Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
https://12h.eowsubluf.cfd/iP8

Overview

General Information

Sample URL:https://12h.eowsubluf.cfd/iP8
Analysis ID:1649337
Infos:

Detection

Score:56
Range:0 - 100
Confidence:100%

Signatures

AI detected phishing page
AI detected suspicious Javascript
Javascript uses Telegram API
Creates files inside the system directory
Deletes files inside the Windows folder
HTML body contains low number of good links
HTML body contains password input but no form action
HTML title does not match URL
Javascript checks online IP of machine

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • chrome.exe (PID: 2292 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 2620 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=3332,i,861080472236665628,7194960877763585076,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=1664 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 6748 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://12h.eowsubluf.cfd/iP8" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • Phishing
  • Compliance
  • Networking
  • System Summary

Click to jump to signature section

Show All Signature Results

Phishing

barindex
Source: https://sweet-friendly-owl.glitch.me/Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is classified as 'wellknown'., The legitimate domain for Microsoft is 'microsoft.com'., The URL 'sweet-friendly-owl.glitch.me' does not match the legitimate domain for Microsoft., The URL uses 'glitch.me', which is a domain often used for hosting projects and is not associated with Microsoft., The presence of random words in the subdomain 'sweet-friendly-owl' is suspicious and indicative of phishing., The input fields 'Email, phone, or Skype' are commonly targeted in phishing attempts to harvest personal information. DOM: 0.1.pages.csv
Source: https://sweet-friendly-owl.glitch.me/Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is classified as 'wellknown'., The legitimate domain for Microsoft is 'microsoft.com'., The URL 'sweet-friendly-owl.glitch.me' does not match the legitimate domain for Microsoft., The URL uses 'glitch.me', which is a platform for hosting web applications and is not associated with Microsoft., The presence of random words in the subdomain 'sweet-friendly-owl' is suspicious and indicative of phishing., The input fields 'Email, phone, or Skype' are commonly targeted in phishing attempts to harvest personal information. DOM: 0.0.pages.csv
Source: 0.0..script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://sweet-friendly-owl.glitch.me/... This script demonstrates several high-risk behaviors, including data exfiltration, dynamic code execution, and suspicious domain interactions. It collects user credentials and IP address, then sends this sensitive information to a Telegram bot, which is a clear indication of malicious intent. The script also includes obfuscated code and a redirect to a suspicious domain, further increasing the risk. Overall, this script poses a significant security threat and should be treated as high-risk.
Source: https://sweet-friendly-owl.glitch.me/HTTP Parser: const key_section = document.getelementbyid('key_section'); const singin_section = document.getelementbyid('singin_section'); const next_btn = document.getelementbyid('next_btn'); const user_key = document.getelementbyid('user_key'); const user_pass = document.getelementbyid('user_pass'); const key_part1 = document.getelementsbyclassname('key_part1')[0]; const key_part01 = document.getelementsbyclassname('key_part01')[0]; const key_part2 = document.getelementsbyclassname('key_part2')[0]; const error_msg = document.getelementsbyclassname('error_msg')[0]; const error_msg2 = document.getelementsbyclassname('error_msg2')[0]; const error_msg3 = document.getelementsbyclassname('error_msg3')[0]; const loader_wrapper = document.getelementsbyclassname('loader-wrapper')[0]; const s_header = document.getelementbyid('s_header'); const u_key = document.getelementbyid('u_key'); const u_key1 = document.getelementbyid('u_key1'); ...
Source: https://sweet-friendly-owl.glitch.me/HTTP Parser: Number of links: 0
Source: https://sweet-friendly-owl.glitch.me/HTTP Parser: <input type="password" .../> found but no <form action="...
Source: https://sweet-friendly-owl.glitch.me/HTTP Parser: Title: Sign in does not match URL
Source: https://sweet-friendly-owl.glitch.me/HTTP Parser: const key_section = document.getelementbyid('key_section'); const singin_section = document.getelementbyid('singin_section'); const next_btn = document.getelementbyid('next_btn'); const user_key = document.getelementbyid('user_key'); const user_pass = document.getelementbyid('user_pass'); const key_part1 = document.getelementsbyclassname('key_part1')[0]; const key_part01 = document.getelementsbyclassname('key_part01')[0]; const key_part2 = document.getelementsbyclassname('key_part2')[0]; const error_msg = document.getelementsbyclassname('error_msg')[0]; const error_msg2 = document.getelementsbyclassname('error_msg2')[0]; const error_msg3 = document.getelementsbyclassname('error_msg3')[0]; const loader_wrapper = document.getelementsbyclassname('loader-wrapper')[0]; const s_header = document.getelementbyid('s_header'); const u_key = document.getelementbyid('u_key'); const u_key1 = document.getelementbyid('u_key1'); ...
Source: https://sweet-friendly-owl.glitch.me/HTTP Parser: <input type="password" .../> found
Source: https://sweet-friendly-owl.glitch.me/HTTP Parser: No <meta name="author".. found
Source: https://sweet-friendly-owl.glitch.me/HTTP Parser: No <meta name="author".. found
Source: https://sweet-friendly-owl.glitch.me/HTTP Parser: No <meta name="copyright".. found
Source: https://sweet-friendly-owl.glitch.me/HTTP Parser: No <meta name="copyright".. found
Source: unknownHTTPS traffic detected: 142.251.32.100:443 -> 192.168.2.4:49722 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.64.80.1:443 -> 192.168.2.4:49724 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.64.80.1:443 -> 192.168.2.4:49725 version: TLS 1.2
Source: unknownHTTPS traffic detected: 199.232.90.59:443 -> 192.168.2.4:49726 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.209.72.31:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.209.72.31:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.209.72.31:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.209.72.31:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.209.72.31:443 -> 192.168.2.4:49729 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.81.227
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.81.227
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.81.227
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.81.227
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.81.227
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.81.227
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.81.227
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /iP8 HTTP/1.1Host: 12h.eowsubluf.cfdConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: sweet-friendly-owl.glitch.meConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://sweet-friendly-owl.glitch.me/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://sweet-friendly-owl.glitch.me/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://sweet-friendly-owl.glitch.me/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://sweet-friendly-owl.glitch.me/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://sweet-friendly-owl.glitch.me/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://sweet-friendly-owl.glitch.me/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global trafficHTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: 12h.eowsubluf.cfd
Source: global trafficDNS traffic detected: DNS query: sweet-friendly-owl.glitch.me
Source: global trafficDNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 321Content-Type: text/htmlx-ms-error-code: WebContentNotFoundx-ms-request-id: d575b28c-601e-00d3-1b66-9e5d55000000x-ms-version: 2018-03-28Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,x-ms-error-code,x-ms-request-id,x-ms-versionAccess-Control-Allow-Origin: *Date: Wed, 26 Mar 2025 15:57:40 GMTConnection: closeAkamai-GRN: 0.9f04d217.1743004660.12f08206
Source: chromecache_57.2.drString found in binary or memory: https://aadcdn.msftauth.net/shared/1.0/content/
Source: chromecache_57.2.drString found in binary or memory: https://api.ipify.org/?format=json
Source: chromecache_57.2.drString found in binary or memory: https://api.telegram.org/bot$
Source: chromecache_57.2.drString found in binary or memory: https://signup.live.com/error.aspx?errcode=8001
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49680 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownHTTPS traffic detected: 142.251.32.100:443 -> 192.168.2.4:49722 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.64.80.1:443 -> 192.168.2.4:49724 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.64.80.1:443 -> 192.168.2.4:49725 version: TLS 1.2
Source: unknownHTTPS traffic detected: 199.232.90.59:443 -> 192.168.2.4:49726 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.209.72.31:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.209.72.31:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.209.72.31:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.209.72.31:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.209.72.31:443 -> 192.168.2.4:49729 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.209.72.9:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir2292_653390359Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir2292_653390359Jump to behavior
Source: classification engineClassification label: mal56.phis.win@22/19@10/6
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=3332,i,861080472236665628,7194960877763585076,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=1664 /prefetch:3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://12h.eowsubluf.cfd/iP8"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=3332,i,861080472236665628,7194960877763585076,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=1664 /prefetch:3Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Browser Extensions		1
Process Injection		1
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
File Deletion		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1649337 URL: https://12h.eowsubluf.cfd/iP8 Startdate: 26/03/2025 Architecture: WINDOWS Score: 56 22 AI detected phishing page 2->22 24 AI detected suspicious Javascript 2->24 26 Javascript uses Telegram API 2->26 6 chrome.exe 2 2->6         started        9 chrome.exe 2->9         started        process3 dnsIp4 14 192.168.2.4, 138, 443, 49357 unknown unknown 6->14 11 chrome.exe 6->11         started        process5 dnsIp6 16 sweet-friendly-owl.glitch.me 11->16 18 www.google.com 142.251.32.100, 443, 49722, 49755 GOOGLEUS United States 11->18 20 7 other IPs or domains 11->20

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://12h.eowsubluf.cfd/iP80%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
e329293.dscd.akamaiedge.net
23.209.72.31
truefalse
    		high
    glitch-custom-domains.map.fastly.net
    		199.232.90.59
    		truefalse
      		high
      www.google.com
      		142.251.32.100
      		truefalse
        		high
        12h.eowsubluf.cfd
        		172.64.80.1
        		truefalse
          		unknown
          aadcdn.msftauth.net
          		unknown
          		unknownfalse
            		high
            sweet-friendly-owl.glitch.me
            		unknown
            		unknowntrue
              		unknown

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              https://aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svgfalse
                		high
                https://aadcdn.msftauth.net/shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svgfalse
                  		high
                  https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svgfalse
                    		high
                    https://aadcdn.msftauth.net/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svgfalse
                      		high
                      https://aadcdn.msftauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.icofalse
                        		high
                        http://c.pki.goog/r/gsr1.crlfalse
                          		high
                          http://c.pki.goog/r/r4.crlfalse
                            		high
                            https://12h.eowsubluf.cfd/iP8false
                              		unknown
                              https://aadcdn.msftauth.net/shared/1.0/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.pngfalse
                                		high
                                https://sweet-friendly-owl.glitch.me/true
                                  		unknown
                                  NameSourceMaliciousAntivirus DetectionReputation
                                  https://aadcdn.msftauth.net/shared/1.0/content/chromecache_57.2.drfalse
                                    		high
                                    https://api.ipify.org/?format=jsonchromecache_57.2.drfalse
                                      		high
                                      https://api.telegram.org/bot$chromecache_57.2.drfalse
                                        		high
                                        https://signup.live.com/error.aspx?errcode=8001chromecache_57.2.drfalse
                                          		high

                                          World Map of Contacted IPs

                                          • No. of IPs < 25%
                                          • 25% < No. of IPs < 50%
                                          • 50% < No. of IPs < 75%
                                          • 75% < No. of IPs

                                          Public IPs

                                          IPDomainCountryFlagASNASN NameMalicious
                                          23.209.72.9
                                          		unknownUnited States
                                          		20940AKAMAI-ASN1EUfalse
                                          142.251.32.100
                                          		www.google.comUnited States
                                          		15169GOOGLEUSfalse
                                          172.64.80.1
                                          		12h.eowsubluf.cfdUnited States
                                          		13335CLOUDFLARENETUSfalse
                                          199.232.90.59
                                          		glitch-custom-domains.map.fastly.netUnited States
                                          		54113FASTLYUSfalse
                                          23.209.72.31
                                          		e329293.dscd.akamaiedge.netUnited States
                                          		20940AKAMAI-ASN1EUfalse

                                          Private

                                          IP
                                          192.168.2.4

                                          General Information

                                          Joe Sandbox version:42.0.0 Malachite
                                          Analysis ID:1649337
                                          Start date and time:2025-03-26 16:56:35 +01:00
                                          Joe Sandbox product:CloudBasic
                                          Overall analysis duration:0h 3m 12s
                                          Hypervisor based Inspection enabled:false
                                          Report type:full
                                          Cookbook file name:browseurl.jbs
                                          Sample URL:https://12h.eowsubluf.cfd/iP8
                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                          Number of analysed new started processes analysed:21
                                          Number of new started drivers analysed:0
                                          Number of existing processes analysed:0
                                          Number of existing drivers analysed:0
                                          Number of injected processes analysed:0
                                          Technologies:
                                          • EGA enabled
                                          • AMSI enabled
                                          Analysis Mode:default
                                          Analysis stop reason:Timeout
                                          Detection:MAL
                                          Classification:mal56.phis.win@22/19@10/6
                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, sppsvc.exe, RuntimeBroker.exe, ShellExperienceHost.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
                                          • Excluded IPs from analysis (whitelisted): 142.250.80.110, 142.250.80.99, 142.250.31.84, 142.250.81.238, 172.217.165.138, 142.250.65.170, 142.250.65.202, 142.250.65.234, 142.250.81.234, 142.251.32.106, 142.251.35.170, 142.251.40.106, 142.251.40.138, 142.251.40.170, 142.250.64.74, 142.250.64.106, 142.250.176.202, 142.251.40.202, 142.251.40.234, 142.251.41.10, 184.31.68.248, 199.232.90.172, 142.251.40.131, 23.9.183.29, 20.12.23.50
                                          • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com, c.pki.goog
                                          • Not all processes where analyzed, report is missing behavior information
                                          • Report size getting too big, too many NtOpenFile calls found.
                                          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                          • VT rate limit hit for: https://12h.eowsubluf.cfd/iP8

                                          Simulations

                                          Behavior and APIs

                                          No simulations

                                          Joe Sandbox View / Context

                                          IPs

                                          No context

                                          Domains

                                          No context

                                          ASNs

                                          No context

                                          JA3 Fingerprints

                                          No context

                                          Dropped Files

                                          No context

                                          Created / dropped Files

                                          Chrome Cache Entry: 51

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:SVG Scalable Vector Graphics image
                                          Category:dropped
                                          Size (bytes):513
                                          Entropy (8bit):4.720499940334011
                                          Encrypted:false
                                          SSDEEP:12:t4BdU/uRqv6DLfBHKFWJCDLfBSU1pRXIFl+MJ4bADc:t4TU/uRff0EcfIU1XXU+t2c
                                          MD5:A9CC2824EF3517B6C4160DCF8FF7D410
                                          SHA1:8DB9AEBAD84CA6E4225BFDD2458FF3821CC4F064
                                          SHA-256:34F9DB946E89F031A80DFCA7B16B2B686469C9886441261AE70A44DA1DFA2D58
                                          SHA-512:AA3DDAB0A1CFF9533F9A668ABA4FB5E3D75ED9F8AFF8A1CAA4C29F9126D85FF4529E82712C0119D2E81035D1CE1CC491FF9473384D211317D4D00E0E234AD97F
                                          Malicious:false
                                          Reputation:low
                                          Preview:<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24"><title>assets</title><path d="M18,11.578v.844H7.617l3.921,3.928-.594.594L6,12l4.944-4.944.594.594L7.617,11.578Z" fill="#404040"/><path d="M10.944,7.056l.594.594L7.617,11.578H18v.844H7.617l3.921,3.928-.594.594L6,12l4.944-4.944m0-.141-.071.07L5.929,11.929,5.858,12l.071.071,4.944,4.944.071.07.071-.07.594-.595.071-.07-.071-.071L7.858,12.522H18.1V11.478H7.858l3.751-3.757.071-.071-.071-.07-.594-.595-.071-.07Z" fill="#404040"/></svg>

                                          Chrome Cache Entry: 52

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:SVG Scalable Vector Graphics image
                                          Category:dropped
                                          Size (bytes):3651
                                          Entropy (8bit):4.094801914706141
                                          Encrypted:false
                                          SSDEEP:96:wO4DZ+Stb/jY+eo4hAryAes9mBYYQgWLDm9:wToSBjlevudl9nO
                                          MD5:EE5C8D9FB6248C938FD0DC19370E90BD
                                          SHA1:D01A22720918B781338B5BBF9202B241A5F99EE4
                                          SHA-256:04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
                                          SHA-512:C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58
                                          Malicious:false
                                          Reputation:low
                                          Preview:<svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.

                                          Chrome Cache Entry: 53

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:SVG Scalable Vector Graphics image
                                          Category:downloaded
                                          Size (bytes):3651
                                          Entropy (8bit):4.094801914706141
                                          Encrypted:false
                                          SSDEEP:96:wO4DZ+Stb/jY+eo4hAryAes9mBYYQgWLDm9:wToSBjlevudl9nO
                                          MD5:EE5C8D9FB6248C938FD0DC19370E90BD
                                          SHA1:D01A22720918B781338B5BBF9202B241A5F99EE4
                                          SHA-256:04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
                                          SHA-512:C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58
                                          Malicious:false
                                          Reputation:low
                                          URL:https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
                                          Preview:<svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.

                                          Chrome Cache Entry: 54

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:SVG Scalable Vector Graphics image
                                          Category:dropped
                                          Size (bytes):1592
                                          Entropy (8bit):4.205005284721148
                                          Encrypted:false
                                          SSDEEP:48:ztSAS1OtmCtc7aIVmt4yyR9S2lKUyDWwh:RoOtmCtc7aCmVQHSRh
                                          MD5:4E48046CE74F4B89D45037C90576BFAC
                                          SHA1:4A41B3B51ED787F7B33294202DA72220C7CD2C32
                                          SHA-256:8E6DB1634F1812D42516778FC890010AA57F3E39914FB4803DF2C38ABBF56D93
                                          SHA-512:B2BBA2A68EDAA1A08CFA31ED058AFB5E6A3150AABB9A78DB9F5CCC2364186D44A015986A57707B57E2CC855FA7DA57861AD19FC4E7006C2C239C98063FE903CF
                                          Malicious:false
                                          Reputation:low
                                          Preview:<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><defs><style>.a{fill:none;}.b{fill:#404040;}</style></defs><rect class="a" width="48" height="48"/><path class="b" d="M40,32.578V40H32V36H28V32H24V28.766A10.689,10.689,0,0,1,19,30a10.9,10.9,0,0,1-5.547-1.5,11.106,11.106,0,0,1-2.219-1.719A11.373,11.373,0,0,1,9.5,24.547a10.4,10.4,0,0,1-1.109-2.625A11.616,11.616,0,0,1,8,19a10.9,10.9,0,0,1,1.5-5.547,11.106,11.106,0,0,1,1.719-2.219A11.373,11.373,0,0,1,13.453,9.5a10.4,10.4,0,0,1,2.625-1.109A11.616,11.616,0,0,1,19,8a10.9,10.9,0,0,1,5.547,1.5,11.106,11.106,0,0,1,2.219,1.719A11.373,11.373,0,0,1,28.5,13.453a10.4,10.4,0,0,1,1.109,2.625A11.616,11.616,0,0,1,30,19a10.015,10.015,0,0,1-.125,1.578,10.879,10.879,0,0,1-.359,1.531Zm-2,.844L27.219,22.641a14.716,14.716,0,0,0,.562-1.782A7.751,7.751,0,0,0,28,19a8.786,8.786,0,0,0-.7-3.5,8.9,8.9,0,0,0-1.938-2.859A9.269,9.269,0,0,0,22.5,10.719,8.9,8.9,0,0,0,19,10a8.786,8.786,0,0,0-3.5.7,8.9,8.9,0,0,0-2.859,1.938A9.269,9.269,0,0,0,

                                          Chrome Cache Entry: 55

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:SVG Scalable Vector Graphics image
                                          Category:downloaded
                                          Size (bytes):1592
                                          Entropy (8bit):4.205005284721148
                                          Encrypted:false
                                          SSDEEP:48:ztSAS1OtmCtc7aIVmt4yyR9S2lKUyDWwh:RoOtmCtc7aCmVQHSRh
                                          MD5:4E48046CE74F4B89D45037C90576BFAC
                                          SHA1:4A41B3B51ED787F7B33294202DA72220C7CD2C32
                                          SHA-256:8E6DB1634F1812D42516778FC890010AA57F3E39914FB4803DF2C38ABBF56D93
                                          SHA-512:B2BBA2A68EDAA1A08CFA31ED058AFB5E6A3150AABB9A78DB9F5CCC2364186D44A015986A57707B57E2CC855FA7DA57861AD19FC4E7006C2C239C98063FE903CF
                                          Malicious:false
                                          Reputation:low
                                          URL:https://aadcdn.msftauth.net/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg
                                          Preview:<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><defs><style>.a{fill:none;}.b{fill:#404040;}</style></defs><rect class="a" width="48" height="48"/><path class="b" d="M40,32.578V40H32V36H28V32H24V28.766A10.689,10.689,0,0,1,19,30a10.9,10.9,0,0,1-5.547-1.5,11.106,11.106,0,0,1-2.219-1.719A11.373,11.373,0,0,1,9.5,24.547a10.4,10.4,0,0,1-1.109-2.625A11.616,11.616,0,0,1,8,19a10.9,10.9,0,0,1,1.5-5.547,11.106,11.106,0,0,1,1.719-2.219A11.373,11.373,0,0,1,13.453,9.5a10.4,10.4,0,0,1,2.625-1.109A11.616,11.616,0,0,1,19,8a10.9,10.9,0,0,1,5.547,1.5,11.106,11.106,0,0,1,2.219,1.719A11.373,11.373,0,0,1,28.5,13.453a10.4,10.4,0,0,1,1.109,2.625A11.616,11.616,0,0,1,30,19a10.015,10.015,0,0,1-.125,1.578,10.879,10.879,0,0,1-.359,1.531Zm-2,.844L27.219,22.641a14.716,14.716,0,0,0,.562-1.782A7.751,7.751,0,0,0,28,19a8.786,8.786,0,0,0-.7-3.5,8.9,8.9,0,0,0-1.938-2.859A9.269,9.269,0,0,0,22.5,10.719,8.9,8.9,0,0,0,19,10a8.786,8.786,0,0,0-3.5.7,8.9,8.9,0,0,0-2.859,1.938A9.269,9.269,0,0,0,

                                          Chrome Cache Entry: 56

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:SVG Scalable Vector Graphics image
                                          Category:dropped
                                          Size (bytes):1864
                                          Entropy (8bit):5.222032823730197
                                          Encrypted:false
                                          SSDEEP:48:yvswNIBLBpJawmMH44log6gw/MHm7pJroog6gwkMH9Xog6gwdMHdqdyqog7C:ykfXYx+odPcs9B
                                          MD5:BC3D32A696895F78C19DF6C717586A5D
                                          SHA1:9191CB156A30A3ED79C44C0A16C95159E8FF689D
                                          SHA-256:0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
                                          SHA-512:8D4F38907F3423A86D90575772B292680F7970527D2090FC005F9B096CC81D3F279D59AD76EAFCA30C3D4BBAF2276BBAA753E2A46A149424CF6F1C319DED5A64
                                          Malicious:false
                                          Reputation:low
                                          Preview:<svg xmlns="http://www.w3.org/2000/svg" width="1920" height="1080" fill="none"><g opacity=".2" clip-path="url(#E)"><path d="M1466.4 1795.2c950.37 0 1720.8-627.52 1720.8-1401.6S2416.77-1008 1466.4-1008-254.4-380.482-254.4 393.6s770.428 1401.6 1720.8 1401.6z" fill="url(#A)"/><path d="M394.2 1815.6c746.58 0 1351.8-493.2 1351.8-1101.6S1140.78-387.6 394.2-387.6-957.6 105.603-957.6 714-352.38 1815.6 394.2 1815.6z" fill="url(#B)"/><path d="M1548.6 1885.2c631.92 0 1144.2-417.45 1144.2-932.4S2180.52 20.4 1548.6 20.4 404.4 437.85 404.4 952.8s512.276 932.4 1144.2 932.4z" fill="url(#C)"/><path d="M265.8 1215.6c690.246 0 1249.8-455.595 1249.8-1017.6S956.046-819.6 265.8-819.6-984-364.005-984 198-424.445 1215.6 265.8 1215.6z" fill="url(#D)"/></g><defs><radialGradient id="A" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(1466.4 393.6) rotate(90) scale(1401.6 1720.8)"><stop stop-color="#107c10"/><stop offset="1" stop-color="#c4c4c4" stop-opacity="0"/></radialGradient><r

                                          Chrome Cache Entry: 57

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:HTML document, Unicode text, UTF-8 text
                                          Category:downloaded
                                          Size (bytes):17044
                                          Entropy (8bit):4.556195024649749
                                          Encrypted:false
                                          SSDEEP:384:eWLWuFzXPhBUfhormkr+xc06Yoj5yqdUvb:eWLWuFzXJBUfhormkr+xcsojUqdUvb
                                          MD5:D4BC52DAD8AC26D03E1D82B48399A6C7
                                          SHA1:CA91816092C97209E7EE0ACE75049949998DDD20
                                          SHA-256:0523840B45F043C95345D48DF25A3350FABE4E600D457154EB1C3ED980E2D9E2
                                          SHA-512:5423082159051FD5A608A569740B443A68F17E6561E00175CD0777FC0B30FF1D67FA6BD54B766F1AAEB367691FC4E75EA12EC126343E6C0DD75477F146FCEBC7
                                          Malicious:false
                                          Reputation:low
                                          URL:https://sweet-friendly-owl.glitch.me/
                                          Preview:<!DOCTYPE html>.<html lang="en">. <head>. <meta charset="UTF-8" />. <meta http-equiv="X-UA-Compatible" content="IE=edge" />. <meta name="viewport" content="width=device-width, initial-scale=1.0" />. <link rel="shortcut icon" type="image/x-icon" id="shortcut_icon" />. <title>Sign in</title>. <style>. * {. margin: 0;. padding: 0;. box-sizing: border-box;. }. .custom-loader {. width: 7px;. height: 7px;. border-radius: 50%;. clip-path: inset(-45px);. color: #766df4;. box-shadow: -60px 15px, -60px 15px, -60px 15px;. transform: translateY(-15px);. animation: d9 1s infinite linear;. }.. @keyframes d9 {. 16.67% {. box-shadow: -60px 15px, -60px 15px, 19px 15px;. }. 33.33% {. box-shadow: -60px 15px, 0px 15px, 19px 15px;. }. 40%,. 60% {. box-shadow: -19px 15px, 0px 15px, 19px 15px;. }. 66.67% {.

                                          Chrome Cache Entry: 58

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
                                          Category:downloaded
                                          Size (bytes):17174
                                          Entropy (8bit):2.9129715116732746
                                          Encrypted:false
                                          SSDEEP:24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
                                          MD5:12E3DAC858061D088023B2BD48E2FA96
                                          SHA1:E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
                                          SHA-256:90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
                                          SHA-512:C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
                                          Malicious:false
                                          Reputation:low
                                          URL:https://aadcdn.msftauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
                                          Preview:..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

                                          Chrome Cache Entry: 59

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
                                          Category:dropped
                                          Size (bytes):17174
                                          Entropy (8bit):2.9129715116732746
                                          Encrypted:false
                                          SSDEEP:24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
                                          MD5:12E3DAC858061D088023B2BD48E2FA96
                                          SHA1:E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
                                          SHA-256:90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
                                          SHA-512:C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
                                          Malicious:false
                                          Reputation:low
                                          Preview:..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

                                          Chrome Cache Entry: 60

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:downloaded
                                          Size (bytes):28
                                          Entropy (8bit):3.869331261111518
                                          Encrypted:false
                                          SSDEEP:3:WainunUStinY:finunUS0Y
                                          MD5:6B41EBB98EFB04A447990ADABDDD2505
                                          SHA1:5C9C58CADF28A9C2D702C470E9412FCF927AB8BE
                                          SHA-256:0753F110C9785AE12EF5A6B2898553F9F328E1B27A9170DD6DBE5FB82D241AC8
                                          SHA-512:1A359F7BA84867EB6EAC820AF34862CF7CEDDF79231776C6B4A3266691C626240CE9524814B74E61E896E4A734C9BD09A5028065FBAF24A7E4FABBD6415D3D4B
                                          Malicious:false
                                          Reputation:low
                                          URL:https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhIgCdOT1WcbVOdEEgUNrOgdvxIFDbzsqzohGfCDnVMVO4o=?alt=proto
                                          Preview:ChIKBw2s6B2/GgAKBw287Ks6GgA=

                                          Chrome Cache Entry: 61

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:SVG Scalable Vector Graphics image
                                          Category:downloaded
                                          Size (bytes):513
                                          Entropy (8bit):4.720499940334011
                                          Encrypted:false
                                          SSDEEP:12:t4BdU/uRqv6DLfBHKFWJCDLfBSU1pRXIFl+MJ4bADc:t4TU/uRff0EcfIU1XXU+t2c
                                          MD5:A9CC2824EF3517B6C4160DCF8FF7D410
                                          SHA1:8DB9AEBAD84CA6E4225BFDD2458FF3821CC4F064
                                          SHA-256:34F9DB946E89F031A80DFCA7B16B2B686469C9886441261AE70A44DA1DFA2D58
                                          SHA-512:AA3DDAB0A1CFF9533F9A668ABA4FB5E3D75ED9F8AFF8A1CAA4C29F9126D85FF4529E82712C0119D2E81035D1CE1CC491FF9473384D211317D4D00E0E234AD97F
                                          Malicious:false
                                          Reputation:low
                                          URL:https://aadcdn.msftauth.net/shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg
                                          Preview:<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24"><title>assets</title><path d="M18,11.578v.844H7.617l3.921,3.928-.594.594L6,12l4.944-4.944.594.594L7.617,11.578Z" fill="#404040"/><path d="M10.944,7.056l.594.594L7.617,11.578H18v.844H7.617l3.921,3.928-.594.594L6,12l4.944-4.944m0-.141-.071.07L5.929,11.929,5.858,12l.071.071,4.944,4.944.071.07.071-.07.594-.595.071-.07-.071-.071L7.858,12.522H18.1V11.478H7.858l3.751-3.757.071-.071-.071-.07-.594-.595-.071-.07Z" fill="#404040"/></svg>

                                          Chrome Cache Entry: 62

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:SVG Scalable Vector Graphics image
                                          Category:downloaded
                                          Size (bytes):1864
                                          Entropy (8bit):5.222032823730197
                                          Encrypted:false
                                          SSDEEP:48:yvswNIBLBpJawmMH44log6gw/MHm7pJroog6gwkMH9Xog6gwdMHdqdyqog7C:ykfXYx+odPcs9B
                                          MD5:BC3D32A696895F78C19DF6C717586A5D
                                          SHA1:9191CB156A30A3ED79C44C0A16C95159E8FF689D
                                          SHA-256:0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
                                          SHA-512:8D4F38907F3423A86D90575772B292680F7970527D2090FC005F9B096CC81D3F279D59AD76EAFCA30C3D4BBAF2276BBAA753E2A46A149424CF6F1C319DED5A64
                                          Malicious:false
                                          Reputation:low
                                          URL:https://aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg
                                          Preview:<svg xmlns="http://www.w3.org/2000/svg" width="1920" height="1080" fill="none"><g opacity=".2" clip-path="url(#E)"><path d="M1466.4 1795.2c950.37 0 1720.8-627.52 1720.8-1401.6S2416.77-1008 1466.4-1008-254.4-380.482-254.4 393.6s770.428 1401.6 1720.8 1401.6z" fill="url(#A)"/><path d="M394.2 1815.6c746.58 0 1351.8-493.2 1351.8-1101.6S1140.78-387.6 394.2-387.6-957.6 105.603-957.6 714-352.38 1815.6 394.2 1815.6z" fill="url(#B)"/><path d="M1548.6 1885.2c631.92 0 1144.2-417.45 1144.2-932.4S2180.52 20.4 1548.6 20.4 404.4 437.85 404.4 952.8s512.276 932.4 1144.2 932.4z" fill="url(#C)"/><path d="M265.8 1215.6c690.246 0 1249.8-455.595 1249.8-1017.6S956.046-819.6 265.8-819.6-984-364.005-984 198-424.445 1215.6 265.8 1215.6z" fill="url(#D)"/></g><defs><radialGradient id="A" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(1466.4 393.6) rotate(90) scale(1401.6 1720.8)"><stop stop-color="#107c10"/><stop offset="1" stop-color="#c4c4c4" stop-opacity="0"/></radialGradient><r

                                          Static File Info

                                          No static file info

                                          Network Behavior

                                          Download Network PCAP: filteredfull

                                          Network Port Distribution

                                          • Total Packets: 194
                                          • 443 (HTTPS)
                                          • 80 (HTTP)
                                          • 53 (DNS)
                                          TimestampSource PortDest PortSource IPDest IP
                                          Mar 26, 2025 16:57:24.867358923 CET49680443192.168.2.4204.79.197.222
                                          Mar 26, 2025 16:57:33.785520077 CET49671443192.168.2.4204.79.197.203
                                          Mar 26, 2025 16:57:34.164309978 CET49671443192.168.2.4204.79.197.203
                                          Mar 26, 2025 16:57:34.476773977 CET49680443192.168.2.4204.79.197.222
                                          Mar 26, 2025 16:57:34.773017883 CET49671443192.168.2.4204.79.197.203
                                          Mar 26, 2025 16:57:35.976167917 CET49671443192.168.2.4204.79.197.203
                                          Mar 26, 2025 16:57:37.537502050 CET49722443192.168.2.4142.251.32.100
                                          Mar 26, 2025 16:57:37.537595987 CET44349722142.251.32.100192.168.2.4
                                          Mar 26, 2025 16:57:37.537673950 CET49722443192.168.2.4142.251.32.100
                                          Mar 26, 2025 16:57:37.537826061 CET49722443192.168.2.4142.251.32.100
                                          Mar 26, 2025 16:57:37.537849903 CET44349722142.251.32.100192.168.2.4
                                          Mar 26, 2025 16:57:37.736778975 CET44349722142.251.32.100192.168.2.4
                                          Mar 26, 2025 16:57:37.736879110 CET49722443192.168.2.4142.251.32.100
                                          Mar 26, 2025 16:57:37.738266945 CET49722443192.168.2.4142.251.32.100
                                          Mar 26, 2025 16:57:37.738301992 CET44349722142.251.32.100192.168.2.4
                                          Mar 26, 2025 16:57:37.738660097 CET44349722142.251.32.100192.168.2.4
                                          Mar 26, 2025 16:57:37.791598082 CET49722443192.168.2.4142.251.32.100
                                          Mar 26, 2025 16:57:38.385236025 CET49671443192.168.2.4204.79.197.203
                                          Mar 26, 2025 16:57:39.021439075 CET49724443192.168.2.4172.64.80.1
                                          Mar 26, 2025 16:57:39.021485090 CET44349724172.64.80.1192.168.2.4
                                          Mar 26, 2025 16:57:39.021552086 CET49724443192.168.2.4172.64.80.1
                                          Mar 26, 2025 16:57:39.021862030 CET49724443192.168.2.4172.64.80.1
                                          Mar 26, 2025 16:57:39.021873951 CET44349724172.64.80.1192.168.2.4
                                          Mar 26, 2025 16:57:39.052118063 CET49725443192.168.2.4172.64.80.1
                                          Mar 26, 2025 16:57:39.052167892 CET44349725172.64.80.1192.168.2.4
                                          Mar 26, 2025 16:57:39.052227020 CET49725443192.168.2.4172.64.80.1
                                          Mar 26, 2025 16:57:39.052419901 CET49725443192.168.2.4172.64.80.1
                                          Mar 26, 2025 16:57:39.052437067 CET44349725172.64.80.1192.168.2.4
                                          Mar 26, 2025 16:57:39.218827009 CET44349724172.64.80.1192.168.2.4
                                          Mar 26, 2025 16:57:39.218908072 CET49724443192.168.2.4172.64.80.1
                                          Mar 26, 2025 16:57:39.220132113 CET49724443192.168.2.4172.64.80.1
                                          Mar 26, 2025 16:57:39.220150948 CET44349724172.64.80.1192.168.2.4
                                          Mar 26, 2025 16:57:39.220639944 CET44349724172.64.80.1192.168.2.4
                                          Mar 26, 2025 16:57:39.220959902 CET49724443192.168.2.4172.64.80.1
                                          Mar 26, 2025 16:57:39.250221968 CET44349725172.64.80.1192.168.2.4
                                          Mar 26, 2025 16:57:39.250391960 CET49725443192.168.2.4172.64.80.1
                                          Mar 26, 2025 16:57:39.250783920 CET49725443192.168.2.4172.64.80.1
                                          Mar 26, 2025 16:57:39.250792980 CET44349725172.64.80.1192.168.2.4
                                          Mar 26, 2025 16:57:39.251293898 CET44349725172.64.80.1192.168.2.4
                                          Mar 26, 2025 16:57:39.264277935 CET44349724172.64.80.1192.168.2.4
                                          Mar 26, 2025 16:57:39.291328907 CET49725443192.168.2.4172.64.80.1
                                          Mar 26, 2025 16:57:39.443480015 CET44349724172.64.80.1192.168.2.4
                                          Mar 26, 2025 16:57:39.443559885 CET44349724172.64.80.1192.168.2.4
                                          Mar 26, 2025 16:57:39.443615913 CET49724443192.168.2.4172.64.80.1
                                          Mar 26, 2025 16:57:39.444062948 CET49724443192.168.2.4172.64.80.1
                                          Mar 26, 2025 16:57:39.444080114 CET44349724172.64.80.1192.168.2.4
                                          Mar 26, 2025 16:57:39.586153984 CET49726443192.168.2.4199.232.90.59
                                          Mar 26, 2025 16:57:39.586209059 CET44349726199.232.90.59192.168.2.4
                                          Mar 26, 2025 16:57:39.587243080 CET49726443192.168.2.4199.232.90.59
                                          Mar 26, 2025 16:57:39.587461948 CET49726443192.168.2.4199.232.90.59
                                          Mar 26, 2025 16:57:39.587480068 CET44349726199.232.90.59192.168.2.4
                                          Mar 26, 2025 16:57:39.779589891 CET44349726199.232.90.59192.168.2.4
                                          Mar 26, 2025 16:57:39.779684067 CET49726443192.168.2.4199.232.90.59
                                          Mar 26, 2025 16:57:39.780697107 CET49726443192.168.2.4199.232.90.59
                                          Mar 26, 2025 16:57:39.780705929 CET44349726199.232.90.59192.168.2.4
                                          Mar 26, 2025 16:57:39.781088114 CET44349726199.232.90.59192.168.2.4
                                          Mar 26, 2025 16:57:39.781508923 CET49726443192.168.2.4199.232.90.59
                                          Mar 26, 2025 16:57:39.828270912 CET44349726199.232.90.59192.168.2.4
                                          Mar 26, 2025 16:57:40.005497932 CET44349726199.232.90.59192.168.2.4
                                          Mar 26, 2025 16:57:40.005561113 CET44349726199.232.90.59192.168.2.4
                                          Mar 26, 2025 16:57:40.005593061 CET44349726199.232.90.59192.168.2.4
                                          Mar 26, 2025 16:57:40.005620956 CET49726443192.168.2.4199.232.90.59
                                          Mar 26, 2025 16:57:40.005633116 CET44349726199.232.90.59192.168.2.4
                                          Mar 26, 2025 16:57:40.005640984 CET44349726199.232.90.59192.168.2.4
                                          Mar 26, 2025 16:57:40.005685091 CET49726443192.168.2.4199.232.90.59
                                          Mar 26, 2025 16:57:40.008188009 CET44349726199.232.90.59192.168.2.4
                                          Mar 26, 2025 16:57:40.008266926 CET49726443192.168.2.4199.232.90.59
                                          Mar 26, 2025 16:57:40.011198044 CET44349726199.232.90.59192.168.2.4
                                          Mar 26, 2025 16:57:40.014209986 CET44349726199.232.90.59192.168.2.4
                                          Mar 26, 2025 16:57:40.016339064 CET49726443192.168.2.4199.232.90.59
                                          Mar 26, 2025 16:57:40.016366005 CET44349726199.232.90.59192.168.2.4
                                          Mar 26, 2025 16:57:40.017189026 CET44349726199.232.90.59192.168.2.4
                                          Mar 26, 2025 16:57:40.017296076 CET49726443192.168.2.4199.232.90.59
                                          Mar 26, 2025 16:57:40.017313957 CET44349726199.232.90.59192.168.2.4
                                          Mar 26, 2025 16:57:40.023124933 CET44349726199.232.90.59192.168.2.4
                                          Mar 26, 2025 16:57:40.023164988 CET44349726199.232.90.59192.168.2.4
                                          Mar 26, 2025 16:57:40.023224115 CET49726443192.168.2.4199.232.90.59
                                          Mar 26, 2025 16:57:40.023247957 CET44349726199.232.90.59192.168.2.4
                                          Mar 26, 2025 16:57:40.023256063 CET44349726199.232.90.59192.168.2.4
                                          Mar 26, 2025 16:57:40.023307085 CET49726443192.168.2.4199.232.90.59
                                          Mar 26, 2025 16:57:40.049274921 CET49726443192.168.2.4199.232.90.59
                                          Mar 26, 2025 16:57:40.049313068 CET44349726199.232.90.59192.168.2.4
                                          Mar 26, 2025 16:57:40.236939907 CET49729443192.168.2.423.209.72.31
                                          Mar 26, 2025 16:57:40.237020016 CET4434972923.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.237078905 CET49729443192.168.2.423.209.72.31
                                          Mar 26, 2025 16:57:40.237143040 CET49730443192.168.2.423.209.72.31
                                          Mar 26, 2025 16:57:40.237178087 CET4434973023.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.237365961 CET49730443192.168.2.423.209.72.31
                                          Mar 26, 2025 16:57:40.237567902 CET49731443192.168.2.423.209.72.31
                                          Mar 26, 2025 16:57:40.237652063 CET4434973123.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.237719059 CET49731443192.168.2.423.209.72.31
                                          Mar 26, 2025 16:57:40.237931013 CET49732443192.168.2.423.209.72.31
                                          Mar 26, 2025 16:57:40.237953901 CET4434973223.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.238023996 CET49732443192.168.2.423.209.72.31
                                          Mar 26, 2025 16:57:40.238140106 CET49733443192.168.2.423.209.72.31
                                          Mar 26, 2025 16:57:40.238147974 CET4434973323.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.238204002 CET49733443192.168.2.423.209.72.31
                                          Mar 26, 2025 16:57:40.238362074 CET49730443192.168.2.423.209.72.31
                                          Mar 26, 2025 16:57:40.238370895 CET4434973023.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.238493919 CET49729443192.168.2.423.209.72.31
                                          Mar 26, 2025 16:57:40.238538027 CET4434972923.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.238559961 CET49731443192.168.2.423.209.72.31
                                          Mar 26, 2025 16:57:40.238598108 CET4434973123.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.238889933 CET49732443192.168.2.423.209.72.31
                                          Mar 26, 2025 16:57:40.238914013 CET4434973223.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.238996983 CET49733443192.168.2.423.209.72.31
                                          Mar 26, 2025 16:57:40.239002943 CET4434973323.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.427452087 CET4434973023.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.427525043 CET49730443192.168.2.423.209.72.31
                                          Mar 26, 2025 16:57:40.427814007 CET4434973323.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.427867889 CET49733443192.168.2.423.209.72.31
                                          Mar 26, 2025 16:57:40.428345919 CET4434973223.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.428407907 CET49732443192.168.2.423.209.72.31
                                          Mar 26, 2025 16:57:40.430634022 CET49730443192.168.2.423.209.72.31
                                          Mar 26, 2025 16:57:40.430644989 CET4434973023.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.430903912 CET4434973023.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.431466103 CET4434973123.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.431524992 CET49731443192.168.2.423.209.72.31
                                          Mar 26, 2025 16:57:40.431739092 CET4434972923.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.431793928 CET49729443192.168.2.423.209.72.31
                                          Mar 26, 2025 16:57:40.444998980 CET49733443192.168.2.423.209.72.31
                                          Mar 26, 2025 16:57:40.445014954 CET4434973323.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.445285082 CET4434973323.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.448651075 CET49732443192.168.2.423.209.72.31
                                          Mar 26, 2025 16:57:40.448668957 CET4434973223.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.448951006 CET4434973223.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.451205015 CET49729443192.168.2.423.209.72.31
                                          Mar 26, 2025 16:57:40.451226950 CET4434972923.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.451550961 CET49730443192.168.2.423.209.72.31
                                          Mar 26, 2025 16:57:40.452186108 CET4434972923.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.452215910 CET49731443192.168.2.423.209.72.31
                                          Mar 26, 2025 16:57:40.452229023 CET4434973123.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.452374935 CET49733443192.168.2.423.209.72.31
                                          Mar 26, 2025 16:57:40.452644110 CET49732443192.168.2.423.209.72.31
                                          Mar 26, 2025 16:57:40.452966928 CET49729443192.168.2.423.209.72.31
                                          Mar 26, 2025 16:57:40.453116894 CET4434973123.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.453454971 CET49731443192.168.2.423.209.72.31
                                          Mar 26, 2025 16:57:40.496264935 CET4434973123.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.496264935 CET4434973023.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.496267080 CET4434972923.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.496275902 CET4434973223.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.496279955 CET4434973323.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.608875036 CET4434973323.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.609746933 CET4434973323.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.609810114 CET49733443192.168.2.423.209.72.31
                                          Mar 26, 2025 16:57:40.610553026 CET49733443192.168.2.423.209.72.31
                                          Mar 26, 2025 16:57:40.610568047 CET4434973323.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.611030102 CET4434973023.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.611052990 CET4434973023.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.611099958 CET49730443192.168.2.423.209.72.31
                                          Mar 26, 2025 16:57:40.611109972 CET4434973023.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.611150026 CET49730443192.168.2.423.209.72.31
                                          Mar 26, 2025 16:57:40.611763954 CET4434973023.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.611839056 CET4434973023.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.611879110 CET49730443192.168.2.423.209.72.31
                                          Mar 26, 2025 16:57:40.611978054 CET4434973123.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.612025023 CET4434973123.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.612087965 CET49731443192.168.2.423.209.72.31
                                          Mar 26, 2025 16:57:40.612150908 CET4434973123.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.612710953 CET49730443192.168.2.423.209.72.31
                                          Mar 26, 2025 16:57:40.612715006 CET4434973023.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.612724066 CET49730443192.168.2.423.209.72.31
                                          Mar 26, 2025 16:57:40.612740993 CET4434973123.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.612757921 CET49730443192.168.2.423.209.72.31
                                          Mar 26, 2025 16:57:40.612799883 CET49731443192.168.2.423.209.72.31
                                          Mar 26, 2025 16:57:40.615390062 CET49731443192.168.2.423.209.72.31
                                          Mar 26, 2025 16:57:40.615420103 CET4434973123.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.621681929 CET4434973223.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.621701956 CET4434973223.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.621758938 CET49732443192.168.2.423.209.72.31
                                          Mar 26, 2025 16:57:40.621778011 CET4434973223.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.622703075 CET4434973223.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.622766972 CET49732443192.168.2.423.209.72.31
                                          Mar 26, 2025 16:57:40.623498917 CET4434972923.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.623676062 CET49732443192.168.2.423.209.72.31
                                          Mar 26, 2025 16:57:40.623687983 CET4434973223.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.624162912 CET4434972923.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.624228001 CET49729443192.168.2.423.209.72.31
                                          Mar 26, 2025 16:57:40.626416922 CET49729443192.168.2.423.209.72.31
                                          Mar 26, 2025 16:57:40.626454115 CET4434972923.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.638305902 CET49734443192.168.2.423.209.72.31
                                          Mar 26, 2025 16:57:40.638354063 CET4434973423.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.638432980 CET49734443192.168.2.423.209.72.31
                                          Mar 26, 2025 16:57:40.638569117 CET49734443192.168.2.423.209.72.31
                                          Mar 26, 2025 16:57:40.638597965 CET4434973423.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.747253895 CET49735443192.168.2.423.209.72.9
                                          Mar 26, 2025 16:57:40.747288942 CET4434973523.209.72.9192.168.2.4
                                          Mar 26, 2025 16:57:40.747344971 CET49735443192.168.2.423.209.72.9
                                          Mar 26, 2025 16:57:40.747481108 CET49736443192.168.2.423.209.72.9
                                          Mar 26, 2025 16:57:40.747553110 CET4434973623.209.72.9192.168.2.4
                                          Mar 26, 2025 16:57:40.747570992 CET49737443192.168.2.423.209.72.9
                                          Mar 26, 2025 16:57:40.747621059 CET4434973723.209.72.9192.168.2.4
                                          Mar 26, 2025 16:57:40.747627974 CET49736443192.168.2.423.209.72.9
                                          Mar 26, 2025 16:57:40.747669935 CET49737443192.168.2.423.209.72.9
                                          Mar 26, 2025 16:57:40.747670889 CET49738443192.168.2.423.209.72.9
                                          Mar 26, 2025 16:57:40.747699976 CET4434973823.209.72.9192.168.2.4
                                          Mar 26, 2025 16:57:40.747761011 CET49738443192.168.2.423.209.72.9
                                          Mar 26, 2025 16:57:40.747971058 CET49735443192.168.2.423.209.72.9
                                          Mar 26, 2025 16:57:40.747987986 CET4434973523.209.72.9192.168.2.4
                                          Mar 26, 2025 16:57:40.748089075 CET49736443192.168.2.423.209.72.9
                                          Mar 26, 2025 16:57:40.748114109 CET4434973623.209.72.9192.168.2.4
                                          Mar 26, 2025 16:57:40.748218060 CET49737443192.168.2.423.209.72.9
                                          Mar 26, 2025 16:57:40.748235941 CET4434973723.209.72.9192.168.2.4
                                          Mar 26, 2025 16:57:40.748287916 CET49738443192.168.2.423.209.72.9
                                          Mar 26, 2025 16:57:40.748296976 CET4434973823.209.72.9192.168.2.4
                                          Mar 26, 2025 16:57:40.828944921 CET4434973423.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.829833031 CET49734443192.168.2.423.209.72.31
                                          Mar 26, 2025 16:57:40.829879045 CET4434973423.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.830425978 CET49734443192.168.2.423.209.72.31
                                          Mar 26, 2025 16:57:40.830440998 CET4434973423.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:40.933713913 CET4434973823.209.72.9192.168.2.4
                                          Mar 26, 2025 16:57:40.933779955 CET49738443192.168.2.423.209.72.9
                                          Mar 26, 2025 16:57:40.934400082 CET4434973523.209.72.9192.168.2.4
                                          Mar 26, 2025 16:57:40.934469938 CET49735443192.168.2.423.209.72.9
                                          Mar 26, 2025 16:57:40.934711933 CET4434973723.209.72.9192.168.2.4
                                          Mar 26, 2025 16:57:40.934896946 CET49737443192.168.2.423.209.72.9
                                          Mar 26, 2025 16:57:40.936361074 CET4434973623.209.72.9192.168.2.4
                                          Mar 26, 2025 16:57:40.936448097 CET49736443192.168.2.423.209.72.9
                                          Mar 26, 2025 16:57:40.942358971 CET49736443192.168.2.423.209.72.9
                                          Mar 26, 2025 16:57:40.942378044 CET4434973623.209.72.9192.168.2.4
                                          Mar 26, 2025 16:57:40.942794085 CET4434973623.209.72.9192.168.2.4
                                          Mar 26, 2025 16:57:40.942835093 CET49737443192.168.2.423.209.72.9
                                          Mar 26, 2025 16:57:40.942863941 CET4434973723.209.72.9192.168.2.4
                                          Mar 26, 2025 16:57:40.943264961 CET49735443192.168.2.423.209.72.9
                                          Mar 26, 2025 16:57:40.943306923 CET4434973523.209.72.9192.168.2.4
                                          Mar 26, 2025 16:57:40.943320990 CET4434973723.209.72.9192.168.2.4
                                          Mar 26, 2025 16:57:40.943737030 CET4434973523.209.72.9192.168.2.4
                                          Mar 26, 2025 16:57:40.943772078 CET49738443192.168.2.423.209.72.9
                                          Mar 26, 2025 16:57:40.943780899 CET4434973823.209.72.9192.168.2.4
                                          Mar 26, 2025 16:57:40.944061041 CET4434973823.209.72.9192.168.2.4
                                          Mar 26, 2025 16:57:40.944135904 CET49736443192.168.2.423.209.72.9
                                          Mar 26, 2025 16:57:40.944339991 CET49737443192.168.2.423.209.72.9
                                          Mar 26, 2025 16:57:40.944349051 CET49735443192.168.2.423.209.72.9
                                          Mar 26, 2025 16:57:40.944430113 CET49738443192.168.2.423.209.72.9
                                          Mar 26, 2025 16:57:40.988271952 CET4434973823.209.72.9192.168.2.4
                                          Mar 26, 2025 16:57:40.988300085 CET4434973623.209.72.9192.168.2.4
                                          Mar 26, 2025 16:57:40.988321066 CET4434973723.209.72.9192.168.2.4
                                          Mar 26, 2025 16:57:40.992270947 CET4434973523.209.72.9192.168.2.4
                                          Mar 26, 2025 16:57:41.105165958 CET4434973423.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:41.105199099 CET4434973423.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:41.105217934 CET4434973423.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:41.105372906 CET49734443192.168.2.423.209.72.31
                                          Mar 26, 2025 16:57:41.105372906 CET49734443192.168.2.423.209.72.31
                                          Mar 26, 2025 16:57:41.105422020 CET4434973423.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:41.105496883 CET49734443192.168.2.423.209.72.31
                                          Mar 26, 2025 16:57:41.126399040 CET4434973823.209.72.9192.168.2.4
                                          Mar 26, 2025 16:57:41.127235889 CET4434973823.209.72.9192.168.2.4
                                          Mar 26, 2025 16:57:41.127434015 CET49738443192.168.2.423.209.72.9
                                          Mar 26, 2025 16:57:41.128232002 CET4434973523.209.72.9192.168.2.4
                                          Mar 26, 2025 16:57:41.128319979 CET4434973523.209.72.9192.168.2.4
                                          Mar 26, 2025 16:57:41.128382921 CET49735443192.168.2.423.209.72.9
                                          Mar 26, 2025 16:57:41.128427982 CET4434973523.209.72.9192.168.2.4
                                          Mar 26, 2025 16:57:41.128623009 CET4434973723.209.72.9192.168.2.4
                                          Mar 26, 2025 16:57:41.128676891 CET4434973723.209.72.9192.168.2.4
                                          Mar 26, 2025 16:57:41.128757000 CET49737443192.168.2.423.209.72.9
                                          Mar 26, 2025 16:57:41.128803015 CET4434973723.209.72.9192.168.2.4
                                          Mar 26, 2025 16:57:41.129272938 CET4434973523.209.72.9192.168.2.4
                                          Mar 26, 2025 16:57:41.129323959 CET4434973723.209.72.9192.168.2.4
                                          Mar 26, 2025 16:57:41.129333973 CET49735443192.168.2.423.209.72.9
                                          Mar 26, 2025 16:57:41.129383087 CET49737443192.168.2.423.209.72.9
                                          Mar 26, 2025 16:57:41.129568100 CET4434973623.209.72.9192.168.2.4
                                          Mar 26, 2025 16:57:41.129592896 CET4434973623.209.72.9192.168.2.4
                                          Mar 26, 2025 16:57:41.129643917 CET49736443192.168.2.423.209.72.9
                                          Mar 26, 2025 16:57:41.129664898 CET4434973623.209.72.9192.168.2.4
                                          Mar 26, 2025 16:57:41.129707098 CET49736443192.168.2.423.209.72.9
                                          Mar 26, 2025 16:57:41.129975080 CET4434973623.209.72.9192.168.2.4
                                          Mar 26, 2025 16:57:41.130017042 CET4434973623.209.72.9192.168.2.4
                                          Mar 26, 2025 16:57:41.130052090 CET49736443192.168.2.423.209.72.9
                                          Mar 26, 2025 16:57:41.319897890 CET49737443192.168.2.423.209.72.9
                                          Mar 26, 2025 16:57:41.319932938 CET4434973723.209.72.9192.168.2.4
                                          Mar 26, 2025 16:57:41.320312977 CET49735443192.168.2.423.209.72.9
                                          Mar 26, 2025 16:57:41.320380926 CET4434973523.209.72.9192.168.2.4
                                          Mar 26, 2025 16:57:41.324064016 CET49738443192.168.2.423.209.72.9
                                          Mar 26, 2025 16:57:41.324090004 CET4434973823.209.72.9192.168.2.4
                                          Mar 26, 2025 16:57:41.325920105 CET49736443192.168.2.423.209.72.9
                                          Mar 26, 2025 16:57:41.325957060 CET4434973623.209.72.9192.168.2.4
                                          Mar 26, 2025 16:57:41.326522112 CET49734443192.168.2.423.209.72.31
                                          Mar 26, 2025 16:57:41.326582909 CET4434973423.209.72.31192.168.2.4
                                          Mar 26, 2025 16:57:41.383867979 CET49742443192.168.2.423.209.72.9
                                          Mar 26, 2025 16:57:41.383955002 CET4434974223.209.72.9192.168.2.4
                                          Mar 26, 2025 16:57:41.384038925 CET49742443192.168.2.423.209.72.9
                                          Mar 26, 2025 16:57:41.384191036 CET49742443192.168.2.423.209.72.9
                                          Mar 26, 2025 16:57:41.384223938 CET4434974223.209.72.9192.168.2.4
                                          Mar 26, 2025 16:57:41.571269035 CET4434974223.209.72.9192.168.2.4
                                          Mar 26, 2025 16:57:41.571713924 CET49742443192.168.2.423.209.72.9
                                          Mar 26, 2025 16:57:41.571806908 CET4434974223.209.72.9192.168.2.4
                                          Mar 26, 2025 16:57:41.571842909 CET49742443192.168.2.423.209.72.9
                                          Mar 26, 2025 16:57:41.571857929 CET4434974223.209.72.9192.168.2.4
                                          Mar 26, 2025 16:57:41.848660946 CET4434974223.209.72.9192.168.2.4
                                          Mar 26, 2025 16:57:41.848722935 CET4434974223.209.72.9192.168.2.4
                                          Mar 26, 2025 16:57:41.848763943 CET4434974223.209.72.9192.168.2.4
                                          Mar 26, 2025 16:57:41.848929882 CET49742443192.168.2.423.209.72.9
                                          Mar 26, 2025 16:57:41.848929882 CET49742443192.168.2.423.209.72.9
                                          Mar 26, 2025 16:57:41.848997116 CET4434974223.209.72.9192.168.2.4
                                          Mar 26, 2025 16:57:41.849041939 CET4434974223.209.72.9192.168.2.4
                                          Mar 26, 2025 16:57:41.849076033 CET49742443192.168.2.423.209.72.9
                                          Mar 26, 2025 16:57:41.849103928 CET49742443192.168.2.423.209.72.9
                                          Mar 26, 2025 16:57:41.850240946 CET49742443192.168.2.423.209.72.9
                                          Mar 26, 2025 16:57:41.850272894 CET4434974223.209.72.9192.168.2.4
                                          Mar 26, 2025 16:57:42.524066925 CET49678443192.168.2.420.189.173.27
                                          Mar 26, 2025 16:57:42.835980892 CET49678443192.168.2.420.189.173.27
                                          Mar 26, 2025 16:57:43.195327044 CET49671443192.168.2.4204.79.197.203
                                          Mar 26, 2025 16:57:43.445982933 CET49678443192.168.2.420.189.173.27
                                          Mar 26, 2025 16:57:44.114599943 CET4968180192.168.2.42.17.190.73
                                          Mar 26, 2025 16:57:44.394124031 CET49710443192.168.2.4204.79.197.222
                                          Mar 26, 2025 16:57:44.397155046 CET49710443192.168.2.4204.79.197.222
                                          Mar 26, 2025 16:57:44.397214890 CET49710443192.168.2.4204.79.197.222
                                          Mar 26, 2025 16:57:44.413703918 CET4968180192.168.2.42.17.190.73
                                          Mar 26, 2025 16:57:44.483503103 CET44349710204.79.197.222192.168.2.4
                                          Mar 26, 2025 16:57:44.485002995 CET44349710204.79.197.222192.168.2.4
                                          Mar 26, 2025 16:57:44.485043049 CET44349710204.79.197.222192.168.2.4
                                          Mar 26, 2025 16:57:44.485152006 CET49710443192.168.2.4204.79.197.222
                                          Mar 26, 2025 16:57:44.485152006 CET49710443192.168.2.4204.79.197.222
                                          Mar 26, 2025 16:57:44.487066031 CET44349710204.79.197.222192.168.2.4
                                          Mar 26, 2025 16:57:44.487293959 CET44349710204.79.197.222192.168.2.4
                                          Mar 26, 2025 16:57:44.487340927 CET49710443192.168.2.4204.79.197.222
                                          Mar 26, 2025 16:57:44.489300966 CET44349710204.79.197.222192.168.2.4
                                          Mar 26, 2025 16:57:44.489332914 CET44349710204.79.197.222192.168.2.4
                                          Mar 26, 2025 16:57:44.489350080 CET49710443192.168.2.4204.79.197.222
                                          Mar 26, 2025 16:57:44.489377975 CET49710443192.168.2.4204.79.197.222
                                          Mar 26, 2025 16:57:44.493290901 CET49710443192.168.2.4204.79.197.222
                                          Mar 26, 2025 16:57:44.583189011 CET44349710204.79.197.222192.168.2.4
                                          Mar 26, 2025 16:57:44.648101091 CET49678443192.168.2.420.189.173.27
                                          Mar 26, 2025 16:57:44.794888020 CET4974880192.168.2.4142.250.81.227
                                          Mar 26, 2025 16:57:44.883934975 CET8049748142.250.81.227192.168.2.4
                                          Mar 26, 2025 16:57:44.884021997 CET4974880192.168.2.4142.250.81.227
                                          Mar 26, 2025 16:57:44.884150982 CET4974880192.168.2.4142.250.81.227
                                          Mar 26, 2025 16:57:44.973458052 CET8049748142.250.81.227192.168.2.4
                                          Mar 26, 2025 16:57:44.973712921 CET8049748142.250.81.227192.168.2.4
                                          Mar 26, 2025 16:57:44.982810020 CET4974880192.168.2.4142.250.81.227
                                          Mar 26, 2025 16:57:45.023194075 CET4968180192.168.2.42.17.190.73
                                          Mar 26, 2025 16:57:45.072557926 CET8049748142.250.81.227192.168.2.4
                                          Mar 26, 2025 16:57:45.116841078 CET4974880192.168.2.4142.250.81.227
                                          Mar 26, 2025 16:57:46.226248980 CET4968180192.168.2.42.17.190.73
                                          Mar 26, 2025 16:57:47.054461956 CET49678443192.168.2.420.189.173.27
                                          Mar 26, 2025 16:57:47.727379084 CET44349722142.251.32.100192.168.2.4
                                          Mar 26, 2025 16:57:47.727441072 CET44349722142.251.32.100192.168.2.4
                                          Mar 26, 2025 16:57:47.727684021 CET49722443192.168.2.4142.251.32.100
                                          Mar 26, 2025 16:57:47.852881908 CET49722443192.168.2.4142.251.32.100
                                          Mar 26, 2025 16:57:47.852950096 CET44349722142.251.32.100192.168.2.4
                                          Mar 26, 2025 16:57:48.631913900 CET4968180192.168.2.42.17.190.73
                                          Mar 26, 2025 16:57:51.868355989 CET49678443192.168.2.420.189.173.27
                                          Mar 26, 2025 16:57:52.804789066 CET49671443192.168.2.4204.79.197.203
                                          Mar 26, 2025 16:57:53.445696115 CET4968180192.168.2.42.17.190.73
                                          Mar 26, 2025 16:57:54.233634949 CET44349725172.64.80.1192.168.2.4
                                          Mar 26, 2025 16:57:54.233798981 CET44349725172.64.80.1192.168.2.4
                                          Mar 26, 2025 16:57:54.233947039 CET49725443192.168.2.4172.64.80.1
                                          Mar 26, 2025 16:57:55.854685068 CET49725443192.168.2.4172.64.80.1
                                          Mar 26, 2025 16:57:55.854708910 CET44349725172.64.80.1192.168.2.4
                                          Mar 26, 2025 16:58:01.470748901 CET49678443192.168.2.420.189.173.27
                                          Mar 26, 2025 16:58:03.059775114 CET4968180192.168.2.42.17.190.73
                                          Mar 26, 2025 16:58:37.509689093 CET49755443192.168.2.4142.251.32.100
                                          Mar 26, 2025 16:58:37.509720087 CET44349755142.251.32.100192.168.2.4
                                          Mar 26, 2025 16:58:37.509833097 CET49755443192.168.2.4142.251.32.100
                                          Mar 26, 2025 16:58:37.510054111 CET49755443192.168.2.4142.251.32.100
                                          Mar 26, 2025 16:58:37.510062933 CET44349755142.251.32.100192.168.2.4
                                          Mar 26, 2025 16:58:37.705723047 CET44349755142.251.32.100192.168.2.4
                                          Mar 26, 2025 16:58:37.706100941 CET49755443192.168.2.4142.251.32.100
                                          Mar 26, 2025 16:58:37.706123114 CET44349755142.251.32.100192.168.2.4
                                          Mar 26, 2025 16:58:45.351980925 CET4974880192.168.2.4142.250.81.227
                                          Mar 26, 2025 16:58:45.441095114 CET8049748142.250.81.227192.168.2.4
                                          Mar 26, 2025 16:58:45.441284895 CET4974880192.168.2.4142.250.81.227
                                          Mar 26, 2025 16:58:47.732032061 CET44349755142.251.32.100192.168.2.4
                                          Mar 26, 2025 16:58:47.732151031 CET44349755142.251.32.100192.168.2.4
                                          Mar 26, 2025 16:58:47.732306957 CET49755443192.168.2.4142.251.32.100
                                          Mar 26, 2025 16:58:47.853708982 CET49755443192.168.2.4142.251.32.100
                                          Mar 26, 2025 16:58:47.853739023 CET44349755142.251.32.100192.168.2.4
                                          TimestampSource PortDest PortSource IPDest IP
                                          Mar 26, 2025 16:57:34.063071012 CET53578941.1.1.1192.168.2.4
                                          Mar 26, 2025 16:57:34.073059082 CET53614541.1.1.1192.168.2.4
                                          Mar 26, 2025 16:57:34.781784058 CET53583591.1.1.1192.168.2.4
                                          Mar 26, 2025 16:57:37.446216106 CET6101053192.168.2.41.1.1.1
                                          Mar 26, 2025 16:57:37.446365118 CET6066753192.168.2.41.1.1.1
                                          Mar 26, 2025 16:57:37.536277056 CET53610101.1.1.1192.168.2.4
                                          Mar 26, 2025 16:57:37.536300898 CET53606671.1.1.1192.168.2.4
                                          Mar 26, 2025 16:57:38.908571959 CET4956553192.168.2.41.1.1.1
                                          Mar 26, 2025 16:57:38.909554005 CET5850353192.168.2.41.1.1.1
                                          Mar 26, 2025 16:57:39.014957905 CET53495651.1.1.1192.168.2.4
                                          Mar 26, 2025 16:57:39.020668030 CET53585031.1.1.1192.168.2.4
                                          Mar 26, 2025 16:57:39.446331978 CET4935753192.168.2.41.1.1.1
                                          Mar 26, 2025 16:57:39.446765900 CET5572353192.168.2.41.1.1.1
                                          Mar 26, 2025 16:57:39.571074009 CET53493571.1.1.1192.168.2.4
                                          Mar 26, 2025 16:57:39.585004091 CET53557231.1.1.1192.168.2.4
                                          Mar 26, 2025 16:57:40.100750923 CET5941253192.168.2.41.1.1.1
                                          Mar 26, 2025 16:57:40.101193905 CET6085353192.168.2.41.1.1.1
                                          Mar 26, 2025 16:57:40.225214958 CET53608531.1.1.1192.168.2.4
                                          Mar 26, 2025 16:57:40.234709024 CET53514191.1.1.1192.168.2.4
                                          Mar 26, 2025 16:57:40.236371994 CET53594121.1.1.1192.168.2.4
                                          Mar 26, 2025 16:57:40.658237934 CET6489153192.168.2.41.1.1.1
                                          Mar 26, 2025 16:57:40.658488989 CET6071553192.168.2.41.1.1.1
                                          Mar 26, 2025 16:57:40.746396065 CET53648911.1.1.1192.168.2.4
                                          Mar 26, 2025 16:57:40.746675014 CET53607151.1.1.1192.168.2.4
                                          Mar 26, 2025 16:57:51.739805937 CET53591211.1.1.1192.168.2.4
                                          Mar 26, 2025 16:58:10.581676960 CET53639231.1.1.1192.168.2.4
                                          Mar 26, 2025 16:58:10.972594023 CET5350537162.159.36.2192.168.2.4
                                          Mar 26, 2025 16:58:33.082238913 CET53581721.1.1.1192.168.2.4
                                          Mar 26, 2025 16:58:33.136800051 CET53545191.1.1.1192.168.2.4
                                          Mar 26, 2025 16:58:42.124820948 CET138138192.168.2.4192.168.2.255

                                          DNS Queries

                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                          Mar 26, 2025 16:57:37.446216106 CET192.168.2.41.1.1.10xa693Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                          Mar 26, 2025 16:57:37.446365118 CET192.168.2.41.1.1.10x3ac6Standard query (0)www.google.com65IN (0x0001)false
                                          Mar 26, 2025 16:57:38.908571959 CET192.168.2.41.1.1.10x6fabStandard query (0)12h.eowsubluf.cfdA (IP address)IN (0x0001)false
                                          Mar 26, 2025 16:57:38.909554005 CET192.168.2.41.1.1.10xa874Standard query (0)12h.eowsubluf.cfd65IN (0x0001)false
                                          Mar 26, 2025 16:57:39.446331978 CET192.168.2.41.1.1.10xe593Standard query (0)sweet-friendly-owl.glitch.meA (IP address)IN (0x0001)false
                                          Mar 26, 2025 16:57:39.446765900 CET192.168.2.41.1.1.10xaf2Standard query (0)sweet-friendly-owl.glitch.me65IN (0x0001)false
                                          Mar 26, 2025 16:57:40.100750923 CET192.168.2.41.1.1.10xf995Standard query (0)aadcdn.msftauth.netA (IP address)IN (0x0001)false
                                          Mar 26, 2025 16:57:40.101193905 CET192.168.2.41.1.1.10xd704Standard query (0)aadcdn.msftauth.net65IN (0x0001)false
                                          Mar 26, 2025 16:57:40.658237934 CET192.168.2.41.1.1.10xd76Standard query (0)aadcdn.msftauth.netA (IP address)IN (0x0001)false
                                          Mar 26, 2025 16:57:40.658488989 CET192.168.2.41.1.1.10xf42aStandard query (0)aadcdn.msftauth.net65IN (0x0001)false

                                          DNS Answers

                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                          Mar 26, 2025 16:57:37.536277056 CET1.1.1.1192.168.2.40xa693No error (0)www.google.com142.251.32.100A (IP address)IN (0x0001)false
                                          Mar 26, 2025 16:57:37.536300898 CET1.1.1.1192.168.2.40x3ac6No error (0)www.google.com65IN (0x0001)false
                                          Mar 26, 2025 16:57:39.014957905 CET1.1.1.1192.168.2.40x6fabNo error (0)12h.eowsubluf.cfd172.64.80.1A (IP address)IN (0x0001)false
                                          Mar 26, 2025 16:57:39.020668030 CET1.1.1.1192.168.2.40xa874No error (0)12h.eowsubluf.cfd65IN (0x0001)false
                                          Mar 26, 2025 16:57:39.571074009 CET1.1.1.1192.168.2.40xe593No error (0)sweet-friendly-owl.glitch.meglitch-custom-domains.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                          Mar 26, 2025 16:57:39.571074009 CET1.1.1.1192.168.2.40xe593No error (0)glitch-custom-domains.map.fastly.net199.232.90.59A (IP address)IN (0x0001)false
                                          Mar 26, 2025 16:57:39.585004091 CET1.1.1.1192.168.2.40xaf2No error (0)sweet-friendly-owl.glitch.meglitch-custom-domains.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                          Mar 26, 2025 16:57:40.225214958 CET1.1.1.1192.168.2.40xd704No error (0)aadcdn.msftauth.netwww.tm.aadcdn.msftauth.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                          Mar 26, 2025 16:57:40.225214958 CET1.1.1.1192.168.2.40xd704No error (0)www.tm.aadcdn.msftauth.trafficmanager.netaadcdn.msftauth.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                          Mar 26, 2025 16:57:40.225214958 CET1.1.1.1192.168.2.40xd704No error (0)aadcdn.msftauth.edgekey.nete329293.dscd.akamaiedge.netCNAME (Canonical name)IN (0x0001)false
                                          Mar 26, 2025 16:57:40.236371994 CET1.1.1.1192.168.2.40xf995No error (0)aadcdn.msftauth.netwww.tm.aadcdn.msftauth.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                          Mar 26, 2025 16:57:40.236371994 CET1.1.1.1192.168.2.40xf995No error (0)www.tm.aadcdn.msftauth.trafficmanager.netaadcdn.msftauth.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                          Mar 26, 2025 16:57:40.236371994 CET1.1.1.1192.168.2.40xf995No error (0)aadcdn.msftauth.edgekey.nete329293.dscd.akamaiedge.netCNAME (Canonical name)IN (0x0001)false
                                          Mar 26, 2025 16:57:40.236371994 CET1.1.1.1192.168.2.40xf995No error (0)e329293.dscd.akamaiedge.net23.209.72.31A (IP address)IN (0x0001)false
                                          Mar 26, 2025 16:57:40.236371994 CET1.1.1.1192.168.2.40xf995No error (0)e329293.dscd.akamaiedge.net23.209.72.9A (IP address)IN (0x0001)false
                                          Mar 26, 2025 16:57:40.746396065 CET1.1.1.1192.168.2.40xd76No error (0)aadcdn.msftauth.netwww.tm.aadcdn.msftauth.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                          Mar 26, 2025 16:57:40.746396065 CET1.1.1.1192.168.2.40xd76No error (0)www.tm.aadcdn.msftauth.trafficmanager.netaadcdn.msftauth.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                          Mar 26, 2025 16:57:40.746396065 CET1.1.1.1192.168.2.40xd76No error (0)aadcdn.msftauth.edgekey.nete329293.dscd.akamaiedge.netCNAME (Canonical name)IN (0x0001)false
                                          Mar 26, 2025 16:57:40.746396065 CET1.1.1.1192.168.2.40xd76No error (0)e329293.dscd.akamaiedge.net23.209.72.9A (IP address)IN (0x0001)false
                                          Mar 26, 2025 16:57:40.746396065 CET1.1.1.1192.168.2.40xd76No error (0)e329293.dscd.akamaiedge.net23.209.72.31A (IP address)IN (0x0001)false
                                          Mar 26, 2025 16:57:40.746675014 CET1.1.1.1192.168.2.40xf42aNo error (0)aadcdn.msftauth.netwww.tm.aadcdn.msftauth.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                          Mar 26, 2025 16:57:40.746675014 CET1.1.1.1192.168.2.40xf42aNo error (0)www.tm.aadcdn.msftauth.trafficmanager.netaadcdn.msftauth.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                          Mar 26, 2025 16:57:40.746675014 CET1.1.1.1192.168.2.40xf42aNo error (0)aadcdn.msftauth.edgekey.nete329293.dscd.akamaiedge.netCNAME (Canonical name)IN (0x0001)false

                                          HTTP Request Dependency Graph

                                          • 12h.eowsubluf.cfd
                                          • sweet-friendly-owl.glitch.me
                                            • aadcdn.msftauth.net
                                          • c.pki.goog

                                          HTTP Packets

                                          Session IDSource IPSource PortDestination IPDestination Port
                                          0192.168.2.449748142.250.81.22780
                                          TimestampBytes transferredDirectionData
                                          Mar 26, 2025 16:57:44.884150982 CET202OUTGET /r/gsr1.crl HTTP/1.1
                                          Cache-Control: max-age = 3000
                                          Connection: Keep-Alive
                                          Accept: */*
                                          If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMT
                                          User-Agent: Microsoft-CryptoAPI/10.0
                                          Host: c.pki.goog
                                          Mar 26, 2025 16:57:44.973712921 CET223INHTTP/1.1 304 Not Modified
                                          Date: Wed, 26 Mar 2025 15:39:48 GMT
                                          Expires: Wed, 26 Mar 2025 16:29:48 GMT
                                          Age: 1076
                                          Last-Modified: Tue, 07 Jan 2025 07:28:00 GMT
                                          Cache-Control: public, max-age=3000
                                          Vary: Accept-Encoding
                                          Mar 26, 2025 16:57:44.982810020 CET200OUTGET /r/r4.crl HTTP/1.1
                                          Cache-Control: max-age = 3000
                                          Connection: Keep-Alive
                                          Accept: */*
                                          If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT
                                          User-Agent: Microsoft-CryptoAPI/10.0
                                          Host: c.pki.goog
                                          Mar 26, 2025 16:57:45.072557926 CET223INHTTP/1.1 304 Not Modified
                                          Date: Wed, 26 Mar 2025 15:30:24 GMT
                                          Expires: Wed, 26 Mar 2025 16:20:24 GMT
                                          Age: 1641
                                          Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
                                          Cache-Control: public, max-age=3000
                                          Vary: Accept-Encoding


                                          HTTPS Proxied Packets

                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          0192.168.2.449724172.64.80.14432620C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2025-03-26 15:57:39 UTC670OUTGET /iP8 HTTP/1.1
                                          Host: 12h.eowsubluf.cfd
                                          Connection: keep-alive
                                          sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                          sec-ch-ua-mobile: ?0
                                          sec-ch-ua-platform: "Windows"
                                          Upgrade-Insecure-Requests: 1
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: navigate
                                          Sec-Fetch-User: ?1
                                          Sec-Fetch-Dest: document
                                          Accept-Encoding: gzip, deflate, br, zstd
                                          Accept-Language: en-US,en;q=0.9
                                          2025-03-26 15:57:39 UTC795INHTTP/1.1 301 Moved Permanently
                                          Date: Wed, 26 Mar 2025 15:57:39 GMT
                                          Content-Length: 0
                                          Connection: close
                                          Location: https://sweet-friendly-owl.glitch.me/
                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KojK0zN8OBQApOTedM9%2Fywq%2F0tK5%2Fh%2F3AzbUBS0XsyKI33Y2O25b%2BLiO9fI%2Bci3iaWZ9AYzNhNn%2BU23w7vcRyOrhNuoX5zn9y1Ky1Ppwbc9%2FJzco1ZSS6dxADZL0Eavrp9WyEw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                          Server: cloudflare
                                          CF-RAY: 9267d8512f0f8d3f-EWR
                                          alt-svc: h3=":443"; ma=86400
                                          server-timing: cfL4;desc="?proto=TCP&rtt=90975&min_rtt=90859&rtt_var=19343&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2828&recv_bytes=1242&delivery_rate=33504&cwnd=252&unsent_bytes=0&cid=4fcadb0a06badd6b&ts=238&x=0"


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          1192.168.2.449726199.232.90.594432620C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2025-03-26 15:57:39 UTC678OUTGET / HTTP/1.1
                                          Host: sweet-friendly-owl.glitch.me
                                          Connection: keep-alive
                                          Upgrade-Insecure-Requests: 1
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: navigate
                                          Sec-Fetch-User: ?1
                                          Sec-Fetch-Dest: document
                                          sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                          sec-ch-ua-mobile: ?0
                                          sec-ch-ua-platform: "Windows"
                                          Accept-Encoding: gzip, deflate, br, zstd
                                          Accept-Language: en-US,en;q=0.9
                                          2025-03-26 15:57:40 UTC671INHTTP/1.1 200 OK
                                          Connection: close
                                          Content-Length: 17044
                                          server: AmazonS3
                                          x-amz-id-2: 1phf8Txma75Slc/fLJiDTXSIJz5KiwI0q21w7DSmMMsfTDCvHkAGJzNg9Qe1ElG+cxcf1dU0/yg=
                                          content-type: text/html; charset=utf-8
                                          accept-ranges: bytes
                                          last-modified: Wed, 26 Mar 2025 09:11:41 GMT
                                          x-amz-server-side-encryption: AES256
                                          x-amz-request-id: 0VY6PS8M27NFD3FT
                                          cache-control: no-cache
                                          etag: "d4bc52dad8ac26d03e1d82b48399a6c7"
                                          x-amz-version-id: .1E_oTxCeJUOSExjJWVHIJodLGxnLBIF
                                          Date: Wed, 26 Mar 2025 15:57:39 GMT
                                          Via: 1.1 varnish
                                          X-Served-By: cache-ewr-kewr1740022-EWR, cache-ewr-kewr1740022-EWR
                                          X-Cache: MISS, MISS
                                          X-Cache-Hits: 0, 0
                                          X-Timer: S1743004660.904631,VS0,VE56
                                          2025-03-26 15:57:40 UTC1378INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f
                                          Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta charset="UTF-8" /> <meta http-equiv="X-UA-Compatible" content="IE=edge" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <link rel="shortcut icon" type="image/x-ico
                                          2025-03-26 15:57:40 UTC1378INData Raw: 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 2e 62 72 61 6e 64 5f 69 6d 67 20 73 76 67 20 7b 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 32 30 30 70 78 3b 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 2e 62 72 61 6e 64 5f 69 6d 67 20 7b 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 20 20 20 20 20 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 2e 64 5f 6e 6f 6e 65 20 7b 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72
                                          Data Ascii: isplay: none; } .brand_img svg { width: 200px; height: auto; } .brand_img { display: flex; justify-content: center; align-items: center; } .d_none { display: none !impor
                                          2025-03-26 15:57:40 UTC1378INData Raw: 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 20 20 20 20 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 33 30 70 78 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 35 70 78 3b 0a 20 20 20 20 20 20 20 20 63 75 72 73 6f 72 3a 20 70 6f 69 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 32 33 70 78 3b 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 77 68 69 74 65 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 2e 6b 65 79 5f 70 61 72 74 32 20 69 6d 67 20 7b 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 33 32 70 78 3b 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 33 32 70 78 3b
                                          Data Ascii: display: flex; align-items: center; margin-bottom: 30px; margin-top: 25px; cursor: pointer; padding-left: 23px; background: white; } .key_part2 img { width: 32px; height: 32px;
                                          2025-03-26 15:57:40 UTC1378INData Raw: 20 20 20 2e 6c 69 6e 6b 5f 5f 20 7b 0a 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 36 37 62 38 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 2e 6c 69 6e 6b 5f 5f 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 0a 20 20 20 20 20 20 20 20 63 75 72 73 6f 72 3a 20 70 6f 69 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 36 36 36 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 62 75 74 74 6f 6e 23 6e 65 78 74 5f 62 74 6e 20 7b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 37 70 78 20 33 39 70 78 3b 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20
                                          Data Ascii: .link__ { color: #0067b8; font-size: 14px; } .link__:hover { text-decoration: underline; cursor: pointer; color: #666; } button#next_btn { padding: 7px 39px; background:
                                          2025-03-26 15:57:40 UTC1378INData Raw: 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 20 20 20 20 20 20 20 20 74 6f 70 3a 20 34 36 70 78 3b 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 33 35 30 70 78 3b 0a 20 20 20 20 20 20 20 20 72 69 67 68 74 3a 20 2d 33 36 30 70 78 3b 0a 20 20 20 20 20 20 20 20 74 72 61 6e 73 69 74 69 6f 6e 3a 20 61 6c 6c 20 30 2e 34 73 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 2e 6b 5f 70 61 72 74 30 30 20 7b 0a 20 20 20 20 20 20 20 20 74 72 61 6e 73 69 74 69 6f 6e 3a 20 61 6c 6c 20 30 2e 34 73 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 2e 6e 65 78 74 5f 61 63 74 69 6f 6e 20 2e 6b 5f 70 61 72 74 30 30 20 7b 0a 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 58 28 2d 34 32 30 70 78 29 3b 0a
                                          Data Ascii: position: absolute; top: 46px; width: 350px; right: -360px; transition: all 0.4s; } .k_part00 { transition: all 0.4s; } .next_action .k_part00 { transform: translateX(-420px);
                                          2025-03-26 15:57:40 UTC1378INData Raw: 70 3a 20 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6b 65 79 5f 70 61 72 74 32 20 7b 0a 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 32 35 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 37 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6b 65 79 5f 70 61 72 74 31 2e 6e 65 78 74 5f 61 63 74 69 6f 6e 20 7b 0a 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 65 78 74 5f 61 63 74 69 6f 6e 20 2e 6b 65 79 5f 70 61 72 74 30 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 58 28 2d 33 37 38 70 78 29 3b 0a 20 20 20 20 20
                                          Data Ascii: p: 0px; } .key_part2 { margin: 25px; margin-top: 70px; } .key_part1.next_action { margin-top: 0px; } .next_action .key_part01 { transform: translateX(-378px);
                                          2025-03-26 15:57:40 UTC1378INData Raw: 20 20 7d 0a 20 20 20 20 20 20 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 20 36 30 30 70 78 29 20 7b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 73 65 63 74 69 6f 6e 20 69 64 3d 22 73 69 6e 67 69 6e 5f 73 65 63 74 69 6f 6e 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 69 64 3d 22 73 5f 68 65 61 64 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 69 6d 67 20 61 6c 74 3d 22 22 20 69 64 3d 22 6f 75 74 6c 6b 5f 6c 6f 67 6f 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 69 64 3d 22 73 5f 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6b 5f 73 5f 77
                                          Data Ascii: } @media only screen and (max-width: 600px) { } </style> </head> <body> <section id="singin_section"> <div id="s_header"> <img alt="" id="outlk_logo" /> </div> <div id="s_body"> <div class="k_s_w
                                          2025-03-26 15:57:40 UTC1378INData Raw: 6e 63 6c 69 63 6b 3d 22 62 61 63 6b 5f 61 63 74 69 6f 6e 28 29 22 20 69 64 3d 22 62 61 63 6b 5f 69 63 6f 6e 5f 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 69 64 3d 22 75 5f 6b 65 79 22 3e 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 20 63 6c 61 73 73 3d 22 70 5f 68 65 61 64 69 6e 67 22 3e 45 6e 74 65 72 20 70 61 73 73 77 6f 72 64 3c 2f 68 31 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 5f 6d 73 67 20 65 72 72 6f 72 5f 6d 73 67 32 20 64 5f 6e 6f 6e 65 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 59 6f 75 72 20 61 63 63 6f 75 6e 74 20 6f 72 20 70 61 73 73 77 6f 72 64 20 69 73 20 69
                                          Data Ascii: nclick="back_action()" id="back_icon_" /> <p id="u_key"></p> </div> <h1 class="p_heading">Enter password</h1> <div class="error_msg error_msg2 d_none"> Your account or password is i
                                          2025-03-26 15:57:40 UTC1378INData Raw: 0a 20 20 20 20 20 20 63 6f 6e 73 74 20 6b 65 79 5f 73 65 63 74 69 6f 6e 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 6b 65 79 5f 73 65 63 74 69 6f 6e 27 29 3b 0a 20 20 20 20 20 20 63 6f 6e 73 74 20 73 69 6e 67 69 6e 5f 73 65 63 74 69 6f 6e 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 73 69 6e 67 69 6e 5f 73 65 63 74 69 6f 6e 27 29 3b 0a 20 20 20 20 20 20 63 6f 6e 73 74 20 6e 65 78 74 5f 62 74 6e 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 6e 65 78 74 5f 62 74 6e 27 29 3b 0a 20 20 20 20 20 20 63 6f 6e 73 74 20 75 73 65 72 5f 6b 65 79 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 75 73 65 72 5f 6b 65 79
                                          Data Ascii: const key_section = document.getElementById('key_section'); const singin_section = document.getElementById('singin_section'); const next_btn = document.getElementById('next_btn'); const user_key = document.getElementById('user_key
                                          2025-03-26 15:57:40 UTC1378INData Raw: 69 73 74 2e 61 64 64 28 27 6e 65 78 74 5f 61 63 74 69 6f 6e 27 29 3b 0a 20 20 20 20 20 20 20 20 20 20 6b 65 79 5f 70 61 72 74 32 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 27 64 5f 6e 6f 6e 65 27 29 3b 0a 20 20 20 20 20 20 20 20 20 20 65 72 72 6f 72 5f 6d 73 67 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 27 64 5f 62 6c 6f 63 6b 27 29 3b 0a 20 20 20 20 20 20 20 20 20 20 69 66 20 28 63 6c 69 63 6b 43 6f 75 6e 74 20 3e 20 30 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6b 65 79 5f 70 61 72 74 31 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 27 68 65 69 67 68 74 5f 67 61 69 6e 65 72 27 29 3b 0a 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 75 5f 6b 65 79 2e 69 6e 6e 65 72 48 54 4d 4c 20 3d 20 75 73 65 72 5f 6b 65 79 2e 76 61
                                          Data Ascii: ist.add('next_action'); key_part2.classList.add('d_none'); error_msg.classList.remove('d_block'); if (clickCount > 0) { key_part1.classList.add('height_gainer'); } u_key.innerHTML = user_key.va


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          2192.168.2.44973023.209.72.314432620C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2025-03-26 15:57:40 UTC709OUTGET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1
                                          Host: aadcdn.msftauth.net
                                          Connection: keep-alive
                                          sec-ch-ua-platform: "Windows"
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                          sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                          sec-ch-ua-mobile: ?0
                                          Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                          Sec-Fetch-Site: cross-site
                                          Sec-Fetch-Mode: no-cors
                                          Sec-Fetch-Dest: image
                                          Sec-Fetch-Storage-Access: active
                                          Referer: https://sweet-friendly-owl.glitch.me/
                                          Accept-Encoding: gzip, deflate, br, zstd
                                          Accept-Language: en-US,en;q=0.9
                                          2025-03-26 15:57:40 UTC613INHTTP/1.1 200 OK
                                          Content-Type: image/svg+xml
                                          Content-MD5: nzaLxFgP7ZB3dfMcaybWzw==
                                          Last-Modified: Wed, 15 Jan 2025 17:53:51 GMT
                                          ETag: "0x8DD358D925D93F3"
                                          x-ms-request-id: 8565df70-501e-00f7-7176-67abf5000000
                                          x-ms-version: 2018-03-28
                                          Access-Control-Expose-Headers: Accept-Ranges,Cache-Control,Content-Encoding,Content-Length,Content-MD5,Content-Type,Date,ETag,Last-Modified,Server,x-ms-request-id,x-ms-version
                                          Access-Control-Allow-Origin: *
                                          Cache-Control: public, max-age=25494966
                                          Date: Wed, 26 Mar 2025 15:57:40 GMT
                                          Content-Length: 3651
                                          Connection: close
                                          Akamai-GRN: 0.9f04d217.1743004660.12f08205
                                          2025-03-26 15:57:40 UTC3651INData Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 30 38 22 20 68 65 69 67 68 74 3d 22 32 34 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 30 38 20 32 34 22 3e 3c 74 69 74 6c 65 3e 61 73 73 65 74 73 3c 2f 74 69 74 6c 65 3e 3c 70 61 74 68 20 64 3d 22 4d 34 34 2e 38 33 36 2c 34 2e 36 56 31 38 2e 34 68 2d 32 2e 34 56 37 2e 35 38 33 48 34 32 2e 34 4c 33 38 2e 31 31 39 2c 31 38 2e 34 48 33 36 2e 35 33 31 4c 33 32 2e 31 34 32 2c 37 2e 35 38 33 68 2d 2e 30 32 39 56 31 38 2e 34 48 32 39 2e 39 56 34 2e 36 68 33 2e 34 33 36 4c 33 37 2e 33 2c 31 34 2e 38 33 68 2e 30 35 38 4c 34 31 2e 35 34 35 2c 34 2e 36 5a 6d 32 2c 31 2e 30 34 39 61 31 2e 32 36 38 2c 31 2e 32 36 38 2c 30
                                          Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          3192.168.2.44973323.209.72.314432620C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2025-03-26 15:57:40 UTC706OUTGET /shared/1.0/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png HTTP/1.1
                                          Host: aadcdn.msftauth.net
                                          Connection: keep-alive
                                          sec-ch-ua-platform: "Windows"
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                          sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                          sec-ch-ua-mobile: ?0
                                          Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                          Sec-Fetch-Site: cross-site
                                          Sec-Fetch-Mode: no-cors
                                          Sec-Fetch-Dest: image
                                          Sec-Fetch-Storage-Access: active
                                          Referer: https://sweet-friendly-owl.glitch.me/
                                          Accept-Encoding: gzip, deflate, br, zstd
                                          Accept-Language: en-US,en;q=0.9
                                          2025-03-26 15:57:40 UTC439INHTTP/1.1 404 Not Found
                                          Content-Length: 321
                                          Content-Type: text/html
                                          x-ms-error-code: WebContentNotFound
                                          x-ms-request-id: d575b28c-601e-00d3-1b66-9e5d55000000
                                          x-ms-version: 2018-03-28
                                          Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,x-ms-error-code,x-ms-request-id,x-ms-version
                                          Access-Control-Allow-Origin: *
                                          Date: Wed, 26 Mar 2025 15:57:40 GMT
                                          Connection: close
                                          Akamai-GRN: 0.9f04d217.1743004660.12f08206
                                          2025-03-26 15:57:40 UTC321INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 57 65 62 43 6f 6e 74 65 6e 74 4e 6f 74 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 6e 74 65 6e 74 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 68 31 3e 3c 70 3e 3c 75 6c 3e 3c 6c 69 3e 48 74 74 70 53 74 61 74 75 73 43 6f 64 65 3a 20 34 30 34 3c 2f 6c 69 3e 3c 6c 69 3e 45 72 72 6f 72 43 6f 64 65 3a 20 57 65 62 43 6f 6e 74 65 6e 74 4e 6f 74 46 6f 75 6e 64 3c 2f 6c 69 3e 3c 6c 69 3e 52 65 71 75 65 73 74 49 64 20 3a 20 64 35 37 35 62 32 38 63 2d 36 30 31 65 2d 30 30 64 33 2d 31 62 36 36 2d 39 65 35 64 35 35 30 30 30 30 30 30 3c 2f 6c 69 3e 3c 6c 69 3e 54 69
                                          Data Ascii: <!DOCTYPE html><html><head><title>WebContentNotFound</title></head><body><h1>The requested content does not exist.</h1><p><ul><li>HttpStatusCode: 404</li><li>ErrorCode: WebContentNotFound</li><li>RequestId : d575b28c-601e-00d3-1b66-9e5d55000000</li><li>Ti


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          4192.168.2.44973223.209.72.314432620C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2025-03-26 15:57:40 UTC709OUTGET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1
                                          Host: aadcdn.msftauth.net
                                          Connection: keep-alive
                                          sec-ch-ua-platform: "Windows"
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                          sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                          sec-ch-ua-mobile: ?0
                                          Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                          Sec-Fetch-Site: cross-site
                                          Sec-Fetch-Mode: no-cors
                                          Sec-Fetch-Dest: image
                                          Sec-Fetch-Storage-Access: active
                                          Referer: https://sweet-friendly-owl.glitch.me/
                                          Accept-Encoding: gzip, deflate, br, zstd
                                          Accept-Language: en-US,en;q=0.9
                                          2025-03-26 15:57:40 UTC613INHTTP/1.1 200 OK
                                          Content-Type: image/svg+xml
                                          Content-MD5: R2FAVxfpONfnQAuxVxXbHg==
                                          Last-Modified: Thu, 05 Dec 2024 00:03:00 GMT
                                          ETag: "0x8DD14C02EE2769A"
                                          x-ms-request-id: fa2671bf-301e-00c0-049c-66acf0000000
                                          x-ms-version: 2018-03-28
                                          Access-Control-Expose-Headers: Accept-Ranges,Cache-Control,Content-Encoding,Content-Length,Content-MD5,Content-Type,Date,ETag,Last-Modified,Server,x-ms-request-id,x-ms-version
                                          Access-Control-Allow-Origin: *
                                          Cache-Control: public, max-age=25401365
                                          Date: Wed, 26 Mar 2025 15:57:40 GMT
                                          Content-Length: 1592
                                          Connection: close
                                          Akamai-GRN: 0.9f04d217.1743004660.12f08207
                                          2025-03-26 15:57:40 UTC1592INData Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 34 38 22 20 68 65 69 67 68 74 3d 22 34 38 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 34 38 20 34 38 22 3e 3c 64 65 66 73 3e 3c 73 74 79 6c 65 3e 2e 61 7b 66 69 6c 6c 3a 6e 6f 6e 65 3b 7d 2e 62 7b 66 69 6c 6c 3a 23 34 30 34 30 34 30 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 64 65 66 73 3e 3c 72 65 63 74 20 63 6c 61 73 73 3d 22 61 22 20 77 69 64 74 68 3d 22 34 38 22 20 68 65 69 67 68 74 3d 22 34 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 62 22 20 64 3d 22 4d 34 30 2c 33 32 2e 35 37 38 56 34 30 48 33 32 56 33 36 48 32 38 56 33 32 48 32 34 56 32 38 2e 37 36 36 41 31 30 2e 36 38 39 2c 31 30 2e 36 38 39 2c 30 2c 30 2c
                                          Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><defs><style>.a{fill:none;}.b{fill:#404040;}</style></defs><rect class="a" width="48" height="48"/><path class="b" d="M40,32.578V40H32V36H28V32H24V28.766A10.689,10.689,0,0,


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          5192.168.2.44972923.209.72.314432620C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2025-03-26 15:57:40 UTC705OUTGET /shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg HTTP/1.1
                                          Host: aadcdn.msftauth.net
                                          Connection: keep-alive
                                          sec-ch-ua-platform: "Windows"
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                          sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                          sec-ch-ua-mobile: ?0
                                          Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                          Sec-Fetch-Site: cross-site
                                          Sec-Fetch-Mode: no-cors
                                          Sec-Fetch-Dest: image
                                          Sec-Fetch-Storage-Access: active
                                          Referer: https://sweet-friendly-owl.glitch.me/
                                          Accept-Encoding: gzip, deflate, br, zstd
                                          Accept-Language: en-US,en;q=0.9
                                          2025-03-26 15:57:40 UTC612INHTTP/1.1 200 OK
                                          Content-Type: image/svg+xml
                                          Content-MD5: TjUQkZ0p0Y7rbj6LJofS9Q==
                                          Last-Modified: Wed, 15 Jan 2025 17:52:54 GMT
                                          ETag: "0x8DD358D701F7AB6"
                                          x-ms-request-id: 8703fe84-701e-00ad-7f76-67cd12000000
                                          x-ms-version: 2018-03-28
                                          Access-Control-Expose-Headers: Accept-Ranges,Cache-Control,Content-Encoding,Content-Length,Content-MD5,Content-Type,Date,ETag,Last-Modified,Server,x-ms-request-id,x-ms-version
                                          Access-Control-Allow-Origin: *
                                          Cache-Control: public, max-age=25494921
                                          Date: Wed, 26 Mar 2025 15:57:40 GMT
                                          Content-Length: 513
                                          Connection: close
                                          Akamai-GRN: 0.9f04d217.1743004660.12f08209
                                          2025-03-26 15:57:40 UTC513INData Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 32 34 22 20 68 65 69 67 68 74 3d 22 32 34 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 32 34 20 32 34 22 3e 3c 74 69 74 6c 65 3e 61 73 73 65 74 73 3c 2f 74 69 74 6c 65 3e 3c 70 61 74 68 20 64 3d 22 4d 31 38 2c 31 31 2e 35 37 38 76 2e 38 34 34 48 37 2e 36 31 37 6c 33 2e 39 32 31 2c 33 2e 39 32 38 2d 2e 35 39 34 2e 35 39 34 4c 36 2c 31 32 6c 34 2e 39 34 34 2d 34 2e 39 34 34 2e 35 39 34 2e 35 39 34 4c 37 2e 36 31 37 2c 31 31 2e 35 37 38 5a 22 20 66 69 6c 6c 3d 22 23 34 30 34 30 34 30 22 2f 3e 3c 70 61 74 68 20 64 3d 22 4d 31 30 2e 39 34 34 2c 37 2e 30 35 36 6c 2e 35 39 34 2e 35 39 34 4c 37 2e 36 31 37 2c 31 31 2e 35 37
                                          Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24"><title>assets</title><path d="M18,11.578v.844H7.617l3.921,3.928-.594.594L6,12l4.944-4.944.594.594L7.617,11.578Z" fill="#404040"/><path d="M10.944,7.056l.594.594L7.617,11.57


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          6192.168.2.44973123.209.72.314432620C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2025-03-26 15:57:40 UTC708OUTGET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1
                                          Host: aadcdn.msftauth.net
                                          Connection: keep-alive
                                          sec-ch-ua-platform: "Windows"
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                          sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                          sec-ch-ua-mobile: ?0
                                          Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                          Sec-Fetch-Site: cross-site
                                          Sec-Fetch-Mode: no-cors
                                          Sec-Fetch-Dest: image
                                          Sec-Fetch-Storage-Access: active
                                          Referer: https://sweet-friendly-owl.glitch.me/
                                          Accept-Encoding: gzip, deflate, br, zstd
                                          Accept-Language: en-US,en;q=0.9
                                          2025-03-26 15:57:40 UTC613INHTTP/1.1 200 OK
                                          Content-Type: image/svg+xml
                                          Content-MD5: DhdidjYrlCeaRJJRG/y9mA==
                                          Last-Modified: Wed, 15 Jan 2025 17:54:26 GMT
                                          ETag: "0x8DD358DA72AAF33"
                                          x-ms-request-id: d9dbeb0f-b01e-00e4-2876-67c4b2000000
                                          x-ms-version: 2018-03-28
                                          Access-Control-Expose-Headers: Accept-Ranges,Cache-Control,Content-Encoding,Content-Length,Content-MD5,Content-Type,Date,ETag,Last-Modified,Server,x-ms-request-id,x-ms-version
                                          Access-Control-Allow-Origin: *
                                          Cache-Control: public, max-age=25494971
                                          Date: Wed, 26 Mar 2025 15:57:40 GMT
                                          Content-Length: 1864
                                          Connection: close
                                          Akamai-GRN: 0.9f04d217.1743004660.12f08208
                                          2025-03-26 15:57:40 UTC1864INData Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 39 32 30 22 20 68 65 69 67 68 74 3d 22 31 30 38 30 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 3e 3c 67 20 6f 70 61 63 69 74 79 3d 22 2e 32 22 20 63 6c 69 70 2d 70 61 74 68 3d 22 75 72 6c 28 23 45 29 22 3e 3c 70 61 74 68 20 64 3d 22 4d 31 34 36 36 2e 34 20 31 37 39 35 2e 32 63 39 35 30 2e 33 37 20 30 20 31 37 32 30 2e 38 2d 36 32 37 2e 35 32 20 31 37 32 30 2e 38 2d 31 34 30 31 2e 36 53 32 34 31 36 2e 37 37 2d 31 30 30 38 20 31 34 36 36 2e 34 2d 31 30 30 38 2d 32 35 34 2e 34 2d 33 38 30 2e 34 38 32 2d 32 35 34 2e 34 20 33 39 33 2e 36 73 37 37 30 2e 34 32 38 20 31 34 30 31 2e 36 20 31 37 32 30 2e 38 20 31 34 30 31 2e 36
                                          Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="1920" height="1080" fill="none"><g opacity=".2" clip-path="url(#E)"><path d="M1466.4 1795.2c950.37 0 1720.8-627.52 1720.8-1401.6S2416.77-1008 1466.4-1008-254.4-380.482-254.4 393.6s770.428 1401.6 1720.8 1401.6


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          7192.168.2.44973423.209.72.314432620C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2025-03-26 15:57:40 UTC695OUTGET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1
                                          Host: aadcdn.msftauth.net
                                          Connection: keep-alive
                                          sec-ch-ua-platform: "Windows"
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                          sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                          sec-ch-ua-mobile: ?0
                                          Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                          Sec-Fetch-Site: cross-site
                                          Sec-Fetch-Mode: no-cors
                                          Sec-Fetch-Dest: image
                                          Sec-Fetch-Storage-Access: active
                                          Referer: https://sweet-friendly-owl.glitch.me/
                                          Accept-Encoding: gzip, deflate, br, zstd
                                          Accept-Language: en-US,en;q=0.9
                                          2025-03-26 15:57:41 UTC596INHTTP/1.1 200 OK
                                          Content-Type: image/x-icon
                                          Content-MD5: EuPayFgGHQiAI7K9SOL6lg==
                                          Last-Modified: Thu, 05 Dec 2024 00:02:51 GMT
                                          ETag: "0x8DD14C0292CD581"
                                          x-ms-request-id: fa26a65a-301e-00c0-6a9c-66acf0000000
                                          x-ms-version: 2018-03-28
                                          Access-Control-Expose-Headers: Accept-Ranges,Cache-Control,Content-Length,Content-MD5,Content-Type,Date,ETag,Last-Modified,Server,x-ms-request-id,x-ms-version
                                          Access-Control-Allow-Origin: *
                                          Cache-Control: public, max-age=25401313
                                          Date: Wed, 26 Mar 2025 15:57:40 GMT
                                          Content-Length: 17174
                                          Connection: close
                                          Akamai-GRN: 0.9f04d217.1743004660.12f08382
                                          2025-03-26 15:57:41 UTC15788INData Raw: 00 00 01 00 06 00 80 80 10 00 00 00 00 00 68 28 00 00 66 00 00 00 48 48 10 00 00 00 00 00 e8 0d 00 00 ce 28 00 00 30 30 10 00 00 00 00 00 68 06 00 00 b6 36 00 00 20 20 10 00 00 00 00 00 e8 02 00 00 1e 3d 00 00 18 18 10 00 00 00 00 00 e8 01 00 00 06 40 00 00 10 10 10 00 00 00 00 00 28 01 00 00 ee 41 00 00 28 00 00 00 80 00 00 00 00 01 00 00 01 00 04 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 ba 7f 00 22 50 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33
                                          Data Ascii: h(fHH(00h6 =@(A(("P"""""""""""""""""""""""""""""" 333333333333333
                                          2025-03-26 15:57:41 UTC1386INData Raw: 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 99 99 99 99 99 99 99 70 03 33 33 33 33 33 33 33 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 aa aa aa aa aa aa aa 50 04 ee ee ee ee ee ee ee 66 66 66 66 66
                                          Data Ascii: "3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333p3333333Pfffff


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          8192.168.2.44973623.209.72.94432620C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2025-03-26 15:57:40 UTC460OUTGET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1
                                          Host: aadcdn.msftauth.net
                                          Connection: keep-alive
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                          Accept: */*
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: cors
                                          Sec-Fetch-Dest: empty
                                          Sec-Fetch-Storage-Access: active
                                          Accept-Encoding: gzip, deflate, br, zstd
                                          Accept-Language: en-US,en;q=0.9
                                          2025-03-26 15:57:41 UTC612INHTTP/1.1 200 OK
                                          Content-Type: image/svg+xml
                                          Content-MD5: nzaLxFgP7ZB3dfMcaybWzw==
                                          Last-Modified: Wed, 15 Jan 2025 17:53:51 GMT
                                          ETag: "0x8DD358D925D93F3"
                                          x-ms-request-id: 8565df70-501e-00f7-7176-67abf5000000
                                          x-ms-version: 2018-03-28
                                          Access-Control-Expose-Headers: Accept-Ranges,Cache-Control,Content-Encoding,Content-Length,Content-MD5,Content-Type,Date,ETag,Last-Modified,Server,x-ms-request-id,x-ms-version
                                          Access-Control-Allow-Origin: *
                                          Cache-Control: public, max-age=25494925
                                          Date: Wed, 26 Mar 2025 15:57:41 GMT
                                          Content-Length: 3651
                                          Connection: close
                                          Akamai-GRN: 0.8904d217.1743004661.ca7f715
                                          2025-03-26 15:57:41 UTC3651INData Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 30 38 22 20 68 65 69 67 68 74 3d 22 32 34 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 30 38 20 32 34 22 3e 3c 74 69 74 6c 65 3e 61 73 73 65 74 73 3c 2f 74 69 74 6c 65 3e 3c 70 61 74 68 20 64 3d 22 4d 34 34 2e 38 33 36 2c 34 2e 36 56 31 38 2e 34 68 2d 32 2e 34 56 37 2e 35 38 33 48 34 32 2e 34 4c 33 38 2e 31 31 39 2c 31 38 2e 34 48 33 36 2e 35 33 31 4c 33 32 2e 31 34 32 2c 37 2e 35 38 33 68 2d 2e 30 32 39 56 31 38 2e 34 48 32 39 2e 39 56 34 2e 36 68 33 2e 34 33 36 4c 33 37 2e 33 2c 31 34 2e 38 33 68 2e 30 35 38 4c 34 31 2e 35 34 35 2c 34 2e 36 5a 6d 32 2c 31 2e 30 34 39 61 31 2e 32 36 38 2c 31 2e 32 36 38 2c 30
                                          Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          9192.168.2.44973523.209.72.94432620C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2025-03-26 15:57:40 UTC460OUTGET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1
                                          Host: aadcdn.msftauth.net
                                          Connection: keep-alive
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                          Accept: */*
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: cors
                                          Sec-Fetch-Dest: empty
                                          Sec-Fetch-Storage-Access: active
                                          Accept-Encoding: gzip, deflate, br, zstd
                                          Accept-Language: en-US,en;q=0.9
                                          2025-03-26 15:57:41 UTC612INHTTP/1.1 200 OK
                                          Content-Type: image/svg+xml
                                          Content-MD5: R2FAVxfpONfnQAuxVxXbHg==
                                          Last-Modified: Thu, 05 Dec 2024 00:03:00 GMT
                                          ETag: "0x8DD14C02EE2769A"
                                          x-ms-request-id: fa2671bf-301e-00c0-049c-66acf0000000
                                          x-ms-version: 2018-03-28
                                          Access-Control-Expose-Headers: Accept-Ranges,Cache-Control,Content-Encoding,Content-Length,Content-MD5,Content-Type,Date,ETag,Last-Modified,Server,x-ms-request-id,x-ms-version
                                          Access-Control-Allow-Origin: *
                                          Cache-Control: public, max-age=25401419
                                          Date: Wed, 26 Mar 2025 15:57:41 GMT
                                          Content-Length: 1592
                                          Connection: close
                                          Akamai-GRN: 0.8904d217.1743004661.ca7f713
                                          2025-03-26 15:57:41 UTC1592INData Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 34 38 22 20 68 65 69 67 68 74 3d 22 34 38 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 34 38 20 34 38 22 3e 3c 64 65 66 73 3e 3c 73 74 79 6c 65 3e 2e 61 7b 66 69 6c 6c 3a 6e 6f 6e 65 3b 7d 2e 62 7b 66 69 6c 6c 3a 23 34 30 34 30 34 30 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 64 65 66 73 3e 3c 72 65 63 74 20 63 6c 61 73 73 3d 22 61 22 20 77 69 64 74 68 3d 22 34 38 22 20 68 65 69 67 68 74 3d 22 34 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 62 22 20 64 3d 22 4d 34 30 2c 33 32 2e 35 37 38 56 34 30 48 33 32 56 33 36 48 32 38 56 33 32 48 32 34 56 32 38 2e 37 36 36 41 31 30 2e 36 38 39 2c 31 30 2e 36 38 39 2c 30 2c 30 2c
                                          Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><defs><style>.a{fill:none;}.b{fill:#404040;}</style></defs><rect class="a" width="48" height="48"/><path class="b" d="M40,32.578V40H32V36H28V32H24V28.766A10.689,10.689,0,0,


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          10192.168.2.44973723.209.72.94432620C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2025-03-26 15:57:40 UTC459OUTGET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1
                                          Host: aadcdn.msftauth.net
                                          Connection: keep-alive
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                          Accept: */*
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: cors
                                          Sec-Fetch-Dest: empty
                                          Sec-Fetch-Storage-Access: active
                                          Accept-Encoding: gzip, deflate, br, zstd
                                          Accept-Language: en-US,en;q=0.9
                                          2025-03-26 15:57:41 UTC612INHTTP/1.1 200 OK
                                          Content-Type: image/svg+xml
                                          Content-MD5: DhdidjYrlCeaRJJRG/y9mA==
                                          Last-Modified: Wed, 15 Jan 2025 17:54:26 GMT
                                          ETag: "0x8DD358DA72AAF33"
                                          x-ms-request-id: d9dbeb0f-b01e-00e4-2876-67c4b2000000
                                          x-ms-version: 2018-03-28
                                          Access-Control-Expose-Headers: Accept-Ranges,Cache-Control,Content-Encoding,Content-Length,Content-MD5,Content-Type,Date,ETag,Last-Modified,Server,x-ms-request-id,x-ms-version
                                          Access-Control-Allow-Origin: *
                                          Cache-Control: public, max-age=25494935
                                          Date: Wed, 26 Mar 2025 15:57:41 GMT
                                          Content-Length: 1864
                                          Connection: close
                                          Akamai-GRN: 0.8904d217.1743004661.ca7f714
                                          2025-03-26 15:57:41 UTC1864INData Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 39 32 30 22 20 68 65 69 67 68 74 3d 22 31 30 38 30 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 3e 3c 67 20 6f 70 61 63 69 74 79 3d 22 2e 32 22 20 63 6c 69 70 2d 70 61 74 68 3d 22 75 72 6c 28 23 45 29 22 3e 3c 70 61 74 68 20 64 3d 22 4d 31 34 36 36 2e 34 20 31 37 39 35 2e 32 63 39 35 30 2e 33 37 20 30 20 31 37 32 30 2e 38 2d 36 32 37 2e 35 32 20 31 37 32 30 2e 38 2d 31 34 30 31 2e 36 53 32 34 31 36 2e 37 37 2d 31 30 30 38 20 31 34 36 36 2e 34 2d 31 30 30 38 2d 32 35 34 2e 34 2d 33 38 30 2e 34 38 32 2d 32 35 34 2e 34 20 33 39 33 2e 36 73 37 37 30 2e 34 32 38 20 31 34 30 31 2e 36 20 31 37 32 30 2e 38 20 31 34 30 31 2e 36
                                          Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="1920" height="1080" fill="none"><g opacity=".2" clip-path="url(#E)"><path d="M1466.4 1795.2c950.37 0 1720.8-627.52 1720.8-1401.6S2416.77-1008 1466.4-1008-254.4-380.482-254.4 393.6s770.428 1401.6 1720.8 1401.6


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          11192.168.2.44973823.209.72.94432620C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2025-03-26 15:57:40 UTC456OUTGET /shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg HTTP/1.1
                                          Host: aadcdn.msftauth.net
                                          Connection: keep-alive
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                          Accept: */*
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: cors
                                          Sec-Fetch-Dest: empty
                                          Sec-Fetch-Storage-Access: active
                                          Accept-Encoding: gzip, deflate, br, zstd
                                          Accept-Language: en-US,en;q=0.9
                                          2025-03-26 15:57:41 UTC611INHTTP/1.1 200 OK
                                          Content-Type: image/svg+xml
                                          Content-MD5: TjUQkZ0p0Y7rbj6LJofS9Q==
                                          Last-Modified: Wed, 15 Jan 2025 17:52:54 GMT
                                          ETag: "0x8DD358D701F7AB6"
                                          x-ms-request-id: 8703fe84-701e-00ad-7f76-67cd12000000
                                          x-ms-version: 2018-03-28
                                          Access-Control-Expose-Headers: Accept-Ranges,Cache-Control,Content-Encoding,Content-Length,Content-MD5,Content-Type,Date,ETag,Last-Modified,Server,x-ms-request-id,x-ms-version
                                          Access-Control-Allow-Origin: *
                                          Cache-Control: public, max-age=25494913
                                          Date: Wed, 26 Mar 2025 15:57:41 GMT
                                          Content-Length: 513
                                          Connection: close
                                          Akamai-GRN: 0.8904d217.1743004661.ca7f712
                                          2025-03-26 15:57:41 UTC513INData Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 32 34 22 20 68 65 69 67 68 74 3d 22 32 34 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 32 34 20 32 34 22 3e 3c 74 69 74 6c 65 3e 61 73 73 65 74 73 3c 2f 74 69 74 6c 65 3e 3c 70 61 74 68 20 64 3d 22 4d 31 38 2c 31 31 2e 35 37 38 76 2e 38 34 34 48 37 2e 36 31 37 6c 33 2e 39 32 31 2c 33 2e 39 32 38 2d 2e 35 39 34 2e 35 39 34 4c 36 2c 31 32 6c 34 2e 39 34 34 2d 34 2e 39 34 34 2e 35 39 34 2e 35 39 34 4c 37 2e 36 31 37 2c 31 31 2e 35 37 38 5a 22 20 66 69 6c 6c 3d 22 23 34 30 34 30 34 30 22 2f 3e 3c 70 61 74 68 20 64 3d 22 4d 31 30 2e 39 34 34 2c 37 2e 30 35 36 6c 2e 35 39 34 2e 35 39 34 4c 37 2e 36 31 37 2c 31 31 2e 35 37
                                          Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24"><title>assets</title><path d="M18,11.578v.844H7.617l3.921,3.928-.594.594L6,12l4.944-4.944.594.594L7.617,11.578Z" fill="#404040"/><path d="M10.944,7.056l.594.594L7.617,11.57


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          12192.168.2.44974223.209.72.94432620C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampBytes transferredDirectionData
                                          2025-03-26 15:57:41 UTC446OUTGET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1
                                          Host: aadcdn.msftauth.net
                                          Connection: keep-alive
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                          Accept: */*
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: cors
                                          Sec-Fetch-Dest: empty
                                          Sec-Fetch-Storage-Access: active
                                          Accept-Encoding: gzip, deflate, br, zstd
                                          Accept-Language: en-US,en;q=0.9
                                          2025-03-26 15:57:41 UTC595INHTTP/1.1 200 OK
                                          Content-Type: image/x-icon
                                          Content-MD5: EuPayFgGHQiAI7K9SOL6lg==
                                          Last-Modified: Thu, 05 Dec 2024 00:02:51 GMT
                                          ETag: "0x8DD14C0292CD581"
                                          x-ms-request-id: fa26a65a-301e-00c0-6a9c-66acf0000000
                                          x-ms-version: 2018-03-28
                                          Access-Control-Expose-Headers: Accept-Ranges,Cache-Control,Content-Length,Content-MD5,Content-Type,Date,ETag,Last-Modified,Server,x-ms-request-id,x-ms-version
                                          Access-Control-Allow-Origin: *
                                          Cache-Control: public, max-age=25401370
                                          Date: Wed, 26 Mar 2025 15:57:41 GMT
                                          Content-Length: 17174
                                          Connection: close
                                          Akamai-GRN: 0.8904d217.1743004661.ca7f80b
                                          2025-03-26 15:57:41 UTC15789INData Raw: 00 00 01 00 06 00 80 80 10 00 00 00 00 00 68 28 00 00 66 00 00 00 48 48 10 00 00 00 00 00 e8 0d 00 00 ce 28 00 00 30 30 10 00 00 00 00 00 68 06 00 00 b6 36 00 00 20 20 10 00 00 00 00 00 e8 02 00 00 1e 3d 00 00 18 18 10 00 00 00 00 00 e8 01 00 00 06 40 00 00 10 10 10 00 00 00 00 00 28 01 00 00 ee 41 00 00 28 00 00 00 80 00 00 00 00 01 00 00 01 00 04 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 ba 7f 00 22 50 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33
                                          Data Ascii: h(fHH(00h6 =@(A(("P"""""""""""""""""""""""""""""" 333333333333333
                                          2025-03-26 15:57:41 UTC1385INData Raw: c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 99 99 99 99 99 99 99 70 03 33 33 33 33 33 33 33 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 aa aa aa aa aa aa aa 50 04 ee ee ee ee ee ee ee 66 66 66 66 66 66
                                          Data Ascii: 3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333p3333333Pffffff


                                          Statistics

                                          CPU Usage

                                          020406080s020406080100

                                          Click to jump to process

                                          Memory Usage

                                          020406080s0.0050100MB

                                          Click to jump to process

                                          Behavior

                                          Click to jump to process

                                          System Behavior

                                          General

                                          Target ID:1
                                          Start time:11:57:28
                                          Start date:26/03/2025
                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                                          Imagebase:0x7ff786830000
                                          File size:3'388'000 bytes
                                          MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:low
                                          Has exited:false
                                          Show Windows behavior

                                          File Activities

                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                          Show Windows behavior

                                          COM Activities

                                          Show Windows behavior

                                          Process Activities

                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                          Show Windows behavior

                                          Memory Activities

                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                          Show Windows behavior

                                          Process Token Activities


                                          General

                                          Target ID:2
                                          Start time:11:57:32
                                          Start date:26/03/2025
                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=3332,i,861080472236665628,7194960877763585076,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=1664 /prefetch:3
                                          Imagebase:0x7ff786830000
                                          File size:3'388'000 bytes
                                          MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:low
                                          Has exited:false
                                          Show Windows behavior

                                          File Activities

                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                          Show Windows behavior

                                          Memory Activities

                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                          General

                                          Target ID:4
                                          Start time:11:57:38
                                          Start date:26/03/2025
                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://12h.eowsubluf.cfd/iP8"
                                          Imagebase:0x7ff786830000
                                          File size:3'388'000 bytes
                                          MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:low
                                          Has exited:true
                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                          Disassembly

                                          No disassembly