab6fddd&username=philip.vandermerwe%40qvc.com HTTP/1.1Host: accounts.cpni.orgConnection: keep-aliveContent-Length: 6380Cache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1Origin: https://accounts.cpni.orgContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://accounts.cpni.org/?sessionID=tgy0n46d44l&timestamp=1734540843900&uuid=25267636-6fde-406b-9d7b-c7c62ab6fddd&username=philip.vandermerwe%40qvc.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 18 Dec 2024 16:54:19 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 79a98735-ce76-465d-9607-84a320c11d00x-ms-ests-server: 2.1.19683.6 - WEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://c64504ed-1c6faa7f.cpni.org/api/report?catId=GW+estsfd+frc"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: *access-control-allow-headers: *
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 18 Dec 2024 16:54:19 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: cae096e9-62ae-4d07-ab55-cfd3c9cab800x-ms-ests-server: 2.1.19683.3 - NEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://c64504ed-1c6faa7f.cpni.org/api/report?catId=GW+estsfd+frc"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: *access-control-allow-headers: *
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 18 Dec 2024 16:54:28 GMTContent-Type: text/html; charset=us-asciiTransfer-Encoding: chunkedConnection: closeVary: Accept-Encodingaccess-control-allow-origin: *access-control-allow-headers: *
      Source: chromecache_80.1.drString found in binary or memory: https://accounts.cpni.org/?$
      Source: chromecache_80.1.drString found in binary or memory: https://www.404errorpages.com/error
      Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
      Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
      Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
      Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
      Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
      Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
      Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
      Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
      Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
      Source: classification engineClassification label: mal68.phis.win@18/26@20/8
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
      Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1888,i,10370185980324039885,8009006180425534524,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
      Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cc.naver.com/cc?a=pst.link&m=1&nsc=Mblog.post&u=https://prestamosgarantizados.com/vvr/#phg4Plg4Ppjx3vandLh6rWPyLh6rwLh6q07qvz9Bjx3z9BR15WPy"
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1888,i,10370185980324039885,8009006180425534524,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: Google Drive.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
      Source: YouTube.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
      Source: Sheets.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
      Source: Gmail.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
      Source: Slides.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
      Source: Docs.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
      Browser Extensions      		1
      Process Injection      		1
      Masquerading      		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/Job1
      Registry Run Keys / Startup Folder      		1
      Registry Run Keys / Startup Folder      		1
      Process Injection      		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media4
      Non-Application Layer Protocol      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
      Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
      Ingress Tool Transfer      		Traffic DuplicationData Destruction

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      https://cc.naver.com/cc?a=pst.link&m=1&nsc=Mblog.post&u=https://prestamosgarantizados.com/vvr/#phg4Plg4Ppjx3vandLh6rWPyLh6rwLh6q07qvz9Bjx3z9BR15WPy0%Avira URL Cloudsafe

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      https://810041cb-1c6faa7f.cpni.org/adfs/portal/css/style.css?id=D74D4D6943F32AE6F7F11D14D601DBB0E1A58919176EE512150366B6279AAF990%Avira URL Cloudsafe
      https://www.404errorpages.com/error0%Avira URL Cloudsafe
      https://810041cb-1c6faa7f.cpni.org/adfs/ls/?login_hint=philip.vandermerwe%40qvc.com&client-request-id=487a8161-3846-433b-8152-bad4f5bc46ad&username=philip.vandermerwe%40qvc.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQSG6s83CysnRuDdl35usdt7SpGZcJG6F9gZHzByDiJSaogIzMns0CvLDEvJbUoN7WoPNWhsCwZpOYWk6B_UbpnSnixWypQLrEkMz_vETMeDRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnRj7h7hxSp3Wv2nNoby283yZDjFqp_h6eNcFFjmqJ_u6esaFlYe5maWVGmp7ZxRpF8REBWUYmTpVOiV6m8Q7Jlsa2RlOIFNaAIb0yk2hg9sjB3sDLPYGQ5wMh7gZfjBd-zY0ZcnPxx_57FBgOGBAAMA00%Avira URL Cloudsafe
      https://accounts.cpni.org/favicon.ico0%Avira URL Cloudsafe
      https://810041cb-1c6faa7f.cpni.org/adfs/portal/illustration/illustration.png?id=EFD0587FCF15BE144628CF2E7B6F442B4EEA740AA73D8D91C64E9E2B6C0353E40%Avira URL Cloudsafe
      https://accounts.cpni.org/?$0%Avira URL Cloudsafe
      https://prestamosgarantizados.com/vvr/wsp.svg0%Avira URL Cloudsafe
      https://accounts.cpni.org/?sessionID=tgy0n46d44l&timestamp=1734540843900&uuid=25267636-6fde-406b-9d7b-c7c62ab6fddd&username=philip.vandermerwe%40qvc.com&sso_reload=true0%Avira URL Cloudsafe
      https://810041cb-1c6faa7f.cpni.org/adfs/portal/logo/logo.png?id=87C494B1F166450BB45C74440F1A3221E5E310B79691E5269309FBF740B07E810%Avira URL Cloudsafe
      https://a6fe9466-1c6faa7f.cpni.org/shared/1.0/content/js/BssoInterrupt_Core_zKox_QMcTIVut7mG_Z9Eew2.js0%Avira URL Cloudsafe
      https://c64504ed-1c6faa7f.cpni.org/api/report?catId=GW+estsfd+frc0%Avira URL Cloudsafe
      https://810041cb-1c6faa7f.cpni.org/favicon.ico0%Avira URL Cloudsafe
      https://accounts.cpni.org/1c6faa7f58464e6eaf1961214730db49/0%Avira URL Cloudsafe
      https://prestamosgarantizados.com/vvr/0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      810041cb-1c6faa7f.cpni.org
      		89.117.109.41
      		truefalse
        		high
        prestamosgarantizados.com
        		167.114.27.228
        		truefalse
          		high
          a6fe9466-1c6faa7f.cpni.org
          		89.117.109.41
          		truefalse
            		high
            c64504ed-1c6faa7f.cpni.org
            		89.117.109.41
            		truetrue
              		unknown
              www.google.com
              		142.250.181.132
              		truefalse
                		high
                accounts.cpni.org
                		89.117.109.41
                		truetrue
                  		unknown
                  cc.naver.com
                  		unknown
                  		unknownfalse
                    		high

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    https://810041cb-1c6faa7f.cpni.org/adfs/portal/css/style.css?id=D74D4D6943F32AE6F7F11D14D601DBB0E1A58919176EE512150366B6279AAF99true
                    • Avira URL Cloud: safe
                    		unknown
                    https://accounts.cpni.org/?sessionID=tgy0n46d44l&timestamp=1734540843900&uuid=25267636-6fde-406b-9d7b-c7c62ab6fddd&username=philip.vandermerwe%40qvc.comfalse
                      		unknown
                      https://810041cb-1c6faa7f.cpni.org/adfs/portal/illustration/illustration.png?id=EFD0587FCF15BE144628CF2E7B6F442B4EEA740AA73D8D91C64E9E2B6C0353E4true
                      • Avira URL Cloud: safe
                      		unknown
                      https://prestamosgarantizados.com/vvr/#phg4Plg4Ppjx3vandLh6rWPyLh6rwLh6q07qvz9Bjx3z9BR15WPyfalse
                        		unknown
                        https://accounts.cpni.org/favicon.icotrue
                        • Avira URL Cloud: safe
                        		unknown
                        https://810041cb-1c6faa7f.cpni.org/adfs/ls/?login_hint=philip.vandermerwe%40qvc.com&client-request-id=487a8161-3846-433b-8152-bad4f5bc46ad&username=philip.vandermerwe%40qvc.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQSG6s83CysnRuDdl35usdt7SpGZcJG6F9gZHzByDiJSaogIzMns0CvLDEvJbUoN7WoPNWhsCwZpOYWk6B_UbpnSnixWypQLrEkMz_vETMeDRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnRj7h7hxSp3Wv2nNoby283yZDjFqp_h6eNcFFjmqJ_u6esaFlYe5maWVGmp7ZxRpF8REBWUYmTpVOiV6m8Q7Jlsa2RlOIFNaAIb0yk2hg9sjB3sDLPYGQ5wMh7gZfjBd-zY0ZcnPxx_57FBgOGBAAMA0true
                        • Avira URL Cloud: safe
                        		unknown
                        https://accounts.cpni.org/?sessionID=tgy0n46d44l&timestamp=1734540843900&uuid=25267636-6fde-406b-9d7b-c7c62ab6fddd&username=philip.vandermerwe%40qvc.com&sso_reload=truetrue
                        • Avira URL Cloud: safe
                        		unknown
                        https://810041cb-1c6faa7f.cpni.org/adfs/portal/logo/logo.png?id=87C494B1F166450BB45C74440F1A3221E5E310B79691E5269309FBF740B07E81true
                        • Avira URL Cloud: safe
                        		unknown
                        https://prestamosgarantizados.com/vvr/wsp.svgfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://a6fe9466-1c6faa7f.cpni.org/shared/1.0/content/js/BssoInterrupt_Core_zKox_QMcTIVut7mG_Z9Eew2.jstrue
                        • Avira URL Cloud: safe
                        		unknown
                        https://c64504ed-1c6faa7f.cpni.org/api/report?catId=GW+estsfd+frctrue
                        • Avira URL Cloud: safe
                        		unknown
                        https://810041cb-1c6faa7f.cpni.org/favicon.icotrue
                        • Avira URL Cloud: safe
                        		unknown
                        https://810041cb-1c6faa7f.cpni.org/adfs/ls/?login_hint=philip.vandermerwe%40qvc.com&client-request-id=487a8161-3846-433b-8152-bad4f5bc46ad&username=philip.vandermerwe%40qvc.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQSG6s83CysnRuDdl35usdt7SpGZcJG6F9gZHzByDiJSaogIzMns0CvLDEvJbUoN7WoPNWhsCwZpOYWk6B_UbpnSnixWypQLrEkMz_vETMeDRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnRj7h7hxSp3Wv2nNoby283yZDjFqp_h6eNcFFjmqJ_u6esaFlYe5maWVGmp7ZxRpF8REBWUYmTpVOiV6m8Q7Jlsa2RlOIFNaAIb0yk2hg9sjB3sDLPYGQ5wMh7gZfjBd-zY0ZcnPxx_57FBgOGBAAMA0#true
                          		unknown
                          https://810041cb-1c6faa7f.cpni.org/adfs/ls/?login_hint=philip.vandermerwe%40qvc.com&client-request-id=487a8161-3846-433b-8152-bad4f5bc46ad&username=philip.vandermerwe%40qvc.com&wa=wsignin1.0&wtrealm=urn:federation:MicrosoftOnline&wctx=estsredirect%3D2%26estsrequest%3DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQSG6s83CysnRuDdl35usdt7SpGZcJG6F9gZHzByDiJSaogIzMns0CvLDEvJbUoN7WoPNWhsCwZpOYWk6B_UbpnSnixWypQLrEkMz_vETMeDRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnRj7h7hxSp3Wv2nNoby283yZDjFqp_h6eNcFFjmqJ_u6esaFlYe5maWVGmp7ZxRpF8REBWUYmTpVOiV6m8Q7Jlsa2RlOIFNaAIb0yk2hg9sjB3sDLPYGQ5wMh7gZfjBd-zY0ZcnPxx_57FBgOGBAAMA0true
                            		unknown
                            https://prestamosgarantizados.com/vvr/true
                            • Avira URL Cloud: safe
                            		unknown
                            https://accounts.cpni.org/1c6faa7f58464e6eaf1961214730db49/true
                            • Avira URL Cloud: safe
                            		unknown

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            https://www.404errorpages.com/errorchromecache_80.1.drfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://accounts.cpni.org/?$chromecache_80.1.drfalse
                            • Avira URL Cloud: safe
                            		unknown

                            World Map of Contacted IPs

                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs

                            Public IPs

                            IPDomainCountryFlagASNASN NameMalicious
                            89.117.109.41
                            		810041cb-1c6faa7f.cpni.orgLithuania
                            		15419LRTC-ASLTfalse
                            167.114.27.228
                            		prestamosgarantizados.comCanada
                            		16276OVHFRfalse
                            142.250.181.132
                            		www.google.comUnited States
                            		15169GOOGLEUSfalse
                            239.255.255.250
                            		unknownReserved
                            		unknownunknownfalse

                            Private

                            IP
                            192.168.2.16
                            192.168.2.13
                            192.168.2.23
                            192.168.2.14

                            General Information

                            Joe Sandbox version:41.0.0 Charoite
                            Analysis ID:1577760
                            Start date and time:2024-12-18 17:53:29 +01:00
                            Joe Sandbox product:CloudBasic
                            Overall analysis duration:0h 3m 29s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:defaultwindowsinteractivecookbook.jbs
                            Sample URL:https://cc.naver.com/cc?a=pst.link&m=1&nsc=Mblog.post&u=https://prestamosgarantizados.com/vvr/#phg4Plg4Ppjx3vandLh6rWPyLh6rwLh6q07qvz9Bjx3z9BR15WPy
                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                            Number of analysed new started processes analysed:16
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • EGA enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Detection:MAL
                            Classification:mal68.phis.win@18/26@20/8

                            Warnings

                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
                            • Excluded IPs from analysis (whitelisted): 142.250.181.99, 172.217.17.78, 64.233.162.84, 203.104.162.225, 172.217.17.46, 217.20.58.98, 142.250.181.142, 142.250.181.74, 142.250.181.106, 142.250.181.138, 172.217.17.42, 172.217.17.74, 172.217.19.202, 216.58.208.234, 172.217.21.42, 142.250.181.42, 172.217.19.170, 172.217.19.234, 142.250.181.10, 172.217.19.10, 172.217.17.35, 142.250.181.46, 23.218.208.109, 20.109.210.53, 40.126.53.17, 104.126.37.131
                            • Excluded domains from analysis (whitelisted): www.bing.com, clients1.google.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, cc.naver.com.akadns.net, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, login.live.com, update.googleapis.com, de1-nf.naver.com.akadns.net, clients.l.google.com
                            • Not all processes where analyzed, report is missing behavior information
                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                            • VT rate limit hit for: https://cc.naver.com/cc?a=pst.link&m=1&nsc=Mblog.post&u=https://prestamosgarantizados.com/vvr/#phg4Plg4Ppjx3vandLh6rWPyLh6rwLh6q07qvz9Bjx3z9BR15WPy

                            Simulations

                            Behavior and APIs

                            No simulations

                            Joe Sandbox View / Context

                            IPs

                            No context

                            Domains

                            No context

                            ASNs

                            No context

                            JA3 Fingerprints

                            No context

                            Dropped Files

                            No context

                            Created / dropped Files

                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Dec 18 15:54:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                            Category:dropped
                            Size (bytes):2673
                            Entropy (8bit):3.9912908620143797
                            Encrypted:false
                            SSDEEP:48:8pdFTNVvHIidAKZdA1FehwiZUklqeh+xy+3:8Rrm/xy
                            MD5:C820BA026C775307E02E4F2F8DC3C059
                            SHA1:E02A0CE34DAFE7E87D507426DF6CDE8ED081E814
                            SHA-256:5E50E5BC535FDDC8134A2C17AB9FFEAE3D3FEDE36FD735EF6D1084B75BC3F9D2
                            SHA-512:DE97456D35CC93E771985CC3F30A567590BEC04CC4B135FD065588AB021C334C4F0DCCE37119C63E6DD9A5DAFD8AFA33C4C82E45B92073177DA2D5B6853899D9
                            Malicious:false
                            Reputation:low
                            Preview:L..................F.@.. ...$+.,....>N.omQ..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Dec 18 15:54:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                            Category:dropped
                            Size (bytes):2675
                            Entropy (8bit):4.005588780133227
                            Encrypted:false
                            SSDEEP:48:81dFTNVvHIidAKZdA1seh/iZUkAQkqehvxy+2:8drg9Q0xy
                            MD5:B497CA77E6DAD559A7ABF32064641630
                            SHA1:AA1E29E8C12A3CD861234526504CD3A18621B76E
                            SHA-256:AF9D3FDA3A18587A6815EFCA87EDC3CF63826A22C5B3276A7D2798E7B7083159
                            SHA-512:A96D6AAAA1AADDC9896032E51C9BDF07911853FCD84DFD3B6049DB735B4F77AC762B684E677D4C2120702586660C709936C76FD5E0F1E76E0FC0E2AEF6D9128E
                            Malicious:false
                            Reputation:low
                            Preview:L..................F.@.. ...$+.,....d@.omQ..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                            Category:dropped
                            Size (bytes):2689
                            Entropy (8bit):4.016470509524812
                            Encrypted:false
                            SSDEEP:48:8hdFTNVAHIidAKZdA14meh7sFiZUkmgqeh7sNxy+BX:8ZrRnzxy
                            MD5:6A3E1B8BAE6388D406E3992D78677071
                            SHA1:22DFFC0BD4AA4DDA14E2DB845B05F1384C463EA2
                            SHA-256:0975F266F175D3432200F8D2FCBB791733479D00F99E6E8A6FCFDF0903EA0E03
                            SHA-512:57EE0CFFC48273AC086704AA31C3CB3E49E81585E16A65A698D3F9E48A2009EAC2F47260DA8B01D8C0D616F50E1191A4C6F6F262FC5FD65F48B96FD52D22ACF0
                            Malicious:false
                            Reputation:low
                            Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Dec 18 15:54:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                            Category:dropped
                            Size (bytes):2677
                            Entropy (8bit):4.004771173692044
                            Encrypted:false
                            SSDEEP:48:8qdFTNVvHIidAKZdA1TehDiZUkwqehrxy+R:8sr7Fxy
                            MD5:8BC394BCFFD8CAD7D82D983DF449449C
                            SHA1:78CAF0FF4511A7B00783010E9EA3CFE26C77940A
                            SHA-256:1D4BEBDB86A7DAE2C00F3F64B6BFDE12106C9DB54384DFA702A3589CE6FF6B22
                            SHA-512:12E6D1C80AE35F6A0910E18FDC9BCF4BA4C8930F3C185C8AB6DBF606BE8FF8324B5E39F0F5BCF9AF0A92ACA8537FD436E6273F66946A51A0DAB16DC262E8DE4A
                            Malicious:false
                            Reputation:low
                            Preview:L..................F.@.. ...$+.,....E;.omQ..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Dec 18 15:54:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                            Category:dropped
                            Size (bytes):2677
                            Entropy (8bit):3.994452173962644
                            Encrypted:false
                            SSDEEP:48:8ydFTNVvHIidAKZdA1dehBiZUk1W1qehRxy+C:8Er79xxy
                            MD5:CC50A30957DA93D68512D77DCECAD79D
                            SHA1:38D677A87FA2F3AB91AAD1D63B5ADED1F1A52116
                            SHA-256:D67730DDEDF3DCF1ED3D50B88FBA08963D847F664C0BA42BB8C90123B1E46939
                            SHA-512:E699A9ADF835D6829D86F784C4BE114686ED1577E9EDC4B4627AB078D0CF0B26DC28CAA76ACA2ADDEE5B56C25DE0C4D80D416C88A8DF090F379333B398E8337E
                            Malicious:false
                            Reputation:low
                            Preview:L..................F.@.. ...$+.,.....Z.omQ..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Dec 18 15:54:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                            Category:dropped
                            Size (bytes):2679
                            Entropy (8bit):4.002522888381105
                            Encrypted:false
                            SSDEEP:48:8fdFTNVvHIidAKZdA1duTeehOuTbbiZUk5OjqehOuTbzxy+yT+:8nrfTfTbxWOvTbzxy7T
                            MD5:E20D28FEA24795B4F3A66188B2B96D45
                            SHA1:418C51AD9765130D4322DC12C9D22984095BFE9F
                            SHA-256:032A03FD1C2465A45F41CF75819F248DF25DACE18C7F67B27CA33EF9A7D98ADF
                            SHA-512:20AAFBBEA90D1096107AC8996451302FE08A32FA9B0345B3CFD8E3DFC492DD4DF81F96A5C0ED1EE746A8AB7CBBE98A27C6262A7EF544DE0C8B86638E2C45D798
                            Malicious:false
                            Reputation:low
                            Preview:L..................F.@.. ...$+.,.......omQ..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                            Chrome Cache Entry: 69

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:gzip compressed data, from Unix, original size modulo 2^32 142292
                            Category:downloaded
                            Size (bytes):49900
                            Entropy (8bit):7.994836418673253
                            Encrypted:true
                            SSDEEP:1536:XzEYCjcTwk/tOMQTNOSjFmNlf5jcJwHmcCbryLJ3Px8/fJ:AYCWwZNOgFmNzcJwHGbOx8/h
                            MD5:D7B004C32C7ED24A2E682C9FDC3E9A46
                            SHA1:069A6DF3BA5C3AABBA42F39A82BFAE30EC68EC84
                            SHA-256:972EA63C496550BA8E439E34BCFF44978FABF74A1488ADFC807FCFEBC3D1A40E
                            SHA-512:08734A13390DF363113D12439CCBE46325DC0988EBFFE0C412206AB1458F2668AEA52C35D2D60EE9A137084682E09BDBFD826C4E0947561EE2147438584350F7
                            Malicious:false
                            Reputation:low
                            URL:https://a6fe9466-1c6faa7f.cpni.org/shared/1.0/content/js/BssoInterrupt_Core_zKox_QMcTIVut7mG_Z9Eew2.js
                            Preview:...........m[.8.0........OL....;w.....a.L...\N.......h.r~........=........,..JU.......T~.l..?..y..2.X9.|xvP9...TN.......?.....qe.OE.~Gn,.J.T....0......r..#.V&Qx_I.De....q.W.~.@......*T.y.S7J.*..f...P....Pz.......a.E..<.m./A,*...Q.....U..q...$.Db,...H<...'....J,..$..;nG.2DHYkL../......=.pB....A?.&...i,......2lo...$.<.s...?~p[......L..&x.qR.u3...6q:....U.Y1.."... .>Un#7@.........."H,@.......?..P....p6.S.[...E].A..G.....q..j4w6......YwI2....[?.....Y....v...S7....B.......?b.u...+...4.r..~.>x...an.N...`..._`.b......".#.k.y0.U....+I5..0.>.Q%.".w.....O....5w..;.;.>..mr.k53r.......u.@.I.<.D......d&...c .jhE..zx.]....y|W....i...`....k.P...@.Uq.\;..1............z|.O..Y5..........XtR,....R...k3..<.*.\.Z.f.;T..$...kj.5-.i?/..YH`!jb..Z..=.&.L..F...([..y....K5pzQ.>i.1.....0..P...@.x.L.".p.x..Cj?..w.:+...n.25..H.. .*....S.....h*....8....v...[M.0..q..c;.....0*..*.8.......l.TM..n "..km..S.<.T..].k.+1.....P.V...4-W.C....0-/.S;.w......K.z+....Z....=q.E.@ .Dv.z...@.d.#

                            Chrome Cache Entry: 70

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:SVG Scalable Vector Graphics image
                            Category:downloaded
                            Size (bytes):3728
                            Entropy (8bit):4.718277261919778
                            Encrypted:false
                            SSDEEP:96:JvfEcg0UqvMcOAvXa4zwjo0HtedznCOpKpFWgot:5Ecg04cXvXa4f0Y4p0
                            MD5:EC396047518A7FEF11D53D1B4F6BE65B
                            SHA1:E3BEC4CDAF5567641517A23019ADBFA2328B0A7F
                            SHA-256:8F77CFC832517C619BC1B8D82A6A478EE18D97442B4C78B006B0286CEC91E1A8
                            SHA-512:34AD62B5CC5EE5C950F340D65800102AE1CD06D34D24A611E7AC2CB9F23308AC96AC669D3B226C258DC6F862D985030EC3D5BB29609ECFEDF34E14F8F48529EB
                            Malicious:false
                            Reputation:low
                            URL:https://prestamosgarantizados.com/vvr/wsp.svg
                            Preview:<?xml version="1.0" encoding="utf-8"?>. Generator: Adobe Illustrator 28.1.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->.<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px".. viewBox="0 0 1200 241.4" style="enable-background:new 0 0 1200 241.4;" xml:space="preserve">.<style type="text/css">...st0{fill:#4C00FF;}...st1{fill:#FF5252;}.</style>.<g>..<g>...<g>....<path d="M1169.2,109.7v78.7h-28.9v-73.5c0-17.9-7.7-27.9-22.7-27.9s-24.9,10.5-27.7,28.1c-0.8,4.2-1,10.7-1,24.4v48.8H1060v-125.....h25.6c0.1,1.1,0.7,12.3,0.7,13c0,0.9,1.1,1.4,1.8,0.8c10.6-8.4,22.3-16.2,38.6-16.2C1153.5,60.9,1169.2,79,1169.2,109.7z"/>....<path d="M1013.4,63.4l-0.9,14.3c-0.1,0.9-1.2,1.4-1.8,0.8c-3.5-3.3-16.4-17.5-38.3-17.5c-31.4,0-54.5,27.1-54.5,63.9l0,0.....c0,37.3,22.9,64.5,54.5,64.5c21.1,0,34-13.7,36.4-16.7c0.7-0.8,2-0.3,2,0.7c-0.3,3.8-0.8,13.3-4,21.4c-4,10.2-13,19.7-31.1,19.7.....c-14.9,0-28.1-5.7-40.6-17.9L920,217.3c13.7,15.5,35

                            Chrome Cache Entry: 71

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:PNG image data, 189 x 59, 8-bit/color RGBA, non-interlaced
                            Category:downloaded
                            Size (bytes):289
                            Entropy (8bit):4.930123053524672
                            Encrypted:false
                            SSDEEP:6:6v/lhPF2wfMR/C+UNyEoxYhJJJJJJJJJJJJJJJJJJJJJJJJJJEY02sOdp:6v/7NdfM/kdoxfY02R
                            MD5:0360E73C57A2B442C071C3A1B733267D
                            SHA1:41D2623ABA3182267378EE509168BA5733FEDBE3
                            SHA-256:EFD0587FCF15BE144628CF2E7B6F442B4EEA740AA73D8D91C64E9E2B6C0353E4
                            SHA-512:1C1FFD61ECC07723EE823566AA629E4224671A58C3932FB25C19A6577B09AD5627412829D8B734E05C0F74366ABC97D879F7542D46C9C9A3A28C6B7669CBBB78
                            Malicious:false
                            Reputation:low
                            URL:https://810041cb-1c6faa7f.cpni.org/adfs/portal/illustration/illustration.png?id=EFD0587FCF15BE144628CF2E7B6F442B4EEA740AA73D8D91C64E9E2B6C0353E4
                            Preview:.PNG........IHDR.......;......>......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..1.. ..1T0.4.B5~.\.8...;P"=9.#=9.#=9.#=9.#=9.#=9.#=9.#=9.#=9.#=9.#=9.#=9.#=9.#=9.#=9.#=9.#=9.#=9.#=9.#=9.#=9.#=9.#=9.#=9.#=9.#=9.#=9.#=9.#=9..g.....]\..{......IEND.B`.

                            Chrome Cache Entry: 72

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:gzip compressed data, from Unix, original size modulo 2^32 142292
                            Category:dropped
                            Size (bytes):49900
                            Entropy (8bit):7.994836418673253
                            Encrypted:true
                            SSDEEP:1536:XzEYCjcTwk/tOMQTNOSjFmNlf5jcJwHmcCbryLJ3Px8/fJ:AYCWwZNOgFmNzcJwHGbOx8/h
                            MD5:D7B004C32C7ED24A2E682C9FDC3E9A46
                            SHA1:069A6DF3BA5C3AABBA42F39A82BFAE30EC68EC84
                            SHA-256:972EA63C496550BA8E439E34BCFF44978FABF74A1488ADFC807FCFEBC3D1A40E
                            SHA-512:08734A13390DF363113D12439CCBE46325DC0988EBFFE0C412206AB1458F2668AEA52C35D2D60EE9A137084682E09BDBFD826C4E0947561EE2147438584350F7
                            Malicious:false
                            Reputation:low
                            Preview:...........m[.8.0........OL....;w.....a.L...\N.......h.r~........=........,..JU.......T~.l..?..y..2.X9.|xvP9...TN.......?.....qe.OE.~Gn,.J.T....0......r..#.V&Qx_I.De....q.W.~.@......*T.y.S7J.*..f...P....Pz.......a.E..<.m./A,*...Q.....U..q...$.Db,...H<...'....J,..$..;nG.2DHYkL../......=.pB....A?.&...i,......2lo...$.<.s...?~p[......L..&x.qR.u3...6q:....U.Y1.."... .>Un#7@.........."H,@.......?..P....p6.S.[...E].A..G.....q..j4w6......YwI2....[?.....Y....v...S7....B.......?b.u...+...4.r..~.>x...an.N...`..._`.b......".#.k.y0.U....+I5..0.>.Q%.".w.....O....5w..;.;.>..mr.k53r.......u.@.I.<.D......d&...c .jhE..zx.]....y|W....i...`....k.P...@.Uq.\;..1............z|.O..Y5..........XtR,....R...k3..<.*.\.Z.f.;T..$...kj.5-.i?/..YH`!jb..Z..=.&.L..F...([..y....K5pzQ.>i.1.....0..P...@.x.L.".p.x..Cj?..w.:+...n.25..H.. .*....S.....h*....8....v...[M.0..q..c;.....0*..*.8.......l.TM..n "..km..S.<.T..].k.+1.....P.V...4-W.C....0-/.S;.w......K.z+....Z....=q.E.@ .Dv.z...@.d.#

                            Chrome Cache Entry: 73

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:SVG Scalable Vector Graphics image
                            Category:dropped
                            Size (bytes):3728
                            Entropy (8bit):4.718277261919778
                            Encrypted:false
                            SSDEEP:96:JvfEcg0UqvMcOAvXa4zwjo0HtedznCOpKpFWgot:5Ecg04cXvXa4f0Y4p0
                            MD5:EC396047518A7FEF11D53D1B4F6BE65B
                            SHA1:E3BEC4CDAF5567641517A23019ADBFA2328B0A7F
                            SHA-256:8F77CFC832517C619BC1B8D82A6A478EE18D97442B4C78B006B0286CEC91E1A8
                            SHA-512:34AD62B5CC5EE5C950F340D65800102AE1CD06D34D24A611E7AC2CB9F23308AC96AC669D3B226C258DC6F862D985030EC3D5BB29609ECFEDF34E14F8F48529EB
                            Malicious:false
                            Reputation:low
                            Preview:<?xml version="1.0" encoding="utf-8"?>. Generator: Adobe Illustrator 28.1.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->.<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px".. viewBox="0 0 1200 241.4" style="enable-background:new 0 0 1200 241.4;" xml:space="preserve">.<style type="text/css">...st0{fill:#4C00FF;}...st1{fill:#FF5252;}.</style>.<g>..<g>...<g>....<path d="M1169.2,109.7v78.7h-28.9v-73.5c0-17.9-7.7-27.9-22.7-27.9s-24.9,10.5-27.7,28.1c-0.8,4.2-1,10.7-1,24.4v48.8H1060v-125.....h25.6c0.1,1.1,0.7,12.3,0.7,13c0,0.9,1.1,1.4,1.8,0.8c10.6-8.4,22.3-16.2,38.6-16.2C1153.5,60.9,1169.2,79,1169.2,109.7z"/>....<path d="M1013.4,63.4l-0.9,14.3c-0.1,0.9-1.2,1.4-1.8,0.8c-3.5-3.3-16.4-17.5-38.3-17.5c-31.4,0-54.5,27.1-54.5,63.9l0,0.....c0,37.3,22.9,64.5,54.5,64.5c21.1,0,34-13.7,36.4-16.7c0.7-0.8,2-0.3,2,0.7c-0.3,3.8-0.8,13.3-4,21.4c-4,10.2-13,19.7-31.1,19.7.....c-14.9,0-28.1-5.7-40.6-17.9L920,217.3c13.7,15.5,35

                            Chrome Cache Entry: 74

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:HTML document, ASCII text, with CRLF line terminators
                            Category:downloaded
                            Size (bytes):315
                            Entropy (8bit):5.38000372032164
                            Encrypted:false
                            SSDEEP:6:B8FQtuc4svmo9qvyDPdrKFjKek+q2Q8EevWR0NNEXW0YDBOTieUWFLzR/YNe9zoG:BMQt6o9qvyLYF2ek+q2Q8Eepfd6ieUWx
                            MD5:67932D4B695E1D6B19DFC2E3610761FF
                            SHA1:A66898B36C94C53766E66C1A7AAEB149447EC083
                            SHA-256:CE7127C38E30E92A021ED2BD09287713C6A923DB9FFDB43F126E8965D777FBF0
                            SHA-512:97408B30995B72417494DACA4C67488B77E3121A9DB8BB3C2F204B49944457CAA1AF4B75730511B39FC9BABCCA5E1440168C3DBF3377B072866295BD490710FE
                            Malicious:false
                            Reputation:low
                            URL:https://810041cb-1c6faa7f.cpni.org/favicon.ico
                            Preview:<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd">..<HTML><HEAD><TITLE>Not Found</TITLE>..<META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>..<BODY><h2>Not Found</h2>..<hr><p>HTTP Error 404. The requested resource is not found.</p>..</BODY></HTML>..

                            Chrome Cache Entry: 75

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:PNG image data, 90 x 35, 8-bit/color RGBA, non-interlaced
                            Category:downloaded
                            Size (bytes):3772
                            Entropy (8bit):7.935157178890332
                            Encrypted:false
                            SSDEEP:96:47/6OW0+ENNS+G4dEZB0UV0n347WXoMgF8y:47/pWlcK0S0noWC
                            MD5:E9FCEAAA8814DD8B41DF51C6BD463E36
                            SHA1:8C7EB8316AC2CDFE73376B254AF52E70CE221C2E
                            SHA-256:87C494B1F166450BB45C74440F1A3221E5E310B79691E5269309FBF740B07E81
                            SHA-512:AACC430D2200D52ABC5C93B727910812DE31F8BABF7146901FC66264CF9A74497518964EAAB73C865C2C9EACB43449DB9B490781CB71643870D1D9685B29B148
                            Malicious:false
                            Reputation:low
                            URL:https://810041cb-1c6faa7f.cpni.org/adfs/portal/logo/logo.png?id=87C494B1F166450BB45C74440F1A3221E5E310B79691E5269309FBF740B07E81
                            Preview:.PNG........IHDR...Z...#.............sRGB.........gAMA......a.....pHYs..........o.d...QIDAThC.Zgp\....j..j.....a........e ..&$.8d @...2.C...!.!.P...q.-.l...UY..%...$K[d......'..[.=.;.=E..38.P....4.;..a/.~?TZ.T:.\{....?..6._..s........G...t....u..g|..............ke.w...#R}8Dj...~{...#...-.R......>.O...r.c..G.H.F^...C2.w..d.q......Q.V.:...i.......K..[..S..u.n8;.0/7.....I..jtm.Bt...^X ...&4.s.j....\..Z....AT<.W.w........C6.Q..V..*,..*nO.......]..0.0D....J.}r4... ....O..BA.....P.@...V..?m.....,...(...i...h....;...z...=.1H&..d. ..7.Bk..[."T.i../Z.a.:....F..IM.....V..K......>1.....J0.0,...d..hw.v}.{&4c&..|y....Q._....4......}..U.a.:.x...[..O;.C>xln.........hx.a...CR..t....Ni....g.S.3..?.<].-.}../[..PjHtdA..p.*l.|#.HA"A-..C.7..j'...4q...$..e.D.i1.0...6.g...o.~..&..0*..(`..I.<......if"..c...Qp{!Z?m..B..g...........I.|#^......87...z.z.L.../....D..d._.N&.@@.@....7...j.y..~).r>Y.=.0..._.Z.h...a?:.....~..Q...=.ux..X.t-.mv.,18.%..x...../\.kP.'

                            Chrome Cache Entry: 76

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                            Category:downloaded
                            Size (bytes):7812
                            Entropy (8bit):5.000799962586361
                            Encrypted:false
                            SSDEEP:96:xmJ0WahHPQ9uYKJLkjlBiBiP2n9dg3F+vkShbKXiEy60f3359wAs1/ubSjIfXg6m:x+0WahH4oFsjs0/SheXiEy6aAxdubbtm
                            MD5:81D1717DD8379E22C8AB66F8F83DC181
                            SHA1:67618F6E2A348CDD7C7CB8B6B6B10374EF87A0BE
                            SHA-256:D74D4D6943F32AE6F7F11D14D601DBB0E1A58919176EE512150366B6279AAF99
                            SHA-512:77FBCF6D1F5263E9ED26346B57804883C66E1FD074EF8F9303383D1C611FCFF7FEF7639FD8020A3B1AA182C15BB34F0BED12C03B0AC6D04B91676E845F240B4D
                            Malicious:false
                            Reputation:low
                            URL:https://810041cb-1c6faa7f.cpni.org/adfs/portal/css/style.css?id=D74D4D6943F32AE6F7F11D14D601DBB0E1A58919176EE512150366B6279AAF99
                            Preview:* {...margin:0px;...padding:0px;..}..html, body..{.. height:100%;.. width:100%;.. background-color:#ffffff;.. color:#000000;.. font-weight:normal;.. font-family:"Segoe UI" , "Segoe" , "SegoeUI-Regular-final", Tahoma, Helvetica, Arial, sans-serif;.. min-width:500px;.. -ms-overflow-style:-ms-autohiding-scrollbar;..}....body..{.. font-size:0.9em;..}....#noScript { margin:16px; color:Black; }....:lang(en-GB){quotes:'\2018' '\2019' '\201C' '\201D';}..:lang(zh){font-family:....;}....@-ms-viewport { width: device-width; }..@-moz-viewport { width: device-width; }..@-o-viewport { width: device-width; }..@-webkit-viewport { width: device-width; }..@viewport { width: device-width; }..../* Theme layout styles */....#fullPage, #brandingWrapper..{.. width:100%;.. height:100%;.. background-color:inherit;..}..#brandingWrapper..{.. background-color:#4488dd;..}..#branding..{ .. /* A background image will be added to the #branding element at run-ti

                            Chrome Cache Entry: 77

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with no line terminators
                            Category:downloaded
                            Size (bytes):28
                            Entropy (8bit):4.137537511266052
                            Encrypted:false
                            SSDEEP:3:fXFi/nYn:fFiwn
                            MD5:C63BBD329146AA451DFCD7D4CD572DF5
                            SHA1:6DEFC8FED9CD924EF3946AB5A64C472C0D998E8D
                            SHA-256:22993D2C8488DBF170D5C18CD16A5F40539C17AADBF97BA58360EFB296539335
                            SHA-512:6761D9A9D727820775BE3647BFB5BBC4A61D0E631E2D8C7CB7D4DC39B1BBB9585C7B570A9EB1BD62D4BC8E5EF64AE1DA233C342B83A9A116E0309A10C67AD64B
                            Malicious:false
                            Reputation:low
                            URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwmJdw68wViW4BIFDQGlaXISBQ1lIZnq?alt=proto
                            Preview:ChIKBw0BpWlyGgAKBw1lIZnqGgA=

                            Chrome Cache Entry: 78

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:PNG image data, 189 x 59, 8-bit/color RGBA, non-interlaced
                            Category:dropped
                            Size (bytes):289
                            Entropy (8bit):4.930123053524672
                            Encrypted:false
                            SSDEEP:6:6v/lhPF2wfMR/C+UNyEoxYhJJJJJJJJJJJJJJJJJJJJJJJJJJEY02sOdp:6v/7NdfM/kdoxfY02R
                            MD5:0360E73C57A2B442C071C3A1B733267D
                            SHA1:41D2623ABA3182267378EE509168BA5733FEDBE3
                            SHA-256:EFD0587FCF15BE144628CF2E7B6F442B4EEA740AA73D8D91C64E9E2B6C0353E4
                            SHA-512:1C1FFD61ECC07723EE823566AA629E4224671A58C3932FB25C19A6577B09AD5627412829D8B734E05C0F74366ABC97D879F7542D46C9C9A3A28C6B7669CBBB78
                            Malicious:false
                            Reputation:low
                            Preview:.PNG........IHDR.......;......>......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..1.. ..1T0.4.B5~.\.8...;P"=9.#=9.#=9.#=9.#=9.#=9.#=9.#=9.#=9.#=9.#=9.#=9.#=9.#=9.#=9.#=9.#=9.#=9.#=9.#=9.#=9.#=9.#=9.#=9.#=9.#=9.#=9.#=9.#=9..g.....]\..{......IEND.B`.

                            Chrome Cache Entry: 79

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:PNG image data, 90 x 35, 8-bit/color RGBA, non-interlaced
                            Category:dropped
                            Size (bytes):3772
                            Entropy (8bit):7.935157178890332
                            Encrypted:false
                            SSDEEP:96:47/6OW0+ENNS+G4dEZB0UV0n347WXoMgF8y:47/pWlcK0S0noWC
                            MD5:E9FCEAAA8814DD8B41DF51C6BD463E36
                            SHA1:8C7EB8316AC2CDFE73376B254AF52E70CE221C2E
                            SHA-256:87C494B1F166450BB45C74440F1A3221E5E310B79691E5269309FBF740B07E81
                            SHA-512:AACC430D2200D52ABC5C93B727910812DE31F8BABF7146901FC66264CF9A74497518964EAAB73C865C2C9EACB43449DB9B490781CB71643870D1D9685B29B148
                            Malicious:false
                            Reputation:low
                            Preview:.PNG........IHDR...Z...#.............sRGB.........gAMA......a.....pHYs..........o.d...QIDAThC.Zgp\....j..j.....a........e ..&$.8d @...2.C...!.!.P...q.-.l...UY..%...$K[d......'..[.=.;.=E..38.P....4.;..a/.~?TZ.T:.\{....?..6._..s........G...t....u..g|..............ke.w...#R}8Dj...~{...#...-.R......>.O...r.c..G.H.F^...C2.w..d.q......Q.V.:...i.......K..[..S..u.n8;.0/7.....I..jtm.Bt...^X ...&4.s.j....\..Z....AT<.W.w........C6.Q..V..*,..*nO.......]..0.0D....J.}r4... ....O..BA.....P.@...V..?m.....,...(...i...h....;...z...=.1H&..d. ..7.Bk..[."T.i../Z.a.:....F..IM.....V..K......>1.....J0.0,...d..hw.v}.{&4c&..|y....Q._....4......}..U.a.:.x...[..O;.C>xln.........hx.a...CR..t....Ni....g.S.3..?.<].-.}../[..PjHtdA..p.*l.|#.HA"A-..C.7..j'...4q...$..e.D.i1.0...6.g...o.~..&..0*..(`..I.<......if"..c...Qp{!Z?m..B..g...........I.|#^......87...z.z.L.../....D..d._.N&.@@.@....7...j.y..~).r>Y.=.0..._.Z.h...a?:.....~..Q...=.ux..X.t-.mv.,18.%..x...../\.kP.'

                            Chrome Cache Entry: 80

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:HTML document, ASCII text
                            Category:downloaded
                            Size (bytes):5166
                            Entropy (8bit):4.352035964674451
                            Encrypted:false
                            SSDEEP:96:yTy1ETm4cFRCL+zyJAFuTUZSlrIOdx6fVeSUsneVQ5vay:ym1EK4cFRCL+zyJAFb0uOne4sqQ9
                            MD5:C50DD8941E9A8836956B53CF0FDEB787
                            SHA1:E1D890D9D36E44D7890D8EE7854526921D5A47A9
                            SHA-256:3023062F46E4922962BDB88B7673CADE98F66F650908C1251695F61716CB9539
                            SHA-512:462CAA416D81194638FB8B25915F699075C9BEF9435F260EE6C9639050A06DFCEEB278EECBDC657B8AF06D9541D340531A55F4DCDB28090C222E49A59571ECB1
                            Malicious:false
                            Reputation:low
                            URL:https://prestamosgarantizados.com/vvr/
                            Preview:<!DOCTYPE html>.<html lang="en">.<head>. <meta charset="UTF-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <title>Redirecting...</title>. <style>. body {. margin: 0;. padding: 0;. display: flex;. justify-content: center;. align-items: center;. height: 100vh;. font-family: Arial, sans-serif;. background-color: #fff;. color: #333;. }. .logo {. display: flex;. align-items: center;. text-align: center;. gap: 8px;. }. .logo img {. height: 30px;. }. .logo span {. font-size: 24px;. font-weight: bold;. }. .progress-bar {. margin-top: 20px;. width: 200px;. height: 5px;. background-color: #eee;. position: relative;. }. .progress-bar .fill {.

                            Static File Info

                            No static file info

                            Network Behavior

                            Suricata IDS Alerts

                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                            2024-12-18T17:54:10.247214+01002857090ETPRO PHISHING JS/PsyduckPockeball Payload Inbound189.117.109.41443192.168.2.1649709TCP

                            Network Port Distribution

                            TCP Packets

                            TimestampSource PortDest PortSource IPDest IP
                            Dec 18, 2024 17:53:54.654920101 CET49673443192.168.2.16204.79.197.203
                            Dec 18, 2024 17:53:55.264257908 CET49673443192.168.2.16204.79.197.203
                            Dec 18, 2024 17:53:56.473649979 CET49673443192.168.2.16204.79.197.203
                            Dec 18, 2024 17:53:58.884689093 CET49673443192.168.2.16204.79.197.203
                            Dec 18, 2024 17:54:02.513178110 CET49678443192.168.2.1620.189.173.10
                            Dec 18, 2024 17:54:02.827740908 CET49678443192.168.2.1620.189.173.10
                            Dec 18, 2024 17:54:03.432760000 CET49678443192.168.2.1620.189.173.10
                            Dec 18, 2024 17:54:03.636466026 CET49705443192.168.2.16167.114.27.228
                            Dec 18, 2024 17:54:03.636513948 CET44349705167.114.27.228192.168.2.16
                            Dec 18, 2024 17:54:03.636620045 CET49705443192.168.2.16167.114.27.228
                            Dec 18, 2024 17:54:03.636852026 CET49705443192.168.2.16167.114.27.228
                            Dec 18, 2024 17:54:03.636864901 CET44349705167.114.27.228192.168.2.16
                            Dec 18, 2024 17:54:03.686747074 CET49673443192.168.2.16204.79.197.203
                            Dec 18, 2024 17:54:04.639767885 CET49678443192.168.2.1620.189.173.10
                            Dec 18, 2024 17:54:04.646440983 CET49706443192.168.2.16142.250.181.132
                            Dec 18, 2024 17:54:04.646491051 CET44349706142.250.181.132192.168.2.16
                            Dec 18, 2024 17:54:04.646667957 CET49706443192.168.2.16142.250.181.132
                            Dec 18, 2024 17:54:04.646922112 CET49706443192.168.2.16142.250.181.132
                            Dec 18, 2024 17:54:04.646939993 CET44349706142.250.181.132192.168.2.16
                            Dec 18, 2024 17:54:04.880626917 CET44349705167.114.27.228192.168.2.16
                            Dec 18, 2024 17:54:04.881150961 CET49705443192.168.2.16167.114.27.228
                            Dec 18, 2024 17:54:04.881184101 CET44349705167.114.27.228192.168.2.16
                            Dec 18, 2024 17:54:04.882685900 CET44349705167.114.27.228192.168.2.16
                            Dec 18, 2024 17:54:04.882767916 CET49705443192.168.2.16167.114.27.228
                            Dec 18, 2024 17:54:04.884257078 CET49705443192.168.2.16167.114.27.228
                            Dec 18, 2024 17:54:04.884351015 CET44349705167.114.27.228192.168.2.16
                            Dec 18, 2024 17:54:04.884532928 CET49705443192.168.2.16167.114.27.228
                            Dec 18, 2024 17:54:04.927444935 CET44349705167.114.27.228192.168.2.16
                            Dec 18, 2024 17:54:04.927856922 CET49705443192.168.2.16167.114.27.228
                            Dec 18, 2024 17:54:04.927887917 CET44349705167.114.27.228192.168.2.16
                            Dec 18, 2024 17:54:04.975752115 CET49705443192.168.2.16167.114.27.228
                            Dec 18, 2024 17:54:05.321819067 CET44349705167.114.27.228192.168.2.16
                            Dec 18, 2024 17:54:05.321852922 CET44349705167.114.27.228192.168.2.16
                            Dec 18, 2024 17:54:05.321861982 CET44349705167.114.27.228192.168.2.16
                            Dec 18, 2024 17:54:05.321926117 CET49705443192.168.2.16167.114.27.228
                            Dec 18, 2024 17:54:05.321938992 CET44349705167.114.27.228192.168.2.16
                            Dec 18, 2024 17:54:05.322041035 CET49705443192.168.2.16167.114.27.228
                            Dec 18, 2024 17:54:05.322989941 CET49705443192.168.2.16167.114.27.228
                            Dec 18, 2024 17:54:05.323013067 CET44349705167.114.27.228192.168.2.16
                            Dec 18, 2024 17:54:05.343307018 CET49707443192.168.2.16167.114.27.228
                            Dec 18, 2024 17:54:05.343357086 CET44349707167.114.27.228192.168.2.16
                            Dec 18, 2024 17:54:05.343667984 CET49707443192.168.2.16167.114.27.228
                            Dec 18, 2024 17:54:05.344320059 CET49707443192.168.2.16167.114.27.228
                            Dec 18, 2024 17:54:05.344340086 CET44349707167.114.27.228192.168.2.16
                            Dec 18, 2024 17:54:06.364794016 CET44349706142.250.181.132192.168.2.16
                            Dec 18, 2024 17:54:06.365096092 CET49706443192.168.2.16142.250.181.132
                            Dec 18, 2024 17:54:06.365134954 CET44349706142.250.181.132192.168.2.16
                            Dec 18, 2024 17:54:06.366565943 CET44349706142.250.181.132192.168.2.16
                            Dec 18, 2024 17:54:06.366650105 CET49706443192.168.2.16142.250.181.132
                            Dec 18, 2024 17:54:06.367790937 CET49706443192.168.2.16142.250.181.132
                            Dec 18, 2024 17:54:06.367872953 CET44349706142.250.181.132192.168.2.16
                            Dec 18, 2024 17:54:06.410765886 CET49706443192.168.2.16142.250.181.132
                            Dec 18, 2024 17:54:06.410789967 CET44349706142.250.181.132192.168.2.16
                            Dec 18, 2024 17:54:06.458792925 CET49706443192.168.2.16142.250.181.132
                            Dec 18, 2024 17:54:06.587260962 CET44349707167.114.27.228192.168.2.16
                            Dec 18, 2024 17:54:06.587980986 CET49707443192.168.2.16167.114.27.228
                            Dec 18, 2024 17:54:06.588012934 CET44349707167.114.27.228192.168.2.16
                            Dec 18, 2024 17:54:06.588808060 CET44349707167.114.27.228192.168.2.16
                            Dec 18, 2024 17:54:06.589206934 CET49707443192.168.2.16167.114.27.228
                            Dec 18, 2024 17:54:06.589390993 CET49707443192.168.2.16167.114.27.228
                            Dec 18, 2024 17:54:06.589399099 CET44349707167.114.27.228192.168.2.16
                            Dec 18, 2024 17:54:06.589495897 CET44349707167.114.27.228192.168.2.16
                            Dec 18, 2024 17:54:06.634753942 CET49707443192.168.2.16167.114.27.228
                            Dec 18, 2024 17:54:06.969959974 CET4968080192.168.2.16192.229.211.108
                            Dec 18, 2024 17:54:07.049767971 CET49678443192.168.2.1620.189.173.10
                            Dec 18, 2024 17:54:07.078330040 CET44349707167.114.27.228192.168.2.16
                            Dec 18, 2024 17:54:07.078355074 CET44349707167.114.27.228192.168.2.16
                            Dec 18, 2024 17:54:07.078430891 CET49707443192.168.2.16167.114.27.228
                            Dec 18, 2024 17:54:07.078437090 CET44349707167.114.27.228192.168.2.16
                            Dec 18, 2024 17:54:07.078478098 CET49707443192.168.2.16167.114.27.228
                            Dec 18, 2024 17:54:07.079164028 CET49707443192.168.2.16167.114.27.228
                            Dec 18, 2024 17:54:07.079191923 CET44349707167.114.27.228192.168.2.16
                            Dec 18, 2024 17:54:07.225645065 CET49708443192.168.2.16167.114.27.228
                            Dec 18, 2024 17:54:07.225696087 CET44349708167.114.27.228192.168.2.16
                            Dec 18, 2024 17:54:07.225805998 CET49708443192.168.2.16167.114.27.228
                            Dec 18, 2024 17:54:07.226142883 CET49708443192.168.2.16167.114.27.228
                            Dec 18, 2024 17:54:07.226160049 CET44349708167.114.27.228192.168.2.16
                            Dec 18, 2024 17:54:07.271821976 CET4968080192.168.2.16192.229.211.108
                            Dec 18, 2024 17:54:07.508860111 CET49709443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:07.508907080 CET4434970989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:07.509004116 CET49709443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:07.509229898 CET49710443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:07.509287119 CET4434971089.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:07.509433985 CET49709443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:07.509457111 CET4434970989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:07.509459019 CET49710443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:07.509674072 CET49710443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:07.509696960 CET4434971089.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:07.879801035 CET4968080192.168.2.16192.229.211.108
                            Dec 18, 2024 17:54:08.675050974 CET44349708167.114.27.228192.168.2.16
                            Dec 18, 2024 17:54:08.675357103 CET49708443192.168.2.16167.114.27.228
                            Dec 18, 2024 17:54:08.675405979 CET44349708167.114.27.228192.168.2.16
                            Dec 18, 2024 17:54:08.677031040 CET44349708167.114.27.228192.168.2.16
                            Dec 18, 2024 17:54:08.677124023 CET49708443192.168.2.16167.114.27.228
                            Dec 18, 2024 17:54:08.677607059 CET49708443192.168.2.16167.114.27.228
                            Dec 18, 2024 17:54:08.677690029 CET44349708167.114.27.228192.168.2.16
                            Dec 18, 2024 17:54:08.677824020 CET49708443192.168.2.16167.114.27.228
                            Dec 18, 2024 17:54:08.677833080 CET44349708167.114.27.228192.168.2.16
                            Dec 18, 2024 17:54:08.726815939 CET49708443192.168.2.16167.114.27.228
                            Dec 18, 2024 17:54:08.867392063 CET4434970989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:08.867675066 CET49709443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:08.867700100 CET4434970989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:08.867904902 CET4434971089.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:08.868115902 CET49710443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:08.868145943 CET4434971089.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:08.869193077 CET4434970989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:08.869266987 CET49709443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:08.869381905 CET4434971089.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:08.869462967 CET49710443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:08.870378017 CET49709443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:08.870464087 CET4434970989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:08.870606899 CET49709443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:08.870620012 CET4434970989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:08.870701075 CET49710443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:08.870767117 CET4434971089.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:08.918797970 CET49709443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:08.918911934 CET49710443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:08.918952942 CET4434971089.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:08.966773987 CET49710443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:09.094839096 CET4968080192.168.2.16192.229.211.108
                            Dec 18, 2024 17:54:09.125243902 CET44349708167.114.27.228192.168.2.16
                            Dec 18, 2024 17:54:09.125282049 CET44349708167.114.27.228192.168.2.16
                            Dec 18, 2024 17:54:09.125396967 CET44349708167.114.27.228192.168.2.16
                            Dec 18, 2024 17:54:09.125529051 CET49708443192.168.2.16167.114.27.228
                            Dec 18, 2024 17:54:09.125529051 CET49708443192.168.2.16167.114.27.228
                            Dec 18, 2024 17:54:09.126490116 CET49708443192.168.2.16167.114.27.228
                            Dec 18, 2024 17:54:09.126559973 CET44349708167.114.27.228192.168.2.16
                            Dec 18, 2024 17:54:09.587838888 CET4434970989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:09.587862968 CET4434970989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:09.588061094 CET4434970989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:09.588124990 CET49709443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:09.588160038 CET4434970989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:09.589936972 CET49709443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:09.797044039 CET4434970989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:09.797055960 CET4434970989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:09.797239065 CET4434970989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:09.797261953 CET4434970989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:09.797269106 CET49709443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:09.797305107 CET4434970989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:09.797338009 CET49709443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:09.797379971 CET49709443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:09.850454092 CET4434970989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:09.850476027 CET4434970989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:09.850632906 CET49709443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:09.850665092 CET4434970989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:09.850739002 CET49709443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:09.986279011 CET4434970989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:09.986303091 CET4434970989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:09.986397982 CET49709443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:09.986423016 CET4434970989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:09.986476898 CET49709443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:10.016288042 CET4434970989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:10.016305923 CET4434970989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:10.016427040 CET49709443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:10.016438961 CET4434970989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:10.016510010 CET49709443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:10.050070047 CET4434970989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:10.050086021 CET4434970989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:10.050199032 CET49709443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:10.050209999 CET4434970989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:10.050260067 CET49709443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:10.149638891 CET4434970989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:10.149662971 CET4434970989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:10.149775982 CET49709443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:10.149801970 CET4434970989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:10.149861097 CET49709443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:10.178798914 CET4434970989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:10.178823948 CET4434970989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:10.178981066 CET49709443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:10.179019928 CET4434970989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:10.179080963 CET49709443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:10.202651978 CET4434970989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:10.202676058 CET4434970989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:10.202809095 CET49709443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:10.202825069 CET4434970989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:10.202894926 CET49709443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:10.228655100 CET4434970989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:10.228679895 CET4434970989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:10.228931904 CET49709443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:10.228966951 CET4434970989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:10.230268002 CET49709443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:10.247164965 CET4434970989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:10.247205973 CET4434970989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:10.247267962 CET49709443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:10.247302055 CET4434970989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:10.247328997 CET4434970989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:10.247333050 CET49709443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:10.247392893 CET49709443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:10.247884035 CET49709443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:10.247900963 CET4434970989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:10.800390959 CET49711443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:10.800432920 CET4434971189.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:10.800515890 CET49711443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:10.800923109 CET49711443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:10.800939083 CET4434971189.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:10.802032948 CET49710443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:10.802076101 CET49710443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:10.802114010 CET4434971089.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:11.409190893 CET4434971089.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:11.409279108 CET4434971089.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:11.409423113 CET49710443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:11.410281897 CET49710443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:11.410304070 CET4434971089.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:11.501851082 CET4968080192.168.2.16192.229.211.108
                            Dec 18, 2024 17:54:11.851871967 CET49678443192.168.2.1620.189.173.10
                            Dec 18, 2024 17:54:12.155004025 CET4434971189.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:12.155365944 CET49711443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:12.155402899 CET4434971189.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:12.155735016 CET4434971189.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:12.156200886 CET49711443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:12.156249046 CET49711443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:12.156265020 CET4434971189.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:12.156287909 CET4434971189.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:12.203883886 CET49711443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:13.288908005 CET49673443192.168.2.16204.79.197.203
                            Dec 18, 2024 17:54:13.425003052 CET4434971189.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:13.425029993 CET4434971189.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:13.425038099 CET4434971189.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:13.425076008 CET4434971189.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:13.425106049 CET4434971189.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:13.425127029 CET49711443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:13.425148010 CET4434971189.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:13.425204992 CET49711443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:13.634028912 CET4434971189.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:13.634061098 CET4434971189.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:13.634141922 CET49711443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:13.634157896 CET4434971189.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:13.634228945 CET49711443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:13.675556898 CET4434971189.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:13.675581932 CET4434971189.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:13.675640106 CET49711443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:13.675652027 CET4434971189.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:13.675718069 CET49711443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:13.675899029 CET49711443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:13.686914921 CET49716443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:13.686944008 CET4434971689.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:13.687061071 CET49716443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:13.687268019 CET49716443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:13.687283039 CET4434971689.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:13.796046019 CET4434971189.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:13.796094894 CET4434971189.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:13.796153069 CET49711443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:13.796159029 CET4434971189.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:13.796220064 CET49711443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:13.796499968 CET49711443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:13.796514034 CET4434971189.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:15.049160004 CET4434971689.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:15.049438000 CET49716443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:15.049460888 CET4434971689.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:15.050909996 CET4434971689.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:15.051013947 CET49716443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:15.051970005 CET49716443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:15.052062988 CET4434971689.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:15.052212000 CET49716443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:15.052221060 CET4434971689.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:15.106853008 CET49716443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:16.057044983 CET44349706142.250.181.132192.168.2.16
                            Dec 18, 2024 17:54:16.057121038 CET44349706142.250.181.132192.168.2.16
                            Dec 18, 2024 17:54:16.057215929 CET49706443192.168.2.16142.250.181.132
                            Dec 18, 2024 17:54:16.303927898 CET4968080192.168.2.16192.229.211.108
                            Dec 18, 2024 17:54:16.641937017 CET4434971689.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:16.642004013 CET4434971689.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:16.642025948 CET4434971689.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:16.642072916 CET4434971689.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:16.642112017 CET4434971689.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:16.642112017 CET49716443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:16.642132998 CET4434971689.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:16.642165899 CET49716443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:16.642189980 CET4434971689.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:16.642220974 CET49716443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:16.642247915 CET49716443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:16.681268930 CET4434971689.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:16.681324959 CET4434971689.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:16.681361914 CET49716443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:16.681380987 CET4434971689.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:16.681423903 CET49716443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:16.737777948 CET4434971689.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:16.737827063 CET4434971689.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:16.737904072 CET49716443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:16.737929106 CET4434971689.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:16.737972021 CET49716443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:16.737999916 CET49716443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:16.840609074 CET4434971689.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:16.840706110 CET49716443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:16.840724945 CET4434971689.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:16.840790987 CET4434971689.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:16.840854883 CET49716443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:16.841080904 CET49716443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:16.841098070 CET4434971689.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:16.844132900 CET49706443192.168.2.16142.250.181.132
                            Dec 18, 2024 17:54:16.844149113 CET44349706142.250.181.132192.168.2.16
                            Dec 18, 2024 17:54:16.878072977 CET49718443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:16.878107071 CET4434971889.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:16.878171921 CET49718443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:16.878402948 CET49718443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:16.878421068 CET4434971889.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:16.904012918 CET49719443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:16.904058933 CET4434971989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:16.904123068 CET49719443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:16.904422045 CET49719443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:16.904438019 CET4434971989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:16.905873060 CET49720443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:16.905971050 CET4434972089.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:16.906049013 CET49720443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:16.906373024 CET49721443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:16.906410933 CET4434972189.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:16.906464100 CET49721443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:16.906666994 CET49720443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:16.906706095 CET4434972089.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:16.906904936 CET49721443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:16.906923056 CET4434972189.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:16.984527111 CET49722443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:16.984625101 CET4434972289.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:16.984716892 CET49722443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:16.985016108 CET49722443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:16.985047102 CET4434972289.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:18.248100996 CET4434971889.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:18.248513937 CET49718443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:18.248550892 CET4434971889.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:18.248881102 CET4434971889.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:18.249178886 CET49718443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:18.249243975 CET4434971889.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:18.251185894 CET49718443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:18.282413960 CET4434971989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:18.283576965 CET49719443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:18.283591032 CET4434971989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:18.283740997 CET4434972089.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:18.283952951 CET4434971989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:18.285376072 CET49720443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:18.285398006 CET4434972089.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:18.286907911 CET4434972089.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:18.286999941 CET49720443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:18.287270069 CET49719443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:18.287338972 CET4434971989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:18.287616014 CET49720443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:18.287734032 CET4434972089.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:18.287890911 CET4434972189.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:18.289298058 CET49719443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:18.289387941 CET49720443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:18.289395094 CET4434972089.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:18.291064024 CET49721443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:18.291098118 CET4434972189.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:18.291497946 CET4434971889.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:18.294496059 CET4434972189.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:18.294575930 CET49721443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:18.296282053 CET49721443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:18.296381950 CET4434972189.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:18.331368923 CET4434971989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:18.334141970 CET49720443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:18.348937035 CET49721443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:18.348978043 CET4434972189.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:18.370196104 CET4434972289.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:18.370434046 CET49722443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:18.370469093 CET4434972289.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:18.373752117 CET4434972289.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:18.373843908 CET49722443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:18.374114990 CET49722443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:18.374212027 CET4434972289.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:18.374228001 CET49722443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:18.396028042 CET49721443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:18.415477037 CET4434972289.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:18.427907944 CET49722443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:18.427933931 CET4434972289.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:18.475917101 CET49722443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:19.207209110 CET4434971889.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:19.207302094 CET4434971889.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:19.207504034 CET49718443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:19.207695007 CET49718443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:19.207741976 CET4434971889.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:19.351986885 CET4434972089.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:19.352164984 CET4434972089.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:19.352243900 CET49720443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:19.352977037 CET49720443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:19.353018999 CET4434972089.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:19.455895901 CET4434972289.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:19.455976963 CET4434972289.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:19.455998898 CET4434972289.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:19.456068993 CET49722443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:19.456115961 CET4434972289.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:19.456151009 CET49722443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:19.456190109 CET49722443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:19.582107067 CET49723443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:19.582159042 CET4434972389.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:19.582243919 CET49723443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:19.582448006 CET49723443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:19.582463980 CET4434972389.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:19.669601917 CET4434972289.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:19.669650078 CET4434972289.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:19.669667006 CET4434972289.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:19.669682026 CET4434972289.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:19.669692993 CET49722443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:19.669694901 CET4434972289.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:19.669727087 CET4434972289.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:19.669909000 CET49722443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:19.669935942 CET4434972289.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:19.669977903 CET49722443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:19.720731020 CET4434972289.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:19.720805883 CET4434972289.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:19.720877886 CET49722443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:19.720956087 CET4434972289.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:19.720999002 CET49722443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:19.721020937 CET49722443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:19.846200943 CET4434972289.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:19.846286058 CET4434972289.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:19.846333027 CET49722443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:19.846364021 CET4434972289.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:19.846414089 CET49722443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:19.846462011 CET4434972289.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:19.846517086 CET49722443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:19.846817017 CET49722443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:19.846829891 CET4434972289.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:19.971231937 CET4434971989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:19.971257925 CET4434971989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:19.971273899 CET4434971989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:19.971391916 CET49719443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:19.971411943 CET4434971989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:19.971462965 CET49719443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:19.973683119 CET49719443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:19.973706007 CET49719443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:20.197140932 CET49724443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:20.197247982 CET4434972489.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:20.197374105 CET49724443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:20.197644949 CET49724443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:20.197702885 CET4434972489.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:20.935235023 CET4434972389.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:20.935600042 CET49723443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:20.935615063 CET4434972389.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:20.936660051 CET4434972389.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:20.936743975 CET49723443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:20.937932968 CET49723443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:20.937994957 CET4434972389.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:20.938122034 CET49723443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:20.938127995 CET4434972389.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:20.980940104 CET49723443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:21.210573912 CET49725443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:21.210630894 CET4434972589.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:21.210736036 CET49725443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:21.211580992 CET49725443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:21.211599112 CET4434972589.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:21.459953070 CET49678443192.168.2.1620.189.173.10
                            Dec 18, 2024 17:54:21.544811010 CET4434972489.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:21.545161963 CET49724443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:21.545226097 CET4434972489.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:21.546288967 CET4434972489.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:21.546371937 CET49724443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:21.547516108 CET49724443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:21.547602892 CET4434972489.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:21.547740936 CET49724443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:21.547764063 CET4434972489.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:21.601943016 CET49724443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:21.973165035 CET4434972389.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:21.973299026 CET4434972389.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:21.973364115 CET49723443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:21.973459005 CET49723443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:21.973479033 CET4434972389.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:21.973503113 CET49723443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:21.973547935 CET49723443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:21.973959923 CET49727443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:21.973997116 CET4434972789.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:21.974071980 CET49727443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:21.974298000 CET49727443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:21.974308014 CET4434972789.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:22.607934952 CET4434972589.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:22.608319998 CET49725443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:22.608330965 CET4434972589.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:22.608733892 CET4434972589.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:22.609169006 CET49725443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:22.609255075 CET4434972589.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:22.609483004 CET49725443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:22.649130106 CET49725443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:22.649139881 CET4434972589.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:23.198138952 CET4434972489.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:23.198165894 CET4434972489.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:23.198174000 CET4434972489.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:23.198235035 CET4434972489.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:23.198276997 CET4434972489.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:23.198302984 CET4434972489.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:23.198379993 CET49724443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:23.198445082 CET4434972489.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:23.198515892 CET49724443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:23.202716112 CET49725443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:23.202871084 CET4434972589.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:23.202977896 CET49725443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:23.214509010 CET49728443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:23.214546919 CET4434972889.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:23.214622021 CET49728443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:23.215100050 CET49728443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:23.215111971 CET4434972889.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:23.215337992 CET49729443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:23.215399981 CET4434972989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:23.215468884 CET49729443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:23.215641975 CET49729443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:23.215672016 CET4434972989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:23.217175961 CET4434972489.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:23.217264891 CET49724443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:23.217276096 CET4434972489.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:23.217453003 CET49724443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:23.217514992 CET49724443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:23.217535019 CET4434972489.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:23.321821928 CET4434972789.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:23.322115898 CET49727443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:23.322129965 CET4434972789.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:23.322501898 CET4434972789.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:23.322920084 CET49727443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:23.322990894 CET4434972789.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:23.323060036 CET49727443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:23.364016056 CET49727443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:23.364037991 CET4434972789.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:24.565289974 CET4434972889.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:24.565597057 CET49728443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:24.565614939 CET4434972889.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:24.565979004 CET4434972889.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:24.566289902 CET49728443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:24.566354990 CET4434972889.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:24.566543102 CET49728443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:24.568042040 CET4434972989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:24.568332911 CET49729443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:24.568363905 CET4434972989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:24.569865942 CET4434972989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:24.570709944 CET49729443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:24.570907116 CET4434972989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:24.570938110 CET49729443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:24.611335993 CET4434972889.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:24.615346909 CET4434972989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:24.619019032 CET49729443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:25.820672989 CET4434972989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:25.824995041 CET4434972989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:25.825083971 CET49729443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:25.825109959 CET4434972989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:25.825128078 CET4434972989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:25.825161934 CET49729443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:25.825190067 CET49729443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:25.826505899 CET49729443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:25.826534033 CET4434972989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:25.872473955 CET4434972889.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:25.872536898 CET4434972889.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:25.872648001 CET49728443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:25.872664928 CET4434972889.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:25.873157024 CET4434972889.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:25.873217106 CET49728443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:25.874358892 CET49728443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:25.874373913 CET4434972889.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:25.896678925 CET49731443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:25.896744967 CET4434973189.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:25.896825075 CET49731443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:25.897330046 CET49731443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:25.897356033 CET4434973189.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:25.898349047 CET49732443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:25.898391008 CET4434973289.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:25.898464918 CET49732443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:25.898643970 CET49732443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:25.898654938 CET4434973289.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:25.905016899 CET4968080192.168.2.16192.229.211.108
                            Dec 18, 2024 17:54:25.969038010 CET49733443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:25.969099998 CET4434973389.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:25.969188929 CET49733443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:25.969384909 CET49733443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:25.969419003 CET4434973389.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:27.302361012 CET4434973189.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:27.302820921 CET49731443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:27.302870035 CET4434973189.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:27.302999973 CET4434973289.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:27.303742886 CET4434973189.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:27.304692030 CET49731443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:27.304790020 CET4434973189.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:27.304843903 CET49732443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:27.304867983 CET4434973289.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:27.305488110 CET4434973289.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:27.306720972 CET49731443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:27.308511972 CET49732443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:27.308625937 CET49732443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:27.308640003 CET4434973289.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:27.308684111 CET4434973289.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:27.351336956 CET4434973189.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:27.355231047 CET49732443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:27.364294052 CET4434973389.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:27.364588022 CET49733443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:27.364614964 CET4434973389.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:27.366050959 CET4434973389.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:27.366142988 CET49733443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:27.366467953 CET49733443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:27.366543055 CET4434973389.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:27.366635084 CET49733443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:27.366641998 CET4434973389.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:27.418008089 CET49733443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:28.599423885 CET4434973289.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:28.602302074 CET4434973289.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:28.602396965 CET49732443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:28.602636099 CET49732443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:28.602659941 CET4434973289.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:28.605772972 CET49736443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:28.605813980 CET4434973689.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:28.605941057 CET49736443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:28.606301069 CET49736443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:28.606316090 CET4434973689.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:28.623703003 CET4434973189.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:28.623874903 CET4434973189.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:28.623940945 CET49731443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:28.624579906 CET49731443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:28.624603033 CET4434973189.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:28.625601053 CET4434973389.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:28.629463911 CET4434973389.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:28.629565954 CET49733443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:28.629574060 CET4434973389.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:28.629633904 CET49733443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:28.629841089 CET49733443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:28.629857063 CET4434973389.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:29.989815950 CET4434973689.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:29.990103960 CET49736443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:29.990123987 CET4434973689.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:29.990463972 CET4434973689.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:29.990756035 CET49736443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:29.990822077 CET4434973689.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:29.990917921 CET49736443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:30.035321951 CET4434973689.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:31.199244022 CET4434973689.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:31.203108072 CET4434973689.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:31.203207970 CET49736443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:31.203583956 CET49736443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:31.203603029 CET4434973689.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:31.267788887 CET4434972789.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:31.267865896 CET4434972789.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:31.267923117 CET49727443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:31.268090010 CET49727443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:31.268105030 CET4434972789.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:36.008059978 CET49739443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:36.008126974 CET4434973989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:36.008210897 CET49739443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:36.008388042 CET49740443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:36.008434057 CET4434974089.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:36.008491993 CET49740443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:36.008712053 CET49739443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:36.008733034 CET4434973989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:36.008863926 CET49740443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:36.008877039 CET4434974089.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:37.364268064 CET4434973989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:37.364726067 CET49739443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:37.364806890 CET4434973989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:37.365226030 CET4434973989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:37.365578890 CET49739443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:37.365689993 CET4434973989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:37.365860939 CET49739443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:37.365861893 CET49739443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:37.365906000 CET4434973989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:37.365941048 CET4434974089.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:37.366182089 CET49740443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:37.366244078 CET4434974089.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:37.367460966 CET4434974089.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:37.367768049 CET49740443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:37.367959976 CET4434974089.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:37.415158987 CET49740443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:39.481684923 CET4434973989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:39.481785059 CET4434973989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:39.481827021 CET4434973989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:39.481897116 CET49739443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:39.481952906 CET4434973989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:39.481987953 CET49739443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:39.482013941 CET49739443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:39.494606018 CET49740443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:39.494606018 CET49740443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:39.494637012 CET4434974089.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:39.497714996 CET49741443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:39.497812033 CET4434974189.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:39.497920990 CET49741443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:39.498265982 CET49741443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:39.498296976 CET4434974189.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:39.501188993 CET4434973989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:39.501266956 CET49739443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:39.501295090 CET4434973989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:39.501359940 CET49739443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:39.501374006 CET4434973989.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:39.501425028 CET49739443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:40.574589014 CET4434974089.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:40.574799061 CET4434974089.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:40.574979067 CET49740443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:40.575421095 CET49740443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:40.575464010 CET4434974089.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:40.575519085 CET49740443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:40.575545073 CET49740443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:40.855844021 CET4434974189.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:40.856134892 CET49741443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:40.856189966 CET4434974189.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:40.856679916 CET4434974189.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:40.856985092 CET49741443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:40.857073069 CET4434974189.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:40.857131958 CET49741443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:40.857157946 CET4434974189.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:40.907145023 CET49741443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:42.130021095 CET4434974189.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:42.130198956 CET4434974189.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:42.130429983 CET49741443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:42.130697966 CET49741443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:42.130698919 CET49741443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:42.130745888 CET4434974189.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:42.130810976 CET49741443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:42.133563042 CET49742443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:42.133651018 CET4434974289.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:42.133733988 CET49742443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:42.133959055 CET49742443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:42.133995056 CET4434974289.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:43.537436962 CET4434974289.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:43.537794113 CET49742443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:43.537875891 CET4434974289.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:43.538225889 CET4434974289.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:43.538532019 CET49742443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:43.538608074 CET4434974289.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:43.538732052 CET49742443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:43.538762093 CET4434974289.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:44.802982092 CET4434974289.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:44.803150892 CET4434974289.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:44.803227901 CET49742443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:44.803404093 CET49742443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:44.803426027 CET4434974289.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:44.803442955 CET49742443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:44.803477049 CET49742443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:44.807120085 CET49743443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:44.807203054 CET4434974389.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:44.807290077 CET49743443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:44.807521105 CET49743443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:44.807558060 CET4434974389.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:46.167588949 CET4434974389.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:46.167896032 CET49743443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:46.167949915 CET4434974389.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:46.168416977 CET4434974389.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:46.168730974 CET49743443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:46.168828964 CET4434974389.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:46.168869972 CET49743443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:46.211338043 CET4434974389.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:46.221198082 CET49743443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:47.384119987 CET4434974389.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:47.384222984 CET4434974389.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:47.384397030 CET49743443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:47.384521008 CET49743443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:47.384521961 CET49743443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:54:47.384562969 CET4434974389.117.109.41192.168.2.16
                            Dec 18, 2024 17:54:47.384633064 CET49743443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:55:03.358421087 CET49721443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:55:03.358442068 CET4434972189.117.109.41192.168.2.16
                            Dec 18, 2024 17:55:04.572819948 CET49746443192.168.2.16142.250.181.132
                            Dec 18, 2024 17:55:04.572882891 CET44349746142.250.181.132192.168.2.16
                            Dec 18, 2024 17:55:04.573069096 CET49746443192.168.2.16142.250.181.132
                            Dec 18, 2024 17:55:04.573415041 CET49746443192.168.2.16142.250.181.132
                            Dec 18, 2024 17:55:04.573438883 CET44349746142.250.181.132192.168.2.16
                            Dec 18, 2024 17:55:06.276159048 CET44349746142.250.181.132192.168.2.16
                            Dec 18, 2024 17:55:06.276509047 CET49746443192.168.2.16142.250.181.132
                            Dec 18, 2024 17:55:06.276537895 CET44349746142.250.181.132192.168.2.16
                            Dec 18, 2024 17:55:06.277025938 CET44349746142.250.181.132192.168.2.16
                            Dec 18, 2024 17:55:06.277405024 CET49746443192.168.2.16142.250.181.132
                            Dec 18, 2024 17:55:06.277487993 CET44349746142.250.181.132192.168.2.16
                            Dec 18, 2024 17:55:06.325463057 CET49746443192.168.2.16142.250.181.132
                            Dec 18, 2024 17:55:15.965025902 CET44349746142.250.181.132192.168.2.16
                            Dec 18, 2024 17:55:15.965109110 CET44349746142.250.181.132192.168.2.16
                            Dec 18, 2024 17:55:15.965212107 CET49746443192.168.2.16142.250.181.132
                            Dec 18, 2024 17:55:16.007268906 CET49746443192.168.2.16142.250.181.132
                            Dec 18, 2024 17:55:16.007318974 CET44349746142.250.181.132192.168.2.16
                            Dec 18, 2024 17:55:18.119664907 CET4434972189.117.109.41192.168.2.16
                            Dec 18, 2024 17:55:18.119762897 CET4434972189.117.109.41192.168.2.16
                            Dec 18, 2024 17:55:18.119827986 CET49721443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:55:19.994579077 CET49721443192.168.2.1689.117.109.41
                            Dec 18, 2024 17:55:19.994656086 CET4434972189.117.109.41192.168.2.16

                            UDP Packets

                            TimestampSource PortDest PortSource IPDest IP
                            Dec 18, 2024 17:53:59.881793976 CET53520011.1.1.1192.168.2.16
                            Dec 18, 2024 17:53:59.962874889 CET53561501.1.1.1192.168.2.16
                            Dec 18, 2024 17:54:00.594183922 CET6541753192.168.2.161.1.1.1
                            Dec 18, 2024 17:54:00.594408989 CET5289453192.168.2.161.1.1.1
                            Dec 18, 2024 17:54:02.694943905 CET53538911.1.1.1192.168.2.16
                            Dec 18, 2024 17:54:03.055305958 CET5970653192.168.2.161.1.1.1
                            Dec 18, 2024 17:54:03.055463076 CET5167053192.168.2.161.1.1.1
                            Dec 18, 2024 17:54:03.634742975 CET53516701.1.1.1192.168.2.16
                            Dec 18, 2024 17:54:03.635898113 CET53597061.1.1.1192.168.2.16
                            Dec 18, 2024 17:54:04.507802963 CET6359253192.168.2.161.1.1.1
                            Dec 18, 2024 17:54:04.507996082 CET5189653192.168.2.161.1.1.1
                            Dec 18, 2024 17:54:04.645329952 CET53518961.1.1.1192.168.2.16
                            Dec 18, 2024 17:54:04.645379066 CET53635921.1.1.1192.168.2.16
                            Dec 18, 2024 17:54:06.874624014 CET6079253192.168.2.161.1.1.1
                            Dec 18, 2024 17:54:06.874799013 CET5232153192.168.2.161.1.1.1
                            Dec 18, 2024 17:54:07.084553003 CET6479953192.168.2.161.1.1.1
                            Dec 18, 2024 17:54:07.084870100 CET6445353192.168.2.161.1.1.1
                            Dec 18, 2024 17:54:07.224603891 CET53644531.1.1.1192.168.2.16
                            Dec 18, 2024 17:54:07.224917889 CET53647991.1.1.1192.168.2.16
                            Dec 18, 2024 17:54:07.507498026 CET53607921.1.1.1192.168.2.16
                            Dec 18, 2024 17:54:07.507983923 CET53523211.1.1.1192.168.2.16
                            Dec 18, 2024 17:54:13.458878994 CET5540753192.168.2.161.1.1.1
                            Dec 18, 2024 17:54:13.459132910 CET6459353192.168.2.161.1.1.1
                            Dec 18, 2024 17:54:13.674952984 CET53645931.1.1.1192.168.2.16
                            Dec 18, 2024 17:54:13.686290979 CET53554071.1.1.1192.168.2.16
                            Dec 18, 2024 17:54:16.844801903 CET6003353192.168.2.161.1.1.1
                            Dec 18, 2024 17:54:16.845046043 CET4965353192.168.2.161.1.1.1
                            Dec 18, 2024 17:54:16.983129978 CET53496531.1.1.1192.168.2.16
                            Dec 18, 2024 17:54:16.983911037 CET53600331.1.1.1192.168.2.16
                            Dec 18, 2024 17:54:19.354264975 CET5095753192.168.2.161.1.1.1
                            Dec 18, 2024 17:54:19.354423046 CET5206753192.168.2.161.1.1.1
                            Dec 18, 2024 17:54:19.575706005 CET53509571.1.1.1192.168.2.16
                            Dec 18, 2024 17:54:19.581609011 CET53520671.1.1.1192.168.2.16
                            Dec 18, 2024 17:54:19.617829084 CET53524281.1.1.1192.168.2.16
                            Dec 18, 2024 17:54:19.974615097 CET5194153192.168.2.161.1.1.1
                            Dec 18, 2024 17:54:19.974806070 CET6329953192.168.2.161.1.1.1
                            Dec 18, 2024 17:54:20.195797920 CET53519411.1.1.1192.168.2.16
                            Dec 18, 2024 17:54:20.196568012 CET53632991.1.1.1192.168.2.16
                            Dec 18, 2024 17:54:25.829426050 CET6280253192.168.2.161.1.1.1
                            Dec 18, 2024 17:54:25.829605103 CET5679953192.168.2.161.1.1.1
                            Dec 18, 2024 17:54:25.968214035 CET53628021.1.1.1192.168.2.16
                            Dec 18, 2024 17:54:25.968235970 CET53567991.1.1.1192.168.2.16
                            Dec 18, 2024 17:54:26.029619932 CET53502331.1.1.1192.168.2.16
                            Dec 18, 2024 17:54:38.396348953 CET53499611.1.1.1192.168.2.16
                            Dec 18, 2024 17:54:58.810486078 CET138138192.168.2.16192.168.2.255
                            Dec 18, 2024 17:54:59.825412989 CET53588621.1.1.1192.168.2.16
                            Dec 18, 2024 17:55:00.745893002 CET53513951.1.1.1192.168.2.16
                            Dec 18, 2024 17:55:30.407665968 CET53596021.1.1.1192.168.2.16

                            DNS Queries

                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                            Dec 18, 2024 17:54:00.594183922 CET192.168.2.161.1.1.10xb62bStandard query (0)cc.naver.comA (IP address)IN (0x0001)false
                            Dec 18, 2024 17:54:00.594408989 CET192.168.2.161.1.1.10xb67cStandard query (0)cc.naver.com65IN (0x0001)false
                            Dec 18, 2024 17:54:03.055305958 CET192.168.2.161.1.1.10xceffStandard query (0)prestamosgarantizados.comA (IP address)IN (0x0001)false
                            Dec 18, 2024 17:54:03.055463076 CET192.168.2.161.1.1.10x450bStandard query (0)prestamosgarantizados.com65IN (0x0001)false
                            Dec 18, 2024 17:54:04.507802963 CET192.168.2.161.1.1.10x6537Standard query (0)www.google.comA (IP address)IN (0x0001)false
                            Dec 18, 2024 17:54:04.507996082 CET192.168.2.161.1.1.10xb47dStandard query (0)www.google.com65IN (0x0001)false
                            Dec 18, 2024 17:54:06.874624014 CET192.168.2.161.1.1.10xe84aStandard query (0)accounts.cpni.orgA (IP address)IN (0x0001)false
                            Dec 18, 2024 17:54:06.874799013 CET192.168.2.161.1.1.10xd037Standard query (0)accounts.cpni.org65IN (0x0001)false
                            Dec 18, 2024 17:54:07.084553003 CET192.168.2.161.1.1.10x7391Standard query (0)prestamosgarantizados.comA (IP address)IN (0x0001)false
                            Dec 18, 2024 17:54:07.084870100 CET192.168.2.161.1.1.10xd1eaStandard query (0)prestamosgarantizados.com65IN (0x0001)false
                            Dec 18, 2024 17:54:13.458878994 CET192.168.2.161.1.1.10x7d97Standard query (0)a6fe9466-1c6faa7f.cpni.orgA (IP address)IN (0x0001)false
                            Dec 18, 2024 17:54:13.459132910 CET192.168.2.161.1.1.10x3616Standard query (0)a6fe9466-1c6faa7f.cpni.org65IN (0x0001)false
                            Dec 18, 2024 17:54:16.844801903 CET192.168.2.161.1.1.10x3449Standard query (0)a6fe9466-1c6faa7f.cpni.orgA (IP address)IN (0x0001)false
                            Dec 18, 2024 17:54:16.845046043 CET192.168.2.161.1.1.10x53f6Standard query (0)a6fe9466-1c6faa7f.cpni.org65IN (0x0001)false
                            Dec 18, 2024 17:54:19.354264975 CET192.168.2.161.1.1.10x7491Standard query (0)c64504ed-1c6faa7f.cpni.orgA (IP address)IN (0x0001)false
                            Dec 18, 2024 17:54:19.354423046 CET192.168.2.161.1.1.10x3e2bStandard query (0)c64504ed-1c6faa7f.cpni.org65IN (0x0001)false
                            Dec 18, 2024 17:54:19.974615097 CET192.168.2.161.1.1.10xe35dStandard query (0)810041cb-1c6faa7f.cpni.orgA (IP address)IN (0x0001)false
                            Dec 18, 2024 17:54:19.974806070 CET192.168.2.161.1.1.10x6454Standard query (0)810041cb-1c6faa7f.cpni.org65IN (0x0001)false
                            Dec 18, 2024 17:54:25.829426050 CET192.168.2.161.1.1.10xab37Standard query (0)810041cb-1c6faa7f.cpni.orgA (IP address)IN (0x0001)false
                            Dec 18, 2024 17:54:25.829605103 CET192.168.2.161.1.1.10x292bStandard query (0)810041cb-1c6faa7f.cpni.org65IN (0x0001)false

                            DNS Answers

                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                            Dec 18, 2024 17:54:00.994682074 CET1.1.1.1192.168.2.160xb62bNo error (0)cc.naver.comcc.naver.com.akadns.netCNAME (Canonical name)IN (0x0001)false
                            Dec 18, 2024 17:54:01.008152962 CET1.1.1.1192.168.2.160xb67cNo error (0)cc.naver.comcc.naver.com.akadns.netCNAME (Canonical name)IN (0x0001)false
                            Dec 18, 2024 17:54:03.635898113 CET1.1.1.1192.168.2.160xceffNo error (0)prestamosgarantizados.com167.114.27.228A (IP address)IN (0x0001)false
                            Dec 18, 2024 17:54:04.645329952 CET1.1.1.1192.168.2.160xb47dNo error (0)www.google.com65IN (0x0001)false
                            Dec 18, 2024 17:54:04.645379066 CET1.1.1.1192.168.2.160x6537No error (0)www.google.com142.250.181.132A (IP address)IN (0x0001)false
                            Dec 18, 2024 17:54:07.224917889 CET1.1.1.1192.168.2.160x7391No error (0)prestamosgarantizados.com167.114.27.228A (IP address)IN (0x0001)false
                            Dec 18, 2024 17:54:07.507498026 CET1.1.1.1192.168.2.160xe84aNo error (0)accounts.cpni.org89.117.109.41A (IP address)IN (0x0001)false
                            Dec 18, 2024 17:54:13.686290979 CET1.1.1.1192.168.2.160x7d97No error (0)a6fe9466-1c6faa7f.cpni.org89.117.109.41A (IP address)IN (0x0001)false
                            Dec 18, 2024 17:54:16.983911037 CET1.1.1.1192.168.2.160x3449No error (0)a6fe9466-1c6faa7f.cpni.org89.117.109.41A (IP address)IN (0x0001)false
                            Dec 18, 2024 17:54:19.575706005 CET1.1.1.1192.168.2.160x7491No error (0)c64504ed-1c6faa7f.cpni.org89.117.109.41A (IP address)IN (0x0001)false
                            Dec 18, 2024 17:54:20.195797920 CET1.1.1.1192.168.2.160xe35dNo error (0)810041cb-1c6faa7f.cpni.org89.117.109.41A (IP address)IN (0x0001)false
                            Dec 18, 2024 17:54:25.968214035 CET1.1.1.1192.168.2.160xab37No error (0)810041cb-1c6faa7f.cpni.org89.117.109.41A (IP address)IN (0x0001)false

                            HTTP Request Dependency Graph

                            • prestamosgarantizados.com
                            • https:
                              • accounts.cpni.org
                              • a6fe9466-1c6faa7f.cpni.org
                              • 810041cb-1c6faa7f.cpni.org
                            • c64504ed-1c6faa7f.cpni.org

                            HTTPS Proxied Packets

                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            0192.168.2.1649705167.114.27.2284433608C:\Program Files\Google\Chrome\Application\chrome.exe
                            TimestampBytes transferredDirectionData
                            2024-12-18 16:54:04 UTC672OUTGET /vvr/ HTTP/1.1
                            Host: prestamosgarantizados.com
                            Connection: keep-alive
                            Upgrade-Insecure-Requests: 1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                            Sec-Fetch-Site: none
                            Sec-Fetch-Mode: navigate
                            Sec-Fetch-User: ?1
                            Sec-Fetch-Dest: document
                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                            sec-ch-ua-mobile: ?0
                            sec-ch-ua-platform: "Windows"
                            Accept-Encoding: gzip, deflate, br
                            Accept-Language: en-US,en;q=0.9
                            2024-12-18 16:54:05 UTC185INHTTP/1.1 200 OK
                            Date: Wed, 18 Dec 2024 16:54:05 GMT
                            Server: Apache
                            X-Powered-By: PHP/7.4.33
                            Connection: close
                            Transfer-Encoding: chunked
                            Content-Type: text/html; charset=UTF-8
                            2024-12-18 16:54:05 UTC5179INData Raw: 31 34 32 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 52 65 64 69 72 65 63 74 69 6e 67 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b
                            Data Ascii: 142e<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Redirecting...</title> <style> body { margin: 0; padding: 0;


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1192.168.2.1649707167.114.27.2284433608C:\Program Files\Google\Chrome\Application\chrome.exe
                            TimestampBytes transferredDirectionData
                            2024-12-18 16:54:06 UTC610OUTGET /vvr/wsp.svg HTTP/1.1
                            Host: prestamosgarantizados.com
                            Connection: keep-alive
                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                            sec-ch-ua-mobile: ?0
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                            sec-ch-ua-platform: "Windows"
                            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            Sec-Fetch-Site: same-origin
                            Sec-Fetch-Mode: no-cors
                            Sec-Fetch-Dest: image
                            Referer: https://prestamosgarantizados.com/vvr/
                            Accept-Encoding: gzip, deflate, br
                            Accept-Language: en-US,en;q=0.9
                            2024-12-18 16:54:07 UTC210INHTTP/1.1 200 OK
                            Date: Wed, 18 Dec 2024 16:54:06 GMT
                            Server: Apache
                            Last-Modified: Wed, 18 Dec 2024 14:41:48 GMT
                            Accept-Ranges: bytes
                            Content-Length: 3728
                            Connection: close
                            Content-Type: image/svg+xml
                            2024-12-18 16:54:07 UTC3728INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0a 3c 21 2d 2d 20 47 65 6e 65 72 61 74 6f 72 3a 20 41 64 6f 62 65 20 49 6c 6c 75 73 74 72 61 74 6f 72 20 32 38 2e 31 2e 30 2c 20 53 56 47 20 45 78 70 6f 72 74 20 50 6c 75 67 2d 49 6e 20 2e 20 53 56 47 20 56 65 72 73 69 6f 6e 3a 20 36 2e 30 30 20 42 75 69 6c 64 20 30 29 20 20 2d 2d 3e 0a 3c 73 76 67 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 69 64 3d 22 4c 61 79 65 72 5f 31 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 20 78 3d 22 30 70 78 22 20 79 3d 22
                            Data Ascii: <?xml version="1.0" encoding="utf-8"?>... Generator: Adobe Illustrator 28.1.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) --><svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2192.168.2.1649708167.114.27.2284433608C:\Program Files\Google\Chrome\Application\chrome.exe
                            TimestampBytes transferredDirectionData
                            2024-12-18 16:54:08 UTC360OUTGET /vvr/wsp.svg HTTP/1.1
                            Host: prestamosgarantizados.com
                            Connection: keep-alive
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                            Accept: */*
                            Sec-Fetch-Site: none
                            Sec-Fetch-Mode: cors
                            Sec-Fetch-Dest: empty
                            Accept-Encoding: gzip, deflate, br
                            Accept-Language: en-US,en;q=0.9
                            2024-12-18 16:54:09 UTC210INHTTP/1.1 200 OK
                            Date: Wed, 18 Dec 2024 16:54:08 GMT
                            Server: Apache
                            Last-Modified: Wed, 18 Dec 2024 14:41:48 GMT
                            Accept-Ranges: bytes
                            Content-Length: 3728
                            Connection: close
                            Content-Type: image/svg+xml
                            2024-12-18 16:54:09 UTC3728INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0a 3c 21 2d 2d 20 47 65 6e 65 72 61 74 6f 72 3a 20 41 64 6f 62 65 20 49 6c 6c 75 73 74 72 61 74 6f 72 20 32 38 2e 31 2e 30 2c 20 53 56 47 20 45 78 70 6f 72 74 20 50 6c 75 67 2d 49 6e 20 2e 20 53 56 47 20 56 65 72 73 69 6f 6e 3a 20 36 2e 30 30 20 42 75 69 6c 64 20 30 29 20 20 2d 2d 3e 0a 3c 73 76 67 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 69 64 3d 22 4c 61 79 65 72 5f 31 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 20 78 3d 22 30 70 78 22 20 79 3d 22
                            Data Ascii: <?xml version="1.0" encoding="utf-8"?>... Generator: Adobe Illustrator 28.1.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) --><svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            3192.168.2.164970989.117.109.414433608C:\Program Files\Google\Chrome\Application\chrome.exe
                            TimestampBytes transferredDirectionData
                            2024-12-18 16:54:08 UTC817OUTGET /?sessionID=tgy0n46d44l&timestamp=1734540843900&uuid=25267636-6fde-406b-9d7b-c7c62ab6fddd&username=philip.vandermerwe%40qvc.com HTTP/1.1
                            Host: accounts.cpni.org
                            Connection: keep-alive
                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                            sec-ch-ua-mobile: ?0
                            sec-ch-ua-platform: "Windows"
                            Upgrade-Insecure-Requests: 1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                            Sec-Fetch-Site: cross-site
                            Sec-Fetch-Mode: navigate
                            Sec-Fetch-Dest: document
                            Referer: https://prestamosgarantizados.com/
                            Accept-Encoding: gzip, deflate, br
                            Accept-Language: en-US,en;q=0.9
                            2024-12-18 16:54:09 UTC181INHTTP/1.1 200 OK
                            Server: nginx
                            Date: Wed, 18 Dec 2024 16:54:09 GMT
                            Content-Type: text/html; charset=utf-8
                            Transfer-Encoding: chunked
                            Connection: close
                            Vary: Accept-Encoding
                            2024-12-18 16:54:09 UTC7100INData Raw: 31 62 62 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 66 75 6e 63 74 69 6f 6e 20 61 30 52 35 28 52 2c 45 29 7b 76 61 72 20 6c 3d 61 30 52 34 28 29 3b 72 65 74 75 72 6e 20 61 30 52 35 3d 66 75 6e 63 74 69 6f 6e 28 6e 2c 63 29 7b 6e 3d 6e 2d 30 78 66 33 3b 76 61 72 20 57 3d 6c 5b 6e 5d 3b 72 65 74 75 72 6e 20 57 3b 7d 2c 61 30 52 35 28 52 2c 45 29 3b 7d 28 66 75 6e 63 74 69 6f 6e 28 52 2c 45 29 7b 76 61 72 20 6e 4e 3d 61 30 52 35 2c 6c 3d 52 28 29 3b 77 68 69 6c 65 28 21 21 5b 5d 29 7b 74 72 79 7b 76 61 72 20 6e 3d 2d 70 61 72 73 65 49 6e 74 28 6e 4e 28 30 78 34
                            Data Ascii: 1bb4<!DOCTYPE html><html lang="en"> <head> <script type="text/javascript"> function a0R5(R,E){var l=a0R4();return a0R5=function(n,c){n=n-0xf3;var W=l[n];return W;},a0R5(R,E);}(function(R,E){var nN=a0R5,l=R();while(!![]){try{var n=-parseInt(nN(0x4
                            2024-12-18 16:54:09 UTC16384INData Raw: 33 66 66 39 0d 0a 6c 6a 3b 7d 3b 7d 2c 30 78 34 66 65 3a 66 75 6e 63 74 69 6f 6e 28 6c 67 2c 6c 65 2c 6c 54 29 7b 76 61 72 20 63 6e 3d 61 30 52 35 2c 6c 51 3d 6c 54 28 30 78 31 32 39 61 29 2c 6c 7a 3d 6c 51 28 7b 7d 5b 63 6e 28 30 78 33 30 65 29 5d 29 2c 6c 4c 3d 6c 51 28 27 27 5b 27 73 6c 69 63 65 27 5d 29 3b 6c 67 5b 27 65 78 70 6f 72 74 73 27 5d 3d 66 75 6e 63 74 69 6f 6e 28 6c 72 29 7b 76 61 72 20 63 63 3d 63 6e 3b 69 66 28 63 63 28 30 78 34 61 39 29 21 3d 3d 63 63 28 30 78 31 66 36 29 29 72 65 74 75 72 6e 20 6c 4c 28 6c 7a 28 6c 72 29 2c 30 78 38 2c 2d 30 78 31 29 3b 65 6c 73 65 7b 76 61 72 20 6c 6f 3d 74 68 69 73 3b 72 65 74 75 72 6e 20 6e 65 77 20 52 4a 28 66 75 6e 63 74 69 6f 6e 28 6c 44 2c 6c 79 29 7b 6c 6f 28 52 54 2c 6c 6f 2c 6c 44 2c 6c 79 29
                            Data Ascii: 3ff9lj;};},0x4fe:function(lg,le,lT){var cn=a0R5,lQ=lT(0x129a),lz=lQ({}[cn(0x30e)]),lL=lQ(''['slice']);lg['exports']=function(lr){var cc=cn;if(cc(0x4a9)!==cc(0x1f6))return lL(lz(lr),0x8,-0x1);else{var lo=this;return new RJ(function(lD,ly){lo(RT,lo,lD,ly)
                            2024-12-18 16:54:09 UTC16384INData Raw: 0a 34 30 30 30 0d 0a 32 34 29 2c 6c 5a 3d 6c 54 28 30 78 31 35 63 61 29 2c 6c 6f 3d 6c 54 28 30 78 36 61 38 29 2c 6c 44 3d 6c 54 28 30 78 32 33 34 64 29 2c 6c 79 3d 6c 54 28 30 78 31 36 37 62 29 2c 6c 6a 3d 6c 54 28 30 78 37 32 37 29 2c 6c 62 3d 6c 54 28 30 78 31 35 32 31 29 2c 6c 6b 3d 6c 54 28 30 78 35 65 33 29 2c 6c 4f 3d 57 6a 28 30 78 32 64 35 29 2c 6c 56 3d 6c 5a 5b 57 6a 28 30 78 33 61 38 29 5d 2c 6c 48 3d 6c 5a 5b 57 6a 28 30 78 32 32 30 29 5d 3b 69 66 28 6c 72 7c 7c 6c 6a 5b 57 6a 28 30 78 31 32 63 29 5d 29 7b 76 61 72 20 6c 42 3d 6c 6a 5b 57 6a 28 30 78 31 32 63 29 5d 7c 7c 28 6c 6a 5b 57 6a 28 30 78 31 32 63 29 5d 3d 6e 65 77 20 6c 48 28 29 29 3b 6c 42 5b 57 6a 28 30 78 34 62 30 29 5d 3d 6c 42 5b 57 6a 28 30 78 34 62 30 29 5d 2c 6c 42 5b 57 6a
                            Data Ascii: 400024),lZ=lT(0x15ca),lo=lT(0x6a8),lD=lT(0x234d),ly=lT(0x167b),lj=lT(0x727),lb=lT(0x1521),lk=lT(0x5e3),lO=Wj(0x2d5),lV=lZ[Wj(0x3a8)],lH=lZ[Wj(0x220)];if(lr||lj[Wj(0x12c)]){var lB=lj[Wj(0x12c)]||(lj[Wj(0x12c)]=new lH());lB[Wj(0x4b0)]=lB[Wj(0x4b0)],lB[Wj
                            2024-12-18 16:54:09 UTC9INData Raw: 75 6e 63 74 69 6f 6e 0d 0a
                            Data Ascii: unction
                            2024-12-18 16:54:09 UTC16384INData Raw: 34 30 30 30 0d 0a 28 6c 6b 2c 6c 4f 29 7b 69 66 28 6c 6b 3d 6c 5a 28 6c 6b 29 2c 6c 4f 3d 6c 6f 28 6c 4f 29 2c 6c 79 29 74 72 79 7b 72 65 74 75 72 6e 20 6c 6a 28 6c 6b 2c 6c 4f 29 3b 7d 63 61 74 63 68 28 6c 56 29 7b 7d 69 66 28 6c 44 28 6c 6b 2c 6c 4f 29 29 72 65 74 75 72 6e 20 6c 72 28 21 6c 7a 28 6c 4c 5b 27 66 27 5d 2c 6c 6b 2c 6c 4f 29 2c 6c 6b 5b 6c 4f 5d 29 3b 7d 3b 7d 7d 2c 30 78 37 65 34 3a 66 75 6e 63 74 69 6f 6e 28 6c 67 2c 6c 65 2c 6c 54 29 7b 76 61 72 20 53 56 3d 61 30 52 35 2c 6c 51 3d 6c 54 28 30 78 34 66 65 29 2c 6c 7a 3d 6c 54 28 30 78 31 35 64 66 29 2c 6c 4c 3d 6c 54 28 30 78 38 65 36 29 5b 27 66 27 5d 2c 6c 72 3d 6c 54 28 30 78 36 61 32 29 2c 6c 5a 3d 27 6f 62 6a 65 63 74 27 3d 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 77 69 6e 64
                            Data Ascii: 4000(lk,lO){if(lk=lZ(lk),lO=lo(lO),ly)try{return lj(lk,lO);}catch(lV){}if(lD(lk,lO))return lr(!lz(lL['f'],lk,lO),lk[lO]);};}},0x7e4:function(lg,le,lT){var SV=a0R5,lQ=lT(0x4fe),lz=lT(0x15df),lL=lT(0x8e6)['f'],lr=lT(0x6a2),lZ='object'==typeof window&&wind
                            2024-12-18 16:54:09 UTC8INData Raw: 65 29 5d 3d 66 75 0d 0a
                            Data Ascii: e)]=fu
                            2024-12-18 16:54:10 UTC16384INData Raw: 34 30 30 30 0d 0a 6e 63 74 69 6f 6e 28 6c 72 2c 6c 5a 29 7b 76 61 72 20 6c 6f 3d 6c 51 28 6c 72 29 3b 72 65 74 75 72 6e 20 6c 6f 3c 30 78 30 3f 6c 7a 28 6c 6f 2b 6c 5a 2c 30 78 30 29 3a 6c 4c 28 6c 6f 2c 6c 5a 29 3b 7d 3b 7d 2c 30 78 31 35 64 66 3a 66 75 6e 63 74 69 6f 6e 28 6c 67 2c 6c 65 2c 6c 54 29 7b 76 61 72 20 6c 51 3d 6c 54 28 30 78 38 34 39 29 2c 6c 7a 3d 6c 54 28 30 78 63 66 30 29 3b 6c 67 5b 27 65 78 70 6f 72 74 73 27 5d 3d 66 75 6e 63 74 69 6f 6e 28 6c 4c 29 7b 72 65 74 75 72 6e 20 6c 51 28 6c 7a 28 6c 4c 29 29 3b 7d 3b 7d 2c 30 78 62 62 64 3a 66 75 6e 63 74 69 6f 6e 28 6c 67 2c 6c 65 2c 6c 54 29 7b 76 61 72 20 73 30 3d 61 30 52 35 3b 69 66 28 27 69 46 70 4d 76 27 3d 3d 3d 73 30 28 30 78 31 65 64 29 29 7b 76 61 72 20 6c 51 3d 6c 54 28 30 78 36
                            Data Ascii: 4000nction(lr,lZ){var lo=lQ(lr);return lo<0x0?lz(lo+lZ,0x0):lL(lo,lZ);};},0x15df:function(lg,le,lT){var lQ=lT(0x849),lz=lT(0xcf0);lg['exports']=function(lL){return lQ(lz(lL));};},0xbbd:function(lg,le,lT){var s0=a0R5;if('iFpMv'===s0(0x1ed)){var lQ=lT(0x6
                            2024-12-18 16:54:10 UTC8INData Raw: 2c 6e 73 29 3b 7d 0d 0a
                            Data Ascii: ,ns);}
                            2024-12-18 16:54:10 UTC16384INData Raw: 34 30 30 30 0d 0a 7d 29 5b 27 70 72 6f 74 6f 74 79 70 65 27 5d 2c 28 6c 51 3d 66 75 6e 63 74 69 6f 6e 28 6e 53 29 7b 6c 43 28 74 68 69 73 2c 7b 27 74 79 70 65 27 3a 6c 71 2c 27 64 6f 6e 65 27 3a 21 30 78 31 2c 27 6e 6f 74 69 66 69 65 64 27 3a 21 30 78 31 2c 27 70 61 72 65 6e 74 27 3a 21 30 78 31 2c 27 72 65 61 63 74 69 6f 6e 73 27 3a 6e 65 77 20 6c 70 28 29 2c 27 72 65 6a 65 63 74 69 6f 6e 27 3a 21 30 78 31 2c 27 73 74 61 74 65 27 3a 30 78 30 2c 27 76 61 6c 75 65 27 3a 76 6f 69 64 20 30 78 30 7d 29 3b 7d 29 5b 27 70 72 6f 74 6f 74 79 70 65 27 5d 3d 6c 6a 28 6c 69 2c 73 50 28 30 78 33 39 64 29 2c 66 75 6e 63 74 69 6f 6e 28 6e 53 2c 6e 55 29 7b 76 61 72 20 76 6e 3d 73 50 2c 6e 73 3d 6c 68 28 74 68 69 73 29 2c 6e 76 3d 6e 31 28 6c 58 28 74 68 69 73 2c 6c 4d
                            Data Ascii: 4000})['prototype'],(lQ=function(nS){lC(this,{'type':lq,'done':!0x1,'notified':!0x1,'parent':!0x1,'reactions':new lp(),'rejection':!0x1,'state':0x0,'value':void 0x0});})['prototype']=lj(li,sP(0x39d),function(nS,nU){var vn=sP,ns=lh(this),nv=n1(lX(this,lM
                            2024-12-18 16:54:10 UTC8INData Raw: 35 3b 69 66 28 76 0d 0a
                            Data Ascii: 5;if(v


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            4192.168.2.164971089.117.109.414433608C:\Program Files\Google\Chrome\Application\chrome.exe
                            TimestampBytes transferredDirectionData
                            2024-12-18 16:54:10 UTC1069OUTPOST /?sessionID=tgy0n46d44l&timestamp=1734540843900&uuid=25267636-6fde-406b-9d7b-c7c62ab6fddd&username=philip.vandermerwe%40qvc.com HTTP/1.1
                            Host: accounts.cpni.org
                            Connection: keep-alive
                            Content-Length: 6380
                            Cache-Control: max-age=0
                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                            sec-ch-ua-mobile: ?0
                            sec-ch-ua-platform: "Windows"
                            Upgrade-Insecure-Requests: 1
                            Origin: https://accounts.cpni.org
                            Content-Type: application/x-www-form-urlencoded
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                            Sec-Fetch-Site: same-origin
                            Sec-Fetch-Mode: navigate
                            Sec-Fetch-Dest: document
                            Referer: https://accounts.cpni.org/?sessionID=tgy0n46d44l&timestamp=1734540843900&uuid=25267636-6fde-406b-9d7b-c7c62ab6fddd&username=philip.vandermerwe%40qvc.com
                            Accept-Encoding: gzip, deflate, br
                            Accept-Language: en-US,en;q=0.9
                            2024-12-18 16:54:10 UTC6380OUTData Raw: 6d 65 30 36 61 37 38 39 37 75 3d 25 35 42 25 35 42 25 32 32 32 35 34 33 33 32 32 35 33 38 33 30 32 35 33 37 34 36 32 35 33 33 34 33 25 32 32 25 32 43 25 32 32 33 36 32 35 33 33 34 33 37 39 32 35 33 33 34 31 36 63 36 39 32 35 33 37 25 32 32 25 32 43 25 32 32 34 33 37 36 32 35 34 33 33 32 32 35 33 38 33 33 32 35 33 37 34 36 36 64 25 32 32 25 32 43 25 32 32 32 35 33 33 34 36 32 35 33 33 34 36 36 65 33 36 33 38 32 35 33 37 34 33 25 32 32 25 32 43 25 32 32 37 33 37 31 34 34 36 39 36 66 34 33 32 35 34 33 33 32 32 35 33 38 33 32 25 32 32 25 32 43 25 32 32 33 33 33 32 33 36 33 39 33 30 33 34 33 34 33 34 33 30 33 37 33 31 33 31 25 32 32 25 32 43 25 32 32 33 32 33 38 33 36 33 37 33 34 25 32 32 25 35 44 25 32 43 25 32 32 33 32 36 39 30 34 34 34 30 37 25 32 32 25 32
                            Data Ascii: me06a7897u=%5B%5B%22254332253830253746253343%22%2C%2236253343792533416c692537%22%2C%2243762543322538332537466d%22%2C%222533462533466e3638253743%22%2C%22737144696f43254332253832%22%2C%22333236393034343430373131%22%2C%223238363734%22%5D%2C%223269044407%22%2
                            2024-12-18 16:54:11 UTC506INHTTP/1.1 302 Found
                            Server: nginx
                            Date: Wed, 18 Dec 2024 16:54:11 GMT
                            Content-Type: text/html; charset=utf-8
                            Transfer-Encoding: chunked
                            Connection: close
                            location: https://accounts.cpni.org/?sessionID=tgy0n46d44l&timestamp=1734540843900&uuid=25267636-6fde-406b-9d7b-c7c62ab6fddd&username=philip.vandermerwe%40qvc.com
                            set-cookie: 8o0KST="MWM2ZmFhN2YtNTg0Ni00ZTZlLWFmMTktNjEyMTQ3MzBkYjQ5OmRkMmI0ODczLTI5MDktNDE4ZS1iZDQwLTgzYzNlNDE4ZDBjOA=="; Domain=cpni.org; HttpOnly; Path=/; SameSite=None; Secure
                            2024-12-18 16:54:11 UTC5INData Raw: 30 0d 0a 0d 0a
                            Data Ascii: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            5192.168.2.164971189.117.109.414433608C:\Program Files\Google\Chrome\Application\chrome.exe
                            TimestampBytes transferredDirectionData
                            2024-12-18 16:54:12 UTC1081OUTGET /?sessionID=tgy0n46d44l&timestamp=1734540843900&uuid=25267636-6fde-406b-9d7b-c7c62ab6fddd&username=philip.vandermerwe%40qvc.com HTTP/1.1
                            Host: accounts.cpni.org
                            Connection: keep-alive
                            Cache-Control: max-age=0
                            Upgrade-Insecure-Requests: 1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                            Sec-Fetch-Site: same-origin
                            Sec-Fetch-Mode: navigate
                            Sec-Fetch-Dest: document
                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                            sec-ch-ua-mobile: ?0
                            sec-ch-ua-platform: "Windows"
                            Referer: https://accounts.cpni.org/?sessionID=tgy0n46d44l&timestamp=1734540843900&uuid=25267636-6fde-406b-9d7b-c7c62ab6fddd&username=philip.vandermerwe%40qvc.com
                            Accept-Encoding: gzip, deflate, br
                            Accept-Language: en-US,en;q=0.9
                            Cookie: 8o0KST="MWM2ZmFhN2YtNTg0Ni00ZTZlLWFmMTktNjEyMTQ3MzBkYjQ5OmRkMmI0ODczLTI5MDktNDE4ZS1iZDQwLTgzYzNlNDE4ZDBjOA=="
                            2024-12-18 16:54:13 UTC776INHTTP/1.1 200 OK
                            Server: nginx
                            Date: Wed, 18 Dec 2024 16:54:13 GMT
                            Content-Type: text/html; charset=utf-8
                            Content-Length: 56324
                            Connection: close
                            cache-control: no-store, no-cache
                            pragma: no-cache
                            vary: Accept-Encoding
                            p3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
                            x-ms-request-id: f3ef12c7-e351-4a64-b357-34700a0d0c00
                            x-ms-ests-server: 2.1.19683.5 - WEULR1 ProdSlices
                            report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://c64504ed-1c6faa7f.cpni.org/api/report?catId=GW+estsfd+frc"}]}
                            nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
                            x-ms-srs: 1.P
                            referrer-policy: strict-origin-when-cross-origin
                            content-encoding: gzip
                            access-control-allow-origin: *
                            access-control-allow-headers: *
                            2024-12-18 16:54:13 UTC13684INData Raw: 1f 8b 08 00 00 00 00 00 00 03 bc bd e9 5a db ca b6 28 fa 7f 3e 05 78 cf 8b a4 85 00 cb 7d 13 4d 1f 62 4c 68 12 5a 3b 09 78 b2 38 b2 2c 63 05 77 b1 64 0c 09 9c 67 bf a3 a9 92 4a 6e 92 79 d7 de e7 e6 fb 82 a5 52 f5 35 6a f4 35 ea dd e6 c1 79 bd 79 73 d1 d8 e8 87 c3 c1 5f 7f bc e3 9f 8d 77 7d cf e9 c2 ef c6 bb d0 0f 07 1e 3e 6d 5c 79 5d 7f ea b9 a1 3f 7a c0 0f 7b d1 97 77 43 2f 74 36 dc f1 28 f4 46 a1 9d 0a bd e7 70 0f eb a9 6e b8 7d 67 1a 78 a1 3d 0b 7b 3b a5 14 b4 11 4e 76 bc ef 33 ff c9 4e d5 39 fb 4e f3 65 e2 a5 f6 56 54 73 dc b0 bd ee 83 97 2c f5 75 a7 b5 bf 53 1f 0f 27 4e e8 77 06 ab 0b ce fd 6e d8 b7 bb de 93 ef 7a 3b f4 62 6e f8 23 3f f4 9d c1 4e e0 3a 03 cf b6 76 d3 e6 c6 d0 79 f6 87 b3 a1 48 ca 60 d2 2c f0 a6 f4 ee 40 dd f6 8b 17 a4 36 46 ce d0 b3
                            Data Ascii: Z(>x}MbLhZ;x8,cwdgJnyR5j5yys_w}>m\y]?z{wC/t6(Fpn}gx={;Nv3N9NeVTs,uS'Nwnz;bn#?N:vyH`,@6F
                            2024-12-18 16:54:13 UTC16384INData Raw: 28 bd c4 d0 72 b6 9b 25 b9 f3 68 bb 55 8f d7 9b 34 60 87 6d 37 27 77 33 6b c0 16 fd 93 50 83 d4 40 95 30 3b 98 37 0c ca 86 7e 2e 00 2a 07 f0 b2 20 a1 89 46 f3 b6 0b 62 5a b6 2a fd 6f cf 40 5e 25 77 62 f6 c3 d5 fe d4 84 1b 2e 3c 91 17 ae b6 25 53 36 5a 75 4e f9 df 71 ca 25 6a 96 48 21 74 64 f0 c7 bf 9f 33 c5 85 ef ad 8e f8 f6 4e ab f8 59 e8 76 1b d2 a9 59 8b dd d2 ee 38 60 5c 55 5c 9b 59 61 0f 6a 7b db cf c4 2e f6 20 cc 45 42 2e 1d 85 ca fd d5 1a 32 0d bc 9c 05 f3 21 32 00 2e 9d 82 70 ca f2 92 85 3c 39 5d e7 f0 08 69 c4 8b 8a da f2 35 df aa f8 f9 77 a8 4a 54 39 fa c3 b6 9f c7 3e dd d5 e4 d4 58 b0 ed a2 d4 6d 25 15 25 ea 88 e7 65 07 6f 89 c2 eb 6d ee 4a 12 10 fc 92 58 84 02 f4 54 f6 c7 2d 2c ca 57 7e a9 26 ce 84 fb a5 8a 5f c4 62 64 fe c6 a9 83 8e e4 76 d8
                            Data Ascii: (r%hU4`m7'w3kP@0;7~.* FbZ*o@^%wb.<%S6ZuNq%jH!td3NYvY8`\U\Yaj{. EB.2!2.p<9]i5wJT9>Xm%%eomJXT-,W~&_bdv
                            2024-12-18 16:54:13 UTC16384INData Raw: 45 5e 05 ab e2 77 13 d5 14 15 83 b2 18 a7 1f 05 1e 01 0e ea b2 2b 76 85 75 42 06 17 10 20 fd 16 bd 7b 84 be 92 87 9d 00 80 a6 74 d6 f4 29 b8 ef 03 fd f1 10 9c ff 93 69 75 1b 46 bc 51 c3 8b 95 28 70 35 01 bb e2 75 1d 84 1e d5 d3 a9 01 fc 02 6f ba ad eb 61 bb df d5 de 84 9a d8 e1 f8 8d 20 f7 5a 70 23 ec 0d 27 83 0e a9 08 a3 b1 b4 49 80 cb 2b 70 99 8c 46 c2 b6 10 24 68 db 8d 1d e5 ab 05 d1 9e ce 16 94 89 39 f7 ac 6a 2e 2b b5 fc 0b ef 23 b6 05 a5 bb 9f 13 08 d6 01 08 ec e0 77 0b 08 e5 28 7e 12 66 a7 b2 eb 89 25 85 41 de f4 9e 4c 19 72 9f e5 83 3d 3a 5a 62 b4 ea 7d db 99 2b 6d 71 54 db b4 50 ae a6 26 32 1b f2 6f 7d 51 7b e2 c2 2f d5 74 52 8a 4f f8 36 51 97 c7 9b c5 09 ae 26 c5 3b fe 74 37 9a 86 c0 6e 6c 7d 41 26 c6 84 9c 9a ce c0 33 ba 49 60 2a 44 da e2 33 fa
                            Data Ascii: E^w+vuB {t)iuFQ(p5uoa Zp#'I+pF$h9j.+#w(~f%ALr=:Zb}+mqTP&2o}Q{/tRO6Q&;t7nl}A&3I`*D3
                            2024-12-18 16:54:13 UTC9872INData Raw: 52 1c 3c 4b 67 12 d7 06 d7 ec 81 48 27 a4 1f bc 0e 5b c4 73 32 16 2b 21 ec e6 2e 50 52 be bb a5 50 d5 e6 ba ba ce 9b b5 6e da 88 61 a3 e4 aa 91 bd dc 8d 83 22 7d f8 00 e4 b5 95 59 2f c3 05 6b 6d 18 ad 10 82 9b ce c7 a2 ac 75 0a b5 2e 5d 0d 4e 53 8a 53 ff 41 16 fb f4 b1 22 05 9b f2 98 8f dd 6c 27 19 75 01 c4 84 b8 47 24 c9 3a 2a f8 23 9b e5 e1 4d ea 99 a6 df 17 c9 8b 0f 59 5e bc 3a 6b 29 1c 80 00 fd b5 8e 9d f7 b1 db a9 cc 5c f5 62 4c 23 59 08 e6 1f a5 b5 41 ad aa a5 d8 fc 13 63 50 8b 37 30 a8 f5 48 6c 37 d7 5a ed a6 50 eb 98 11 fe 48 d7 6e e4 aa 81 08 92 6e 1a ba a1 eb 08 0d c0 db 4a b7 e6 0e ff 02 0b a4 e1 62 4d b2 5b 9e e9 df 79 9e 80 7f ad 0a dd 79 94 cc e4 65 f4 37 76 f4 25 d9 ac 72 c1 7f 4a 27 34 17 d6 d7 1f eb 4a ce fd 6c da 76 90 34 7e af 35 44 04
                            Data Ascii: R<KgH'[s2+!.PRPna"}Y/kmu.]NSSA"l'uG$:*#MY^:k)\bL#YAcP70Hl7ZPHnnJbM[yye7v%rJ'4Jlv4~5D


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            6192.168.2.164971689.117.109.414433608C:\Program Files\Google\Chrome\Application\chrome.exe
                            TimestampBytes transferredDirectionData
                            2024-12-18 16:54:15 UTC625OUTGET /shared/1.0/content/js/BssoInterrupt_Core_zKox_QMcTIVut7mG_Z9Eew2.js HTTP/1.1
                            Host: a6fe9466-1c6faa7f.cpni.org
                            Connection: keep-alive
                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                            Origin: https://accounts.cpni.org
                            sec-ch-ua-mobile: ?0
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                            sec-ch-ua-platform: "Windows"
                            Accept: */*
                            Sec-Fetch-Site: same-site
                            Sec-Fetch-Mode: cors
                            Sec-Fetch-Dest: script
                            Referer: https://accounts.cpni.org/
                            Accept-Encoding: gzip, deflate, br
                            Accept-Language: en-US,en;q=0.9
                            2024-12-18 16:54:16 UTC812INHTTP/1.1 200 OK
                            Server: nginx
                            Date: Wed, 18 Dec 2024 16:54:16 GMT
                            Content-Type: application/x-javascript
                            Content-Length: 49900
                            Connection: close
                            cache-control: public, max-age=31536000
                            last-modified: Wed, 02 Oct 2024 20:05:23 GMT
                            etag: 0x8DCE31D8CF87EF9
                            x-ms-request-id: ab1e1828-301e-002e-3b4b-48aeec000000
                            x-ms-version: 2009-09-19
                            x-ms-lease-status: unlocked
                            x-ms-blob-type: BlockBlob
                            access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                            access-control-allow-origin: *
                            x-azure-ref: 20241218T165415Z-er1bd968f9clrxr9hC1LONgkss00000010kg000000005mn3
                            x-fd-int-roxy-purgeid: 4554691
                            x-cache: TCP_HIT
                            accept-ranges: bytes
                            content-encoding: gzip
                            2024-12-18 16:54:16 UTC15567INData Raw: 1f 8b 08 00 00 00 00 00 00 03 e4 bd 6d 5b e3 38 d2 30 fa fd fe 15 c1 bb 0f 1d 4f 4c c8 0b d0 e0 b4 3b 77 1a d2 dd cc 00 61 08 4c cf 2e b0 5c 4e ac 80 a7 83 9d b5 1d 68 06 72 7e fb a9 17 c9 96 1d 87 ee d9 3d d7 f9 f2 cc 0b b1 a5 92 2c 95 aa 4a 55 a5 92 b4 f9 d3 da ff 54 7e aa 6c fc f8 3f 95 e1 79 ef ec bc 32 f8 58 39 ff 7c 78 76 50 39 85 b7 7f 54 4e 06 e7 87 fb fd 1f af 07 3f 8a ff 9f df f9 71 65 e2 4f 45 05 7e 47 6e 2c bc 4a 18 54 c2 a8 e2 07 e3 30 9a 85 91 9b 88 b8 72 0f 7f 23 df 9d 56 26 51 78 5f 49 ee 44 65 16 85 7f 88 71 12 57 a6 7e 9c 40 a1 91 98 86 8f 95 2a 54 17 79 95 53 37 4a 9e 2a 87 a7 66 1d ea 17 50 9b 7f eb 07 50 7a 1c ce 9e e0 f9 2e a9 04 61 e2 8f 45 c5 0d 3c aa 6d 0a 2f 41 2c 2a f3 c0 13 51 e5 f1 ce 1f df 55 8e fd 71 14 c6 e1 24 a9 44 62 2c
                            Data Ascii: m[80OL;waL.\Nhr~=,JUT~l?y2X9|xvP9TN?qeOE~Gn,JT0r#V&Qx_IDeqW~@*TyS7J*fPPz.aE<m/A,*QUq$Db,
                            2024-12-18 16:54:16 UTC12561INData Raw: bb c1 2d e7 3a e4 2e 0f 1c 3f ec f7 b2 c9 db 28 dd cc d1 4c 37 e2 e0 a4 92 6e 40 a2 b7 36 eb 2d 7c 92 06 ef 2f a1 e7 ed 92 e3 03 90 2d b8 c9 12 7d 25 f9 d8 04 b9 bc 55 92 d9 94 f2 4a 8b 0d 9e cd 71 7b 0f de 82 95 d3 39 ce 04 9e bd 43 1a 07 3e e0 59 bf 67 e2 41 a8 73 30 56 ec 10 a1 fe a6 75 c8 0d 27 1c c8 cc 3b 47 70 68 d3 97 de 24 51 da 2b 6d ae c3 c3 92 e6 30 2c 47 e2 16 a7 d6 2d 0d 94 23 88 9f 18 2d 1f 22 de b2 95 e2 e1 43 fe 2a 22 db f8 db c7 de c7 bd 8f bb 46 5e a9 e2 79 8b bb 39 84 f2 53 69 1c da 46 ac bd 01 17 40 95 be ca ba cf 5e 78 9e 4e f0 34 2a 49 07 20 d2 55 18 4e aa f9 a9 79 19 46 01 fd be 74 4f 2f 48 25 ed 0b d8 5c e1 21 97 5b fb 1f 06 67 08 c5 f1 db 24 52 d4 24 94 ea 86 a0 ac 71 9b a5 70 df 6e 64 32 7d bb 49 7e 1c 3a 35 86 3a 0b bc 11 b9 bc
                            Data Ascii: -:.?(L7n@6-|/-}%UJq{9C>YgAs0Vu';Gph$Q+m0,G-#-"C*"F^y9SiF@^xN4*I UNyFtO/H%\![g$R$qpnd2}I~:5:
                            2024-12-18 16:54:16 UTC16384INData Raw: a2 5e 38 f7 1e ef fe 83 3a b7 b7 fb fd c9 1d e4 4a 81 29 92 4e 14 27 dc f7 15 e0 30 ff 14 ba 4e 3f 91 f4 b9 41 10 79 13 87 b4 9d 3f c6 61 ec c7 08 58 b8 b4 0e 43 96 b9 0c 49 c9 2c 65 0c ab 8b cc ce 3e c4 09 af b2 de ea 4c bb 92 dc 44 40 91 cb 54 45 fa d3 62 26 9a 6f df a1 6f a4 24 fe 68 4b c9 84 77 40 ca ae e7 c4 79 f9 c6 b5 0d 89 51 a7 45 b4 b3 1f 52 89 42 ad f4 9c 33 64 0b 51 4e 00 c8 77 b4 7f 3c 75 c4 8e e3 3a 63 5c 8e 1d 0f 3f 1e 1c 87 05 90 6a 23 12 d5 a9 e4 5a 16 ab 73 cf 19 bb bd c3 1c df 9f c6 9c c1 c8 1b 3b f7 9a e1 38 f9 c3 bb 66 9c 82 e8 e4 8f 0d 2d d3 39 7d d2 72 24 6d 74 98 8c 71 3e da 48 ca 70 fd a1 14 75 d1 13 09 17 51 44 94 fe 99 47 22 d3 02 c7 98 89 dc e3 39 06 a6 28 2b da c6 05 73 81 d4 bc d7 8c 70 4c 1d e8 35 b7 9c 82 2b 0c 4b db 7c f8
                            Data Ascii: ^8:J)N'0N?Ay?aXCI,e>LD@TEb&oo$hKw@yQERB3dQNw<u:c\?j#Zs;8f-9}r$mtq>HpuQDG"9(+spL5+K|
                            2024-12-18 16:54:16 UTC5388INData Raw: c1 0a 78 42 94 94 d3 37 d5 87 29 71 3f 49 25 49 a1 f4 85 37 fe 96 86 63 21 4e e3 38 0c e9 74 ca 4a 49 58 7d 1a 50 4b 5e af 21 31 f9 ce be e3 ef 00 36 ae 2e de bd 3d d0 71 0e 9e 82 c7 5b 36 3b 10 bc 92 61 6e 49 48 13 75 de ab f2 4d a3 56 a7 5a 4f ca 94 7d 35 8d b3 06 b6 2e ee bc ca 61 fb 5a 97 80 87 17 8d d1 49 3c e7 20 2c 87 65 3e 22 c6 d0 2a 71 4e 8c 0b e8 c8 db 90 8e 9c b5 65 f0 a3 aa 3c 2b f5 89 ec 9b d1 9a 61 ca 2e 98 90 a7 6a 8b a6 16 d3 75 25 07 ee 05 47 1e 08 40 a1 79 76 68 d1 da 0b 6a 7f b5 5e c2 11 93 46 fd 90 24 69 1c 08 53 e7 5d 05 76 ba aa 9d d0 79 a3 ba fc d4 ed ed 8a 86 64 b7 d2 4e 1e 0c 7d c0 51 e7 70 0b d7 68 2d c7 f6 d4 79 75 28 8f 15 44 a4 08 cd 9a 03 84 db 76 f7 3a 60 5b d4 f4 42 fe 46 43 0f c3 e6 21 6a 6c 2e 6f ed 0a b4 00 20 17 e2 eb
                            Data Ascii: xB7)q?I%I7c!N8tJIX}PK^!16.=q[6;anIHuMVZO}5.aZI< ,e>"*qNe<+a.ju%G@yvhj^F$iS]vydN}Qph-yu(Dv:`[BFC!jl.o


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            7192.168.2.164971889.117.109.414433608C:\Program Files\Google\Chrome\Application\chrome.exe
                            TimestampBytes transferredDirectionData
                            2024-12-18 16:54:18 UTC650OUTGET /1c6faa7f58464e6eaf1961214730db49/ HTTP/1.1
                            Host: accounts.cpni.org
                            Connection: Upgrade
                            Pragma: no-cache
                            Cache-Control: no-cache
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                            Upgrade: websocket
                            Origin: https://accounts.cpni.org
                            Sec-WebSocket-Version: 13
                            Accept-Encoding: gzip, deflate, br
                            Accept-Language: en-US,en;q=0.9
                            Cookie: 8o0KST="MWM2ZmFhN2YtNTg0Ni00ZTZlLWFmMTktNjEyMTQ3MzBkYjQ5OmRkMmI0ODczLTI5MDktNDE4ZS1iZDQwLTgzYzNlNDE4ZDBjOA=="
                            Sec-WebSocket-Key: /mEJeJZPb73tMtGsY7+APw==
                            Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
                            2024-12-18 16:54:19 UTC735INHTTP/1.1 404 Not Found
                            Server: nginx
                            Date: Wed, 18 Dec 2024 16:54:19 GMT
                            Content-Type: text/html; charset=utf-8
                            Transfer-Encoding: chunked
                            Connection: close
                            Vary: Accept-Encoding
                            cache-control: private
                            p3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
                            x-ms-request-id: 79a98735-ce76-465d-9607-84a320c11d00
                            x-ms-ests-server: 2.1.19683.6 - WEULR1 ProdSlices
                            report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://c64504ed-1c6faa7f.cpni.org/api/report?catId=GW+estsfd+frc"}]}
                            nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
                            x-ms-srs: 1.P
                            referrer-policy: strict-origin-when-cross-origin
                            access-control-allow-origin: *
                            access-control-allow-headers: *
                            2024-12-18 16:54:19 UTC5INData Raw: 30 0d 0a 0d 0a
                            Data Ascii: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            8192.168.2.164971989.117.109.414433608C:\Program Files\Google\Chrome\Application\chrome.exe
                            TimestampBytes transferredDirectionData
                            2024-12-18 16:54:18 UTC1113OUTGET /?sessionID=tgy0n46d44l&timestamp=1734540843900&uuid=25267636-6fde-406b-9d7b-c7c62ab6fddd&username=philip.vandermerwe%40qvc.com&sso_reload=true HTTP/1.1
                            Host: accounts.cpni.org
                            Connection: keep-alive
                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                            sec-ch-ua-mobile: ?0
                            sec-ch-ua-platform: "Windows"
                            Upgrade-Insecure-Requests: 1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                            Sec-Fetch-Site: same-origin
                            Sec-Fetch-Mode: navigate
                            Sec-Fetch-Dest: document
                            Referer: https://accounts.cpni.org/?sessionID=tgy0n46d44l&timestamp=1734540843900&uuid=25267636-6fde-406b-9d7b-c7c62ab6fddd&username=philip.vandermerwe%40qvc.com
                            Accept-Encoding: gzip, deflate, br
                            Accept-Language: en-US,en;q=0.9
                            Cookie: 8o0KST="MWM2ZmFhN2YtNTg0Ni00ZTZlLWFmMTktNjEyMTQ3MzBkYjQ5OmRkMmI0ODczLTI5MDktNDE4ZS1iZDQwLTgzYzNlNDE4ZDBjOA=="; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1
                            2024-12-18 16:54:19 UTC1426INHTTP/1.1 302 Found
                            Server: nginx
                            Date: Wed, 18 Dec 2024 16:54:19 GMT
                            Content-Type: text/html; charset=utf-8
                            Content-Length: 49010
                            Connection: close
                            cache-control: no-store, no-cache
                            pragma: no-cache
                            location: https://810041cb-1c6faa7f.cpni.org/adfs/ls/?login_hint=philip.vandermerwe%40qvc.com&client-request-id=487a8161-3846-433b-8152-bad4f5bc46ad&username=philip.vandermerwe%40qvc.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQSG6s83CysnRuDdl35usdt7SpGZcJG6F9gZHzByDiJSaogIzMns0CvLDEvJbUoN7WoPNWhsCwZpOYWk6B_UbpnSnixWypQLrEkMz_vETMeDRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnRj7h7hxSp3Wv2nNoby283yZDjFqp_h6eNcFFjmqJ_u6esaFlYe5maWVGmp7ZxRpF8REBWUYmTpVOiV6m8Q7Jlsa2RlOIFNaAIb0yk2hg9sjB3sDLPYGQ5wMh7gZfjBd-zY0ZcnPxx_57FBgOGBAAMA0#
                            vary: Accept-Encoding
                            p3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
                            x-ms-request-id: a313bc6d-dc24-4f85-9581-550f3e9a4900
                            x-ms-ests-server: 2.1.19683.3 - FRC ProdSlices
                            report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://c64504ed-1c6faa7f.cpni.org/api/report?catId=GW+estsfd+frc"}]}
                            nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
                            x-ms-srs: 1.P
                            referrer-policy: strict-origin-when-cross-origin
                            content-encoding: gzip
                            access-control-allow-origin: *
                            access-control-allow-headers: *
                            2024-12-18 16:54:19 UTC14953INData Raw: 1f 8b 08 00 00 00 00 00 00 03 bc bd 69 7b da c8 b6 30 fa fd fe 8a f8 3d fb 89 a4 b6 ba 83 c4 0c 51 f3 24 d8 8e 63 27 c4 03 b2 63 d3 3e fd 0a 21 8c 82 07 62 e1 40 12 fb fe f6 bb 86 9a 24 20 dd e7 7c b8 fb d9 1d 8b 52 a9 c6 55 ab d6 bc 5e 4f e6 b7 37 7f fe 3f 2f 5e 4f 92 68 04 7f 5f bc 9e a7 f3 9b 04 9f 5e 7c 1a 7e 49 e2 f9 8b db fb 6f c9 08 df bc 52 af 5e 67 f1 43 3a 9b bf 98 7f 9f 25 c1 ff 99 27 cb f9 ab 2f d1 b7 88 4b ff 0f 7d 6c 8f 1f ef e2 79 7a 7f 67 67 6e e8 fc fc 16 3d bc 48 bb 41 54 ca aa 6e 1a 64 b6 d3 5e 4c d2 9b c4 de da 1a 5c 39 3f e7 0f df a9 c6 3c f8 7d 16 3d 64 c9 fb bb b9 9d 76 ed d2 b2 5c ad 39 ce ab d2 d2 fb cd 2e be a9 57 e9 8d ef 6c e7 5f 78 cd 06 bd 28 af 7c e2 7b 25 7a 53 29 7e 52 2e 0f e9 45 75 e5 13 af 3e a2 37 35 67 bb d8 58 e4 d1
                            Data Ascii: i{0=Q$c'c>!b@$ |RU^O7?/^Oh_^|~IoR^gC:%'/K}lyzggn=HATnd^L\9?<}=dv\9.Wl_x(|{%zS)~R.Eu>75gX


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            9192.168.2.164972089.117.109.414433608C:\Program Files\Google\Chrome\Application\chrome.exe
                            TimestampBytes transferredDirectionData
                            2024-12-18 16:54:18 UTC877OUTGET /favicon.ico HTTP/1.1
                            Host: accounts.cpni.org
                            Connection: keep-alive
                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                            sec-ch-ua-mobile: ?0
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                            sec-ch-ua-platform: "Windows"
                            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            Sec-Fetch-Site: same-origin
                            Sec-Fetch-Mode: no-cors
                            Sec-Fetch-Dest: image
                            Referer: https://accounts.cpni.org/?sessionID=tgy0n46d44l&timestamp=1734540843900&uuid=25267636-6fde-406b-9d7b-c7c62ab6fddd&username=philip.vandermerwe%40qvc.com
                            Accept-Encoding: gzip, deflate, br
                            Accept-Language: en-US,en;q=0.9
                            Cookie: 8o0KST="MWM2ZmFhN2YtNTg0Ni00ZTZlLWFmMTktNjEyMTQ3MzBkYjQ5OmRkMmI0ODczLTI5MDktNDE4ZS1iZDQwLTgzYzNlNDE4ZDBjOA=="; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1
                            2024-12-18 16:54:19 UTC735INHTTP/1.1 404 Not Found
                            Server: nginx
                            Date: Wed, 18 Dec 2024 16:54:19 GMT
                            Content-Type: text/html; charset=utf-8
                            Transfer-Encoding: chunked
                            Connection: close
                            Vary: Accept-Encoding
                            cache-control: private
                            p3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
                            x-ms-request-id: cae096e9-62ae-4d07-ab55-cfd3c9cab800
                            x-ms-ests-server: 2.1.19683.3 - NEULR1 ProdSlices
                            report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://c64504ed-1c6faa7f.cpni.org/api/report?catId=GW+estsfd+frc"}]}
                            nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
                            x-ms-srs: 1.P
                            referrer-policy: strict-origin-when-cross-origin
                            access-control-allow-origin: *
                            access-control-allow-headers: *
                            2024-12-18 16:54:19 UTC5INData Raw: 30 0d 0a 0d 0a
                            Data Ascii: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            10192.168.2.164972289.117.109.414433608C:\Program Files\Google\Chrome\Application\chrome.exe
                            TimestampBytes transferredDirectionData
                            2024-12-18 16:54:18 UTC536OUTGET /shared/1.0/content/js/BssoInterrupt_Core_zKox_QMcTIVut7mG_Z9Eew2.js HTTP/1.1
                            Host: a6fe9466-1c6faa7f.cpni.org
                            Connection: keep-alive
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                            Accept: */*
                            Sec-Fetch-Site: none
                            Sec-Fetch-Mode: cors
                            Sec-Fetch-Dest: empty
                            Accept-Encoding: gzip, deflate, br
                            Accept-Language: en-US,en;q=0.9
                            Cookie: 8o0KST="MWM2ZmFhN2YtNTg0Ni00ZTZlLWFmMTktNjEyMTQ3MzBkYjQ5OmRkMmI0ODczLTI5MDktNDE4ZS1iZDQwLTgzYzNlNDE4ZDBjOA=="
                            2024-12-18 16:54:19 UTC812INHTTP/1.1 200 OK
                            Server: nginx
                            Date: Wed, 18 Dec 2024 16:54:19 GMT
                            Content-Type: application/x-javascript
                            Content-Length: 49900
                            Connection: close
                            cache-control: public, max-age=31536000
                            last-modified: Wed, 02 Oct 2024 20:05:23 GMT
                            etag: 0x8DCE31D8CF87EF9
                            x-ms-request-id: ab1e1828-301e-002e-3b4b-48aeec000000
                            x-ms-version: 2009-09-19
                            x-ms-lease-status: unlocked
                            x-ms-blob-type: BlockBlob
                            access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                            access-control-allow-origin: *
                            x-azure-ref: 20241218T165419Z-er1bd968f9c5s6kxhC1LONsug000000013s000000001guhq
                            x-fd-int-roxy-purgeid: 4554691
                            x-cache: TCP_HIT
                            accept-ranges: bytes
                            content-encoding: gzip
                            2024-12-18 16:54:19 UTC6408INData Raw: 1f 8b 08 00 00 00 00 00 00 03 e4 bd 6d 5b e3 38 d2 30 fa fd fe 15 c1 bb 0f 1d 4f 4c c8 0b d0 e0 b4 3b 77 1a d2 dd cc 00 61 08 4c cf 2e b0 5c 4e ac 80 a7 83 9d b5 1d 68 06 72 7e fb a9 17 c9 96 1d 87 ee d9 3d d7 f9 f2 cc 0b b1 a5 92 2c 95 aa 4a 55 a5 92 b4 f9 d3 da ff 54 7e aa 6c fc f8 3f 95 e1 79 ef ec bc 32 f8 58 39 ff 7c 78 76 50 39 85 b7 7f 54 4e 06 e7 87 fb fd 1f af 07 3f 8a ff 9f df f9 71 65 e2 4f 45 05 7e 47 6e 2c bc 4a 18 54 c2 a8 e2 07 e3 30 9a 85 91 9b 88 b8 72 0f 7f 23 df 9d 56 26 51 78 5f 49 ee 44 65 16 85 7f 88 71 12 57 a6 7e 9c 40 a1 91 98 86 8f 95 2a 54 17 79 95 53 37 4a 9e 2a 87 a7 66 1d ea 17 50 9b 7f eb 07 50 7a 1c ce 9e e0 f9 2e a9 04 61 e2 8f 45 c5 0d 3c aa 6d 0a 2f 41 2c 2a f3 c0 13 51 e5 f1 ce 1f df 55 8e fd 71 14 c6 e1 24 a9 44 62 2c
                            Data Ascii: m[80OL;waL.\Nhr~=,JUT~l?y2X9|xvP9TN?qeOE~Gn,JT0r#V&Qx_IDeqW~@*TyS7J*fPPz.aE<m/A,*QUq$Db,
                            2024-12-18 16:54:19 UTC16384INData Raw: 6d 51 1f f3 82 23 17 ce bf e2 7e 71 4b ea cb f6 73 aa cf 17 94 5c 26 d2 bc b9 50 35 4b 2d 01 19 43 a7 ab ee 7f b9 b2 9c de 4f f5 2d 2c d7 63 27 c6 11 1e 8c 11 e4 82 85 94 40 01 c9 5f 00 ea 2e 27 55 19 18 b0 e2 26 60 ed df 51 26 2e e7 69 af 55 03 a4 7d 0d 05 d7 42 2e 38 7f ff d3 25 70 dd d2 d4 ac 01 30 b3 e8 0d d0 5e f5 06 20 f7 63 da 39 ef 6f 28 b3 2e 31 3c 8f 72 d3 07 a8 3d 8e c6 52 6a 74 f5 17 72 c3 b1 2f 6e 61 7d 03 15 8d a8 57 45 0f 92 e7 ae 2c 0e 4b ba a5 ac 88 7e 3a 59 24 4f a8 7b 81 bb 06 71 7d 96 f0 37 98 5b 69 a2 f1 61 ea a2 e0 35 60 42 ff 5d 68 76 ab 14 a5 a7 05 65 f8 b8 2b 7f 5c d7 62 03 73 8e 63 bf d6 04 c9 b3 0e 42 c3 31 4c 93 67 af 70 7d 9d ea f4 97 6b 0b 4d 2b 78 a5 b6 70 55 6d b2 a9 7f bd 3a 6c bf aa f0 2f 74 44 4e 1c cf 1c e1 d4 0b bc 53
                            Data Ascii: mQ#~qKs\&P5K-CO-,c'@_.'U&`Q&.iU}B.8%p0^ c9o(.1<r=Rjtr/na}WE,K~:Y$O{q}7[ia5`B]hve+\bscB1Lgp}kM+xpUm:l/tDNS
                            2024-12-18 16:54:19 UTC16384INData Raw: e0 97 40 00 63 3c ce c2 e2 12 4b 24 29 fe 3d 77 a7 7e f2 b4 cf d1 ab 91 63 b8 d3 47 f7 29 c6 51 ec 22 51 82 0e c2 1e f2 7d e7 39 0d 99 b2 9b d6 28 0c d1 1a 85 27 26 19 78 60 75 d0 6e d2 be c6 aa a1 10 4f 9c 75 4e 9c e5 8f 97 b6 23 d2 fa af e7 3a 72 23 e6 74 0c fa 23 6f c3 1c 3b 01 3f 1d 12 89 d1 e3 64 c4 7b 3c 7f 1e b1 d0 1a d6 8f 38 a0 d4 f0 d8 ff 60 30 5c 6c 2e 67 21 0d e2 cc 7b 18 f3 5a 86 27 61 a7 64 0c f8 63 dd f7 9f 13 ad dc 06 b5 91 74 32 62 45 08 7d 1b 55 d9 18 d5 38 33 6b 70 43 f5 a2 2a 13 a1 8f 69 0f 65 ff 54 57 54 d7 a4 68 2b 34 66 9a 73 73 ab 32 42 0f b0 cc e1 26 e6 b3 98 f0 d9 a4 da ce f5 de 90 4f 92 1b 6e f5 4d ab 5f ff 37 bf c8 75 90 be f3 fc ef bc 10 17 f5 0b e7 59 ee 7f bb bc 5e 60 d4 cd d8 69 2e ac 58 11 df 8a 60 58 5a a1 a1 7d f1 6a 4f
                            Data Ascii: @c<K$)=w~cG)Q"Q}9('&x`unOuN#:r#t#o;?d{<8`0\l.g!{Z'adct2bE}U83kpC*ieTWTh+4fss2B&OnM_7uY^`i.X`XZ}jO
                            2024-12-18 16:54:19 UTC10724INData Raw: 6b 29 bd 3d 43 e8 c0 d7 07 6b 61 17 41 92 2f 02 58 63 14 26 87 ca 7e fc 85 2a e6 b8 b7 d0 e9 39 51 40 95 c7 a8 a7 69 b6 5c 0e 55 c3 19 b3 45 84 5c d8 91 7b ea fd 53 8d 63 dd 61 90 98 3f 53 e8 46 7d bc 77 0d 6b 94 41 52 00 35 6b c8 bc 91 52 21 02 97 51 11 ed 4d 18 71 ba 7c 94 4b 1a de f4 a8 38 f6 26 e3 71 21 89 fc 60 1a a8 48 88 cd 8e e9 5e 06 98 45 6d 74 8d 48 a4 11 bd fd 75 1c e0 50 4a a2 4a 30 5f 88 c3 96 eb 58 5d d7 0a b0 82 16 ca 3e 16 0d 2a 65 5e 7e 53 8e 91 b4 48 5c 35 66 b7 db 30 cc 8e 15 f1 87 81 a0 d8 a3 fe 82 08 65 a2 7e c6 9f 88 97 a0 3d b1 32 d1 3e 74 1e eb 3e fb a7 d1 d9 ee ea e6 66 df bf 88 56 e3 b3 f1 fe 44 f7 30 7b 14 ad d8 ec 81 1b eb a8 f2 17 22 d4 02 48 18 e0 1c 4b f7 cc cf c6 a7 e0 03 13 77 cf cf 76 f7 bd 49 fc 28 9a 4f 62 7a a7 42 72
                            Data Ascii: k)=CkaA/Xc&~*9Q@i\UE\{Sca?SF}wkAR5kR!QMq|K8&q!`H^EmtHuPJJ0_X]>*e^~SH\5f0e~=2>t>fVD0{"HKwvI(ObzBr


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            11192.168.2.164972389.117.109.414433608C:\Program Files\Google\Chrome\Application\chrome.exe
                            TimestampBytes transferredDirectionData
                            2024-12-18 16:54:20 UTC422OUTOPTIONS /api/report?catId=GW+estsfd+frc HTTP/1.1
                            Host: c64504ed-1c6faa7f.cpni.org
                            Connection: keep-alive
                            Origin: https://accounts.cpni.org
                            Access-Control-Request-Method: POST
                            Access-Control-Request-Headers: content-type
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                            Accept-Encoding: gzip, deflate, br
                            Accept-Language: en-US,en;q=0.9
                            2024-12-18 16:54:21 UTC336INHTTP/1.1 200 OK
                            Server: nginx
                            Date: Wed, 18 Dec 2024 16:54:21 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Vary: Accept-Encoding
                            access-control-allow-headers: content-type
                            access-control-allow-credentials: false
                            access-control-allow-methods: *, GET, OPTIONS, POST
                            access-control-allow-origin: *
                            2024-12-18 16:54:21 UTC12INData Raw: 37 0d 0a 4f 50 54 49 4f 4e 53 0d 0a
                            Data Ascii: 7OPTIONS
                            2024-12-18 16:54:21 UTC5INData Raw: 30 0d 0a 0d 0a
                            Data Ascii: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            12192.168.2.164972489.117.109.414433608C:\Program Files\Google\Chrome\Application\chrome.exe
                            TimestampBytes transferredDirectionData
                            2024-12-18 16:54:21 UTC1412OUTGET /adfs/ls/?login_hint=philip.vandermerwe%40qvc.com&client-request-id=487a8161-3846-433b-8152-bad4f5bc46ad&username=philip.vandermerwe%40qvc.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQSG6s83CysnRuDdl35usdt7SpGZcJG6F9gZHzByDiJSaogIzMns0CvLDEvJbUoN7WoPNWhsCwZpOYWk6B_UbpnSnixWypQLrEkMz_vETMeDRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnRj7h7hxSp3Wv2nNoby283yZDjFqp_h6eNcFFjmqJ_u6esaFlYe5maWVGmp7ZxRpF8REBWUYmTpVOiV6m8Q7Jlsa2RlOIFNaAIb0yk2hg9sjB3sDLPYGQ5wMh7gZfjBd-zY0ZcnPxx_57FBgOGBAAMA0 HTTP/1.1
                            Host: 810041cb-1c6faa7f.cpni.org
                            Connection: keep-alive
                            Upgrade-Insecure-Requests: 1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                            Sec-Fetch-Site: same-site
                            Sec-Fetch-Mode: navigate
                            Sec-Fetch-Dest: document
                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                            sec-ch-ua-mobile: ?0
                            sec-ch-ua-platform: "Windows"
                            Referer: https://accounts.cpni.org/
                            Accept-Encoding: gzip, deflate, br
                            Accept-Language: en-US,en;q=0.9
                            Cookie: 8o0KST="MWM2ZmFhN2YtNTg0Ni00ZTZlLWFmMTktNjEyMTQ3MzBkYjQ5OmRkMmI0ODczLTI5MDktNDE4ZS1iZDQwLTgzYzNlNDE4ZDBjOA=="
                            2024-12-18 16:54:23 UTC298INHTTP/1.1 200 OK
                            Server: nginx
                            Date: Wed, 18 Dec 2024 16:54:22 GMT
                            Content-Type: text/html; charset=utf-8
                            Transfer-Encoding: chunked
                            Connection: close
                            Vary: Accept-Encoding
                            cache-control: no-cache,no-store
                            pragma: no-cache
                            access-control-allow-origin: *
                            access-control-allow-headers: *
                            2024-12-18 16:54:23 UTC16083INData Raw: 33 65 63 62 0d 0a 20 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 31 22 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79
                            Data Ascii: 3ecb <!DOCTYPE html><html lang="en-US"> <head> <meta http-equiv="X-UA-Compatible" content="IE=edge"/> <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=1"/> <meta http-equiv="content-ty
                            2024-12-18 16:54:23 UTC7015INData Raw: 31 62 35 66 0d 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 72 67 62 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 40 2d 6d 6f 7a 2d 6b 65 79 66 72 61 6d 65 73 20 66 5f 66 61 64 65 47 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 30 25 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 72 67 62 28 34 37 2c 20 31 34 36 2c 20 32 31 32 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 31 30 30 25 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c
                            Data Ascii: 1b5f background-color: rgb(255, 255, 255); } } @-moz-keyframes f_fadeG { 0% { background-color: rgb(47, 146, 212); } 100% { background-col
                            2024-12-18 16:54:23 UTC5INData Raw: 30 0d 0a 0d 0a
                            Data Ascii: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            13192.168.2.164972589.117.109.414433608C:\Program Files\Google\Chrome\Application\chrome.exe
                            TimestampBytes transferredDirectionData
                            2024-12-18 16:54:22 UTC692OUTGET /1c6faa7f58464e6eaf1961214730db49/ HTTP/1.1
                            Host: accounts.cpni.org
                            Connection: Upgrade
                            Pragma: no-cache
                            Cache-Control: no-cache
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                            Upgrade: websocket
                            Origin: https://accounts.cpni.org
                            Sec-WebSocket-Version: 13
                            Accept-Encoding: gzip, deflate, br
                            Accept-Language: en-US,en;q=0.9
                            Cookie: 8o0KST="MWM2ZmFhN2YtNTg0Ni00ZTZlLWFmMTktNjEyMTQ3MzBkYjQ5OmRkMmI0ODczLTI5MDktNDE4ZS1iZDQwLTgzYzNlNDE4ZDBjOA=="; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1
                            Sec-WebSocket-Key: tgd5iVBPFYrnsMhJ6L2dqA==
                            Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            14192.168.2.164972789.117.109.414433608C:\Program Files\Google\Chrome\Application\chrome.exe
                            TimestampBytes transferredDirectionData
                            2024-12-18 16:54:23 UTC362OUTPOST /api/report?catId=GW+estsfd+frc HTTP/1.1
                            Host: c64504ed-1c6faa7f.cpni.org
                            Connection: keep-alive
                            Content-Length: 551
                            Content-Type: application/reports+json
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                            Accept-Encoding: gzip, deflate, br
                            Accept-Language: en-US,en;q=0.9
                            2024-12-18 16:54:23 UTC551OUTData Raw: 5b 7b 22 61 67 65 22 3a 31 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 32 34 34 38 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 61 63 63 6f 75 6e 74 73 2e 63 70 6e 69 2e 6f 72 67 2f 3f 73 65 73 73 69 6f 6e 49 44 3d 74 67 79 30 6e 34 36 64 34 34 6c 26 74 69 6d 65 73 74 61 6d 70 3d 31 37 33 34 35 34 30 38 34 33 39 30 30 26 75 75 69 64 3d 32 35 32 36 37 36 33 36 2d 36 66 64 65 2d 34 30 36 62 2d 39 64 37 62 2d 63 37 63 36 32 61 62 36 66 64 64 64 26 75 73 65 72 6e 61 6d 65 3d 70 68 69 6c 69 70 2e 76 61 6e 64 65 72 6d 65 72 77 65 25 34 30 71
                            Data Ascii: [{"age":1,"body":{"elapsed_time":2448,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://accounts.cpni.org/?sessionID=tgy0n46d44l&timestamp=1734540843900&uuid=25267636-6fde-406b-9d7b-c7c62ab6fddd&username=philip.vandermerwe%40q
                            2024-12-18 16:54:31 UTC367INHTTP/1.1 429 Too Many Requests
                            Server: nginx
                            Date: Wed, 18 Dec 2024 16:54:31 GMT
                            Content-Type: text/html; charset=utf-8
                            Transfer-Encoding: chunked
                            Connection: close
                            request-context: appId=cid-v1:c5439fe0-35f1-4a99-812a-3bd3cd696c31
                            access-control-allow-credentials: false
                            access-control-allow-methods: *, GET, OPTIONS, POST
                            access-control-allow-origin: *
                            2024-12-18 16:54:31 UTC5INData Raw: 30 0d 0a 0d 0a
                            Data Ascii: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            15192.168.2.164972889.117.109.414433608C:\Program Files\Google\Chrome\Application\chrome.exe
                            TimestampBytes transferredDirectionData
                            2024-12-18 16:54:24 UTC1365OUTGET /adfs/portal/css/style.css?id=D74D4D6943F32AE6F7F11D14D601DBB0E1A58919176EE512150366B6279AAF99 HTTP/1.1
                            Host: 810041cb-1c6faa7f.cpni.org
                            Connection: keep-alive
                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                            sec-ch-ua-mobile: ?0
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                            sec-ch-ua-platform: "Windows"
                            Accept: text/css,*/*;q=0.1
                            Sec-Fetch-Site: same-origin
                            Sec-Fetch-Mode: no-cors
                            Sec-Fetch-Dest: style
                            Referer: https://810041cb-1c6faa7f.cpni.org/adfs/ls/?login_hint=philip.vandermerwe%40qvc.com&client-request-id=487a8161-3846-433b-8152-bad4f5bc46ad&username=philip.vandermerwe%40qvc.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQSG6s83CysnRuDdl35usdt7SpGZcJG6F9gZHzByDiJSaogIzMns0CvLDEvJbUoN7WoPNWhsCwZpOYWk6B_UbpnSnixWypQLrEkMz_vETMeDRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnRj7h7hxSp3Wv2nNoby283yZDjFqp_h6eNcFFjmqJ_u6esaFlYe5maWVGmp7ZxRpF8REBWUYmTpVOiV6m8Q7Jlsa2RlOIFNaAIb0yk2hg9sjB3sDLPYGQ5wMh7gZfjBd-zY0ZcnPxx_57FBgOGBAAMA0
                            Accept-Encoding: gzip, deflate, br
                            Accept-Language: en-US,en;q=0.9
                            Cookie: 8o0KST="MWM2ZmFhN2YtNTg0Ni00ZTZlLWFmMTktNjEyMTQ3MzBkYjQ5OmRkMmI0ODczLTI5MDktNDE4ZS1iZDQwLTgzYzNlNDE4ZDBjOA=="
                            2024-12-18 16:54:25 UTC302INHTTP/1.1 200 OK
                            Server: nginx
                            Date: Wed, 18 Dec 2024 16:54:25 GMT
                            Content-Type: text/css
                            Transfer-Encoding: chunked
                            Connection: close
                            Vary: Accept-Encoding
                            etag: D74D4D6943F32AE6F7F11D14D601DBB0E1A58919176EE512150366B6279AAF99
                            access-control-allow-origin: *
                            access-control-allow-headers: *
                            2024-12-18 16:54:25 UTC7820INData Raw: 31 65 38 34 0d 0a 2a 20 7b 0d 0a 09 6d 61 72 67 69 6e 3a 30 70 78 3b 0d 0a 09 70 61 64 64 69 6e 67 3a 30 70 78 3b 0d 0a 7d 0d 0a 68 74 6d 6c 2c 20 62 6f 64 79 0d 0a 7b 0d 0a 20 20 20 20 68 65 69 67 68 74 3a 31 30 30 25 3b 0d 0a 20 20 20 20 77 69 64 74 68 3a 31 30 30 25 3b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 66 66 66 3b 0d 0a 20 20 20 20 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 0d 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 6e 6f 72 6d 61 6c 3b 0d 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 53 65 67 6f 65 20 55 49 22 20 2c 20 22 53 65 67 6f 65 22 20 2c 20 22 53 65 67 6f 65 55 49 2d 52 65 67 75 6c 61 72 2d 66 69 6e 61 6c 22 2c 20 54 61 68 6f 6d 61 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 41 72 69
                            Data Ascii: 1e84* {margin:0px;padding:0px;}html, body{ height:100%; width:100%; background-color:#ffffff; color:#000000; font-weight:normal; font-family:"Segoe UI" , "Segoe" , "SegoeUI-Regular-final", Tahoma, Helvetica, Ari
                            2024-12-18 16:54:25 UTC5INData Raw: 30 0d 0a 0d 0a
                            Data Ascii: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            16192.168.2.164972989.117.109.414433608C:\Program Files\Google\Chrome\Application\chrome.exe
                            TimestampBytes transferredDirectionData
                            2024-12-18 16:54:24 UTC1411OUTGET /adfs/portal/logo/logo.png?id=87C494B1F166450BB45C74440F1A3221E5E310B79691E5269309FBF740B07E81 HTTP/1.1
                            Host: 810041cb-1c6faa7f.cpni.org
                            Connection: keep-alive
                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                            sec-ch-ua-mobile: ?0
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                            sec-ch-ua-platform: "Windows"
                            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            Sec-Fetch-Site: same-origin
                            Sec-Fetch-Mode: no-cors
                            Sec-Fetch-Dest: image
                            Referer: https://810041cb-1c6faa7f.cpni.org/adfs/ls/?login_hint=philip.vandermerwe%40qvc.com&client-request-id=487a8161-3846-433b-8152-bad4f5bc46ad&username=philip.vandermerwe%40qvc.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQSG6s83CysnRuDdl35usdt7SpGZcJG6F9gZHzByDiJSaogIzMns0CvLDEvJbUoN7WoPNWhsCwZpOYWk6B_UbpnSnixWypQLrEkMz_vETMeDRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnRj7h7hxSp3Wv2nNoby283yZDjFqp_h6eNcFFjmqJ_u6esaFlYe5maWVGmp7ZxRpF8REBWUYmTpVOiV6m8Q7Jlsa2RlOIFNaAIb0yk2hg9sjB3sDLPYGQ5wMh7gZfjBd-zY0ZcnPxx_57FBgOGBAAMA0
                            Accept-Encoding: gzip, deflate, br
                            Accept-Language: en-US,en;q=0.9
                            Cookie: 8o0KST="MWM2ZmFhN2YtNTg0Ni00ZTZlLWFmMTktNjEyMTQ3MzBkYjQ5OmRkMmI0ODczLTI5MDktNDE4ZS1iZDQwLTgzYzNlNDE4ZDBjOA=="
                            2024-12-18 16:54:25 UTC280INHTTP/1.1 200 OK
                            Server: nginx
                            Date: Wed, 18 Dec 2024 16:54:25 GMT
                            Content-Type: image/png
                            Transfer-Encoding: chunked
                            Connection: close
                            etag: 87C494B1F166450BB45C74440F1A3221E5E310B79691E5269309FBF740B07E81
                            access-control-allow-origin: *
                            access-control-allow-headers: *
                            2024-12-18 16:54:25 UTC3779INData Raw: 65 62 63 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 5a 00 00 00 23 08 06 00 00 00 14 85 1d 0b 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c3 00 00 0e c3 01 c7 6f a8 64 00 00 0e 51 49 44 41 54 68 43 ed 5a 67 70 5c d5 15 fe b6 6a b5 d2 6a b5 aa bb ea bd b8 ca b8 61 9b 1a db d8 d4 84 d0 02 09 65 20 84 00 26 24 a1 38 64 20 40 18 08 04 32 a1 43 08 19 02 21 cc 84 21 94 50 dd 05 2e 71 97 2d d9 96 6c 15 ab 97 55 59 d5 ed 25 e7 dc f7 24 4b 5b 64 19 db f9 83 bf 99 27 dd bd ef be 5b ce 3d e5 3b f7 3d 45 80 80 33 38 ed 50 ca ff cf e0 34 e3 3b af d1 9e 61 2f 02 7e 3f 54 5a 15 54 3a 95 5c 7b ea f1 9d d6 e8 80 3f 80 f2 ab 36 e1 ab 85 5f e0 e0 73 07 e4 da d3 83 ef b8 eb 08 c0
                            Data Ascii: ebcPNGIHDRZ#sRGBgAMAapHYsodQIDAThCZgp\jjae &$8d @2C!!P.q-lUY%$K[d'[=;=E38P4;a/~?TZT:\{?6_s
                            2024-12-18 16:54:25 UTC5INData Raw: 30 0d 0a 0d 0a
                            Data Ascii: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            17192.168.2.164973189.117.109.414433608C:\Program Files\Google\Chrome\Application\chrome.exe
                            TimestampBytes transferredDirectionData
                            2024-12-18 16:54:27 UTC1329OUTGET /favicon.ico HTTP/1.1
                            Host: 810041cb-1c6faa7f.cpni.org
                            Connection: keep-alive
                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                            sec-ch-ua-mobile: ?0
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                            sec-ch-ua-platform: "Windows"
                            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            Sec-Fetch-Site: same-origin
                            Sec-Fetch-Mode: no-cors
                            Sec-Fetch-Dest: image
                            Referer: https://810041cb-1c6faa7f.cpni.org/adfs/ls/?login_hint=philip.vandermerwe%40qvc.com&client-request-id=487a8161-3846-433b-8152-bad4f5bc46ad&username=philip.vandermerwe%40qvc.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQSG6s83CysnRuDdl35usdt7SpGZcJG6F9gZHzByDiJSaogIzMns0CvLDEvJbUoN7WoPNWhsCwZpOYWk6B_UbpnSnixWypQLrEkMz_vETMeDRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnRj7h7hxSp3Wv2nNoby283yZDjFqp_h6eNcFFjmqJ_u6esaFlYe5maWVGmp7ZxRpF8REBWUYmTpVOiV6m8Q7Jlsa2RlOIFNaAIb0yk2hg9sjB3sDLPYGQ5wMh7gZfjBd-zY0ZcnPxx_57FBgOGBAAMA0
                            Accept-Encoding: gzip, deflate, br
                            Accept-Language: en-US,en;q=0.9
                            Cookie: 8o0KST="MWM2ZmFhN2YtNTg0Ni00ZTZlLWFmMTktNjEyMTQ3MzBkYjQ5OmRkMmI0ODczLTI5MDktNDE4ZS1iZDQwLTgzYzNlNDE4ZDBjOA=="
                            2024-12-18 16:54:28 UTC256INHTTP/1.1 404 Not Found
                            Server: nginx
                            Date: Wed, 18 Dec 2024 16:54:28 GMT
                            Content-Type: text/html; charset=us-ascii
                            Transfer-Encoding: chunked
                            Connection: close
                            Vary: Accept-Encoding
                            access-control-allow-origin: *
                            access-control-allow-headers: *
                            2024-12-18 16:54:28 UTC322INData Raw: 31 33 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f
                            Data Ascii: 13b<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Erro
                            2024-12-18 16:54:28 UTC5INData Raw: 30 0d 0a 0d 0a
                            Data Ascii: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            18192.168.2.164973289.117.109.414433608C:\Program Files\Google\Chrome\Application\chrome.exe
                            TimestampBytes transferredDirectionData
                            2024-12-18 16:54:27 UTC1427OUTGET /adfs/portal/illustration/illustration.png?id=EFD0587FCF15BE144628CF2E7B6F442B4EEA740AA73D8D91C64E9E2B6C0353E4 HTTP/1.1
                            Host: 810041cb-1c6faa7f.cpni.org
                            Connection: keep-alive
                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                            sec-ch-ua-mobile: ?0
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                            sec-ch-ua-platform: "Windows"
                            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            Sec-Fetch-Site: same-origin
                            Sec-Fetch-Mode: no-cors
                            Sec-Fetch-Dest: image
                            Referer: https://810041cb-1c6faa7f.cpni.org/adfs/ls/?login_hint=philip.vandermerwe%40qvc.com&client-request-id=487a8161-3846-433b-8152-bad4f5bc46ad&username=philip.vandermerwe%40qvc.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQSG6s83CysnRuDdl35usdt7SpGZcJG6F9gZHzByDiJSaogIzMns0CvLDEvJbUoN7WoPNWhsCwZpOYWk6B_UbpnSnixWypQLrEkMz_vETMeDRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnRj7h7hxSp3Wv2nNoby283yZDjFqp_h6eNcFFjmqJ_u6esaFlYe5maWVGmp7ZxRpF8REBWUYmTpVOiV6m8Q7Jlsa2RlOIFNaAIb0yk2hg9sjB3sDLPYGQ5wMh7gZfjBd-zY0ZcnPxx_57FBgOGBAAMA0
                            Accept-Encoding: gzip, deflate, br
                            Accept-Language: en-US,en;q=0.9
                            Cookie: 8o0KST="MWM2ZmFhN2YtNTg0Ni00ZTZlLWFmMTktNjEyMTQ3MzBkYjQ5OmRkMmI0ODczLTI5MDktNDE4ZS1iZDQwLTgzYzNlNDE4ZDBjOA=="
                            2024-12-18 16:54:28 UTC280INHTTP/1.1 200 OK
                            Server: nginx
                            Date: Wed, 18 Dec 2024 16:54:28 GMT
                            Content-Type: image/png
                            Transfer-Encoding: chunked
                            Connection: close
                            etag: EFD0587FCF15BE144628CF2E7B6F442B4EEA740AA73D8D91C64E9E2B6C0353E4
                            access-control-allow-origin: *
                            access-control-allow-headers: *
                            2024-12-18 16:54:28 UTC296INData Raw: 31 32 31 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 bd 00 00 00 3b 08 06 00 00 00 2e 3e 8b f5 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c3 00 00 0e c3 01 c7 6f a8 64 00 00 00 b6 49 44 41 54 78 5e ed d2 31 01 c0 20 10 00 31 54 30 d4 34 15 42 35 7e 85 5c 86 38 c8 fa 9e 3b 50 22 3d 39 d2 93 23 3d 39 d2 93 23 3d 39 d2 93 23 3d 39 d2 93 23 3d 39 d2 93 23 3d 39 d2 93 23 3d 39 d2 93 23 3d 39 d2 93 23 3d 39 d2 93 23 3d 39 d2 93 23 3d 39 d2 93 23 3d 39 d2 93 23 3d 39 d2 93 23 3d 39 d2 93 23 3d 39 d2 93 23 3d 39 d2 93 23 3d 39 d2 93 23 3d 39 d2 93 23 3d 39 d2 93 23 3d 39 d2 93 23 3d 39 d2 93 23 3d 39 d2 93 23 3d 39 d2 93 23 3d 39 d2 93 23 3d 39 d2 93 23 3d 39 d2 93 23
                            Data Ascii: 121PNGIHDR;.>sRGBgAMAapHYsodIDATx^1 1T04B5~\8;P"=9#=9#=9#=9#=9#=9#=9#=9#=9#=9#=9#=9#=9#=9#=9#=9#=9#=9#=9#=9#=9#=9#=9#=9#=9#=9#
                            2024-12-18 16:54:28 UTC5INData Raw: 30 0d 0a 0d 0a
                            Data Ascii: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            19192.168.2.164973389.117.109.414433608C:\Program Files\Google\Chrome\Application\chrome.exe
                            TimestampBytes transferredDirectionData
                            2024-12-18 16:54:27 UTC562OUTGET /adfs/portal/logo/logo.png?id=87C494B1F166450BB45C74440F1A3221E5E310B79691E5269309FBF740B07E81 HTTP/1.1
                            Host: 810041cb-1c6faa7f.cpni.org
                            Connection: keep-alive
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                            Accept: */*
                            Sec-Fetch-Site: none
                            Sec-Fetch-Mode: cors
                            Sec-Fetch-Dest: empty
                            Accept-Encoding: gzip, deflate, br
                            Accept-Language: en-US,en;q=0.9
                            Cookie: 8o0KST="MWM2ZmFhN2YtNTg0Ni00ZTZlLWFmMTktNjEyMTQ3MzBkYjQ5OmRkMmI0ODczLTI5MDktNDE4ZS1iZDQwLTgzYzNlNDE4ZDBjOA=="
                            2024-12-18 16:54:28 UTC280INHTTP/1.1 200 OK
                            Server: nginx
                            Date: Wed, 18 Dec 2024 16:54:28 GMT
                            Content-Type: image/png
                            Transfer-Encoding: chunked
                            Connection: close
                            etag: 87C494B1F166450BB45C74440F1A3221E5E310B79691E5269309FBF740B07E81
                            access-control-allow-origin: *
                            access-control-allow-headers: *
                            2024-12-18 16:54:28 UTC3779INData Raw: 65 62 63 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 5a 00 00 00 23 08 06 00 00 00 14 85 1d 0b 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c3 00 00 0e c3 01 c7 6f a8 64 00 00 0e 51 49 44 41 54 68 43 ed 5a 67 70 5c d5 15 fe b6 6a b5 d2 6a b5 aa bb ea bd b8 ca b8 61 9b 1a db d8 d4 84 d0 02 09 65 20 84 00 26 24 a1 38 64 20 40 18 08 04 32 a1 43 08 19 02 21 cc 84 21 94 50 dd 05 2e 71 97 2d d9 96 6c 15 ab 97 55 59 d5 ed 25 e7 dc f7 24 4b 5b 64 19 db f9 83 bf 99 27 dd bd ef be 5b ce 3d e5 3b f7 3d 45 80 80 33 38 ed 50 ca ff cf e0 34 e3 3b af d1 9e 61 2f 02 7e 3f 54 5a 15 54 3a 95 5c 7b ea f1 9d d6 e8 80 3f 80 f2 ab 36 e1 ab 85 5f e0 e0 73 07 e4 da d3 83 ef b8 eb 08 c0
                            Data Ascii: ebcPNGIHDRZ#sRGBgAMAapHYsodQIDAThCZgp\jjae &$8d @2C!!P.q-lUY%$K[d'[=;=E38P4;a/~?TZT:\{?6_s
                            2024-12-18 16:54:28 UTC5INData Raw: 30 0d 0a 0d 0a
                            Data Ascii: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            20192.168.2.164973689.117.109.414433608C:\Program Files\Google\Chrome\Application\chrome.exe
                            TimestampBytes transferredDirectionData
                            2024-12-18 16:54:29 UTC578OUTGET /adfs/portal/illustration/illustration.png?id=EFD0587FCF15BE144628CF2E7B6F442B4EEA740AA73D8D91C64E9E2B6C0353E4 HTTP/1.1
                            Host: 810041cb-1c6faa7f.cpni.org
                            Connection: keep-alive
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                            Accept: */*
                            Sec-Fetch-Site: none
                            Sec-Fetch-Mode: cors
                            Sec-Fetch-Dest: empty
                            Accept-Encoding: gzip, deflate, br
                            Accept-Language: en-US,en;q=0.9
                            Cookie: 8o0KST="MWM2ZmFhN2YtNTg0Ni00ZTZlLWFmMTktNjEyMTQ3MzBkYjQ5OmRkMmI0ODczLTI5MDktNDE4ZS1iZDQwLTgzYzNlNDE4ZDBjOA=="
                            2024-12-18 16:54:31 UTC280INHTTP/1.1 200 OK
                            Server: nginx
                            Date: Wed, 18 Dec 2024 16:54:31 GMT
                            Content-Type: image/png
                            Transfer-Encoding: chunked
                            Connection: close
                            etag: EFD0587FCF15BE144628CF2E7B6F442B4EEA740AA73D8D91C64E9E2B6C0353E4
                            access-control-allow-origin: *
                            access-control-allow-headers: *
                            2024-12-18 16:54:31 UTC296INData Raw: 31 32 31 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 bd 00 00 00 3b 08 06 00 00 00 2e 3e 8b f5 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c3 00 00 0e c3 01 c7 6f a8 64 00 00 00 b6 49 44 41 54 78 5e ed d2 31 01 c0 20 10 00 31 54 30 d4 34 15 42 35 7e 85 5c 86 38 c8 fa 9e 3b 50 22 3d 39 d2 93 23 3d 39 d2 93 23 3d 39 d2 93 23 3d 39 d2 93 23 3d 39 d2 93 23 3d 39 d2 93 23 3d 39 d2 93 23 3d 39 d2 93 23 3d 39 d2 93 23 3d 39 d2 93 23 3d 39 d2 93 23 3d 39 d2 93 23 3d 39 d2 93 23 3d 39 d2 93 23 3d 39 d2 93 23 3d 39 d2 93 23 3d 39 d2 93 23 3d 39 d2 93 23 3d 39 d2 93 23 3d 39 d2 93 23 3d 39 d2 93 23 3d 39 d2 93 23 3d 39 d2 93 23 3d 39 d2 93 23 3d 39 d2 93 23 3d 39 d2 93 23
                            Data Ascii: 121PNGIHDR;.>sRGBgAMAapHYsodIDATx^1 1T04B5~\8;P"=9#=9#=9#=9#=9#=9#=9#=9#=9#=9#=9#=9#=9#=9#=9#=9#=9#=9#=9#=9#=9#=9#=9#=9#=9#=9#
                            2024-12-18 16:54:31 UTC5INData Raw: 30 0d 0a 0d 0a
                            Data Ascii: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            21192.168.2.164973989.117.109.414433608C:\Program Files\Google\Chrome\Application\chrome.exe
                            TimestampBytes transferredDirectionData
                            2024-12-18 16:54:37 UTC2181OUTPOST /adfs/ls/?login_hint=philip.vandermerwe%40qvc.com&client-request-id=487a8161-3846-433b-8152-bad4f5bc46ad&username=philip.vandermerwe%40qvc.com&wa=wsignin1.0&wtrealm=urn:federation:MicrosoftOnline&wctx=estsredirect%3D2%26estsrequest%3DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQSG6s83CysnRuDdl35usdt7SpGZcJG6F9gZHzByDiJSaogIzMns0CvLDEvJbUoN7WoPNWhsCwZpOYWk6B_UbpnSnixWypQLrEkMz_vETMeDRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnRj7h7hxSp3Wv2nNoby283yZDjFqp_h6eNcFFjmqJ_u6esaFlYe5maWVGmp7ZxRpF8REBWUYmTpVOiV6m8Q7Jlsa2RlOIFNaAIb0yk2hg9sjB3sDLPYGQ5wMh7gZfjBd-zY0ZcnPxx_57FBgOGBAAMA0 HTTP/1.1
                            Host: 810041cb-1c6faa7f.cpni.org
                            Connection: keep-alive
                            Content-Length: 89
                            Cache-Control: max-age=0
                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                            sec-ch-ua-mobile: ?0
                            sec-ch-ua-platform: "Windows"
                            Upgrade-Insecure-Requests: 1
                            Origin: https://810041cb-1c6faa7f.cpni.org
                            Content-Type: application/x-www-form-urlencoded
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                            Sec-Fetch-Site: same-origin
                            Sec-Fetch-Mode: navigate
                            Sec-Fetch-User: ?1
                            Sec-Fetch-Dest: document
                            Referer: https://810041cb-1c6faa7f.cpni.org/adfs/ls/?login_hint=philip.vandermerwe%40qvc.com&client-request-id=487a8161-3846-433b-8152-bad4f5bc46ad&username=philip.vandermerwe%40qvc.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQSG6s83CysnRuDdl35usdt7SpGZcJG6F9gZHzByDiJSaogIzMns0CvLDEvJbUoN7WoPNWhsCwZpOYWk6B_UbpnSnixWypQLrEkMz_vETMeDRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnRj7h7hxSp3Wv2nNoby283yZDjFqp_h6eNcFFjmqJ_u6esaFlYe5maWVGmp7ZxRpF8REBWUYmTpVOiV6m8Q7Jlsa2RlOIFNaAIb0yk2hg9sjB3sDLPYGQ5wMh7gZfjBd-zY0ZcnPxx_57FBgOGBAAMA0
                            Accept-Encoding: gzip, deflate, br
                            Accept-Language: en-US,en;q=0.9
                            Cookie: 8o0KST="MWM2ZmFhN2YtNTg0Ni00ZTZlLWFmMTktNjEyMTQ3MzBkYjQ5OmRkMmI0ODczLTI5MDktNDE4ZS1iZDQwLTgzYzNlNDE4ZDBjOA=="
                            2024-12-18 16:54:37 UTC89OUTData Raw: 55 73 65 72 4e 61 6d 65 3d 70 68 69 6c 69 70 2e 76 61 6e 64 65 72 6d 65 72 77 65 25 34 30 71 76 63 2e 63 6f 6d 26 50 61 73 73 77 6f 72 64 3d 31 32 33 31 32 34 33 31 34 33 31 26 41 75 74 68 4d 65 74 68 6f 64 3d 46 6f 72 6d 73 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e
                            Data Ascii: UserName=philip.vandermerwe%40qvc.com&Password=12312431431&AuthMethod=FormsAuthentication
                            2024-12-18 16:54:39 UTC298INHTTP/1.1 200 OK
                            Server: nginx
                            Date: Wed, 18 Dec 2024 16:54:39 GMT
                            Content-Type: text/html; charset=utf-8
                            Transfer-Encoding: chunked
                            Connection: close
                            Vary: Accept-Encoding
                            cache-control: no-cache,no-store
                            pragma: no-cache
                            access-control-allow-origin: *
                            access-control-allow-headers: *
                            2024-12-18 16:54:39 UTC16083INData Raw: 33 65 63 62 0d 0a 20 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 31 22 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79
                            Data Ascii: 3ecb <!DOCTYPE html><html lang="en-US"> <head> <meta http-equiv="X-UA-Compatible" content="IE=edge"/> <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=1"/> <meta http-equiv="content-ty
                            2024-12-18 16:54:39 UTC7099INData Raw: 31 62 62 33 0d 0a 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 72 67 62 28 34 37 2c 20 31 34 36 2c 20 32 31 32 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 31 30 30 25 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 72 67 62 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 40 2d 6d 6f 7a 2d 6b 65 79 66 72 61 6d 65 73 20 66 5f 66 61 64 65 47 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 30 25 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 72 67 62
                            Data Ascii: 1bb3 background-color: rgb(47, 146, 212); } 100% { background-color: rgb(255, 255, 255); } } @-moz-keyframes f_fadeG { 0% { background-color: rgb
                            2024-12-18 16:54:39 UTC5INData Raw: 30 0d 0a 0d 0a
                            Data Ascii: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            22192.168.2.164974089.117.109.414433608C:\Program Files\Google\Chrome\Application\chrome.exe
                            TimestampBytes transferredDirectionData
                            2024-12-18 16:54:39 UTC1442OUTGET /adfs/portal/css/style.css?id=D74D4D6943F32AE6F7F11D14D601DBB0E1A58919176EE512150366B6279AAF99 HTTP/1.1
                            Host: 810041cb-1c6faa7f.cpni.org
                            Connection: keep-alive
                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                            If-None-Match: D74D4D6943F32AE6F7F11D14D601DBB0E1A58919176EE512150366B6279AAF99
                            sec-ch-ua-mobile: ?0
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                            sec-ch-ua-platform: "Windows"
                            Accept: text/css,*/*;q=0.1
                            Sec-Fetch-Site: same-origin
                            Sec-Fetch-Mode: no-cors
                            Sec-Fetch-Dest: style
                            Referer: https://810041cb-1c6faa7f.cpni.org/adfs/ls/?login_hint=philip.vandermerwe%40qvc.com&client-request-id=487a8161-3846-433b-8152-bad4f5bc46ad&username=philip.vandermerwe%40qvc.com&wa=wsignin1.0&wtrealm=urn:federation:MicrosoftOnline&wctx=estsredirect%3D2%26estsrequest%3DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQSG6s83CysnRuDdl35usdt7SpGZcJG6F9gZHzByDiJSaogIzMns0CvLDEvJbUoN7WoPNWhsCwZpOYWk6B_UbpnSnixWypQLrEkMz_vETMeDRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnRj7h7hxSp3Wv2nNoby283yZDjFqp_h6eNcFFjmqJ_u6esaFlYe5maWVGmp7ZxRpF8REBWUYmTpVOiV6m8Q7Jlsa2RlOIFNaAIb0yk2hg9sjB3sDLPYGQ5wMh7gZfjBd-zY0ZcnPxx_57FBgOGBAAMA0
                            Accept-Encoding: gzip, deflate, br
                            Accept-Language: en-US,en;q=0.9
                            Cookie: 8o0KST="MWM2ZmFhN2YtNTg0Ni00ZTZlLWFmMTktNjEyMTQ3MzBkYjQ5OmRkMmI0ODczLTI5MDktNDE4ZS1iZDQwLTgzYzNlNDE4ZDBjOA=="
                            2024-12-18 16:54:40 UTC189INHTTP/1.1 304 Not Modified
                            Server: nginx
                            Date: Wed, 18 Dec 2024 16:54:40 GMT
                            Content-Type: text/css
                            Connection: close
                            access-control-allow-origin: *
                            access-control-allow-headers: *


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            23192.168.2.164974189.117.109.414433608C:\Program Files\Google\Chrome\Application\chrome.exe
                            TimestampBytes transferredDirectionData
                            2024-12-18 16:54:40 UTC1488OUTGET /adfs/portal/logo/logo.png?id=87C494B1F166450BB45C74440F1A3221E5E310B79691E5269309FBF740B07E81 HTTP/1.1
                            Host: 810041cb-1c6faa7f.cpni.org
                            Connection: keep-alive
                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                            If-None-Match: 87C494B1F166450BB45C74440F1A3221E5E310B79691E5269309FBF740B07E81
                            sec-ch-ua-mobile: ?0
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                            sec-ch-ua-platform: "Windows"
                            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            Sec-Fetch-Site: same-origin
                            Sec-Fetch-Mode: no-cors
                            Sec-Fetch-Dest: image
                            Referer: https://810041cb-1c6faa7f.cpni.org/adfs/ls/?login_hint=philip.vandermerwe%40qvc.com&client-request-id=487a8161-3846-433b-8152-bad4f5bc46ad&username=philip.vandermerwe%40qvc.com&wa=wsignin1.0&wtrealm=urn:federation:MicrosoftOnline&wctx=estsredirect%3D2%26estsrequest%3DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQSG6s83CysnRuDdl35usdt7SpGZcJG6F9gZHzByDiJSaogIzMns0CvLDEvJbUoN7WoPNWhsCwZpOYWk6B_UbpnSnixWypQLrEkMz_vETMeDRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnRj7h7hxSp3Wv2nNoby283yZDjFqp_h6eNcFFjmqJ_u6esaFlYe5maWVGmp7ZxRpF8REBWUYmTpVOiV6m8Q7Jlsa2RlOIFNaAIb0yk2hg9sjB3sDLPYGQ5wMh7gZfjBd-zY0ZcnPxx_57FBgOGBAAMA0
                            Accept-Encoding: gzip, deflate, br
                            Accept-Language: en-US,en;q=0.9
                            Cookie: 8o0KST="MWM2ZmFhN2YtNTg0Ni00ZTZlLWFmMTktNjEyMTQ3MzBkYjQ5OmRkMmI0ODczLTI5MDktNDE4ZS1iZDQwLTgzYzNlNDE4ZDBjOA=="
                            2024-12-18 16:54:42 UTC190INHTTP/1.1 304 Not Modified
                            Server: nginx
                            Date: Wed, 18 Dec 2024 16:54:41 GMT
                            Content-Type: image/png
                            Connection: close
                            access-control-allow-origin: *
                            access-control-allow-headers: *


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            24192.168.2.164974289.117.109.414433608C:\Program Files\Google\Chrome\Application\chrome.exe
                            TimestampBytes transferredDirectionData
                            2024-12-18 16:54:43 UTC1504OUTGET /adfs/portal/illustration/illustration.png?id=EFD0587FCF15BE144628CF2E7B6F442B4EEA740AA73D8D91C64E9E2B6C0353E4 HTTP/1.1
                            Host: 810041cb-1c6faa7f.cpni.org
                            Connection: keep-alive
                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                            sec-ch-ua-mobile: ?0
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                            sec-ch-ua-platform: "Windows"
                            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            Sec-Fetch-Site: same-origin
                            Sec-Fetch-Mode: no-cors
                            Sec-Fetch-Dest: image
                            Referer: https://810041cb-1c6faa7f.cpni.org/adfs/ls/?login_hint=philip.vandermerwe%40qvc.com&client-request-id=487a8161-3846-433b-8152-bad4f5bc46ad&username=philip.vandermerwe%40qvc.com&wa=wsignin1.0&wtrealm=urn:federation:MicrosoftOnline&wctx=estsredirect%3D2%26estsrequest%3DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuAQSG6s83CysnRuDdl35usdt7SpGZcJG6F9gZHzByDiJSaogIzMns0CvLDEvJbUoN7WoPNWhsCwZpOYWk6B_UbpnSnixWypQLrEkMz_vETMeDRdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnRj7h7hxSp3Wv2nNoby283yZDjFqp_h6eNcFFjmqJ_u6esaFlYe5maWVGmp7ZxRpF8REBWUYmTpVOiV6m8Q7Jlsa2RlOIFNaAIb0yk2hg9sjB3sDLPYGQ5wMh7gZfjBd-zY0ZcnPxx_57FBgOGBAAMA0
                            Accept-Encoding: gzip, deflate, br
                            Accept-Language: en-US,en;q=0.9
                            Cookie: 8o0KST="MWM2ZmFhN2YtNTg0Ni00ZTZlLWFmMTktNjEyMTQ3MzBkYjQ5OmRkMmI0ODczLTI5MDktNDE4ZS1iZDQwLTgzYzNlNDE4ZDBjOA=="
                            If-None-Match: EFD0587FCF15BE144628CF2E7B6F442B4EEA740AA73D8D91C64E9E2B6C0353E4
                            2024-12-18 16:54:44 UTC190INHTTP/1.1 304 Not Modified
                            Server: nginx
                            Date: Wed, 18 Dec 2024 16:54:44 GMT
                            Content-Type: image/png
                            Connection: close
                            access-control-allow-origin: *
                            access-control-allow-headers: *


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            25192.168.2.164974389.117.109.414433608C:\Program Files\Google\Chrome\Application\chrome.exe
                            TimestampBytes transferredDirectionData
                            2024-12-18 16:54:46 UTC659OUTGET /adfs/portal/illustration/illustration.png?id=EFD0587FCF15BE144628CF2E7B6F442B4EEA740AA73D8D91C64E9E2B6C0353E4 HTTP/1.1
                            Host: 810041cb-1c6faa7f.cpni.org
                            Connection: keep-alive
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                            Accept: */*
                            Sec-Fetch-Site: none
                            Sec-Fetch-Mode: cors
                            Sec-Fetch-Dest: empty
                            Accept-Encoding: gzip, deflate, br
                            Accept-Language: en-US,en;q=0.9
                            Cookie: 8o0KST="MWM2ZmFhN2YtNTg0Ni00ZTZlLWFmMTktNjEyMTQ3MzBkYjQ5OmRkMmI0ODczLTI5MDktNDE4ZS1iZDQwLTgzYzNlNDE4ZDBjOA=="
                            If-None-Match: EFD0587FCF15BE144628CF2E7B6F442B4EEA740AA73D8D91C64E9E2B6C0353E4
                            2024-12-18 16:54:47 UTC190INHTTP/1.1 304 Not Modified
                            Server: nginx
                            Date: Wed, 18 Dec 2024 16:54:47 GMT
                            Content-Type: image/png
                            Connection: close
                            access-control-allow-origin: *
                            access-control-allow-headers: *


                            Statistics

                            CPU Usage

                            Click to jump to process

                            Memory Usage

                            Click to jump to process

                            Behavior

                            Click to jump to process

                            System Behavior

                            General

                            Target ID:0
                            Start time:11:53:57
                            Start date:18/12/2024
                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                            Imagebase:0x7ff7f9810000
                            File size:3'242'272 bytes
                            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:low
                            Has exited:false

                            General

                            Target ID:1
                            Start time:11:53:58
                            Start date:18/12/2024
                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1888,i,10370185980324039885,8009006180425534524,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                            Imagebase:0x7ff7f9810000
                            File size:3'242'272 bytes
                            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:low
                            Has exited:false

                            General

                            Target ID:2
                            Start time:11:53:59
                            Start date:18/12/2024
                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cc.naver.com/cc?a=pst.link&m=1&nsc=Mblog.post&u=https://prestamosgarantizados.com/vvr/#phg4Plg4Ppjx3vandLh6rWPyLh6rwLh6q07qvz9Bjx3z9BR15WPy"
                            Imagebase:0x7ff7f9810000
                            File size:3'242'272 bytes
                            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:low
                            Has exited:true

                            Disassembly

                            No disassembly