Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://flicker-candle-sunspot.glitch.me/wond276816auing.html

Overview

General Information

Sample URL:https://flicker-candle-sunspot.glitch.me/wond276816auing.html
Analysis ID:1431917
Infos:

Detection

Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Phishing site detected (based on favicon image match)
Phishing site detected (based on image similarity)
Form action URLs do not match main URL
HTML body contains low number of good links
HTML title does not match URL
Invalid 'forgot password' link found
Suspicious form URL found

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 3340 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 5352 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1860 --field-trial-handle=2008,i,7893499121769613146,1386096339918013274,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6492 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://flicker-candle-sunspot.glitch.me/wond276816auing.html" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: https://flicker-candle-sunspot.glitch.me/wond276816auing.htmlAvira URL Cloud: detection malicious, Label: phishing
Source: https://flicker-candle-sunspot.glitch.me/wond276816auing.htmlSlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing

barindex
Phishing site detected (based on favicon image match)
Source: https://flicker-candle-sunspot.glitch.me/wond276816auing.htmlMatcher: Template: excel matched with high similarity
Phishing site detected (based on image similarity)
Source: https://flicker-candle-sunspot.glitch.me/wond276816auing.htmlMatcher: Found strong image similarity, brand: MICROSOFT
Source: https://flicker-candle-sunspot.glitch.me/wond276816auing.htmlHTTP Parser: Form action: https://homegoods.cloud/reboty2783mediloaocptx.php glitch homegoods
Source: https://flicker-candle-sunspot.glitch.me/wond276816auing.htmlHTTP Parser: Number of links: 0
Source: https://flicker-candle-sunspot.glitch.me/wond276816auing.htmlHTTP Parser: Title: Excel Mobile does not match URL
Source: https://flicker-candle-sunspot.glitch.me/wond276816auing.htmlHTTP Parser: Invalid link: Forgot your password?
Source: https://flicker-candle-sunspot.glitch.me/wond276816auing.htmlHTTP Parser: Form action: https://homegoods.cloud/reboty2783mediloaocptx.php
Source: https://flicker-candle-sunspot.glitch.me/wond276816auing.htmlHTTP Parser: <input type="password" .../> found
Source: https://flicker-candle-sunspot.glitch.me/wond276816auing.htmlHTTP Parser: No <meta name="author".. found
Source: https://flicker-candle-sunspot.glitch.me/wond276816auing.htmlHTTP Parser: No <meta name="copyright".. found
Source: unknownHTTPS traffic detected: 23.202.106.101:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.202.106.101:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknownTCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknownTCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknownTCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknownTCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknownTCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknownTCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknownTCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknownTCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknownTCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknownTCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknownTCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknownTCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknownTCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknownTCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknownTCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknownTCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknownTCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknownTCP traffic detected without corresponding DNS query: 23.202.106.101
Source: unknownTCP traffic detected without corresponding DNS query: 23.45.182.104
Source: unknownTCP traffic detected without corresponding DNS query: 23.45.182.100
Source: unknownTCP traffic detected without corresponding DNS query: 23.45.182.104
Source: unknownTCP traffic detected without corresponding DNS query: 23.45.182.100
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /wond276816auing.html HTTP/1.1Host: flicker-candle-sunspot.glitch.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /wond276816auing.html HTTP/1.1Host: flicker-candle-sunspot.glitch.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://flicker-candle-sunspot.glitch.me/wond276816auing.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "f6edd152435965f96a6ae58c10e618e9"If-Modified-Since: Tue, 23 Apr 2024 11:09:13 GMT
Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://flicker-candle-sunspot.glitch.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /wond276816auing.html HTTP/1.1Host: flicker-candle-sunspot.glitch.meConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /wikipedia/commons/thumb/3/34/Microsoft_Office_Excel_%282019%E2%80%93present%29.svg/2203px-Microsoft_Office_Excel_%282019%E2%80%93present%29.svg.png HTTP/1.1Host: upload.wikimedia.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://flicker-candle-sunspot.glitch.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /wikipedia/commons/thumb/3/34/Microsoft_Office_Excel_%282019%E2%80%93present%29.svg/2203px-Microsoft_Office_Excel_%282019%E2%80%93present%29.svg.png HTTP/1.1Host: upload.wikimedia.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: flicker-candle-sunspot.glitch.me
Source: global trafficDNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global trafficDNS traffic detected: DNS query: upload.wikimedia.org
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: chromecache_44.1.dr, chromecache_46.1.drString found in binary or memory: https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90b
Source: chromecache_44.1.dr, chromecache_46.1.drString found in binary or memory: https://homegoods.cloud/reboty2783mediloaocptx.php
Source: chromecache_44.1.dr, chromecache_46.1.drString found in binary or memory: https://upload.wikimedia.org/wikipedia/commons/thumb/3/34/Microsoft_Office_Excel_%282019%E2%80%93pre
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownHTTPS traffic detected: 23.202.106.101:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.202.106.101:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: classification engineClassification label: mal60.phis.win@16/11@14/7
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1860 --field-trial-handle=2008,i,7893499121769613146,1386096339918013274,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://flicker-candle-sunspot.glitch.me/wond276816auing.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1860 --field-trial-handle=2008,i,7893499121769613146,1386096339918013274,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Process Injection		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Obfuscated Files or Information		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://flicker-candle-sunspot.glitch.me/wond276816auing.html100%Avira URL Cloudphishing
https://flicker-candle-sunspot.glitch.me/wond276816auing.html100%SlashNextCredential Stealing type: Phishing & Social Engineering

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg0%URL Reputationsafe
https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90b0%URL Reputationsafe
https://homegoods.cloud/reboty2783mediloaocptx.php0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
cs1100.wpc.omegacdn.net
152.199.4.44
truefalse
    		unknown
    www.google.com
    		142.250.64.196
    		truefalse
      		high
      upload.wikimedia.org
      		208.80.154.240
      		truefalse
        		high
        flicker-candle-sunspot.glitch.me
        		44.214.198.122
        		truefalse
          		high
          fp2e7a.wpc.phicdn.net
          		192.229.211.108
          		truefalse
            		unknown
            aadcdn.msftauth.net
            		unknown
            		unknownfalse
              		unknown

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              https://flicker-candle-sunspot.glitch.me/wond276816auing.htmlfalse
                		high
                https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svgfalse
                • URL Reputation: safe
                		unknown
                https://upload.wikimedia.org/wikipedia/commons/thumb/3/34/Microsoft_Office_Excel_%282019%E2%80%93present%29.svg/2203px-Microsoft_Office_Excel_%282019%E2%80%93present%29.svg.pngfalse
                  		high

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  https://upload.wikimedia.org/wikipedia/commons/thumb/3/34/Microsoft_Office_Excel_%282019%E2%80%93prechromecache_44.1.dr, chromecache_46.1.drfalse
                    		high
                    https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bchromecache_44.1.dr, chromecache_46.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://homegoods.cloud/reboty2783mediloaocptx.phpchromecache_44.1.dr, chromecache_46.1.drfalse
                    • Avira URL Cloud: safe
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    44.214.198.122
                    		flicker-candle-sunspot.glitch.meUnited States
                    		14618AMAZON-AESUSfalse
                    18.235.65.101
                    		unknownUnited States
                    		14618AMAZON-AESUSfalse
                    152.199.4.44
                    		cs1100.wpc.omegacdn.netUnited States
                    		15133EDGECASTUSfalse
                    208.80.154.240
                    		upload.wikimedia.orgUnited States
                    		14907WIKIMEDIAUSfalse
                    142.250.64.196
                    		www.google.comUnited States
                    		15169GOOGLEUSfalse
                    239.255.255.250
                    		unknownReserved
                    		unknownunknownfalse

                    Private

                    IP
                    192.168.2.4

                    General Information

                    Joe Sandbox version:40.0.0 Tourmaline
                    Analysis ID:1431917
                    Start date and time:2024-04-26 00:56:17 +02:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 3m 17s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:browseurl.jbs
                    Sample URL:https://flicker-candle-sunspot.glitch.me/wond276816auing.html
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:8
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Detection:MAL
                    Classification:mal60.phis.win@16/11@14/7
                    EGA Information:Failed
                    HCA Information:
                    • Successful, ratio: 100%
                    • Number of executed functions: 0
                    • Number of non-executed functions: 0

                    Warnings

                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                    • Excluded IPs from analysis (whitelisted): 192.178.50.35, 173.194.217.84, 142.250.189.142, 34.104.35.123, 142.250.217.170, 172.217.15.202, 192.178.50.74, 142.250.217.234, 172.217.3.74, 142.251.35.234, 142.250.64.202, 172.217.165.202, 142.250.217.202, 192.178.50.42, 142.250.64.234, 142.250.64.170, 142.250.64.138, 142.250.189.138, 172.217.2.202, 20.12.23.50, 72.21.81.240, 192.229.211.108, 20.242.39.171, 52.165.164.15, 40.68.123.157, 192.178.50.67, 20.114.59.183
                    • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, wu.ec.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, wu-bg-shim.trafficmanager.net, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size getting too big, too many NtSetInformationFile calls found.
                    • VT rate limit hit for: https://flicker-candle-sunspot.glitch.me/wond276816auing.html

                    Simulations

                    Behavior and APIs

                    No simulations

                    Joe Sandbox View / Context

                    IPs

                    No context

                    Domains

                    No context

                    ASNs

                    No context

                    JA3 Fingerprints

                    No context

                    Dropped Files

                    No context

                    Created / dropped Files

                    Chrome Cache Entry: 43

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:SVG Scalable Vector Graphics image
                    Category:downloaded
                    Size (bytes):3651
                    Entropy (8bit):4.094801914706141
                    Encrypted:false
                    SSDEEP:96:wO4DZ+Stb/jY+eo4hAryAes9mBYYQgWLDm9:wToSBjlevudl9nO
                    MD5:EE5C8D9FB6248C938FD0DC19370E90BD
                    SHA1:D01A22720918B781338B5BBF9202B241A5F99EE4
                    SHA-256:04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
                    SHA-512:C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58
                    Malicious:false
                    Reputation:low
                    URL:https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
                    Preview:<svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.

                    Chrome Cache Entry: 44

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:HTML document, ASCII text
                    Category:downloaded
                    Size (bytes):4274
                    Entropy (8bit):5.275670925084233
                    Encrypted:false
                    SSDEEP:96:HoE24Qee5KSlvgOa9jk4L06gBSGLhoOl85TtuCtV+/C/w9L8gttXQvViEsuU:nHSlvBa55jEdoO0Ttvt4/C/w9L8gttXd
                    MD5:F6EDD152435965F96A6AE58C10E618E9
                    SHA1:F50C2CE7E6C66389A7EFD6CC5C7982558EFF4944
                    SHA-256:66458E66ED6D9481CCC6B87556F5E1DB3830ADDE85B741C431AAC8807196B509
                    SHA-512:EB67C288F81603424E22CD431BB33AF8E90D574C35E77F2DC9906E18FA1CF58CB48312BF0F949212179BD307B6F4E71C4CD1D4E2D93C4E3432C7449BC3B9514C
                    Malicious:false
                    Reputation:low
                    URL:https://flicker-candle-sunspot.glitch.me/wond276816auing.html
                    Preview:<html>.<head>..<meta name="viewport" content="width=device-width, initial-scale=1">..<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />..<title>Excel Mobile</title>. <link rel="icon" href="https://upload.wikimedia.org/wikipedia/commons/thumb/3/34/Microsoft_Office_Excel_%282019%E2%80%93present%29.svg/2203px-Microsoft_Office_Excel_%282019%E2%80%93present%29.svg.png" type="image/gif" sizes="16x16">..<style> .body, html { height: 100%;margin: 0; font-family: Arial, Helvetica, sans-serif;.}.* {. box-sizing: border-box;.}..bg-image {. /* The image used */. background-image: url("");. /* Add the blur effect */ filter: blur(4px); -webkit-filter: blur(5px);. /* Full height */ height: 100%; /* Center and scale the image nicely */. background-position: cover; background-repeat: no-repeat; background-size: cover;.}../* Position text in the middle of the page/image */..bg-text {. background: #FFF;. width:340px; height:300px; -webkit-box-shadow: 1px 1px 15px 1px #000000; .

                    Chrome Cache Entry: 45

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:SVG Scalable Vector Graphics image
                    Category:dropped
                    Size (bytes):3651
                    Entropy (8bit):4.094801914706141
                    Encrypted:false
                    SSDEEP:96:wO4DZ+Stb/jY+eo4hAryAes9mBYYQgWLDm9:wToSBjlevudl9nO
                    MD5:EE5C8D9FB6248C938FD0DC19370E90BD
                    SHA1:D01A22720918B781338B5BBF9202B241A5F99EE4
                    SHA-256:04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
                    SHA-512:C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58
                    Malicious:false
                    Reputation:low
                    Preview:<svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.

                    Chrome Cache Entry: 46

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:HTML document, ASCII text
                    Category:dropped
                    Size (bytes):4274
                    Entropy (8bit):5.275670925084233
                    Encrypted:false
                    SSDEEP:96:HoE24Qee5KSlvgOa9jk4L06gBSGLhoOl85TtuCtV+/C/w9L8gttXQvViEsuU:nHSlvBa55jEdoO0Ttvt4/C/w9L8gttXd
                    MD5:F6EDD152435965F96A6AE58C10E618E9
                    SHA1:F50C2CE7E6C66389A7EFD6CC5C7982558EFF4944
                    SHA-256:66458E66ED6D9481CCC6B87556F5E1DB3830ADDE85B741C431AAC8807196B509
                    SHA-512:EB67C288F81603424E22CD431BB33AF8E90D574C35E77F2DC9906E18FA1CF58CB48312BF0F949212179BD307B6F4E71C4CD1D4E2D93C4E3432C7449BC3B9514C
                    Malicious:false
                    Reputation:low
                    Preview:<html>.<head>..<meta name="viewport" content="width=device-width, initial-scale=1">..<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />..<title>Excel Mobile</title>. <link rel="icon" href="https://upload.wikimedia.org/wikipedia/commons/thumb/3/34/Microsoft_Office_Excel_%282019%E2%80%93present%29.svg/2203px-Microsoft_Office_Excel_%282019%E2%80%93present%29.svg.png" type="image/gif" sizes="16x16">..<style> .body, html { height: 100%;margin: 0; font-family: Arial, Helvetica, sans-serif;.}.* {. box-sizing: border-box;.}..bg-image {. /* The image used */. background-image: url("");. /* Add the blur effect */ filter: blur(4px); -webkit-filter: blur(5px);. /* Full height */ height: 100%; /* Center and scale the image nicely */. background-position: cover; background-repeat: no-repeat; background-size: cover;.}../* Position text in the middle of the page/image */..bg-text {. background: #FFF;. width:340px; height:300px; -webkit-box-shadow: 1px 1px 15px 1px #000000; .

                    Chrome Cache Entry: 47

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:PNG image data, 2203 x 2049, 8-bit/color RGBA, non-interlaced
                    Category:dropped
                    Size (bytes):100727
                    Entropy (8bit):7.576212282061622
                    Encrypted:false
                    SSDEEP:3072:oqZjsdMCBhLZXM8rueU6o8Amk93VdDaly:bjsdMCBI8rueXMtDaE
                    MD5:39F9670257CF2C47B21177E26205540A
                    SHA1:3F961150D0BC99CC951F50509AE53C282EFE28B1
                    SHA-256:0CC3FED62E8B1F2D7C8F2A6937957914C8E8ABFA355F57906053E3D274D238B7
                    SHA-512:A35CE2F31E2A21790F0EA8090DF784310FD7A5666C3D91AD767223E208F7C3AAEBFE6C3041F2E95A8885613E66A956F83262DCDDAC361F50EB1D61FCFB4D8B6F
                    Malicious:false
                    Reputation:low
                    Preview:.PNG........IHDR.............@.s.....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD..............IDATx...{.eg]'...>..%...' I*.(.....M@tD;.h........-:.b.`....tO...>.h.......FQG..:*.6:N.h..(..T..\.z..!!..:g..Z...<..U.u~...>+.Z+....s.......#....#...,.H9].#..".H.G.9.qVD.ED..........^p.bc..N..@c."b;"rD|*".......*....>W..N../.;........W}...]........s.r....9.U)..s.c"b]w...&.]rA....... G.#..F....................sf.&.....G....G.\.xFJ...9.:...tA....V.]..w"......e..?}..c..`.&.@...._XEum....q}x......a...Xy.....mU._..3_..H)k....P.+..O...|aD|mD\.#.....M..`t>.#.....?pM..HG.R.!l....~.eQ.1"^..&.....6...Q.H.......G....M......#'.?+..M...Xh....*.M..`"r.YD.\..7....~....M...../.8.w.i.....XG...U$l....s""n...?..5G.h......q./{l...F..F.~....V.....L..r.[>..W.-R.S+N.....+....V...H..}.....B.........k......S....1..h=.g_...".P..G>....c#l...E....?x..q....R....#....*..H_..3.....H........"....g.}...6..F..7.t`.@.g)..F.Y:..........,...w.w.....(.|......m7}C.xC.x.n...

                    Chrome Cache Entry: 48

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:ASCII text, with no line terminators
                    Category:downloaded
                    Size (bytes):28
                    Entropy (8bit):4.208966082694623
                    Encrypted:false
                    SSDEEP:3:G4iCw:ziCw
                    MD5:FE567926364F1F70610B746A64DE9165
                    SHA1:A11A5E6E799B094612BBBEB4ABF31707F5080C33
                    SHA-256:07DCC4C01BD13CC989FEC4730DCB6DEEE43A9C7895DFCCFD5113EAD8B1BFB1F7
                    SHA-512:94A588BC0A2500D2B7A53671C00A383A7A2030F593E910E7B96FB4768C28F649CEE4E9263D5EF388706D82F9EF344B337D416A4CBEAC78217A5EC86E21AB2D7E
                    Malicious:false
                    Reputation:low
                    URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwlA2ZezmGQrdBIFDVNVgbUSBQ3OQUx6?alt=proto
                    Preview:ChIKBw1TVYG1GgAKBw3OQUx6GgA=

                    Chrome Cache Entry: 49

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:PNG image data, 2203 x 2049, 8-bit/color RGBA, non-interlaced
                    Category:downloaded
                    Size (bytes):100727
                    Entropy (8bit):7.576212282061622
                    Encrypted:false
                    SSDEEP:3072:oqZjsdMCBhLZXM8rueU6o8Amk93VdDaly:bjsdMCBI8rueXMtDaE
                    MD5:39F9670257CF2C47B21177E26205540A
                    SHA1:3F961150D0BC99CC951F50509AE53C282EFE28B1
                    SHA-256:0CC3FED62E8B1F2D7C8F2A6937957914C8E8ABFA355F57906053E3D274D238B7
                    SHA-512:A35CE2F31E2A21790F0EA8090DF784310FD7A5666C3D91AD767223E208F7C3AAEBFE6C3041F2E95A8885613E66A956F83262DCDDAC361F50EB1D61FCFB4D8B6F
                    Malicious:false
                    Reputation:low
                    URL:https://upload.wikimedia.org/wikipedia/commons/thumb/3/34/Microsoft_Office_Excel_%282019%E2%80%93present%29.svg/2203px-Microsoft_Office_Excel_%282019%E2%80%93present%29.svg.png
                    Preview:.PNG........IHDR.............@.s.....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD..............IDATx...{.eg]'...>..%...' I*.(.....M@tD;.h........-:.b.`....tO...>.h.......FQG..:*.6:N.h..(..T..\.z..!!..:g..Z...<..U.u~...>+.Z+....s.......#....#...,.H9].#..".H.G.9.qVD.ED..........^p.bc..N..@c."b;"rD|*".......*....>W..N../.;........W}...]........s.r....9.U)..s.c"b]w...&.]rA....... G.#..F....................sf.&.....G....G.\.xFJ...9.:...tA....V.]..w"......e..?}..c..`.&.@...._XEum....q}x......a...Xy.....mU._..3_..H)k....P.+..O...|aD|mD\.#.....M..`t>.#.....?pM..HG.R.!l....~.eQ.1"^..&.....6...Q.H.......G....M......#'.?+..M...Xh....*.M..`"r.YD.\..7....~....M...../.8.w.i.....XG...U$l....s""n...?..5G.h......q./{l...F..F.~....V.....L..r.[>..W.-R.S+N.....+....V...H..}.....B.........k......S....1..h=.g_...".P..G>....c#l...E....?x..q....R....#....*..H_..3.....H........"....g.}...6..F..7.t`.@.g)..F.Y:..........,...w.w.....(.|......m7}C.xC.x.n...

                    Static File Info

                    No static file info

                    Network Behavior

                    Network Port Distribution

                    TCP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Apr 26, 2024 00:56:59.765275002 CEST49678443192.168.2.4104.46.162.224
                    Apr 26, 2024 00:57:00.765276909 CEST49675443192.168.2.4173.222.162.32
                    Apr 26, 2024 00:57:09.420609951 CEST49735443192.168.2.444.214.198.122
                    Apr 26, 2024 00:57:09.420645952 CEST4434973544.214.198.122192.168.2.4
                    Apr 26, 2024 00:57:09.420722008 CEST49735443192.168.2.444.214.198.122
                    Apr 26, 2024 00:57:09.423175097 CEST49736443192.168.2.444.214.198.122
                    Apr 26, 2024 00:57:09.423263073 CEST4434973644.214.198.122192.168.2.4
                    Apr 26, 2024 00:57:09.423341036 CEST49736443192.168.2.444.214.198.122
                    Apr 26, 2024 00:57:09.423670053 CEST49736443192.168.2.444.214.198.122
                    Apr 26, 2024 00:57:09.423718929 CEST4434973644.214.198.122192.168.2.4
                    Apr 26, 2024 00:57:09.423815966 CEST49735443192.168.2.444.214.198.122
                    Apr 26, 2024 00:57:09.423830032 CEST4434973544.214.198.122192.168.2.4
                    Apr 26, 2024 00:57:09.897778988 CEST4434973544.214.198.122192.168.2.4
                    Apr 26, 2024 00:57:09.898098946 CEST49735443192.168.2.444.214.198.122
                    Apr 26, 2024 00:57:09.898114920 CEST4434973544.214.198.122192.168.2.4
                    Apr 26, 2024 00:57:09.899540901 CEST4434973544.214.198.122192.168.2.4
                    Apr 26, 2024 00:57:09.899630070 CEST49735443192.168.2.444.214.198.122
                    Apr 26, 2024 00:57:09.900798082 CEST49735443192.168.2.444.214.198.122
                    Apr 26, 2024 00:57:09.900878906 CEST4434973544.214.198.122192.168.2.4
                    Apr 26, 2024 00:57:09.901030064 CEST49735443192.168.2.444.214.198.122
                    Apr 26, 2024 00:57:09.901037931 CEST4434973544.214.198.122192.168.2.4
                    Apr 26, 2024 00:57:09.910865068 CEST4434973644.214.198.122192.168.2.4
                    Apr 26, 2024 00:57:09.911130905 CEST49736443192.168.2.444.214.198.122
                    Apr 26, 2024 00:57:09.911170006 CEST4434973644.214.198.122192.168.2.4
                    Apr 26, 2024 00:57:09.912857056 CEST4434973644.214.198.122192.168.2.4
                    Apr 26, 2024 00:57:09.912940025 CEST49736443192.168.2.444.214.198.122
                    Apr 26, 2024 00:57:09.913908005 CEST49736443192.168.2.444.214.198.122
                    Apr 26, 2024 00:57:09.913997889 CEST4434973644.214.198.122192.168.2.4
                    Apr 26, 2024 00:57:09.950846910 CEST49735443192.168.2.444.214.198.122
                    Apr 26, 2024 00:57:09.957042933 CEST49736443192.168.2.444.214.198.122
                    Apr 26, 2024 00:57:09.957053900 CEST4434973644.214.198.122192.168.2.4
                    Apr 26, 2024 00:57:10.000283957 CEST49736443192.168.2.444.214.198.122
                    Apr 26, 2024 00:57:10.108901978 CEST4434973544.214.198.122192.168.2.4
                    Apr 26, 2024 00:57:10.108922958 CEST4434973544.214.198.122192.168.2.4
                    Apr 26, 2024 00:57:10.109077930 CEST49735443192.168.2.444.214.198.122
                    Apr 26, 2024 00:57:10.109077930 CEST4434973544.214.198.122192.168.2.4
                    Apr 26, 2024 00:57:10.109137058 CEST49735443192.168.2.444.214.198.122
                    Apr 26, 2024 00:57:10.110162973 CEST49735443192.168.2.444.214.198.122
                    Apr 26, 2024 00:57:10.110181093 CEST4434973544.214.198.122192.168.2.4
                    Apr 26, 2024 00:57:10.131194115 CEST49736443192.168.2.444.214.198.122
                    Apr 26, 2024 00:57:10.176129103 CEST4434973644.214.198.122192.168.2.4
                    Apr 26, 2024 00:57:10.253711939 CEST49739443192.168.2.4152.199.4.44
                    Apr 26, 2024 00:57:10.253740072 CEST44349739152.199.4.44192.168.2.4
                    Apr 26, 2024 00:57:10.253809929 CEST49739443192.168.2.4152.199.4.44
                    Apr 26, 2024 00:57:10.254117966 CEST49739443192.168.2.4152.199.4.44
                    Apr 26, 2024 00:57:10.254129887 CEST44349739152.199.4.44192.168.2.4
                    Apr 26, 2024 00:57:10.316577911 CEST4434973644.214.198.122192.168.2.4
                    Apr 26, 2024 00:57:10.316768885 CEST4434973644.214.198.122192.168.2.4
                    Apr 26, 2024 00:57:10.316836119 CEST49736443192.168.2.444.214.198.122
                    Apr 26, 2024 00:57:10.321001053 CEST49736443192.168.2.444.214.198.122
                    Apr 26, 2024 00:57:10.321022034 CEST4434973644.214.198.122192.168.2.4
                    Apr 26, 2024 00:57:10.374180079 CEST49675443192.168.2.4173.222.162.32
                    Apr 26, 2024 00:57:10.476820946 CEST49741443192.168.2.418.235.65.101
                    Apr 26, 2024 00:57:10.476855040 CEST4434974118.235.65.101192.168.2.4
                    Apr 26, 2024 00:57:10.476938963 CEST49741443192.168.2.418.235.65.101
                    Apr 26, 2024 00:57:10.477406979 CEST49741443192.168.2.418.235.65.101
                    Apr 26, 2024 00:57:10.477423906 CEST4434974118.235.65.101192.168.2.4
                    Apr 26, 2024 00:57:10.640434027 CEST44349739152.199.4.44192.168.2.4
                    Apr 26, 2024 00:57:10.666116953 CEST49739443192.168.2.4152.199.4.44
                    Apr 26, 2024 00:57:10.666135073 CEST44349739152.199.4.44192.168.2.4
                    Apr 26, 2024 00:57:10.667664051 CEST44349739152.199.4.44192.168.2.4
                    Apr 26, 2024 00:57:10.667753935 CEST49739443192.168.2.4152.199.4.44
                    Apr 26, 2024 00:57:10.670114994 CEST49739443192.168.2.4152.199.4.44
                    Apr 26, 2024 00:57:10.670200109 CEST44349739152.199.4.44192.168.2.4
                    Apr 26, 2024 00:57:10.670619011 CEST49739443192.168.2.4152.199.4.44
                    Apr 26, 2024 00:57:10.670625925 CEST44349739152.199.4.44192.168.2.4
                    Apr 26, 2024 00:57:10.716828108 CEST49739443192.168.2.4152.199.4.44
                    Apr 26, 2024 00:57:10.886230946 CEST44349739152.199.4.44192.168.2.4
                    Apr 26, 2024 00:57:10.886297941 CEST44349739152.199.4.44192.168.2.4
                    Apr 26, 2024 00:57:10.886358023 CEST49739443192.168.2.4152.199.4.44
                    Apr 26, 2024 00:57:10.886362076 CEST44349739152.199.4.44192.168.2.4
                    Apr 26, 2024 00:57:10.886410952 CEST49739443192.168.2.4152.199.4.44
                    Apr 26, 2024 00:57:10.889849901 CEST49739443192.168.2.4152.199.4.44
                    Apr 26, 2024 00:57:10.889863968 CEST44349739152.199.4.44192.168.2.4
                    Apr 26, 2024 00:57:10.940426111 CEST4434974118.235.65.101192.168.2.4
                    Apr 26, 2024 00:57:10.985677958 CEST49741443192.168.2.418.235.65.101
                    Apr 26, 2024 00:57:10.994880915 CEST49741443192.168.2.418.235.65.101
                    Apr 26, 2024 00:57:10.994899035 CEST4434974118.235.65.101192.168.2.4
                    Apr 26, 2024 00:57:10.995789051 CEST4434974118.235.65.101192.168.2.4
                    Apr 26, 2024 00:57:10.995870113 CEST49741443192.168.2.418.235.65.101
                    Apr 26, 2024 00:57:11.005474091 CEST49741443192.168.2.418.235.65.101
                    Apr 26, 2024 00:57:11.005534887 CEST4434974118.235.65.101192.168.2.4
                    Apr 26, 2024 00:57:11.005692959 CEST49741443192.168.2.418.235.65.101
                    Apr 26, 2024 00:57:11.005703926 CEST4434974118.235.65.101192.168.2.4
                    Apr 26, 2024 00:57:11.047033072 CEST49741443192.168.2.418.235.65.101
                    Apr 26, 2024 00:57:11.141711950 CEST49742443192.168.2.4208.80.154.240
                    Apr 26, 2024 00:57:11.141740084 CEST44349742208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:11.141797066 CEST49742443192.168.2.4208.80.154.240
                    Apr 26, 2024 00:57:11.142448902 CEST49742443192.168.2.4208.80.154.240
                    Apr 26, 2024 00:57:11.142461061 CEST44349742208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:11.148303032 CEST49743443192.168.2.4152.199.4.44
                    Apr 26, 2024 00:57:11.148308992 CEST44349743152.199.4.44192.168.2.4
                    Apr 26, 2024 00:57:11.148375034 CEST49743443192.168.2.4152.199.4.44
                    Apr 26, 2024 00:57:11.148914099 CEST49743443192.168.2.4152.199.4.44
                    Apr 26, 2024 00:57:11.148922920 CEST44349743152.199.4.44192.168.2.4
                    Apr 26, 2024 00:57:11.202044010 CEST4434974118.235.65.101192.168.2.4
                    Apr 26, 2024 00:57:11.202071905 CEST4434974118.235.65.101192.168.2.4
                    Apr 26, 2024 00:57:11.202122927 CEST49741443192.168.2.418.235.65.101
                    Apr 26, 2024 00:57:11.202138901 CEST4434974118.235.65.101192.168.2.4
                    Apr 26, 2024 00:57:11.202152014 CEST4434974118.235.65.101192.168.2.4
                    Apr 26, 2024 00:57:11.202179909 CEST49741443192.168.2.418.235.65.101
                    Apr 26, 2024 00:57:11.202193022 CEST49741443192.168.2.418.235.65.101
                    Apr 26, 2024 00:57:11.203780890 CEST49741443192.168.2.418.235.65.101
                    Apr 26, 2024 00:57:11.203794003 CEST4434974118.235.65.101192.168.2.4
                    Apr 26, 2024 00:57:11.475399971 CEST44349742208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:11.475929976 CEST49742443192.168.2.4208.80.154.240
                    Apr 26, 2024 00:57:11.475939989 CEST44349742208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:11.476813078 CEST44349742208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:11.476875067 CEST49742443192.168.2.4208.80.154.240
                    Apr 26, 2024 00:57:11.476881027 CEST44349742208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:11.476921082 CEST49742443192.168.2.4208.80.154.240
                    Apr 26, 2024 00:57:11.478614092 CEST49742443192.168.2.4208.80.154.240
                    Apr 26, 2024 00:57:11.478665113 CEST44349742208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:11.478979111 CEST49742443192.168.2.4208.80.154.240
                    Apr 26, 2024 00:57:11.478984118 CEST44349742208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:11.519519091 CEST49742443192.168.2.4208.80.154.240
                    Apr 26, 2024 00:57:11.528484106 CEST44349743152.199.4.44192.168.2.4
                    Apr 26, 2024 00:57:11.546175003 CEST49743443192.168.2.4152.199.4.44
                    Apr 26, 2024 00:57:11.546185017 CEST44349743152.199.4.44192.168.2.4
                    Apr 26, 2024 00:57:11.547611952 CEST44349743152.199.4.44192.168.2.4
                    Apr 26, 2024 00:57:11.547672033 CEST49743443192.168.2.4152.199.4.44
                    Apr 26, 2024 00:57:11.548394918 CEST49743443192.168.2.4152.199.4.44
                    Apr 26, 2024 00:57:11.548573971 CEST44349743152.199.4.44192.168.2.4
                    Apr 26, 2024 00:57:11.548609972 CEST49743443192.168.2.4152.199.4.44
                    Apr 26, 2024 00:57:11.592155933 CEST44349743152.199.4.44192.168.2.4
                    Apr 26, 2024 00:57:11.592168093 CEST49743443192.168.2.4152.199.4.44
                    Apr 26, 2024 00:57:11.592181921 CEST44349743152.199.4.44192.168.2.4
                    Apr 26, 2024 00:57:11.654720068 CEST49743443192.168.2.4152.199.4.44
                    Apr 26, 2024 00:57:11.780025959 CEST44349743152.199.4.44192.168.2.4
                    Apr 26, 2024 00:57:11.780220985 CEST44349743152.199.4.44192.168.2.4
                    Apr 26, 2024 00:57:11.780294895 CEST49743443192.168.2.4152.199.4.44
                    Apr 26, 2024 00:57:11.780303955 CEST44349743152.199.4.44192.168.2.4
                    Apr 26, 2024 00:57:11.780352116 CEST49743443192.168.2.4152.199.4.44
                    Apr 26, 2024 00:57:11.780432940 CEST44349743152.199.4.44192.168.2.4
                    Apr 26, 2024 00:57:11.780543089 CEST49743443192.168.2.4152.199.4.44
                    Apr 26, 2024 00:57:11.782994032 CEST49743443192.168.2.4152.199.4.44
                    Apr 26, 2024 00:57:11.783000946 CEST44349743152.199.4.44192.168.2.4
                    Apr 26, 2024 00:57:11.832591057 CEST44349742208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:11.832628012 CEST44349742208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:11.832655907 CEST44349742208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:11.832667112 CEST44349742208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:11.832680941 CEST49742443192.168.2.4208.80.154.240
                    Apr 26, 2024 00:57:11.832684994 CEST44349742208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:11.832696915 CEST44349742208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:11.832730055 CEST49742443192.168.2.4208.80.154.240
                    Apr 26, 2024 00:57:11.832748890 CEST49742443192.168.2.4208.80.154.240
                    Apr 26, 2024 00:57:12.001650095 CEST44349742208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:12.001668930 CEST44349742208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:12.001741886 CEST49742443192.168.2.4208.80.154.240
                    Apr 26, 2024 00:57:12.001749992 CEST44349742208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:12.001810074 CEST49742443192.168.2.4208.80.154.240
                    Apr 26, 2024 00:57:12.077157021 CEST44349742208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:12.077171087 CEST44349742208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:12.077249050 CEST49742443192.168.2.4208.80.154.240
                    Apr 26, 2024 00:57:12.077255011 CEST44349742208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:12.077296019 CEST49742443192.168.2.4208.80.154.240
                    Apr 26, 2024 00:57:12.135849953 CEST44349742208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:12.135863066 CEST44349742208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:12.135927916 CEST49742443192.168.2.4208.80.154.240
                    Apr 26, 2024 00:57:12.135932922 CEST44349742208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:12.135974884 CEST49742443192.168.2.4208.80.154.240
                    Apr 26, 2024 00:57:12.177609921 CEST49744443192.168.2.4142.250.64.196
                    Apr 26, 2024 00:57:12.177686930 CEST44349744142.250.64.196192.168.2.4
                    Apr 26, 2024 00:57:12.177992105 CEST49744443192.168.2.4142.250.64.196
                    Apr 26, 2024 00:57:12.178248882 CEST49744443192.168.2.4142.250.64.196
                    Apr 26, 2024 00:57:12.178282976 CEST44349744142.250.64.196192.168.2.4
                    Apr 26, 2024 00:57:12.181005001 CEST44349742208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:12.181021929 CEST44349742208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:12.181096077 CEST49742443192.168.2.4208.80.154.240
                    Apr 26, 2024 00:57:12.181114912 CEST44349742208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:12.181173086 CEST49742443192.168.2.4208.80.154.240
                    Apr 26, 2024 00:57:12.222822905 CEST44349742208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:12.222870111 CEST44349742208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:12.222943068 CEST49742443192.168.2.4208.80.154.240
                    Apr 26, 2024 00:57:12.222949982 CEST44349742208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:12.222985029 CEST49742443192.168.2.4208.80.154.240
                    Apr 26, 2024 00:57:12.223002911 CEST49742443192.168.2.4208.80.154.240
                    Apr 26, 2024 00:57:12.236704111 CEST44349742208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:12.236764908 CEST49742443192.168.2.4208.80.154.240
                    Apr 26, 2024 00:57:12.236764908 CEST44349742208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:12.236809015 CEST49742443192.168.2.4208.80.154.240
                    Apr 26, 2024 00:57:12.314526081 CEST49745443192.168.2.423.202.106.101
                    Apr 26, 2024 00:57:12.314640999 CEST4434974523.202.106.101192.168.2.4
                    Apr 26, 2024 00:57:12.314735889 CEST49745443192.168.2.423.202.106.101
                    Apr 26, 2024 00:57:12.323771000 CEST49745443192.168.2.423.202.106.101
                    Apr 26, 2024 00:57:12.323807955 CEST4434974523.202.106.101192.168.2.4
                    Apr 26, 2024 00:57:12.472093105 CEST49742443192.168.2.4208.80.154.240
                    Apr 26, 2024 00:57:12.472106934 CEST44349742208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:12.515661955 CEST44349744142.250.64.196192.168.2.4
                    Apr 26, 2024 00:57:12.560983896 CEST49744443192.168.2.4142.250.64.196
                    Apr 26, 2024 00:57:12.566099882 CEST49744443192.168.2.4142.250.64.196
                    Apr 26, 2024 00:57:12.566128016 CEST44349744142.250.64.196192.168.2.4
                    Apr 26, 2024 00:57:12.569922924 CEST44349744142.250.64.196192.168.2.4
                    Apr 26, 2024 00:57:12.569996119 CEST49744443192.168.2.4142.250.64.196
                    Apr 26, 2024 00:57:12.578052044 CEST49744443192.168.2.4142.250.64.196
                    Apr 26, 2024 00:57:12.578458071 CEST44349744142.250.64.196192.168.2.4
                    Apr 26, 2024 00:57:12.583204031 CEST4434974523.202.106.101192.168.2.4
                    Apr 26, 2024 00:57:12.583272934 CEST49745443192.168.2.423.202.106.101
                    Apr 26, 2024 00:57:12.623475075 CEST49744443192.168.2.4142.250.64.196
                    Apr 26, 2024 00:57:12.623498917 CEST44349744142.250.64.196192.168.2.4
                    Apr 26, 2024 00:57:12.670361042 CEST49744443192.168.2.4142.250.64.196
                    Apr 26, 2024 00:57:12.883255959 CEST49745443192.168.2.423.202.106.101
                    Apr 26, 2024 00:57:12.883306980 CEST4434974523.202.106.101192.168.2.4
                    Apr 26, 2024 00:57:12.883526087 CEST4434974523.202.106.101192.168.2.4
                    Apr 26, 2024 00:57:12.935772896 CEST49745443192.168.2.423.202.106.101
                    Apr 26, 2024 00:57:13.471101046 CEST49745443192.168.2.423.202.106.101
                    Apr 26, 2024 00:57:13.512150049 CEST4434974523.202.106.101192.168.2.4
                    Apr 26, 2024 00:57:13.596959114 CEST4434974523.202.106.101192.168.2.4
                    Apr 26, 2024 00:57:13.597033024 CEST4434974523.202.106.101192.168.2.4
                    Apr 26, 2024 00:57:13.597103119 CEST49745443192.168.2.423.202.106.101
                    Apr 26, 2024 00:57:13.597176075 CEST49745443192.168.2.423.202.106.101
                    Apr 26, 2024 00:57:13.597214937 CEST4434974523.202.106.101192.168.2.4
                    Apr 26, 2024 00:57:13.597240925 CEST49745443192.168.2.423.202.106.101
                    Apr 26, 2024 00:57:13.597254992 CEST4434974523.202.106.101192.168.2.4
                    Apr 26, 2024 00:57:13.643446922 CEST49746443192.168.2.423.202.106.101
                    Apr 26, 2024 00:57:13.643481970 CEST4434974623.202.106.101192.168.2.4
                    Apr 26, 2024 00:57:13.643615961 CEST49746443192.168.2.423.202.106.101
                    Apr 26, 2024 00:57:13.644046068 CEST49746443192.168.2.423.202.106.101
                    Apr 26, 2024 00:57:13.644061089 CEST4434974623.202.106.101192.168.2.4
                    Apr 26, 2024 00:57:13.898174047 CEST4434974623.202.106.101192.168.2.4
                    Apr 26, 2024 00:57:13.898253918 CEST49746443192.168.2.423.202.106.101
                    Apr 26, 2024 00:57:13.904582977 CEST49746443192.168.2.423.202.106.101
                    Apr 26, 2024 00:57:13.904603958 CEST4434974623.202.106.101192.168.2.4
                    Apr 26, 2024 00:57:13.904784918 CEST4434974623.202.106.101192.168.2.4
                    Apr 26, 2024 00:57:13.907143116 CEST49746443192.168.2.423.202.106.101
                    Apr 26, 2024 00:57:13.937907934 CEST49747443192.168.2.4208.80.154.240
                    Apr 26, 2024 00:57:13.937973022 CEST44349747208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:13.938045979 CEST49747443192.168.2.4208.80.154.240
                    Apr 26, 2024 00:57:13.938462973 CEST49747443192.168.2.4208.80.154.240
                    Apr 26, 2024 00:57:13.938494921 CEST44349747208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:13.952111959 CEST4434974623.202.106.101192.168.2.4
                    Apr 26, 2024 00:57:14.158418894 CEST4434974623.202.106.101192.168.2.4
                    Apr 26, 2024 00:57:14.158593893 CEST4434974623.202.106.101192.168.2.4
                    Apr 26, 2024 00:57:14.163331032 CEST49746443192.168.2.423.202.106.101
                    Apr 26, 2024 00:57:14.229806900 CEST49746443192.168.2.423.202.106.101
                    Apr 26, 2024 00:57:14.229830980 CEST4434974623.202.106.101192.168.2.4
                    Apr 26, 2024 00:57:14.229859114 CEST49746443192.168.2.423.202.106.101
                    Apr 26, 2024 00:57:14.229865074 CEST4434974623.202.106.101192.168.2.4
                    Apr 26, 2024 00:57:14.274430037 CEST44349747208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:14.281102896 CEST49747443192.168.2.4208.80.154.240
                    Apr 26, 2024 00:57:14.281130075 CEST44349747208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:14.282583952 CEST44349747208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:14.282640934 CEST49747443192.168.2.4208.80.154.240
                    Apr 26, 2024 00:57:14.282649040 CEST44349747208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:14.282696962 CEST49747443192.168.2.4208.80.154.240
                    Apr 26, 2024 00:57:14.284672022 CEST49747443192.168.2.4208.80.154.240
                    Apr 26, 2024 00:57:14.284744024 CEST44349747208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:14.285758018 CEST49747443192.168.2.4208.80.154.240
                    Apr 26, 2024 00:57:14.285764933 CEST44349747208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:14.333621025 CEST49747443192.168.2.4208.80.154.240
                    Apr 26, 2024 00:57:14.637852907 CEST44349747208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:14.637886047 CEST44349747208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:14.637897968 CEST44349747208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:14.637943983 CEST49747443192.168.2.4208.80.154.240
                    Apr 26, 2024 00:57:14.637953043 CEST44349747208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:14.638000011 CEST44349747208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:14.638032913 CEST44349747208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:14.638046026 CEST44349747208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:14.638058901 CEST49747443192.168.2.4208.80.154.240
                    Apr 26, 2024 00:57:14.638058901 CEST49747443192.168.2.4208.80.154.240
                    Apr 26, 2024 00:57:14.638075113 CEST49747443192.168.2.4208.80.154.240
                    Apr 26, 2024 00:57:14.677359104 CEST49747443192.168.2.4208.80.154.240
                    Apr 26, 2024 00:57:14.807699919 CEST44349747208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:14.807718039 CEST44349747208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:14.807763100 CEST44349747208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:14.807813883 CEST44349747208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:14.807831049 CEST49747443192.168.2.4208.80.154.240
                    Apr 26, 2024 00:57:14.807897091 CEST44349747208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:14.807955980 CEST49747443192.168.2.4208.80.154.240
                    Apr 26, 2024 00:57:14.808304071 CEST49747443192.168.2.4208.80.154.240
                    Apr 26, 2024 00:57:14.884107113 CEST44349747208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:14.884130955 CEST44349747208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:14.884291887 CEST49747443192.168.2.4208.80.154.240
                    Apr 26, 2024 00:57:14.884313107 CEST44349747208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:14.884501934 CEST49747443192.168.2.4208.80.154.240
                    Apr 26, 2024 00:57:14.941432953 CEST44349747208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:14.941462040 CEST44349747208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:14.941553116 CEST49747443192.168.2.4208.80.154.240
                    Apr 26, 2024 00:57:14.941553116 CEST49747443192.168.2.4208.80.154.240
                    Apr 26, 2024 00:57:14.941570997 CEST44349747208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:14.941854000 CEST49747443192.168.2.4208.80.154.240
                    Apr 26, 2024 00:57:14.986927986 CEST44349747208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:14.986948967 CEST44349747208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:14.987096071 CEST49747443192.168.2.4208.80.154.240
                    Apr 26, 2024 00:57:14.987112999 CEST44349747208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:14.987353086 CEST49747443192.168.2.4208.80.154.240
                    Apr 26, 2024 00:57:15.028971910 CEST44349747208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:15.028992891 CEST44349747208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:15.029086113 CEST49747443192.168.2.4208.80.154.240
                    Apr 26, 2024 00:57:15.029086113 CEST49747443192.168.2.4208.80.154.240
                    Apr 26, 2024 00:57:15.029125929 CEST44349747208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:15.029620886 CEST49747443192.168.2.4208.80.154.240
                    Apr 26, 2024 00:57:15.042979956 CEST44349747208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:15.043055058 CEST44349747208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:15.043056965 CEST49747443192.168.2.4208.80.154.240
                    Apr 26, 2024 00:57:15.043200016 CEST49747443192.168.2.4208.80.154.240
                    Apr 26, 2024 00:57:15.043828011 CEST49747443192.168.2.4208.80.154.240
                    Apr 26, 2024 00:57:15.043858051 CEST44349747208.80.154.240192.168.2.4
                    Apr 26, 2024 00:57:22.497010946 CEST44349744142.250.64.196192.168.2.4
                    Apr 26, 2024 00:57:22.497178078 CEST44349744142.250.64.196192.168.2.4
                    Apr 26, 2024 00:57:22.497241020 CEST49744443192.168.2.4142.250.64.196
                    Apr 26, 2024 00:57:23.846412897 CEST49744443192.168.2.4142.250.64.196
                    Apr 26, 2024 00:57:23.846452951 CEST44349744142.250.64.196192.168.2.4
                    Apr 26, 2024 00:58:11.713562965 CEST49756443192.168.2.4142.250.64.196
                    Apr 26, 2024 00:58:11.713589907 CEST44349756142.250.64.196192.168.2.4
                    Apr 26, 2024 00:58:11.713711977 CEST49756443192.168.2.4142.250.64.196
                    Apr 26, 2024 00:58:11.713999987 CEST49756443192.168.2.4142.250.64.196
                    Apr 26, 2024 00:58:11.714010000 CEST44349756142.250.64.196192.168.2.4
                    Apr 26, 2024 00:58:12.040616035 CEST44349756142.250.64.196192.168.2.4
                    Apr 26, 2024 00:58:12.040872097 CEST49756443192.168.2.4142.250.64.196
                    Apr 26, 2024 00:58:12.040880919 CEST44349756142.250.64.196192.168.2.4
                    Apr 26, 2024 00:58:12.041352987 CEST44349756142.250.64.196192.168.2.4
                    Apr 26, 2024 00:58:12.041666985 CEST49756443192.168.2.4142.250.64.196
                    Apr 26, 2024 00:58:12.041743040 CEST44349756142.250.64.196192.168.2.4
                    Apr 26, 2024 00:58:12.086910009 CEST49756443192.168.2.4142.250.64.196
                    Apr 26, 2024 00:58:18.717439890 CEST4972380192.168.2.423.45.182.104
                    Apr 26, 2024 00:58:18.717540026 CEST4972480192.168.2.423.45.182.100
                    Apr 26, 2024 00:58:18.842674971 CEST804972323.45.182.104192.168.2.4
                    Apr 26, 2024 00:58:18.843622923 CEST4972380192.168.2.423.45.182.104
                    Apr 26, 2024 00:58:18.844821930 CEST804972423.45.182.100192.168.2.4
                    Apr 26, 2024 00:58:18.844892025 CEST4972480192.168.2.423.45.182.100
                    Apr 26, 2024 00:58:22.025788069 CEST44349756142.250.64.196192.168.2.4
                    Apr 26, 2024 00:58:22.025857925 CEST44349756142.250.64.196192.168.2.4
                    Apr 26, 2024 00:58:22.025916100 CEST49756443192.168.2.4142.250.64.196
                    Apr 26, 2024 00:58:24.115096092 CEST49756443192.168.2.4142.250.64.196
                    Apr 26, 2024 00:58:24.115117073 CEST44349756142.250.64.196192.168.2.4

                    UDP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Apr 26, 2024 00:57:07.662836075 CEST53541871.1.1.1192.168.2.4
                    Apr 26, 2024 00:57:07.794928074 CEST53627391.1.1.1192.168.2.4
                    Apr 26, 2024 00:57:08.756953001 CEST53523351.1.1.1192.168.2.4
                    Apr 26, 2024 00:57:09.280296087 CEST5446753192.168.2.41.1.1.1
                    Apr 26, 2024 00:57:09.280474901 CEST6158753192.168.2.41.1.1.1
                    Apr 26, 2024 00:57:09.407727957 CEST53615871.1.1.1192.168.2.4
                    Apr 26, 2024 00:57:09.419897079 CEST53544671.1.1.1192.168.2.4
                    Apr 26, 2024 00:57:10.126756907 CEST5033153192.168.2.41.1.1.1
                    Apr 26, 2024 00:57:10.128079891 CEST5332753192.168.2.41.1.1.1
                    Apr 26, 2024 00:57:10.252666950 CEST53503311.1.1.1192.168.2.4
                    Apr 26, 2024 00:57:10.253217936 CEST53533271.1.1.1192.168.2.4
                    Apr 26, 2024 00:57:10.316555977 CEST53548571.1.1.1192.168.2.4
                    Apr 26, 2024 00:57:10.334952116 CEST5503753192.168.2.41.1.1.1
                    Apr 26, 2024 00:57:10.335199118 CEST4961353192.168.2.41.1.1.1
                    Apr 26, 2024 00:57:10.464118004 CEST53550371.1.1.1192.168.2.4
                    Apr 26, 2024 00:57:10.476125956 CEST53496131.1.1.1192.168.2.4
                    Apr 26, 2024 00:57:11.014082909 CEST5091753192.168.2.41.1.1.1
                    Apr 26, 2024 00:57:11.014617920 CEST6402453192.168.2.41.1.1.1
                    Apr 26, 2024 00:57:11.021842003 CEST5135253192.168.2.41.1.1.1
                    Apr 26, 2024 00:57:11.022236109 CEST6493553192.168.2.41.1.1.1
                    Apr 26, 2024 00:57:11.139280081 CEST53640241.1.1.1192.168.2.4
                    Apr 26, 2024 00:57:11.140571117 CEST53509171.1.1.1192.168.2.4
                    Apr 26, 2024 00:57:11.146471977 CEST53513521.1.1.1192.168.2.4
                    Apr 26, 2024 00:57:11.147330999 CEST53649351.1.1.1192.168.2.4
                    Apr 26, 2024 00:57:11.653775930 CEST5828053192.168.2.41.1.1.1
                    Apr 26, 2024 00:57:11.654175997 CEST6048353192.168.2.41.1.1.1
                    Apr 26, 2024 00:57:11.779169083 CEST53582801.1.1.1192.168.2.4
                    Apr 26, 2024 00:57:11.780352116 CEST53604831.1.1.1192.168.2.4
                    Apr 26, 2024 00:57:13.810533047 CEST5783853192.168.2.41.1.1.1
                    Apr 26, 2024 00:57:13.811273098 CEST5485053192.168.2.41.1.1.1
                    Apr 26, 2024 00:57:13.936187983 CEST53548501.1.1.1192.168.2.4
                    Apr 26, 2024 00:57:13.936616898 CEST53578381.1.1.1192.168.2.4
                    Apr 26, 2024 00:57:26.454042912 CEST53612841.1.1.1192.168.2.4
                    Apr 26, 2024 00:57:30.303144932 CEST138138192.168.2.4192.168.2.255
                    Apr 26, 2024 00:57:45.344235897 CEST53619311.1.1.1192.168.2.4
                    Apr 26, 2024 00:58:07.399862051 CEST53540151.1.1.1192.168.2.4
                    Apr 26, 2024 00:58:08.188482046 CEST53493101.1.1.1192.168.2.4

                    DNS Queries

                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                    Apr 26, 2024 00:57:09.280296087 CEST192.168.2.41.1.1.10xe843Standard query (0)flicker-candle-sunspot.glitch.meA (IP address)IN (0x0001)false
                    Apr 26, 2024 00:57:09.280474901 CEST192.168.2.41.1.1.10x8217Standard query (0)flicker-candle-sunspot.glitch.me65IN (0x0001)false
                    Apr 26, 2024 00:57:10.126756907 CEST192.168.2.41.1.1.10xb393Standard query (0)aadcdn.msftauth.netA (IP address)IN (0x0001)false
                    Apr 26, 2024 00:57:10.128079891 CEST192.168.2.41.1.1.10xf267Standard query (0)aadcdn.msftauth.net65IN (0x0001)false
                    Apr 26, 2024 00:57:10.334952116 CEST192.168.2.41.1.1.10x51c9Standard query (0)flicker-candle-sunspot.glitch.meA (IP address)IN (0x0001)false
                    Apr 26, 2024 00:57:10.335199118 CEST192.168.2.41.1.1.10xa55bStandard query (0)flicker-candle-sunspot.glitch.me65IN (0x0001)false
                    Apr 26, 2024 00:57:11.014082909 CEST192.168.2.41.1.1.10x96ffStandard query (0)upload.wikimedia.orgA (IP address)IN (0x0001)false
                    Apr 26, 2024 00:57:11.014617920 CEST192.168.2.41.1.1.10x66ceStandard query (0)upload.wikimedia.org65IN (0x0001)false
                    Apr 26, 2024 00:57:11.021842003 CEST192.168.2.41.1.1.10x90a1Standard query (0)aadcdn.msftauth.netA (IP address)IN (0x0001)false
                    Apr 26, 2024 00:57:11.022236109 CEST192.168.2.41.1.1.10x797cStandard query (0)aadcdn.msftauth.net65IN (0x0001)false
                    Apr 26, 2024 00:57:11.653775930 CEST192.168.2.41.1.1.10x680cStandard query (0)www.google.comA (IP address)IN (0x0001)false
                    Apr 26, 2024 00:57:11.654175997 CEST192.168.2.41.1.1.10xbaadStandard query (0)www.google.com65IN (0x0001)false
                    Apr 26, 2024 00:57:13.810533047 CEST192.168.2.41.1.1.10x8339Standard query (0)upload.wikimedia.orgA (IP address)IN (0x0001)false
                    Apr 26, 2024 00:57:13.811273098 CEST192.168.2.41.1.1.10xe7a6Standard query (0)upload.wikimedia.org65IN (0x0001)false

                    DNS Answers

                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                    Apr 26, 2024 00:57:09.419897079 CEST1.1.1.1192.168.2.40xe843No error (0)flicker-candle-sunspot.glitch.me44.214.198.122A (IP address)IN (0x0001)false
                    Apr 26, 2024 00:57:09.419897079 CEST1.1.1.1192.168.2.40xe843No error (0)flicker-candle-sunspot.glitch.me18.235.65.101A (IP address)IN (0x0001)false
                    Apr 26, 2024 00:57:10.252666950 CEST1.1.1.1192.168.2.40xb393No error (0)aadcdn.msftauth.netcs1100.wpc.omegacdn.netCNAME (Canonical name)IN (0x0001)false
                    Apr 26, 2024 00:57:10.252666950 CEST1.1.1.1192.168.2.40xb393No error (0)cs1100.wpc.omegacdn.net152.199.4.44A (IP address)IN (0x0001)false
                    Apr 26, 2024 00:57:10.253217936 CEST1.1.1.1192.168.2.40xf267No error (0)aadcdn.msftauth.netcs1100.wpc.omegacdn.netCNAME (Canonical name)IN (0x0001)false
                    Apr 26, 2024 00:57:10.464118004 CEST1.1.1.1192.168.2.40x51c9No error (0)flicker-candle-sunspot.glitch.me18.235.65.101A (IP address)IN (0x0001)false
                    Apr 26, 2024 00:57:10.464118004 CEST1.1.1.1192.168.2.40x51c9No error (0)flicker-candle-sunspot.glitch.me44.214.198.122A (IP address)IN (0x0001)false
                    Apr 26, 2024 00:57:11.140571117 CEST1.1.1.1192.168.2.40x96ffNo error (0)upload.wikimedia.org208.80.154.240A (IP address)IN (0x0001)false
                    Apr 26, 2024 00:57:11.146471977 CEST1.1.1.1192.168.2.40x90a1No error (0)aadcdn.msftauth.netcs1100.wpc.omegacdn.netCNAME (Canonical name)IN (0x0001)false
                    Apr 26, 2024 00:57:11.146471977 CEST1.1.1.1192.168.2.40x90a1No error (0)cs1100.wpc.omegacdn.net152.199.4.44A (IP address)IN (0x0001)false
                    Apr 26, 2024 00:57:11.147330999 CEST1.1.1.1192.168.2.40x797cNo error (0)aadcdn.msftauth.netcs1100.wpc.omegacdn.netCNAME (Canonical name)IN (0x0001)false
                    Apr 26, 2024 00:57:11.779169083 CEST1.1.1.1192.168.2.40x680cNo error (0)www.google.com142.250.64.196A (IP address)IN (0x0001)false
                    Apr 26, 2024 00:57:11.780352116 CEST1.1.1.1192.168.2.40xbaadNo error (0)www.google.com65IN (0x0001)false
                    Apr 26, 2024 00:57:13.936616898 CEST1.1.1.1192.168.2.40x8339No error (0)upload.wikimedia.org208.80.154.240A (IP address)IN (0x0001)false
                    Apr 26, 2024 00:57:24.118257046 CEST1.1.1.1192.168.2.40x55b2No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                    Apr 26, 2024 00:57:24.118257046 CEST1.1.1.1192.168.2.40x55b2No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
                    Apr 26, 2024 00:57:37.141359091 CEST1.1.1.1192.168.2.40x7971No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                    Apr 26, 2024 00:57:37.141359091 CEST1.1.1.1192.168.2.40x7971No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
                    Apr 26, 2024 00:58:00.464581013 CEST1.1.1.1192.168.2.40x22c3No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                    Apr 26, 2024 00:58:00.464581013 CEST1.1.1.1192.168.2.40x22c3No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false

                    HTTP Request Dependency Graph

                    • flicker-candle-sunspot.glitch.me
                    • https:
                      • aadcdn.msftauth.net
                      • upload.wikimedia.org
                    • fs.microsoft.com

                    HTTPS Proxied Packets

                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    0192.168.2.44973544.214.198.1224435352C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    2024-04-25 22:57:09 UTC695OUTGET /wond276816auing.html HTTP/1.1
                    Host: flicker-candle-sunspot.glitch.me
                    Connection: keep-alive
                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                    sec-ch-ua-mobile: ?0
                    sec-ch-ua-platform: "Windows"
                    Upgrade-Insecure-Requests: 1
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                    Sec-Fetch-Site: none
                    Sec-Fetch-Mode: navigate
                    Sec-Fetch-User: ?1
                    Sec-Fetch-Dest: document
                    Accept-Encoding: gzip, deflate, br
                    Accept-Language: en-US,en;q=0.9
                    2024-04-25 22:57:10 UTC518INHTTP/1.1 200 OK
                    Date: Thu, 25 Apr 2024 22:57:10 GMT
                    Content-Type: text/html; charset=utf-8
                    Content-Length: 4274
                    Connection: close
                    x-amz-id-2: xOPkU4bdl7MpxLeMu0KwIUHEibzHgV9y8LbS540N4nfYVlRAF7DEPGvkKIdcyOw8ORxiiyvqGj/pdnuZyeEjlA==
                    x-amz-request-id: EGPNPT8ZDKPMH0K1
                    last-modified: Tue, 23 Apr 2024 11:09:13 GMT
                    etag: "f6edd152435965f96a6ae58c10e618e9"
                    x-amz-server-side-encryption: AES256
                    cache-control: no-cache
                    x-amz-version-id: CiRABZMIy.CDpuX0ijbA4Ih80xUiCc0W
                    accept-ranges: bytes
                    server: AmazonS3
                    2024-04-25 22:57:10 UTC4274INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 2f 3e 0a 09 3c 74 69 74 6c 65 3e 45 78 63 65 6c 20 4d 6f 62 69 6c 65 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 75 70 6c 6f 61 64 2e 77 69 6b 69 6d 65 64 69 61 2e 6f 72 67 2f 77 69 6b 69 70 65 64 69 61 2f 63 6f 6d 6d 6f 6e 73 2f 74 68
                    Data Ascii: <html><head><meta name="viewport" content="width=device-width, initial-scale=1"><meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" /><title>Excel Mobile</title> <link rel="icon" href="https://upload.wikimedia.org/wikipedia/commons/th


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    1192.168.2.44973644.214.198.1224435352C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    2024-04-25 22:57:10 UTC750OUTGET /wond276816auing.html HTTP/1.1
                    Host: flicker-candle-sunspot.glitch.me
                    Connection: keep-alive
                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                    sec-ch-ua-mobile: ?0
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    sec-ch-ua-platform: "Windows"
                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                    Sec-Fetch-Site: same-origin
                    Sec-Fetch-Mode: no-cors
                    Sec-Fetch-Dest: image
                    Referer: https://flicker-candle-sunspot.glitch.me/wond276816auing.html
                    Accept-Encoding: gzip, deflate, br
                    Accept-Language: en-US,en;q=0.9
                    If-None-Match: "f6edd152435965f96a6ae58c10e618e9"
                    If-Modified-Since: Tue, 23 Apr 2024 11:09:13 GMT
                    2024-04-25 22:57:10 UTC394INHTTP/1.1 304 Not Modified
                    Date: Thu, 25 Apr 2024 22:57:10 GMT
                    Connection: close
                    x-amz-id-2: 6QNQVm1TQjREafCkb2TJL30zaAMsvgmW9jh8DWyqtujbqHkO1u7nw9uyLvMUXh2mUeoeafwMvPU=
                    x-amz-request-id: CZYBAFZ57AFBVK13
                    last-modified: Tue, 23 Apr 2024 11:09:13 GMT
                    etag: "f6edd152435965f96a6ae58c10e618e9"
                    cache-control: no-cache
                    x-amz-version-id: CiRABZMIy.CDpuX0ijbA4Ih80xUiCc0W
                    server: AmazonS3


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    2192.168.2.449739152.199.4.444435352C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    2024-04-25 22:57:10 UTC672OUTGET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1
                    Host: aadcdn.msftauth.net
                    Connection: keep-alive
                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                    sec-ch-ua-mobile: ?0
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    sec-ch-ua-platform: "Windows"
                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                    Sec-Fetch-Site: cross-site
                    Sec-Fetch-Mode: no-cors
                    Sec-Fetch-Dest: image
                    Referer: https://flicker-candle-sunspot.glitch.me/
                    Accept-Encoding: gzip, deflate, br
                    Accept-Language: en-US,en;q=0.9
                    2024-04-25 22:57:10 UTC737INHTTP/1.1 200 OK
                    Access-Control-Allow-Origin: *
                    Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                    Age: 2733424
                    Cache-Control: public, max-age=31536000
                    Content-MD5: nzaLxFgP7ZB3dfMcaybWzw==
                    Content-Type: image/svg+xml
                    Date: Thu, 25 Apr 2024 22:57:10 GMT
                    Etag: 0x8D79A1B9F5E121A
                    Last-Modified: Thu, 16 Jan 2020 00:32:52 GMT
                    Server: ECAcc (mic/9BD7)
                    Vary: Accept-Encoding
                    X-Cache: HIT
                    x-ms-blob-type: BlockBlob
                    x-ms-lease-status: unlocked
                    x-ms-request-id: 9f813b0e-201e-0075-5087-7e2f2c000000
                    x-ms-version: 2009-09-19
                    Content-Length: 3651
                    Connection: close
                    2024-04-25 22:57:10 UTC3651INData Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 30 38 22 20 68 65 69 67 68 74 3d 22 32 34 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 30 38 20 32 34 22 3e 3c 74 69 74 6c 65 3e 61 73 73 65 74 73 3c 2f 74 69 74 6c 65 3e 3c 70 61 74 68 20 64 3d 22 4d 34 34 2e 38 33 36 2c 34 2e 36 56 31 38 2e 34 68 2d 32 2e 34 56 37 2e 35 38 33 48 34 32 2e 34 4c 33 38 2e 31 31 39 2c 31 38 2e 34 48 33 36 2e 35 33 31 4c 33 32 2e 31 34 32 2c 37 2e 35 38 33 68 2d 2e 30 32 39 56 31 38 2e 34 48 32 39 2e 39 56 34 2e 36 68 33 2e 34 33 36 4c 33 37 2e 33 2c 31 34 2e 38 33 68 2e 30 35 38 4c 34 31 2e 35 34 35 2c 34 2e 36 5a 6d 32 2c 31 2e 30 34 39 61 31 2e 32 36 38 2c 31 2e 32 36 38 2c 30
                    Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    3192.168.2.44974118.235.65.1014435352C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    2024-04-25 22:57:11 UTC376OUTGET /wond276816auing.html HTTP/1.1
                    Host: flicker-candle-sunspot.glitch.me
                    Connection: keep-alive
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    Accept: */*
                    Sec-Fetch-Site: none
                    Sec-Fetch-Mode: cors
                    Sec-Fetch-Dest: empty
                    Accept-Encoding: gzip, deflate, br
                    Accept-Language: en-US,en;q=0.9
                    2024-04-25 22:57:11 UTC506INHTTP/1.1 200 OK
                    Date: Thu, 25 Apr 2024 22:57:11 GMT
                    Content-Type: text/html; charset=utf-8
                    Content-Length: 4274
                    Connection: close
                    x-amz-id-2: RvNCoQR5XixZIjkQywbUcyJtutfXp2Ox17E5upfyy4nndd9I7g9WPebmvJ+7wdLkBi7Y0S/k6As=
                    x-amz-request-id: FF19NVSKZ6QG16VR
                    last-modified: Tue, 23 Apr 2024 11:09:13 GMT
                    etag: "f6edd152435965f96a6ae58c10e618e9"
                    x-amz-server-side-encryption: AES256
                    cache-control: no-cache
                    x-amz-version-id: CiRABZMIy.CDpuX0ijbA4Ih80xUiCc0W
                    accept-ranges: bytes
                    server: AmazonS3
                    2024-04-25 22:57:11 UTC4274INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 2f 3e 0a 09 3c 74 69 74 6c 65 3e 45 78 63 65 6c 20 4d 6f 62 69 6c 65 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 75 70 6c 6f 61 64 2e 77 69 6b 69 6d 65 64 69 61 2e 6f 72 67 2f 77 69 6b 69 70 65 64 69 61 2f 63 6f 6d 6d 6f 6e 73 2f 74 68
                    Data Ascii: <html><head><meta name="viewport" content="width=device-width, initial-scale=1"><meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" /><title>Excel Mobile</title> <link rel="icon" href="https://upload.wikimedia.org/wikipedia/commons/th


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    4192.168.2.449742208.80.154.2404435352C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    2024-04-25 22:57:11 UTC743OUTGET /wikipedia/commons/thumb/3/34/Microsoft_Office_Excel_%282019%E2%80%93present%29.svg/2203px-Microsoft_Office_Excel_%282019%E2%80%93present%29.svg.png HTTP/1.1
                    Host: upload.wikimedia.org
                    Connection: keep-alive
                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                    sec-ch-ua-mobile: ?0
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    sec-ch-ua-platform: "Windows"
                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                    Sec-Fetch-Site: cross-site
                    Sec-Fetch-Mode: no-cors
                    Sec-Fetch-Dest: image
                    Referer: https://flicker-candle-sunspot.glitch.me/
                    Accept-Encoding: gzip, deflate, br
                    Accept-Language: en-US,en;q=0.9
                    2024-04-25 22:57:11 UTC1101INHTTP/1.1 200 OK
                    date: Thu, 25 Apr 2024 10:24:24 GMT
                    etag: 39f9670257cf2c47b21177e26205540a
                    server: ATS/9.1.4
                    content-type: image/png
                    content-disposition: inline;filename*=UTF-8''Microsoft_Office_Excel_%282019%E2%80%93present%29.svg.png
                    last-modified: Sat, 02 Mar 2024 07:17:32 GMT
                    content-length: 100727
                    age: 45167
                    x-cache: cp1113 hit, cp1113 hit/49
                    x-cache-status: hit-front
                    server-timing: cache;desc="hit-front", host;desc="cp1113"
                    strict-transport-security: max-age=106384710; includeSubDomains; preload
                    report-to: { "group": "wm_nel", "max_age": 604800, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
                    nel: { "report_to": "wm_nel", "max_age": 604800, "failure_fraction": 0.05, "success_fraction": 0.0}
                    x-client-ip: 102.129.152.220
                    x-content-type-options: nosniff
                    access-control-allow-origin: *
                    access-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
                    timing-allow-origin: *
                    accept-ranges: bytes
                    connection: close
                    2024-04-25 22:57:11 UTC13795INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 08 9b 00 00 08 01 08 06 00 00 00 40 b0 73 8b 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 20 63 48 52 4d 00 00 7a 26 00 00 80 84 00 00 fa 00 00 00 80 e8 00 00 75 30 00 00 ea 60 00 00 3a 98 00 00 17 70 9c ba 51 3c 00 00 00 06 62 4b 47 44 00 ff 00 ff 00 ff a0 bd a7 93 00 00 80 00 49 44 41 54 78 da ec dd 7b b8 65 67 5d 27 f8 df bb f7 3e e7 d4 25 95 14 b9 27 20 49 2a d0 28 08 11 08 8a 04 4d 40 74 44 3b 81 68 83 e2 05 1d 85 d0 cd d3 2d 3a 8e 62 ab 60 05 15 08 f6 74 4f db ea 0c 3e 8d 68 08 b6 93 b6 1d 9f 91 46 51 47 18 2e 3a 2a a2 36 3a 4e f7 68 a3 d8 88 28 10 92 54 aa ea 5c f6 7a e7 8f 0a 21 21 a9 d4 3a 67 dd f6 5a ef e7 f3 3c dd 08 55 95 75 7e 97 b5 ce 3e 2b df 5a 2b 05 00 00 bb 73 f4 e8 ec ca
                    Data Ascii: PNGIHDR@sgAMAa cHRMz&u0`:pQ<bKGDIDATx{eg]'>%' I*(M@tD;h-:b`tO>hFQG.:*6:Nh(T\z!!:gZ<Uu~>+Z+s
                    2024-04-25 22:57:11 UTC16320INData Raw: 46 b1 53 45 75 f7 96 53 11 00 00 00 0a 77 da b0 c9 c7 f7 6d 7e 4d 44 ba a0 dd c3 8d 2f 64 e2 de 68 93 ee ad d8 97 63 98 83 34 76 b2 4f 33 31 6b 7a dc 25 21 13 da bf 2e 79 65 8e e5 d0 28 1b de f1 51 ec 92 0f a2 2e e0 0f 32 3f ef ac c9 8c a5 ba d3 d3 4d 00 00 00 a0 74 a7 0d 9b a4 98 bd b4 bd c3 8c eb 6f 53 ba 2f 3a b1 ee 19 e6 20 8d f5 ca 1c 45 d3 bc ad fd 76 df 9c cb 38 45 bd 32 c7 72 58 0d df a7 3b 3e 8f ec 92 cf 64 4a 3e ad f9 45 87 22 cd 66 d3 18 cf b1 ad 88 ad ca a9 09 00 00 00 05 7b c8 bb 1c 17 be e1 f9 57 46 e4 67 b5 73 88 f1 fc 6d 4a f7 45 27 d6 3d 03 1d ac b1 42 26 8a a6 79 5b b3 59 d3 ea d8 bc 3c 46 d5 9a 34 cd 59 af d0 46 d9 25 57 32 25 9f b1 a4 b4 98 c5 ec 9c 7d 93 a9 cb d3 4d 00 00 00 a0 6c 0f 19 36 99 57 d5 8b 22 22 35 fb 47 8f ef 95 39 4c a4
                    Data Ascii: FSEuSwm~MD/dhc4vO31kz%!.ye(Q.2?MtoS/: Ev8E2rX;>dJ>E"f{WFgsmJE'=B&y[Y<F4YF%W2%}Ml6W""5G9L
                    2024-04-25 22:57:12 UTC16320INData Raw: f8 ce c6 7b 28 dc 84 75 76 75 c5 81 ff 38 29 ba 1a f6 df 95 5b 0d 35 79 d7 24 41 34 99 64 73 e9 02 bf 66 a2 ac 00 00 00 80 0a ea 5b b3 49 e9 9a 4c 22 3c a5 a9 28 0f ba 8d 38 ab 9a 2e f1 44 5d f2 c0 b5 71 c3 53 f7 aa 77 ba e5 d0 0d 77 57 d3 16 f0 4a 44 f1 6b 6b ef 1c 0b cc 3a b7 a2 4d d8 af 6f bd 24 fe f9 e2 63 26 a2 4a ab a1 bd 77 8d ee 1b 0d 45 d1 e7 cb 16 dc 64 a2 b4 00 00 00 80 8a ea 5d b3 49 37 1f 88 e4 df 64 e2 29 4d e5 78 d0 dd ed 51 4b 8e 7a a4 c6 77 46 fd 32 a6 77 75 a8 7d 3e d6 e6 4b ae 11 6b 2f b4 5c ca 0b be 21 57 60 48 b3 0d 1c 1a df 5a ef 33 0a 36 61 2f bf 3d 3e 7e 72 ed ef 4c 44 55 96 86 5e 5d dc df 58 e5 dc f8 fb 9a 49 df 2f ab c9 04 00 00 00 a0 2f 7a d6 6c d2 c3 23 73 f2 e1 29 4d 25 79 d0 2d bb b3 1a 75 c5 26 e9 e1 57 9f 89 b3 6f ff 87 35
                    Data Ascii: {(uvu8)[5y$A4dsf[IL"<(8.D]qSwwWJDkk:Mo$c&JwEd]I7d)MxQKzwF2wu}>Kk/\!W`HZ36a/=>~rLDU^]XI//zl#s)M%y-u&Wo5
                    2024-04-25 22:57:12 UTC16320INData Raw: dc c7 25 d4 0b e9 6c 2e 5d d0 97 0f 6a 77 ab f4 42 ba ef b1 56 d3 95 ae e9 08 c7 60 01 00 00 00 24 42 b3 49 29 38 32 27 ad 58 4b ef fa 0f 47 01 d5 2d 97 0e bd fc d4 98 de d9 21 06 90 b1 9f 5c fb bb 78 fa 8d 97 7a 59 eb 5e 48 67 73 69 2f a4 73 0d 62 8a 5b 84 14 6b 3a c2 31 58 6a 1a 00 00 00 a0 f6 34 9b 14 2a bf 27 53 9a 4c d2 89 b5 21 17 59 47 0a a8 ae b9 f4 f0 ab 4f c7 6f 6e fb bb 58 40 86 1e 7f fd b9 f8 d5 cd 7f ee 65 ad 7b 21 dd f7 cb 7a 21 9d eb 60 52 3e 32 27 c5 9a 76 64 8e 9a 06 00 00 00 48 80 66 93 c2 e4 d7 64 92 e2 3f 24 2c 57 9c 35 99 a4 31 24 05 54 f7 5c fa f1 35 bf 8d 97 df 1e 2f 2e 90 45 79 37 1a 71 d0 a5 bf 88 a9 1d d3 7b b8 84 fa 9a 49 36 97 f6 42 3a d7 c1 38 32 47 4d e7 50 d3 8e c1 52 d3 00 00 00 00 79 d3 6c 92 bb 92 1e 99 43 25 e3 5c ca 61
                    Data Ascii: %l.]jwBV`$BI)82'XKG-!\xzY^Hgsi/sb[k:1Xj4*'SL!YGOonX@e{!z!`R>2'vdHfd?$,W51$T\5/.Ey7q{I6B:82GMPRylC%\a
                    2024-04-25 22:57:12 UTC16320INData Raw: 53 3e 32 27 81 fb 74 19 62 ad c9 24 e7 c1 a8 e9 74 26 c8 9f 77 00 00 00 40 05 79 a3 d8 53 9a 4c 84 b3 d0 8b 8b 73 ee 31 4a a8 06 0f d8 70 d7 58 71 de 25 c4 3d 51 77 3d f7 50 5c 72 df 38 35 5d 50 4d 3f f8 d2 13 f1 a7 7b af 92 88 09 6b 6b 6d 8d 93 76 3a f8 7d 0d 7f 3d c8 45 47 e6 a4 b1 57 2e f8 c8 1c 7f ea e4 38 18 35 ad a6 01 00 00 00 4a 4e b3 49 4f 68 32 a9 55 28 1b 95 ca 25 b1 2e 67 82 d4 27 2e 4b 0c 5f 30 0e dc 70 57 b1 4f d8 b1 63 ce 8c 46 a3 a1 a6 0b ac e9 e3 ae 3c ab fe 5f 96 61 a6 56 59 60 e9 d8 7b ad 1d 7a b6 59 70 bc 46 1a 93 53 70 93 49 a1 8d 26 a9 fd 31 a9 a6 d3 99 1c 7f de 01 00 00 00 15 a7 d9 a4 3b 4a fb 35 13 2a 17 4a 47 e6 d4 24 41 ea f5 f2 aa 35 5a e2 e4 1d 0f 8e 01 ed fd e5 40 a2 46 3d 74 53 5c fb f8 5d 6a ba 60 cf bc f1 52 fc f6 f6 4b 25
                    Data Ascii: S>2'tb$t&w@ySLs1JpXq%=Qw=P\r85]PM?{kkmv:}=EGW.85JNIOh2U(%.g'.K_0pWOcF<_aVY`{zYpFSpI&1;J5*JG$A5Z@F=tS\]j`RK%
                    2024-04-25 22:57:12 UTC16320INData Raw: f4 63 76 f3 4a d3 9a d6 b4 a6 35 ad e9 7e 1f 67 5d 6b 5a d3 9a d6 b4 a6 01 00 00 00 ea d4 bf c5 26 26 c5 06 ce 44 77 37 63 36 d1 ad 69 4d 97 f5 f9 d6 b4 a6 35 ad 69 4d f7 a6 6b 4d 6b 5a d3 9a 06 00 00 00 60 6a fd 59 6c e2 e6 d5 c0 99 e8 ee 66 dc 26 ba 07 dd b5 57 e6 68 5a d3 9a d6 b4 a6 35 ad 69 d7 df 9a d6 b4 ae 01 00 00 00 2a 30 ff c5 26 26 ba 07 ce cd ab 6e c6 6c a2 5b d3 03 3c 88 9a d6 74 a9 4d d7 7a ae d6 b4 a6 35 ad 69 4d eb 5a d3 06 03 00 00 00 d0 d2 fc 16 9b 98 e8 2e 80 89 ee e9 c7 ec e6 95 a6 35 5d de e7 5b d7 9a d6 b4 a6 35 ad 69 4d bb fe d6 b4 a6 c5 0a 00 00 00 94 6d 3e 8b 4d 4c 8a 0d 9c 89 ee 6e c6 6c a2 5b d3 9a 2e eb f3 ad 69 4d 6b 5a d3 9a ee 4d d7 9e 24 a8 69 4d 6b da 01 04 00 00 00 98 a9 bc 8b 4d 4c 8a 0d 9c 9b 57 dd 8c db 44 b7 a6 07 78
                    Data Ascii: cvJ5~g]kZ&&Dw7c6iM5iMkMkZ`jYlf&WhZ5i*0&&nl[<tMz5iMZ.5][5iMm>MLnl[.iMkZM$iMkMLWDx
                    2024-04-25 22:57:12 UTC5332INData Raw: 00 00 00 00 00 5a b3 d8 04 00 00 00 00 00 00 00 80 d6 2c 36 01 00 00 00 00 00 00 00 a0 35 8b 4d 00 00 00 00 00 00 00 00 68 cd 62 13 00 00 00 00 00 00 00 00 5a b3 d8 04 00 00 00 00 00 00 00 80 d6 2c 36 01 00 00 00 00 00 00 00 a0 35 8b 4d 00 00 00 00 00 00 00 00 68 cd 62 13 00 00 00 00 00 00 00 00 5a b3 d8 04 00 00 00 00 00 00 00 80 d6 2c 36 01 00 00 00 00 00 00 00 a0 35 8b 4d 00 00 00 00 00 00 00 00 68 cd 62 13 00 00 00 00 00 00 00 00 5a b3 d8 04 00 00 00 00 00 00 00 80 d6 2c 36 01 00 00 00 00 00 00 00 a0 35 8b 4d 00 00 00 00 00 00 00 00 68 cd 62 13 00 00 00 00 00 00 00 00 5a b3 d8 04 00 00 00 00 00 00 00 80 d6 2c 36 01 00 00 00 00 00 00 00 a0 35 8b 4d 00 00 00 00 00 00 00 00 68 cd 62 13 00 00 00 00 00 00 00 00 5a b3 d8 04 00 00 00 00 00 00 00 80 d6 2c 36
                    Data Ascii: Z,65MhbZ,65MhbZ,65MhbZ,65MhbZ,65MhbZ,6


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    5192.168.2.449743152.199.4.444435352C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    2024-04-25 22:57:11 UTC420OUTGET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1
                    Host: aadcdn.msftauth.net
                    Connection: keep-alive
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    Accept: */*
                    Sec-Fetch-Site: none
                    Sec-Fetch-Mode: cors
                    Sec-Fetch-Dest: empty
                    Accept-Encoding: gzip, deflate, br
                    Accept-Language: en-US,en;q=0.9
                    2024-04-25 22:57:11 UTC737INHTTP/1.1 200 OK
                    Access-Control-Allow-Origin: *
                    Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                    Age: 2733425
                    Cache-Control: public, max-age=31536000
                    Content-MD5: nzaLxFgP7ZB3dfMcaybWzw==
                    Content-Type: image/svg+xml
                    Date: Thu, 25 Apr 2024 22:57:11 GMT
                    Etag: 0x8D79A1B9F5E121A
                    Last-Modified: Thu, 16 Jan 2020 00:32:52 GMT
                    Server: ECAcc (mic/9BD7)
                    Vary: Accept-Encoding
                    X-Cache: HIT
                    x-ms-blob-type: BlockBlob
                    x-ms-lease-status: unlocked
                    x-ms-request-id: 9f813b0e-201e-0075-5087-7e2f2c000000
                    x-ms-version: 2009-09-19
                    Content-Length: 3651
                    Connection: close
                    2024-04-25 22:57:11 UTC3651INData Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 30 38 22 20 68 65 69 67 68 74 3d 22 32 34 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 30 38 20 32 34 22 3e 3c 74 69 74 6c 65 3e 61 73 73 65 74 73 3c 2f 74 69 74 6c 65 3e 3c 70 61 74 68 20 64 3d 22 4d 34 34 2e 38 33 36 2c 34 2e 36 56 31 38 2e 34 68 2d 32 2e 34 56 37 2e 35 38 33 48 34 32 2e 34 4c 33 38 2e 31 31 39 2c 31 38 2e 34 48 33 36 2e 35 33 31 4c 33 32 2e 31 34 32 2c 37 2e 35 38 33 68 2d 2e 30 32 39 56 31 38 2e 34 48 32 39 2e 39 56 34 2e 36 68 33 2e 34 33 36 4c 33 37 2e 33 2c 31 34 2e 38 33 68 2e 30 35 38 4c 34 31 2e 35 34 35 2c 34 2e 36 5a 6d 32 2c 31 2e 30 34 39 61 31 2e 32 36 38 2c 31 2e 32 36 38 2c 30
                    Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    6192.168.2.44974523.202.106.101443
                    TimestampBytes transferredDirectionData
                    2024-04-25 22:57:13 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    Accept-Encoding: identity
                    User-Agent: Microsoft BITS/7.8
                    Host: fs.microsoft.com
                    2024-04-25 22:57:13 UTC467INHTTP/1.1 200 OK
                    Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                    Content-Type: application/octet-stream
                    ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                    Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                    Server: ECAcc (chd/0712)
                    X-CID: 11
                    X-Ms-ApiVersion: Distribute 1.2
                    X-Ms-Region: prod-eus-z1
                    Cache-Control: public, max-age=115631
                    Date: Thu, 25 Apr 2024 22:57:13 GMT
                    Connection: close
                    X-CID: 2


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    7192.168.2.44974623.202.106.101443
                    TimestampBytes transferredDirectionData
                    2024-04-25 22:57:13 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    Accept-Encoding: identity
                    If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                    Range: bytes=0-2147483646
                    User-Agent: Microsoft BITS/7.8
                    Host: fs.microsoft.com
                    2024-04-25 22:57:14 UTC487INHTTP/1.1 200 OK
                    Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                    Content-Type: application/octet-stream
                    ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                    Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                    Server: ECAcc (dce/26AC)
                    X-CID: 11
                    X-Ms-ApiVersion: Distribute 1.2
                    X-Ms-Region: prod-eus-z1
                    Cache-Control: public, max-age=115664
                    Date: Thu, 25 Apr 2024 22:57:14 GMT
                    Content-Length: 55
                    Connection: close
                    X-CID: 2
                    2024-04-25 22:57:14 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                    Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    8192.168.2.449747208.80.154.2404435352C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    2024-04-25 22:57:14 UTC491OUTGET /wikipedia/commons/thumb/3/34/Microsoft_Office_Excel_%282019%E2%80%93present%29.svg/2203px-Microsoft_Office_Excel_%282019%E2%80%93present%29.svg.png HTTP/1.1
                    Host: upload.wikimedia.org
                    Connection: keep-alive
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    Accept: */*
                    Sec-Fetch-Site: none
                    Sec-Fetch-Mode: cors
                    Sec-Fetch-Dest: empty
                    Accept-Encoding: gzip, deflate, br
                    Accept-Language: en-US,en;q=0.9
                    2024-04-25 22:57:14 UTC1101INHTTP/1.1 200 OK
                    date: Thu, 25 Apr 2024 10:24:24 GMT
                    etag: 39f9670257cf2c47b21177e26205540a
                    server: ATS/9.1.4
                    content-type: image/png
                    content-disposition: inline;filename*=UTF-8''Microsoft_Office_Excel_%282019%E2%80%93present%29.svg.png
                    last-modified: Sat, 02 Mar 2024 07:17:32 GMT
                    content-length: 100727
                    age: 45169
                    x-cache: cp1113 hit, cp1113 hit/50
                    x-cache-status: hit-front
                    server-timing: cache;desc="hit-front", host;desc="cp1113"
                    strict-transport-security: max-age=106384710; includeSubDomains; preload
                    report-to: { "group": "wm_nel", "max_age": 604800, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
                    nel: { "report_to": "wm_nel", "max_age": 604800, "failure_fraction": 0.05, "success_fraction": 0.0}
                    x-client-ip: 102.129.152.220
                    x-content-type-options: nosniff
                    access-control-allow-origin: *
                    access-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
                    timing-allow-origin: *
                    accept-ranges: bytes
                    connection: close
                    2024-04-25 22:57:14 UTC13795INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 08 9b 00 00 08 01 08 06 00 00 00 40 b0 73 8b 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 20 63 48 52 4d 00 00 7a 26 00 00 80 84 00 00 fa 00 00 00 80 e8 00 00 75 30 00 00 ea 60 00 00 3a 98 00 00 17 70 9c ba 51 3c 00 00 00 06 62 4b 47 44 00 ff 00 ff 00 ff a0 bd a7 93 00 00 80 00 49 44 41 54 78 da ec dd 7b b8 65 67 5d 27 f8 df bb f7 3e e7 d4 25 95 14 b9 27 20 49 2a d0 28 08 11 08 8a 04 4d 40 74 44 3b 81 68 83 e2 05 1d 85 d0 cd d3 2d 3a 8e 62 ab 60 05 15 08 f6 74 4f db ea 0c 3e 8d 68 08 b6 93 b6 1d 9f 91 46 51 47 18 2e 3a 2a a2 36 3a 4e f7 68 a3 d8 88 28 10 92 54 aa ea 5c f6 7a e7 8f 0a 21 21 a9 d4 3a 67 dd f6 5a ef e7 f3 3c dd 08 55 95 75 7e 97 b5 ce 3e 2b df 5a 2b 05 00 00 bb 73 f4 e8 ec ca
                    Data Ascii: PNGIHDR@sgAMAa cHRMz&u0`:pQ<bKGDIDATx{eg]'>%' I*(M@tD;h-:b`tO>hFQG.:*6:Nh(T\z!!:gZ<Uu~>+Z+s
                    2024-04-25 22:57:14 UTC16320INData Raw: 46 b1 53 45 75 f7 96 53 11 00 00 00 0a 77 da b0 c9 c7 f7 6d 7e 4d 44 ba a0 dd c3 8d 2f 64 e2 de 68 93 ee ad d8 97 63 98 83 34 76 b2 4f 33 31 6b 7a dc 25 21 13 da bf 2e 79 65 8e e5 d0 28 1b de f1 51 ec 92 0f a2 2e e0 0f 32 3f ef ac c9 8c a5 ba d3 d3 4d 00 00 00 a0 74 a7 0d 9b a4 98 bd b4 bd c3 8c eb 6f 53 ba 2f 3a b1 ee 19 e6 20 8d f5 ca 1c 45 d3 bc ad fd 76 df 9c cb 38 45 bd 32 c7 72 58 0d df a7 3b 3e 8f ec 92 cf 64 4a 3e ad f9 45 87 22 cd 66 d3 18 cf b1 ad 88 ad ca a9 09 00 00 00 05 7b c8 bb 1c 17 be e1 f9 57 46 e4 67 b5 73 88 f1 fc 6d 4a f7 45 27 d6 3d 03 1d ac b1 42 26 8a a6 79 5b b3 59 d3 ea d8 bc 3c 46 d5 9a 34 cd 59 af d0 46 d9 25 57 32 25 9f b1 a4 b4 98 c5 ec 9c 7d 93 a9 cb d3 4d 00 00 00 a0 6c 0f 19 36 99 57 d5 8b 22 22 35 fb 47 8f ef 95 39 4c a4
                    Data Ascii: FSEuSwm~MD/dhc4vO31kz%!.ye(Q.2?MtoS/: Ev8E2rX;>dJ>E"f{WFgsmJE'=B&y[Y<F4YF%W2%}Ml6W""5G9L
                    2024-04-25 22:57:14 UTC16320INData Raw: f8 ce c6 7b 28 dc 84 75 76 75 c5 81 ff 38 29 ba 1a f6 df 95 5b 0d 35 79 d7 24 41 34 99 64 73 e9 02 bf 66 a2 ac 00 00 00 80 0a ea 5b b3 49 e9 9a 4c 22 3c a5 a9 28 0f ba 8d 38 ab 9a 2e f1 44 5d f2 c0 b5 71 c3 53 f7 aa 77 ba e5 d0 0d 77 57 d3 16 f0 4a 44 f1 6b 6b ef 1c 0b cc 3a b7 a2 4d d8 af 6f bd 24 fe f9 e2 63 26 a2 4a ab a1 bd 77 8d ee 1b 0d 45 d1 e7 cb 16 dc 64 a2 b4 00 00 00 80 8a ea 5d b3 49 37 1f 88 e4 df 64 e2 29 4d e5 78 d0 dd ed 51 4b 8e 7a a4 c6 77 46 fd 32 a6 77 75 a8 7d 3e d6 e6 4b ae 11 6b 2f b4 5c ca 0b be 21 57 60 48 b3 0d 1c 1a df 5a ef 33 0a 36 61 2f bf 3d 3e 7e 72 ed ef 4c 44 55 96 86 5e 5d dc df 58 e5 dc f8 fb 9a 49 df 2f ab c9 04 00 00 00 a0 2f 7a d6 6c d2 c3 23 73 f2 e1 29 4d 25 79 d0 2d bb b3 1a 75 c5 26 e9 e1 57 9f 89 b3 6f ff 87 35
                    Data Ascii: {(uvu8)[5y$A4dsf[IL"<(8.D]qSwwWJDkk:Mo$c&JwEd]I7d)MxQKzwF2wu}>Kk/\!W`HZ36a/=>~rLDU^]XI//zl#s)M%y-u&Wo5
                    2024-04-25 22:57:14 UTC16320INData Raw: dc c7 25 d4 0b e9 6c 2e 5d d0 97 0f 6a 77 ab f4 42 ba ef b1 56 d3 95 ae e9 08 c7 60 01 00 00 00 24 42 b3 49 29 38 32 27 ad 58 4b ef fa 0f 47 01 d5 2d 97 0e bd fc d4 98 de d9 21 06 90 b1 9f 5c fb bb 78 fa 8d 97 7a 59 eb 5e 48 67 73 69 2f a4 73 0d 62 8a 5b 84 14 6b 3a c2 31 58 6a 1a 00 00 00 a0 f6 34 9b 14 2a bf 27 53 9a 4c d2 89 b5 21 17 59 47 0a a8 ae b9 f4 f0 ab 4f c7 6f 6e fb bb 58 40 86 1e 7f fd b9 f8 d5 cd 7f ee 65 ad 7b 21 dd f7 cb 7a 21 9d eb 60 52 3e 32 27 c5 9a 76 64 8e 9a 06 00 00 00 48 80 66 93 c2 e4 d7 64 92 e2 3f 24 2c 57 9c 35 99 a4 31 24 05 54 f7 5c fa f1 35 bf 8d 97 df 1e 2f 2e 90 45 79 37 1a 71 d0 a5 bf 88 a9 1d d3 7b b8 84 fa 9a 49 36 97 f6 42 3a d7 c1 38 32 47 4d e7 50 d3 8e c1 52 d3 00 00 00 00 79 d3 6c 92 bb 92 1e 99 43 25 e3 5c ca 61
                    Data Ascii: %l.]jwBV`$BI)82'XKG-!\xzY^Hgsi/sb[k:1Xj4*'SL!YGOonX@e{!z!`R>2'vdHfd?$,W51$T\5/.Ey7q{I6B:82GMPRylC%\a
                    2024-04-25 22:57:14 UTC16320INData Raw: 53 3e 32 27 81 fb 74 19 62 ad c9 24 e7 c1 a8 e9 74 26 c8 9f 77 00 00 00 40 05 79 a3 d8 53 9a 4c 84 b3 d0 8b 8b 73 ee 31 4a a8 06 0f d8 70 d7 58 71 de 25 c4 3d 51 77 3d f7 50 5c 72 df 38 35 5d 50 4d 3f f8 d2 13 f1 a7 7b af 92 88 09 6b 6b 6d 8d 93 76 3a f8 7d 0d 7f 3d c8 45 47 e6 a4 b1 57 2e f8 c8 1c 7f ea e4 38 18 35 ad a6 01 00 00 00 4a 4e b3 49 4f 68 32 a9 55 28 1b 95 ca 25 b1 2e 67 82 d4 27 2e 4b 0c 5f 30 0e dc 70 57 b1 4f d8 b1 63 ce 8c 46 a3 a1 a6 0b ac e9 e3 ae 3c ab fe 5f 96 61 a6 56 59 60 e9 d8 7b ad 1d 7a b6 59 70 bc 46 1a 93 53 70 93 49 a1 8d 26 a9 fd 31 a9 a6 d3 99 1c 7f de 01 00 00 00 15 a7 d9 a4 3b 4a fb 35 13 2a 17 4a 47 e6 d4 24 41 ea f5 f2 aa 35 5a e2 e4 1d 0f 8e 01 ed fd e5 40 a2 46 3d 74 53 5c fb f8 5d 6a ba 60 cf bc f1 52 fc f6 f6 4b 25
                    Data Ascii: S>2'tb$t&w@ySLs1JpXq%=Qw=P\r85]PM?{kkmv:}=EGW.85JNIOh2U(%.g'.K_0pWOcF<_aVY`{zYpFSpI&1;J5*JG$A5Z@F=tS\]j`RK%
                    2024-04-25 22:57:15 UTC16320INData Raw: f4 63 76 f3 4a d3 9a d6 b4 a6 35 ad e9 7e 1f 67 5d 6b 5a d3 9a d6 b4 a6 01 00 00 00 ea d4 bf c5 26 26 c5 06 ce 44 77 37 63 36 d1 ad 69 4d 97 f5 f9 d6 b4 a6 35 ad 69 4d f7 a6 6b 4d 6b 5a d3 9a 06 00 00 00 60 6a fd 59 6c e2 e6 d5 c0 99 e8 ee 66 dc 26 ba 07 dd b5 57 e6 68 5a d3 9a d6 b4 a6 35 ad 69 d7 df 9a d6 b4 ae 01 00 00 00 2a 30 ff c5 26 26 ba 07 ce cd ab 6e c6 6c a2 5b d3 03 3c 88 9a d6 74 a9 4d d7 7a ae d6 b4 a6 35 ad 69 4d eb 5a d3 06 03 00 00 00 d0 d2 fc 16 9b 98 e8 2e 80 89 ee e9 c7 ec e6 95 a6 35 5d de e7 5b d7 9a d6 b4 a6 35 ad 69 4d bb fe d6 b4 a6 c5 0a 00 00 00 94 6d 3e 8b 4d 4c 8a 0d 9c 89 ee 6e c6 6c a2 5b d3 9a 2e eb f3 ad 69 4d 6b 5a d3 9a ee 4d d7 9e 24 a8 69 4d 6b da 01 04 00 00 00 98 a9 bc 8b 4d 4c 8a 0d 9c 9b 57 dd 8c db 44 b7 a6 07 78
                    Data Ascii: cvJ5~g]kZ&&Dw7c6iM5iMkMkZ`jYlf&WhZ5i*0&&nl[<tMz5iMZ.5][5iMm>MLnl[.iMkZM$iMkMLWDx
                    2024-04-25 22:57:15 UTC5332INData Raw: 00 00 00 00 00 5a b3 d8 04 00 00 00 00 00 00 00 80 d6 2c 36 01 00 00 00 00 00 00 00 a0 35 8b 4d 00 00 00 00 00 00 00 00 68 cd 62 13 00 00 00 00 00 00 00 00 5a b3 d8 04 00 00 00 00 00 00 00 80 d6 2c 36 01 00 00 00 00 00 00 00 a0 35 8b 4d 00 00 00 00 00 00 00 00 68 cd 62 13 00 00 00 00 00 00 00 00 5a b3 d8 04 00 00 00 00 00 00 00 80 d6 2c 36 01 00 00 00 00 00 00 00 a0 35 8b 4d 00 00 00 00 00 00 00 00 68 cd 62 13 00 00 00 00 00 00 00 00 5a b3 d8 04 00 00 00 00 00 00 00 80 d6 2c 36 01 00 00 00 00 00 00 00 a0 35 8b 4d 00 00 00 00 00 00 00 00 68 cd 62 13 00 00 00 00 00 00 00 00 5a b3 d8 04 00 00 00 00 00 00 00 80 d6 2c 36 01 00 00 00 00 00 00 00 a0 35 8b 4d 00 00 00 00 00 00 00 00 68 cd 62 13 00 00 00 00 00 00 00 00 5a b3 d8 04 00 00 00 00 00 00 00 80 d6 2c 36
                    Data Ascii: Z,65MhbZ,65MhbZ,65MhbZ,65MhbZ,65MhbZ,6


                    Statistics

                    CPU Usage

                    Click to jump to process

                    Memory Usage

                    Click to jump to process

                    Behavior

                    Click to jump to process

                    System Behavior

                    General

                    Target ID:0
                    Start time:00:57:03
                    Start date:26/04/2024
                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                    Wow64 process (32bit):false
                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                    Imagebase:0x7ff76e190000
                    File size:3'242'272 bytes
                    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:low
                    Has exited:false

                    General

                    Target ID:1
                    Start time:00:57:06
                    Start date:26/04/2024
                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                    Wow64 process (32bit):false
                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1860 --field-trial-handle=2008,i,7893499121769613146,1386096339918013274,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                    Imagebase:0x7ff76e190000
                    File size:3'242'272 bytes
                    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:low
                    Has exited:false

                    General

                    Target ID:3
                    Start time:00:57:08
                    Start date:26/04/2024
                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                    Wow64 process (32bit):false
                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://flicker-candle-sunspot.glitch.me/wond276816auing.html"
                    Imagebase:0x7ff76e190000
                    File size:3'242'272 bytes
                    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:low
                    Has exited:true

                    Disassembly

                    No disassembly