Edit tour

Windows Analysis Report
https://pbs.twimg.com/card_img/1715476623690993664/-J1Q20YC?format=jpg&name=small

Overview

General Information

Sample URL:	https://pbs.twimg.com/card_img/1715476623690993664/-J1Q20YC?format=jpg&name=small
Analysis ID:	1334960
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Creates files inside the system directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 4928 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 732 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=2008,i,9892753901427623029,17665841518712517881,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6368 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "https://pbs.twimg.com/card_img/1715476623690993664/-J1Q20YC?format=jpg&name=small MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk; 1P_JAR=2023-10-04-09

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.160.85
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.160.85
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.160.85
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.160.85
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.160.85
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.160.85
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.160.85
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.160.85
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.160.85
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.160.85
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.160.85
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.160.85
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.160.85
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.160.85
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.160.85
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.160.85
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.160.85
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.160.85
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.160.85
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.160.85
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 209.197.3.8
Source: unknown	TCP traffic detected without corresponding DNS query: 209.197.3.8
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.0.0
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.0.0
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.21.200
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.0.0
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.0.0
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183

Source: unknown	HTTPS traffic detected: 23.52.160.85:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.52.160.85:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49752 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_BITS_4928_2135060656

Jump to behavior

Source: classification engine

Classification label: clean0.win@16/3@12/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=2008,i,9892753901427623029,17665841518712517881,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "https://pbs.twimg.com/card_img/1715476623690993664/-J1Q20YC?format=jpg&name=small
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=2008,i,9892753901427623029,17665841518712517881,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	3 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	4 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	1 Ingress Tool Transfer	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://pbs.twimg.com/card_img/1715476623690993664/-J1Q20YC?format=jpg&name=small	0%	Avira URL Cloud	safe

Name	IP	Active	Malicious	Reputation
accounts.google.com	172.253.62.84	true	false	high
dualstack.twimg.twitter.map.fastly.net	146.75.28.159	true	false	unknown
www.google.com	172.253.115.103	true	false	high
clients.l.google.com	172.253.62.139	true	false	high
clients1.google.com	unknown	unknown	false	high
clients2.google.com	unknown	unknown	false	high
pbs.twimg.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1	false	high
https://pbs.twimg.com/card_img/1715476623690993664/-J1Q20YC?format=jpg&name=small	false	high
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false	high
https://pbs.twimg.com/card_img/1715476623690993664/-J1Q20YC?format=jpg&name=small	false	high
https://pbs.twimg.com/favicon.ico	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.253.115.103	www.google.com	United States	15169	GOOGLEUS	false
146.75.28.159	dualstack.twimg.twitter.map.fastly.net	Sweden	30051	SCCGOVUS	false
172.253.62.84	accounts.google.com	United States	15169	GOOGLEUS	false
172.253.62.139	clients.l.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox Version:	38.0.0 Ammolite
Analysis ID:	1334960
Start date and time:	2023-10-31 16:19:37 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 3m 3s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://pbs.twimg.com/card_img/1715476623690993664/-J1Q20YC?format=jpg&name=small
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@16/3@12/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.251.167.94, 34.104.35.123, 192.229.211.108, 172.253.122.94
Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://pbs.twimg.com/card_img/1715476623690993664/-J1Q20YC?format=jpg&name=small

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 640x480, components 3
Category:	downloaded
Size (bytes):	54652
Entropy (8bit):	7.980070295078074
Encrypted:	false
SSDEEP:	1536:bjCO01yC7qY8U/ss9wohpyhkwyIjMTq1NvrD:yOpCeHypyy/IqUjD
MD5:	2430BD5A167A51BA89662B42393C7DFD
SHA1:	FAAEDCD602040A118E9F5A8C389029B8F7920243
SHA-256:	B9EAACD73F1EBBD944761280359920E24106AA3CB4E8EFF04D29F674C489695C
SHA-512:	24EFA5246AC9C00EFF5E914D57824CE60650B9F5F8D55C5C340D596E17112D0270B71E9D85A135F23870629EC0781ADC1498074EC8F1A4CE076BAC44EC988990
Malicious:	false
Reputation:	low
URL:	https://pbs.twimg.com/card_img/1715476623690993664/-J1Q20YC?format=jpg&name=small
Preview:	......JFIF.....`.`.....C....................................................................C............................................................................"....................................................................................0d.d.....:.V.<..>.........D..u..I..h..;Z.+S1....G.j...,.......D.AT..U"h.>..KGaYG....+m=..-v.WQ..dCs.(u."k.....=.-.....mQ?3w)`.n..7D.G#35...j.........G...(/.{....z....]z.....d..J.E.:..Z....ZJ}.A..&sS.)...m..Ti\....du4..s..c....u..^dws......O...[.I..[.r.g.9...n.n.2A(oG.}5..{)u..z7?OX...1n.}.......-..@.. ..ij....\.!....?..........".HO[.H..1.u.#.X..=...W#S...qSii..2R.k...}B.....n22..2..:Ow]."..2.EA.O5..@...g..;iE.mkk....%.1.'!`..s.i.;u..g.".l......z..DrL.rXTr..w...UT.....<.3..'.Zv..).w...K.!v1...!.U.{HD..flA..lL.~K_..{...cX...#zo.ze5.w+k2z.q....id.....es.\.&r..-O....v.>...R..I.......rWaO...&.Z&F...-........5..;.b...5yl/w....G.#..w.E.....".DM.....j).".4..V.q.u!.`.2,..A.Zd..z.....e..5..Z

Chrome Cache Entry: 58

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Category:	dropped
Size (bytes):	1150
Entropy (8bit):	3.3162019137142695
Encrypted:	false
SSDEEP:	12:9DX7AoS1302rIKva9bvAhVC46R5PQdqwNiti6n:9HAoS1EIrsYm46N
MD5:	630D203CDEBA06DF4C0E289C8C8094F6
SHA1:	EEE14E8A36B0512C12BA26C0516B4553618DEA36
SHA-256:	BBCE71345828A27C5572637DBE88A3DD1E065266066600C8A841985588BF2902
SHA-512:	09F4E204960F4717848BF970AC4305F10201115E45DD5FE0196A6346628F0011E7BC17D73EC946B68731A5E179108FD39958CECF41125F44094F63FE5F2AEB2C
Malicious:	false
Reputation:	low
Preview:	............ .h.......(....... ..... ....................................................................................................................................................................................................................................(...`..~...~...~.......W...(.................................`....................._....?.......................................Z..P..............0....?..............................W./....................0...............................~...................................................V............................0......................@.....................................................~...........`..o..................x.................?.....`............0.....................B.............O...`................./...........@.......b..........................................p.~...`..........................................................

Chrome Cache Entry: 59

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Category:	downloaded
Size (bytes):	1150
Entropy (8bit):	3.3162019137142695
Encrypted:	false
SSDEEP:	12:9DX7AoS1302rIKva9bvAhVC46R5PQdqwNiti6n:9HAoS1EIrsYm46N
MD5:	630D203CDEBA06DF4C0E289C8C8094F6
SHA1:	EEE14E8A36B0512C12BA26C0516B4553618DEA36
SHA-256:	BBCE71345828A27C5572637DBE88A3DD1E065266066600C8A841985588BF2902
SHA-512:	09F4E204960F4717848BF970AC4305F10201115E45DD5FE0196A6346628F0011E7BC17D73EC946B68731A5E179108FD39958CECF41125F44094F63FE5F2AEB2C
Malicious:	false
Reputation:	low
URL:	https://pbs.twimg.com/favicon.ico
Preview:	............ .h.......(....... ..... ....................................................................................................................................................................................................................................(...`..~...~...~.......W...(.................................`....................._....?.......................................Z..P..............0....?..............................W./....................0...............................~...................................................V............................0......................@.....................................................~...........`..o..................x.................?.....`............0.....................B.............O...`................./...........@.......b..........................................p.~...`..........................................................

Total Packets: 170
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 31, 2023 16:20:23.566116095 CET	49675	443	192.168.2.4	173.222.162.32
Oct 31, 2023 16:20:30.485333920 CET	49737	443	192.168.2.4	172.253.62.84
Oct 31, 2023 16:20:30.485371113 CET	443	49737	172.253.62.84	192.168.2.4
Oct 31, 2023 16:20:30.485421896 CET	49737	443	192.168.2.4	172.253.62.84
Oct 31, 2023 16:20:30.486233950 CET	49738	443	192.168.2.4	172.253.62.139
Oct 31, 2023 16:20:30.486311913 CET	443	49738	172.253.62.139	192.168.2.4
Oct 31, 2023 16:20:30.486381054 CET	49738	443	192.168.2.4	172.253.62.139
Oct 31, 2023 16:20:30.486463070 CET	49737	443	192.168.2.4	172.253.62.84
Oct 31, 2023 16:20:30.486480951 CET	443	49737	172.253.62.84	192.168.2.4
Oct 31, 2023 16:20:30.486875057 CET	49738	443	192.168.2.4	172.253.62.139
Oct 31, 2023 16:20:30.486953974 CET	443	49738	172.253.62.139	192.168.2.4
Oct 31, 2023 16:20:30.748056889 CET	443	49738	172.253.62.139	192.168.2.4
Oct 31, 2023 16:20:30.748297930 CET	49738	443	192.168.2.4	172.253.62.139
Oct 31, 2023 16:20:30.748356104 CET	443	49738	172.253.62.139	192.168.2.4
Oct 31, 2023 16:20:30.749264002 CET	443	49738	172.253.62.139	192.168.2.4
Oct 31, 2023 16:20:30.749349117 CET	49738	443	192.168.2.4	172.253.62.139
Oct 31, 2023 16:20:30.749952078 CET	443	49737	172.253.62.84	192.168.2.4
Oct 31, 2023 16:20:30.750142097 CET	49737	443	192.168.2.4	172.253.62.84
Oct 31, 2023 16:20:30.750155926 CET	443	49737	172.253.62.84	192.168.2.4
Oct 31, 2023 16:20:30.750710964 CET	443	49738	172.253.62.139	192.168.2.4
Oct 31, 2023 16:20:30.750778913 CET	49738	443	192.168.2.4	172.253.62.139
Oct 31, 2023 16:20:30.751597881 CET	443	49737	172.253.62.84	192.168.2.4
Oct 31, 2023 16:20:30.751641989 CET	49738	443	192.168.2.4	172.253.62.139
Oct 31, 2023 16:20:30.751658916 CET	49737	443	192.168.2.4	172.253.62.84
Oct 31, 2023 16:20:30.751729012 CET	443	49738	172.253.62.139	192.168.2.4
Oct 31, 2023 16:20:30.752140999 CET	49738	443	192.168.2.4	172.253.62.139
Oct 31, 2023 16:20:30.752157927 CET	443	49738	172.253.62.139	192.168.2.4
Oct 31, 2023 16:20:30.753401041 CET	49737	443	192.168.2.4	172.253.62.84
Oct 31, 2023 16:20:30.753482103 CET	443	49737	172.253.62.84	192.168.2.4
Oct 31, 2023 16:20:30.753540039 CET	49737	443	192.168.2.4	172.253.62.84
Oct 31, 2023 16:20:30.753550053 CET	443	49737	172.253.62.84	192.168.2.4
Oct 31, 2023 16:20:30.861430883 CET	49737	443	192.168.2.4	172.253.62.84
Oct 31, 2023 16:20:30.861454010 CET	49738	443	192.168.2.4	172.253.62.139
Oct 31, 2023 16:20:30.966557026 CET	443	49738	172.253.62.139	192.168.2.4
Oct 31, 2023 16:20:30.966902018 CET	443	49738	172.253.62.139	192.168.2.4
Oct 31, 2023 16:20:30.967082977 CET	49738	443	192.168.2.4	172.253.62.139
Oct 31, 2023 16:20:30.967189074 CET	49738	443	192.168.2.4	172.253.62.139
Oct 31, 2023 16:20:30.967226028 CET	443	49738	172.253.62.139	192.168.2.4
Oct 31, 2023 16:20:30.997214079 CET	443	49737	172.253.62.84	192.168.2.4
Oct 31, 2023 16:20:30.997319937 CET	49737	443	192.168.2.4	172.253.62.84
Oct 31, 2023 16:20:30.997349977 CET	443	49737	172.253.62.84	192.168.2.4
Oct 31, 2023 16:20:30.999505043 CET	443	49737	172.253.62.84	192.168.2.4
Oct 31, 2023 16:20:30.999598026 CET	49737	443	192.168.2.4	172.253.62.84
Oct 31, 2023 16:20:30.999636889 CET	49737	443	192.168.2.4	172.253.62.84
Oct 31, 2023 16:20:30.999653101 CET	443	49737	172.253.62.84	192.168.2.4
Oct 31, 2023 16:20:32.162936926 CET	49741	443	192.168.2.4	146.75.28.159
Oct 31, 2023 16:20:32.163026094 CET	443	49741	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.163094044 CET	49741	443	192.168.2.4	146.75.28.159
Oct 31, 2023 16:20:32.163801908 CET	49742	443	192.168.2.4	146.75.28.159
Oct 31, 2023 16:20:32.163877964 CET	443	49742	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.163923979 CET	49741	443	192.168.2.4	146.75.28.159
Oct 31, 2023 16:20:32.163959980 CET	443	49741	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.163978100 CET	49742	443	192.168.2.4	146.75.28.159
Oct 31, 2023 16:20:32.164206982 CET	49742	443	192.168.2.4	146.75.28.159
Oct 31, 2023 16:20:32.164230108 CET	443	49742	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.491697073 CET	443	49741	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.492171049 CET	49741	443	192.168.2.4	146.75.28.159
Oct 31, 2023 16:20:32.492211103 CET	443	49741	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.492333889 CET	443	49742	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.492635965 CET	49742	443	192.168.2.4	146.75.28.159
Oct 31, 2023 16:20:32.492716074 CET	443	49742	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.493657112 CET	443	49741	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.493743896 CET	49741	443	192.168.2.4	146.75.28.159
Oct 31, 2023 16:20:32.494128942 CET	443	49742	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.494324923 CET	49742	443	192.168.2.4	146.75.28.159
Oct 31, 2023 16:20:32.494949102 CET	49741	443	192.168.2.4	146.75.28.159
Oct 31, 2023 16:20:32.495040894 CET	443	49741	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.495094061 CET	49741	443	192.168.2.4	146.75.28.159
Oct 31, 2023 16:20:32.495359898 CET	49742	443	192.168.2.4	146.75.28.159
Oct 31, 2023 16:20:32.495480061 CET	443	49742	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.538494110 CET	443	49741	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.545738935 CET	49741	443	192.168.2.4	146.75.28.159
Oct 31, 2023 16:20:32.545762062 CET	443	49741	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.545882940 CET	49742	443	192.168.2.4	146.75.28.159
Oct 31, 2023 16:20:32.545938969 CET	443	49742	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.589798927 CET	443	49741	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.589895010 CET	49741	443	192.168.2.4	146.75.28.159
Oct 31, 2023 16:20:32.589919090 CET	443	49741	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.589948893 CET	443	49741	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.590002060 CET	49741	443	192.168.2.4	146.75.28.159
Oct 31, 2023 16:20:32.590035915 CET	443	49741	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.590214014 CET	443	49741	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.590267897 CET	49741	443	192.168.2.4	146.75.28.159
Oct 31, 2023 16:20:32.590297937 CET	443	49741	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.592703104 CET	443	49741	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.592793941 CET	49741	443	192.168.2.4	146.75.28.159
Oct 31, 2023 16:20:32.592808962 CET	443	49741	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.595840931 CET	443	49741	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.595928907 CET	49741	443	192.168.2.4	146.75.28.159
Oct 31, 2023 16:20:32.595942020 CET	443	49741	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.598732948 CET	49742	443	192.168.2.4	146.75.28.159
Oct 31, 2023 16:20:32.602024078 CET	443	49741	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.602113008 CET	49741	443	192.168.2.4	146.75.28.159
Oct 31, 2023 16:20:32.602127075 CET	443	49741	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.605233908 CET	443	49741	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.605324030 CET	49741	443	192.168.2.4	146.75.28.159
Oct 31, 2023 16:20:32.605338097 CET	443	49741	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.614131927 CET	443	49741	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.614228964 CET	49741	443	192.168.2.4	146.75.28.159
Oct 31, 2023 16:20:32.614242077 CET	443	49741	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.614336014 CET	443	49741	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.614399910 CET	49741	443	192.168.2.4	146.75.28.159
Oct 31, 2023 16:20:32.614413023 CET	443	49741	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.615060091 CET	443	49741	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.615134954 CET	49741	443	192.168.2.4	146.75.28.159
Oct 31, 2023 16:20:32.615149021 CET	443	49741	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.617387056 CET	443	49741	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.617466927 CET	49741	443	192.168.2.4	146.75.28.159
Oct 31, 2023 16:20:32.617480993 CET	443	49741	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.620630980 CET	443	49741	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.620721102 CET	49741	443	192.168.2.4	146.75.28.159
Oct 31, 2023 16:20:32.620733976 CET	443	49741	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.624283075 CET	443	49741	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.624373913 CET	49741	443	192.168.2.4	146.75.28.159
Oct 31, 2023 16:20:32.624387026 CET	443	49741	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.666851044 CET	49741	443	192.168.2.4	146.75.28.159
Oct 31, 2023 16:20:32.666920900 CET	443	49741	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.682218075 CET	443	49741	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.682519913 CET	49741	443	192.168.2.4	146.75.28.159
Oct 31, 2023 16:20:32.682581902 CET	443	49741	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.683553934 CET	443	49741	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.683773041 CET	49741	443	192.168.2.4	146.75.28.159
Oct 31, 2023 16:20:32.683831930 CET	443	49741	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.688083887 CET	443	49741	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.688188076 CET	49741	443	192.168.2.4	146.75.28.159
Oct 31, 2023 16:20:32.688205957 CET	443	49741	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.690901041 CET	443	49741	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.690996885 CET	49741	443	192.168.2.4	146.75.28.159
Oct 31, 2023 16:20:32.691010952 CET	443	49741	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.693296909 CET	443	49741	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.693388939 CET	49741	443	192.168.2.4	146.75.28.159
Oct 31, 2023 16:20:32.693402052 CET	443	49741	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.695193052 CET	443	49741	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.695271969 CET	49741	443	192.168.2.4	146.75.28.159
Oct 31, 2023 16:20:32.695275068 CET	443	49741	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.695307970 CET	443	49741	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.695363045 CET	49741	443	192.168.2.4	146.75.28.159
Oct 31, 2023 16:20:32.697268963 CET	443	49741	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.697437048 CET	443	49741	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.697504997 CET	49741	443	192.168.2.4	146.75.28.159
Oct 31, 2023 16:20:32.698515892 CET	49741	443	192.168.2.4	146.75.28.159
Oct 31, 2023 16:20:32.698549032 CET	443	49741	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.736993074 CET	49742	443	192.168.2.4	146.75.28.159
Oct 31, 2023 16:20:32.778497934 CET	443	49742	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.830533028 CET	443	49742	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.830638885 CET	443	49742	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.830890894 CET	49742	443	192.168.2.4	146.75.28.159
Oct 31, 2023 16:20:32.833628893 CET	49742	443	192.168.2.4	146.75.28.159
Oct 31, 2023 16:20:32.833687067 CET	443	49742	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.969348907 CET	49745	443	192.168.2.4	146.75.28.159
Oct 31, 2023 16:20:32.969393969 CET	443	49745	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:32.969463110 CET	49745	443	192.168.2.4	146.75.28.159
Oct 31, 2023 16:20:32.969940901 CET	49745	443	192.168.2.4	146.75.28.159
Oct 31, 2023 16:20:32.969958067 CET	443	49745	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:33.164123058 CET	443	49745	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:33.164494991 CET	49745	443	192.168.2.4	146.75.28.159
Oct 31, 2023 16:20:33.164570093 CET	443	49745	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:33.166244984 CET	443	49745	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:33.166351080 CET	49745	443	192.168.2.4	146.75.28.159
Oct 31, 2023 16:20:33.166908026 CET	49745	443	192.168.2.4	146.75.28.159
Oct 31, 2023 16:20:33.167001009 CET	443	49745	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:33.167184114 CET	49745	443	192.168.2.4	146.75.28.159
Oct 31, 2023 16:20:33.167201042 CET	443	49745	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:33.174633980 CET	49675	443	192.168.2.4	173.222.162.32
Oct 31, 2023 16:20:33.221478939 CET	49745	443	192.168.2.4	146.75.28.159
Oct 31, 2023 16:20:33.346158981 CET	443	49745	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:33.346420050 CET	443	49745	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:33.346544981 CET	49745	443	192.168.2.4	146.75.28.159
Oct 31, 2023 16:20:33.354315996 CET	49745	443	192.168.2.4	146.75.28.159
Oct 31, 2023 16:20:33.354377985 CET	443	49745	146.75.28.159	192.168.2.4
Oct 31, 2023 16:20:33.582386971 CET	49747	443	192.168.2.4	172.253.115.103
Oct 31, 2023 16:20:33.582434893 CET	443	49747	172.253.115.103	192.168.2.4
Oct 31, 2023 16:20:33.582500935 CET	49747	443	192.168.2.4	172.253.115.103
Oct 31, 2023 16:20:33.582859993 CET	49747	443	192.168.2.4	172.253.115.103
Oct 31, 2023 16:20:33.582884073 CET	443	49747	172.253.115.103	192.168.2.4
Oct 31, 2023 16:20:33.811839104 CET	443	49747	172.253.115.103	192.168.2.4
Oct 31, 2023 16:20:33.812310934 CET	49747	443	192.168.2.4	172.253.115.103
Oct 31, 2023 16:20:33.812347889 CET	443	49747	172.253.115.103	192.168.2.4
Oct 31, 2023 16:20:33.813986063 CET	443	49747	172.253.115.103	192.168.2.4
Oct 31, 2023 16:20:33.814083099 CET	49747	443	192.168.2.4	172.253.115.103
Oct 31, 2023 16:20:33.815624952 CET	49747	443	192.168.2.4	172.253.115.103
Oct 31, 2023 16:20:33.815874100 CET	443	49747	172.253.115.103	192.168.2.4
Oct 31, 2023 16:20:33.862147093 CET	49747	443	192.168.2.4	172.253.115.103
Oct 31, 2023 16:20:33.862155914 CET	443	49747	172.253.115.103	192.168.2.4
Oct 31, 2023 16:20:33.909131050 CET	49747	443	192.168.2.4	172.253.115.103
Oct 31, 2023 16:20:35.362801075 CET	49748	443	192.168.2.4	23.52.160.85
Oct 31, 2023 16:20:35.362831116 CET	443	49748	23.52.160.85	192.168.2.4
Oct 31, 2023 16:20:35.362895012 CET	49748	443	192.168.2.4	23.52.160.85
Oct 31, 2023 16:20:35.366489887 CET	49748	443	192.168.2.4	23.52.160.85
Oct 31, 2023 16:20:35.366499901 CET	443	49748	23.52.160.85	192.168.2.4
Oct 31, 2023 16:20:35.703989029 CET	443	49748	23.52.160.85	192.168.2.4
Oct 31, 2023 16:20:35.704180002 CET	49748	443	192.168.2.4	23.52.160.85
Oct 31, 2023 16:20:35.710140944 CET	49748	443	192.168.2.4	23.52.160.85
Oct 31, 2023 16:20:35.710150003 CET	443	49748	23.52.160.85	192.168.2.4
Oct 31, 2023 16:20:35.710656881 CET	443	49748	23.52.160.85	192.168.2.4
Oct 31, 2023 16:20:35.752283096 CET	49748	443	192.168.2.4	23.52.160.85
Oct 31, 2023 16:20:35.820255041 CET	49748	443	192.168.2.4	23.52.160.85
Oct 31, 2023 16:20:35.862483978 CET	443	49748	23.52.160.85	192.168.2.4
Oct 31, 2023 16:20:36.014631987 CET	443	49748	23.52.160.85	192.168.2.4
Oct 31, 2023 16:20:36.014810085 CET	443	49748	23.52.160.85	192.168.2.4
Oct 31, 2023 16:20:36.015238047 CET	49748	443	192.168.2.4	23.52.160.85
Oct 31, 2023 16:20:36.015239000 CET	49748	443	192.168.2.4	23.52.160.85
Oct 31, 2023 16:20:36.015239000 CET	49748	443	192.168.2.4	23.52.160.85
Oct 31, 2023 16:20:36.054660082 CET	49749	443	192.168.2.4	23.52.160.85
Oct 31, 2023 16:20:36.054738045 CET	443	49749	23.52.160.85	192.168.2.4
Oct 31, 2023 16:20:36.054821968 CET	49749	443	192.168.2.4	23.52.160.85
Oct 31, 2023 16:20:36.055052042 CET	49749	443	192.168.2.4	23.52.160.85
Oct 31, 2023 16:20:36.055085897 CET	443	49749	23.52.160.85	192.168.2.4
Oct 31, 2023 16:20:36.314986944 CET	49748	443	192.168.2.4	23.52.160.85
Oct 31, 2023 16:20:36.315067053 CET	443	49748	23.52.160.85	192.168.2.4
Oct 31, 2023 16:20:36.386847973 CET	443	49749	23.52.160.85	192.168.2.4
Oct 31, 2023 16:20:36.386945963 CET	49749	443	192.168.2.4	23.52.160.85
Oct 31, 2023 16:20:36.388755083 CET	49749	443	192.168.2.4	23.52.160.85
Oct 31, 2023 16:20:36.388772964 CET	443	49749	23.52.160.85	192.168.2.4
Oct 31, 2023 16:20:36.389106989 CET	443	49749	23.52.160.85	192.168.2.4
Oct 31, 2023 16:20:36.390268087 CET	49749	443	192.168.2.4	23.52.160.85
Oct 31, 2023 16:20:36.430447102 CET	443	49749	23.52.160.85	192.168.2.4
Oct 31, 2023 16:20:36.704318047 CET	443	49749	23.52.160.85	192.168.2.4
Oct 31, 2023 16:20:36.704479933 CET	443	49749	23.52.160.85	192.168.2.4
Oct 31, 2023 16:20:36.704574108 CET	49749	443	192.168.2.4	23.52.160.85
Oct 31, 2023 16:20:36.706341028 CET	49749	443	192.168.2.4	23.52.160.85
Oct 31, 2023 16:20:36.706371069 CET	443	49749	23.52.160.85	192.168.2.4
Oct 31, 2023 16:20:36.706397057 CET	49749	443	192.168.2.4	23.52.160.85
Oct 31, 2023 16:20:36.706413031 CET	443	49749	23.52.160.85	192.168.2.4
Oct 31, 2023 16:20:43.799645901 CET	443	49747	172.253.115.103	192.168.2.4
Oct 31, 2023 16:20:43.799833059 CET	443	49747	172.253.115.103	192.168.2.4
Oct 31, 2023 16:20:43.799935102 CET	49747	443	192.168.2.4	172.253.115.103
Oct 31, 2023 16:20:44.899559975 CET	49747	443	192.168.2.4	172.253.115.103
Oct 31, 2023 16:20:44.899621964 CET	443	49747	172.253.115.103	192.168.2.4
Oct 31, 2023 16:20:45.871675968 CET	49750	443	192.168.2.4	20.114.59.183
Oct 31, 2023 16:20:45.871721983 CET	443	49750	20.114.59.183	192.168.2.4
Oct 31, 2023 16:20:45.871795893 CET	49750	443	192.168.2.4	20.114.59.183
Oct 31, 2023 16:20:45.873507023 CET	49750	443	192.168.2.4	20.114.59.183
Oct 31, 2023 16:20:45.873528957 CET	443	49750	20.114.59.183	192.168.2.4
Oct 31, 2023 16:20:46.384577036 CET	443	49750	20.114.59.183	192.168.2.4
Oct 31, 2023 16:20:46.384669065 CET	49750	443	192.168.2.4	20.114.59.183
Oct 31, 2023 16:20:46.391051054 CET	49750	443	192.168.2.4	20.114.59.183
Oct 31, 2023 16:20:46.391066074 CET	443	49750	20.114.59.183	192.168.2.4
Oct 31, 2023 16:20:46.391552925 CET	443	49750	20.114.59.183	192.168.2.4
Oct 31, 2023 16:20:46.439752102 CET	49750	443	192.168.2.4	20.114.59.183
Oct 31, 2023 16:20:46.664289951 CET	49750	443	192.168.2.4	20.114.59.183
Oct 31, 2023 16:20:46.706445932 CET	443	49750	20.114.59.183	192.168.2.4
Oct 31, 2023 16:20:46.988388062 CET	443	49750	20.114.59.183	192.168.2.4
Oct 31, 2023 16:20:46.988452911 CET	443	49750	20.114.59.183	192.168.2.4
Oct 31, 2023 16:20:46.988473892 CET	443	49750	20.114.59.183	192.168.2.4
Oct 31, 2023 16:20:46.988625050 CET	443	49750	20.114.59.183	192.168.2.4
Oct 31, 2023 16:20:46.988630056 CET	49750	443	192.168.2.4	20.114.59.183
Oct 31, 2023 16:20:46.988630056 CET	49750	443	192.168.2.4	20.114.59.183
Oct 31, 2023 16:20:46.988682985 CET	443	49750	20.114.59.183	192.168.2.4
Oct 31, 2023 16:20:46.988693953 CET	443	49750	20.114.59.183	192.168.2.4
Oct 31, 2023 16:20:46.988708973 CET	49750	443	192.168.2.4	20.114.59.183
Oct 31, 2023 16:20:46.988712072 CET	443	49750	20.114.59.183	192.168.2.4
Oct 31, 2023 16:20:46.988725901 CET	49750	443	192.168.2.4	20.114.59.183
Oct 31, 2023 16:20:46.988739014 CET	49750	443	192.168.2.4	20.114.59.183
Oct 31, 2023 16:20:46.988748074 CET	443	49750	20.114.59.183	192.168.2.4
Oct 31, 2023 16:20:46.988758087 CET	49750	443	192.168.2.4	20.114.59.183
Oct 31, 2023 16:20:46.988781929 CET	49750	443	192.168.2.4	20.114.59.183
Oct 31, 2023 16:20:46.988795996 CET	49750	443	192.168.2.4	20.114.59.183
Oct 31, 2023 16:20:46.988801003 CET	443	49750	20.114.59.183	192.168.2.4
Oct 31, 2023 16:20:46.988934994 CET	443	49750	20.114.59.183	192.168.2.4
Oct 31, 2023 16:20:46.988982916 CET	49750	443	192.168.2.4	20.114.59.183
Oct 31, 2023 16:20:47.065992117 CET	49750	443	192.168.2.4	20.114.59.183
Oct 31, 2023 16:20:47.065992117 CET	49750	443	192.168.2.4	20.114.59.183
Oct 31, 2023 16:20:47.066011906 CET	443	49750	20.114.59.183	192.168.2.4
Oct 31, 2023 16:20:47.066028118 CET	443	49750	20.114.59.183	192.168.2.4
Oct 31, 2023 16:20:47.343197107 CET	80	49723	209.197.3.8	192.168.2.4
Oct 31, 2023 16:20:47.343502045 CET	49723	80	192.168.2.4	209.197.3.8
Oct 31, 2023 16:21:02.814696074 CET	80	49724	209.197.3.8	192.168.2.4
Oct 31, 2023 16:21:02.815380096 CET	49724	80	192.168.2.4	209.197.3.8
Oct 31, 2023 16:21:16.560450077 CET	80	49731	69.164.0.0	192.168.2.4
Oct 31, 2023 16:21:16.560611010 CET	49731	80	192.168.2.4	69.164.0.0
Oct 31, 2023 16:21:16.560698986 CET	49731	80	192.168.2.4	69.164.0.0
Oct 31, 2023 16:21:16.653358936 CET	80	49731	69.164.0.0	192.168.2.4
Oct 31, 2023 16:21:16.912395954 CET	49732	443	192.168.2.4	13.107.21.200
Oct 31, 2023 16:21:17.537698984 CET	80	49735	69.164.0.0	192.168.2.4
Oct 31, 2023 16:21:17.542892933 CET	49735	80	192.168.2.4	69.164.0.0
Oct 31, 2023 16:21:17.542892933 CET	49735	80	192.168.2.4	69.164.0.0
Oct 31, 2023 16:21:17.635409117 CET	80	49735	69.164.0.0	192.168.2.4
Oct 31, 2023 16:21:23.700052023 CET	49752	443	192.168.2.4	20.114.59.183
Oct 31, 2023 16:21:23.700125933 CET	443	49752	20.114.59.183	192.168.2.4
Oct 31, 2023 16:21:23.700222969 CET	49752	443	192.168.2.4	20.114.59.183
Oct 31, 2023 16:21:23.701059103 CET	49752	443	192.168.2.4	20.114.59.183
Oct 31, 2023 16:21:23.701092958 CET	443	49752	20.114.59.183	192.168.2.4
Oct 31, 2023 16:21:24.216589928 CET	443	49752	20.114.59.183	192.168.2.4
Oct 31, 2023 16:21:24.216685057 CET	49752	443	192.168.2.4	20.114.59.183
Oct 31, 2023 16:21:24.218214035 CET	49752	443	192.168.2.4	20.114.59.183
Oct 31, 2023 16:21:24.218225002 CET	443	49752	20.114.59.183	192.168.2.4
Oct 31, 2023 16:21:24.218744993 CET	443	49752	20.114.59.183	192.168.2.4
Oct 31, 2023 16:21:24.220148087 CET	49752	443	192.168.2.4	20.114.59.183
Oct 31, 2023 16:21:24.266450882 CET	443	49752	20.114.59.183	192.168.2.4
Oct 31, 2023 16:21:24.709310055 CET	443	49752	20.114.59.183	192.168.2.4
Oct 31, 2023 16:21:24.709382057 CET	443	49752	20.114.59.183	192.168.2.4
Oct 31, 2023 16:21:24.709572077 CET	443	49752	20.114.59.183	192.168.2.4
Oct 31, 2023 16:21:24.709932089 CET	49752	443	192.168.2.4	20.114.59.183
Oct 31, 2023 16:21:24.709932089 CET	49752	443	192.168.2.4	20.114.59.183
Oct 31, 2023 16:21:24.709996939 CET	443	49752	20.114.59.183	192.168.2.4
Oct 31, 2023 16:21:24.710033894 CET	443	49752	20.114.59.183	192.168.2.4
Oct 31, 2023 16:21:24.710138083 CET	49752	443	192.168.2.4	20.114.59.183
Oct 31, 2023 16:21:24.713790894 CET	49752	443	192.168.2.4	20.114.59.183
Oct 31, 2023 16:21:24.713850021 CET	443	49752	20.114.59.183	192.168.2.4
Oct 31, 2023 16:21:24.713949919 CET	49752	443	192.168.2.4	20.114.59.183
Oct 31, 2023 16:21:24.713968039 CET	443	49752	20.114.59.183	192.168.2.4
Oct 31, 2023 16:21:33.917666912 CET	49754	443	192.168.2.4	172.253.115.103
Oct 31, 2023 16:21:33.917707920 CET	443	49754	172.253.115.103	192.168.2.4
Oct 31, 2023 16:21:33.917826891 CET	49754	443	192.168.2.4	172.253.115.103
Oct 31, 2023 16:21:33.918207884 CET	49754	443	192.168.2.4	172.253.115.103
Oct 31, 2023 16:21:33.918220997 CET	443	49754	172.253.115.103	192.168.2.4
Oct 31, 2023 16:21:34.135385036 CET	443	49754	172.253.115.103	192.168.2.4
Oct 31, 2023 16:21:34.135977983 CET	49754	443	192.168.2.4	172.253.115.103
Oct 31, 2023 16:21:34.136034012 CET	443	49754	172.253.115.103	192.168.2.4
Oct 31, 2023 16:21:34.136724949 CET	443	49754	172.253.115.103	192.168.2.4
Oct 31, 2023 16:21:34.137788057 CET	49754	443	192.168.2.4	172.253.115.103
Oct 31, 2023 16:21:34.138075113 CET	443	49754	172.253.115.103	192.168.2.4
Oct 31, 2023 16:21:34.189410925 CET	49754	443	192.168.2.4	172.253.115.103
Oct 31, 2023 16:21:39.408504963 CET	49723	80	192.168.2.4	209.197.3.8
Oct 31, 2023 16:21:39.408643007 CET	49724	80	192.168.2.4	209.197.3.8
Oct 31, 2023 16:21:39.501964092 CET	80	49724	209.197.3.8	192.168.2.4
Oct 31, 2023 16:21:39.502177954 CET	80	49723	209.197.3.8	192.168.2.4
Oct 31, 2023 16:21:39.502487898 CET	49724	80	192.168.2.4	209.197.3.8
Oct 31, 2023 16:21:39.502542019 CET	49723	80	192.168.2.4	209.197.3.8
Oct 31, 2023 16:21:44.145531893 CET	443	49754	172.253.115.103	192.168.2.4
Oct 31, 2023 16:21:44.145690918 CET	443	49754	172.253.115.103	192.168.2.4
Oct 31, 2023 16:21:44.145895958 CET	49754	443	192.168.2.4	172.253.115.103
Oct 31, 2023 16:21:44.745338917 CET	49754	443	192.168.2.4	172.253.115.103
Oct 31, 2023 16:21:44.745433092 CET	443	49754	172.253.115.103	192.168.2.4
Oct 31, 2023 16:21:58.582554102 CET	49755	443	192.168.2.4	142.251.167.101
Oct 31, 2023 16:21:58.582593918 CET	443	49755	142.251.167.101	192.168.2.4
Oct 31, 2023 16:21:58.582664013 CET	49755	443	192.168.2.4	142.251.167.101
Oct 31, 2023 16:21:58.582988024 CET	49755	443	192.168.2.4	142.251.167.101
Oct 31, 2023 16:21:58.583003998 CET	443	49755	142.251.167.101	192.168.2.4
Oct 31, 2023 16:21:58.805757046 CET	443	49755	142.251.167.101	192.168.2.4
Oct 31, 2023 16:21:58.845810890 CET	49755	443	192.168.2.4	142.251.167.101

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 31, 2023 16:20:30.391060114 CET	55425	53	192.168.2.4	1.1.1.1
Oct 31, 2023 16:20:30.391232014 CET	56650	53	192.168.2.4	1.1.1.1
Oct 31, 2023 16:20:30.391660929 CET	57219	53	192.168.2.4	1.1.1.1
Oct 31, 2023 16:20:30.391871929 CET	63487	53	192.168.2.4	1.1.1.1
Oct 31, 2023 16:20:30.451673985 CET	53	61480	1.1.1.1	192.168.2.4
Oct 31, 2023 16:20:30.484344006 CET	53	55425	1.1.1.1	192.168.2.4
Oct 31, 2023 16:20:30.484405994 CET	53	57219	1.1.1.1	192.168.2.4
Oct 31, 2023 16:20:30.484819889 CET	53	63487	1.1.1.1	192.168.2.4
Oct 31, 2023 16:20:30.484874964 CET	53	56650	1.1.1.1	192.168.2.4
Oct 31, 2023 16:20:31.105731964 CET	53	50277	1.1.1.1	192.168.2.4
Oct 31, 2023 16:20:32.068820000 CET	54672	53	192.168.2.4	1.1.1.1
Oct 31, 2023 16:20:32.069076061 CET	59441	53	192.168.2.4	1.1.1.1
Oct 31, 2023 16:20:32.161987066 CET	53	54672	1.1.1.1	192.168.2.4
Oct 31, 2023 16:20:32.162046909 CET	53	59441	1.1.1.1	192.168.2.4
Oct 31, 2023 16:20:32.873940945 CET	62935	53	192.168.2.4	1.1.1.1
Oct 31, 2023 16:20:32.874341965 CET	56383	53	192.168.2.4	1.1.1.1
Oct 31, 2023 16:20:32.966685057 CET	53	62935	1.1.1.1	192.168.2.4
Oct 31, 2023 16:20:32.968796968 CET	53	56383	1.1.1.1	192.168.2.4
Oct 31, 2023 16:20:33.487417936 CET	57405	53	192.168.2.4	1.1.1.1
Oct 31, 2023 16:20:33.487895966 CET	50059	53	192.168.2.4	1.1.1.1
Oct 31, 2023 16:20:33.580415010 CET	53	57405	1.1.1.1	192.168.2.4
Oct 31, 2023 16:20:33.581101894 CET	53	50059	1.1.1.1	192.168.2.4
Oct 31, 2023 16:20:48.082149982 CET	53	54340	1.1.1.1	192.168.2.4
Oct 31, 2023 16:20:50.992851019 CET	138	138	192.168.2.4	192.168.2.255
Oct 31, 2023 16:21:06.902049065 CET	53	52190	1.1.1.1	192.168.2.4
Oct 31, 2023 16:21:29.662111044 CET	53	49196	1.1.1.1	192.168.2.4
Oct 31, 2023 16:21:30.178646088 CET	53	50277	1.1.1.1	192.168.2.4
Oct 31, 2023 16:21:58.081682920 CET	53	58934	1.1.1.1	192.168.2.4
Oct 31, 2023 16:21:58.488760948 CET	59010	53	192.168.2.4	1.1.1.1
Oct 31, 2023 16:21:58.489141941 CET	58708	53	192.168.2.4	1.1.1.1
Oct 31, 2023 16:21:58.581398964 CET	53	59010	1.1.1.1	192.168.2.4
Oct 31, 2023 16:21:58.582159042 CET	53	58708	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 31, 2023 16:20:30.391060114 CET	192.168.2.4	1.1.1.1	0xec9f	Standard query (0)	clients2.google.com	A (IP address)	IN (0x0001)	false
Oct 31, 2023 16:20:30.391232014 CET	192.168.2.4	1.1.1.1	0xa563	Standard query (0)	clients2.google.com	65	IN (0x0001)	false
Oct 31, 2023 16:20:30.391660929 CET	192.168.2.4	1.1.1.1	0xd850	Standard query (0)	accounts.google.com	A (IP address)	IN (0x0001)	false
Oct 31, 2023 16:20:30.391871929 CET	192.168.2.4	1.1.1.1	0x2d56	Standard query (0)	accounts.google.com	65	IN (0x0001)	false
Oct 31, 2023 16:20:32.068820000 CET	192.168.2.4	1.1.1.1	0x98f5	Standard query (0)	pbs.twimg.com	A (IP address)	IN (0x0001)	false
Oct 31, 2023 16:20:32.069076061 CET	192.168.2.4	1.1.1.1	0xdf60	Standard query (0)	pbs.twimg.com	65	IN (0x0001)	false
Oct 31, 2023 16:20:32.873940945 CET	192.168.2.4	1.1.1.1	0x54a	Standard query (0)	pbs.twimg.com	A (IP address)	IN (0x0001)	false
Oct 31, 2023 16:20:32.874341965 CET	192.168.2.4	1.1.1.1	0x778c	Standard query (0)	pbs.twimg.com	65	IN (0x0001)	false
Oct 31, 2023 16:20:33.487417936 CET	192.168.2.4	1.1.1.1	0x1aef	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 31, 2023 16:20:33.487895966 CET	192.168.2.4	1.1.1.1	0xd2b5	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 31, 2023 16:21:58.488760948 CET	192.168.2.4	1.1.1.1	0x5f4b	Standard query (0)	clients1.google.com	A (IP address)	IN (0x0001)	false
Oct 31, 2023 16:21:58.489141941 CET	192.168.2.4	1.1.1.1	0xcbc2	Standard query (0)	clients1.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 31, 2023 16:20:30.484344006 CET	1.1.1.1	192.168.2.4	0xec9f	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 31, 2023 16:20:30.484344006 CET	1.1.1.1	192.168.2.4	0xec9f	No error (0)	clients.l.google.com		172.253.62.139	A (IP address)	IN (0x0001)	false
Oct 31, 2023 16:20:30.484344006 CET	1.1.1.1	192.168.2.4	0xec9f	No error (0)	clients.l.google.com		172.253.62.113	A (IP address)	IN (0x0001)	false
Oct 31, 2023 16:20:30.484344006 CET	1.1.1.1	192.168.2.4	0xec9f	No error (0)	clients.l.google.com		172.253.62.138	A (IP address)	IN (0x0001)	false
Oct 31, 2023 16:20:30.484344006 CET	1.1.1.1	192.168.2.4	0xec9f	No error (0)	clients.l.google.com		172.253.62.102	A (IP address)	IN (0x0001)	false
Oct 31, 2023 16:20:30.484344006 CET	1.1.1.1	192.168.2.4	0xec9f	No error (0)	clients.l.google.com		172.253.62.101	A (IP address)	IN (0x0001)	false
Oct 31, 2023 16:20:30.484344006 CET	1.1.1.1	192.168.2.4	0xec9f	No error (0)	clients.l.google.com		172.253.62.100	A (IP address)	IN (0x0001)	false
Oct 31, 2023 16:20:30.484405994 CET	1.1.1.1	192.168.2.4	0xd850	No error (0)	accounts.google.com		172.253.62.84	A (IP address)	IN (0x0001)	false
Oct 31, 2023 16:20:30.484874964 CET	1.1.1.1	192.168.2.4	0xa563	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 31, 2023 16:20:32.161987066 CET	1.1.1.1	192.168.2.4	0x98f5	No error (0)	pbs.twimg.com	dualstack.twimg.twitter.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 31, 2023 16:20:32.161987066 CET	1.1.1.1	192.168.2.4	0x98f5	No error (0)	dualstack.twimg.twitter.map.fastly.net		146.75.28.159	A (IP address)	IN (0x0001)	false
Oct 31, 2023 16:20:32.162046909 CET	1.1.1.1	192.168.2.4	0xdf60	No error (0)	pbs.twimg.com	cs196.wac.edgecastcdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 31, 2023 16:20:32.162046909 CET	1.1.1.1	192.168.2.4	0xdf60	No error (0)	cs196.wac.edgecastcdn.net	cs2-wac.apr-8315.edgecastdns.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 31, 2023 16:20:32.966685057 CET	1.1.1.1	192.168.2.4	0x54a	No error (0)	pbs.twimg.com	dualstack.twimg.twitter.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 31, 2023 16:20:32.966685057 CET	1.1.1.1	192.168.2.4	0x54a	No error (0)	dualstack.twimg.twitter.map.fastly.net		146.75.28.159	A (IP address)	IN (0x0001)	false
Oct 31, 2023 16:20:32.968796968 CET	1.1.1.1	192.168.2.4	0x778c	No error (0)	pbs.twimg.com	cs196.wac.edgecastcdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 31, 2023 16:20:32.968796968 CET	1.1.1.1	192.168.2.4	0x778c	No error (0)	cs196.wac.edgecastcdn.net	cs2-wac.apr-8315.edgecastdns.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 31, 2023 16:20:33.580415010 CET	1.1.1.1	192.168.2.4	0x1aef	No error (0)	www.google.com		172.253.115.103	A (IP address)	IN (0x0001)	false
Oct 31, 2023 16:20:33.580415010 CET	1.1.1.1	192.168.2.4	0x1aef	No error (0)	www.google.com		172.253.115.105	A (IP address)	IN (0x0001)	false
Oct 31, 2023 16:20:33.580415010 CET	1.1.1.1	192.168.2.4	0x1aef	No error (0)	www.google.com		172.253.115.104	A (IP address)	IN (0x0001)	false
Oct 31, 2023 16:20:33.580415010 CET	1.1.1.1	192.168.2.4	0x1aef	No error (0)	www.google.com		172.253.115.106	A (IP address)	IN (0x0001)	false
Oct 31, 2023 16:20:33.580415010 CET	1.1.1.1	192.168.2.4	0x1aef	No error (0)	www.google.com		172.253.115.99	A (IP address)	IN (0x0001)	false
Oct 31, 2023 16:20:33.580415010 CET	1.1.1.1	192.168.2.4	0x1aef	No error (0)	www.google.com		172.253.115.147	A (IP address)	IN (0x0001)	false
Oct 31, 2023 16:20:33.581101894 CET	1.1.1.1	192.168.2.4	0xd2b5	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 31, 2023 16:21:58.581398964 CET	1.1.1.1	192.168.2.4	0x5f4b	No error (0)	clients1.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 31, 2023 16:21:58.581398964 CET	1.1.1.1	192.168.2.4	0x5f4b	No error (0)	clients.l.google.com		142.251.167.101	A (IP address)	IN (0x0001)	false
Oct 31, 2023 16:21:58.581398964 CET	1.1.1.1	192.168.2.4	0x5f4b	No error (0)	clients.l.google.com		142.251.167.138	A (IP address)	IN (0x0001)	false
Oct 31, 2023 16:21:58.581398964 CET	1.1.1.1	192.168.2.4	0x5f4b	No error (0)	clients.l.google.com		142.251.167.100	A (IP address)	IN (0x0001)	false
Oct 31, 2023 16:21:58.581398964 CET	1.1.1.1	192.168.2.4	0x5f4b	No error (0)	clients.l.google.com		142.251.167.139	A (IP address)	IN (0x0001)	false
Oct 31, 2023 16:21:58.581398964 CET	1.1.1.1	192.168.2.4	0x5f4b	No error (0)	clients.l.google.com		142.251.167.113	A (IP address)	IN (0x0001)	false
Oct 31, 2023 16:21:58.581398964 CET	1.1.1.1	192.168.2.4	0x5f4b	No error (0)	clients.l.google.com		142.251.167.102	A (IP address)	IN (0x0001)	false
Oct 31, 2023 16:21:58.582159042 CET	1.1.1.1	192.168.2.4	0xcbc2	No error (0)	clients1.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false

HTTP Request Dependency Graph

clients2.google.com

accounts.google.com

pbs.twimg.com

https:

fs.microsoft.com

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.4	49738	172.253.62.139	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-31 15:20:30 UTC	0	OUT	GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1 Host: clients2.google.com Connection: keep-alive X-Goog-Update-Interactivity: fg X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda X-Goog-Update-Updater: chromecrx-117.0.5938.132 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.4	49737	172.253.62.84	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-31 15:20:30 UTC	0	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk; 1P_JAR=2023-10-04-09
2023-10-31 15:20:30 UTC	1	OUT	Data Raw: 20 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	192.168.2.4	49748	23.52.160.85	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-31 15:20:35 UTC	63	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2023-10-31 15:20:36 UTC	63	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: Kestrel X-CID: 11 Cache-Control: public, max-age=174029 Date: Tue, 31 Oct 2023 15:20:35 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	192.168.2.4	49749	23.52.160.85	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-31 15:20:36 UTC	63	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2023-10-31 15:20:36 UTC	64	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0DMGnYgAAAACXaXykPZuVRq4aV6pCkeO8U0pDRURHRTAzMTgAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=174000 Date: Tue, 31 Oct 2023 15:20:36 GMT Content-Length: 55 Connection: close X-CID: 2
2023-10-31 15:20:36 UTC	64	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
12	192.168.2.4	49750	20.114.59.183	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-31 15:20:46 UTC	64	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=5fpvVvnfpkPPu5g&MD=G8m55Ols HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2023-10-31 15:20:46 UTC	65	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: a66430a4-9d4a-4bb0-9762-121c24ca8112 MS-RequestId: e2bb973b-5a8b-4800-8454-39065d6c3d3e MS-CV: SGxad+zpLEufbv4c.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Tue, 31 Oct 2023 15:20:46 GMT Connection: close Content-Length: 24490
2023-10-31 15:20:46 UTC	65	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2023-10-31 15:20:46 UTC	81	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
13	192.168.2.4	49752	20.114.59.183	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-31 15:21:24 UTC	89	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=5fpvVvnfpkPPu5g&MD=G8m55Ols HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2023-10-31 15:21:24 UTC	89	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160" MS-CorrelationId: 057077f5-6ee6-4947-b881-7a86b6554b96 MS-RequestId: 56bc38fd-a857-43e3-b63a-e7841c039ad8 MS-CV: I9pUonsTsUS5Raik.0 X-Microsoft-SLSClientCache: 2160 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Tue, 31 Oct 2023 15:21:23 GMT Connection: close Content-Length: 25457
2023-10-31 15:21:24 UTC	90	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2023-10-31 15:21:24 UTC	105	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	172.253.62.139	443	192.168.2.4	49738	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-31 15:20:30 UTC	1	IN	HTTP/1.1 200 OK Content-Security-Policy: script-src 'report-sample' 'nonce-9txu7sVM5ETC2UaF6cWLdA' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 31 Oct 2023 15:20:30 GMT Content-Type: text/xml; charset=UTF-8 X-Daynum: 6147 X-Daystart: 30030 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-10-31 15:20:30 UTC	2	IN	Data Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 31 34 37 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 33 30 30 33 30 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6147" elapsed_seconds="30030"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
2023-10-31 15:20:30 UTC	2	IN	Data Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
2023-10-31 15:20:30 UTC	2	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	172.253.62.84	443	192.168.2.4	49737	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-31 15:20:30 UTC	2	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Access-Control-Allow-Origin: https://www.google.com Access-Control-Allow-Credentials: true X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 31 Oct 2023 15:20:30 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factor=, ch-ua-platform=, ch-ua-platform-version=* Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport Content-Security-Policy: script-src 'report-sample' 'nonce-AYC_lPzj1F7F83TDH3Qftw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Cross-Origin-Opener-Policy: same-origin Server: ESF X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-10-31 15:20:30 UTC	4	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2023-10-31 15:20:30 UTC	4	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.4	49741	146.75.28.159	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-31 15:20:32 UTC	4	OUT	GET /card_img/1715476623690993664/-J1Q20YC?format=jpg&name=small HTTP/1.1 Host: pbs.twimg.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	146.75.28.159	443	192.168.2.4	49741	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-31 15:20:32 UTC	5	IN	HTTP/1.1 200 OK Connection: close Content-Length: 54652 perf: 7626143928 content-type: image/jpeg cache-control: max-age=604800, must-revalidate last-modified: Fri, 20 Oct 2023 21:12:33 GMT x-transaction-id: d49e49eb0af8e238 timing-allow-origin: https://twitter.com, https://mobile.twitter.com strict-transport-security: max-age=631138519 access-control-allow-origin: * access-control-expose-headers: Content-Length X-Content-Type-Options: nosniff Accept-Ranges: bytes Date: Tue, 31 Oct 2023 15:20:32 GMT X-Cache: HIT, HIT x-tw-cdn: FT x-served-by: cache-pdk-kpdk1780115-PDK, cache-iad-kiad7000149-IAD, cache-tw-ZZZ1 Server-Timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
2023-10-31 15:20:32 UTC	5	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 03 02 02 03 02 02 03 03 03 03 04 03 03 04 05 08 05 05 04 04 05 0a 07 07 06 08 0c 0a 0c 0c 0b 0a 0b 0b 0d 0e 12 10 0d 0e 11 0e 0b 0b 10 16 10 11 13 14 15 15 15 0c 0f 17 18 16 14 18 12 14 15 14 ff db 00 43 01 03 04 04 05 04 05 09 05 05 09 14 0d 0b 0d 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 ff c2 00 11 08 01 e0 02 80 03 01 22 00 02 11 01 03 11 01 ff c4 00 1c 00 00 01 05 01 01 01 00 00 00 00 00 00 00 00 00 00 03 01 02 04 05 06 00 07 08 ff c4 00 1b 01 00 02 03 01 01 01 00 00 00 00 00 00 00 00 00 00 00 03 01 02 04 05 06 07 ff da 00 0c 03 01 00 02 10 03 10 00 00 01 f3 93 08 dc bd Data Ascii: JFIF``CC"
2023-10-31 15:20:32 UTC	7	IN	Data Raw: 69 13 a9 7b 92 26 97 31 a6 cd f3 a3 33 82 df 60 b2 ea 4d 3c 5c ec 3c f1 23 09 5b a4 9a b0 8a 75 d4 9a 99 b9 c1 e2 ef f2 5a 6d a3 70 07 36 b6 9b 9e 98 ba e9 2d 73 16 b9 e9 a4 9d 49 6a ac f2 13 9f 7c e9 c8 e6 a5 aa bd 61 39 1f 22 22 f0 2a b5 41 dc 8b 02 72 f4 d5 11 e9 33 c4 62 c8 1f 9b 3e 8f f9 b3 5d b3 f5 f6 35 dd 9c 77 22 42 4c ee cc 12 f2 3a 25 30 4f 42 41 87 21 50 49 00 95 51 e5 1c 8a 43 cc 27 b1 6f 19 63 b6 a7 bb a0 d0 ea cf bb f3 ef 49 a7 ec 73 1b 57 3e b6 19 61 bb c4 5a b9 1b 65 ab 2a 74 ac 10 c7 b2 c5 3a b6 f1 76 91 39 78 d5 dd dc 4d 36 5f 5d 93 e7 c6 6b 25 af c0 e5 d7 0e b5 a2 8e 81 50 4c 5b cb d1 4a b6 59 4b ad 32 6d 4f 48 6a ed 8b d5 09 e0 5b 56 4d 5c 92 2e ad 73 76 d9 af a7 b7 ce 5c 65 cb 6d 2a b6 4a d3 29 1e dd 19 11 51 5b 5e 5e 70 31 51 41 55 Data Ascii: i{&13`M<\<#[uZmp6-sIj\|a9""Ar3b>]5w"BL:%0OBA!PIQC'ocIsW>aZet:v9xM6_]k%PL[JYK2mOHj[VM\.sv\em*J)Q[^^p1QAU
2023-10-31 15:20:32 UTC	8	IN	Data Raw: 3d 5c 68 40 ca 74 46 93 0d ee 55 37 a1 f9 2f ad 68 5b fb 96 97 4e 51 52 41 cb 9c 92 d2 93 0f 5e bb ea b2 d5 f4 31 60 fa e6 13 79 e9 fc c5 45 37 a8 79 87 8c f7 12 e7 41 bf f7 df 3f c7 c6 da e7 b8 dd e8 12 e1 4d f2 7e d2 cb cb bd 5f 09 ec 3c 42 d9 46 3f 98 f6 3c 50 2a 5b 3a 54 59 d9 5a db 16 d8 24 b0 d7 50 6a d3 cd 73 5c dd 58 53 bb a0 e5 ee 0e 45 e0 55 4e 07 73 14 1c 8a d0 72 8d f2 38 83 7c cf 96 f9 6f a6 79 9e e9 9f 49 79 45 a6 81 63 c3 a5 57 7a fc 6e c7 06 92 14 45 ce d2 98 07 a8 78 72 c1 48 15 ed 06 82 83 cc 22 a8 1e 5b 5b 91 61 b2 73 49 48 91 3a be cf ab 92 3c c8 56 0d ad 70 25 42 6d 33 7e 83 89 b5 d1 4d ea b7 96 73 15 b1 21 c5 6b f1 11 6c 24 48 3a fa bf 26 d3 0e f4 0f a6 f8 77 b4 7a 0f 2f e9 1e 59 e9 75 7e 1b d7 f9 cd fd 04 df a3 f8 69 d4 15 f1 38 fd Data Ascii: =\h@tFU7/h[NQRA^1`yE7yA?M~_<BF?<P*[:TYZ$Pjs\XSEUNsr8\|oyIyEcWznExrH"[[asIH:<Vp%Bm3~Ms!kl$H:&wz/Yu~i8
2023-10-31 15:20:32 UTC	9	IN	Data Raw: 66 77 6c 66 57 cf c5 a4 86 09 95 25 30 4a a8 af 33 45 73 4c 50 93 30 f6 ab 64 ca 6d f0 5b 9b 84 99 0a 2b d3 22 79 25 75 73 93 b8 80 e2 35 4a ab da 80 af 6f 4c 15 58 e2 54 83 69 07 68 52 22 46 76 fa 89 37 6c a8 d2 38 fa 54 82 2c 94 be 55 e8 5e 75 ab 6b 24 c4 95 7d 1a 2b aa 4b be 73 ec 30 1b bc ee 8c 58 82 80 db 9d 6f a5 cb 68 f9 da 76 d7 59 cd 06 1c 2b c8 8f c1 ce 67 10 fe 6a 12 f5 1b 81 c8 9c 43 da 9c 0a e1 a9 0f 44 40 7a b3 a4 2e 3f 5f 86 65 fc 6a 64 0b 0e b5 2b 61 4a 8d a5 22 8e 70 b2 97 c2 91 17 3b f5 36 94 b7 18 dc 43 80 ab 64 82 84 89 80 44 99 5d 68 d6 90 04 45 8b c9 d1 19 0d a6 2f 5e d8 95 61 57 66 c5 58 b4 e9 d4 cd ca 89 32 e2 01 64 3f 27 10 a5 03 e6 af e1 a1 26 e8 fd 58 2a 0d 00 f4 96 f5 09 b3 a4 c4 95 c9 d2 e7 89 f1 38 ff 00 3f f4 4f 3c d9 ac 45 Data Ascii: fwlfW%0J3EsLP0dm[+"y%us5JoLXTihR"Fv7l8T,U^uk$}+Ks0XohvY+gjCD@z.?_ejd+aJ"p;6CdD]hE/^aWfX2d?'&X*8?O<E
2023-10-31 15:20:32 UTC	11	IN	Data Raw: 6f 27 f5 2f 2a ea e5 97 06 7d 66 e4 47 62 b1 ab 13 c6 b6 af ff c4 00 33 10 00 01 03 02 05 02 05 04 02 03 00 02 03 00 00 00 01 00 02 03 04 11 05 10 12 21 31 32 41 06 13 20 22 33 14 23 24 30 34 42 15 25 35 36 40 26 43 44 ff da 00 08 01 01 00 01 05 02 41 0b a6 a8 de 5a 98 43 d1 85 16 10 ac 87 21 97 35 42 cb 09 fe 3a 3d 30 fc 78 88 f7 f6 c5 3f 8d 1f c7 83 8b 63 6a eb 52 05 4b 1b 6a 1b 69 68 e4 a1 8c 55 53 4b 4c 58 7c b2 8b 53 da a4 62 6c b6 58 eb f5 54 a2 55 fd 12 54 b5 82 7a d2 f2 f7 aa a6 b5 c4 42 09 11 f9 63 da 53 a4 63 53 6a 49 45 de 6b ea 22 92 2c 3a 93 11 9d 8e 92 ce 8a 27 95 42 ed 33 79 6b cb 41 bb db 7b 2d dc 9a d0 dc ad b5 91 1f a0 05 e2 2f e7 b5 0e 97 f5 64 32 6f 0d 4d b8 50 cc b4 07 a7 d3 e9 56 b1 69 b3 6a 96 0f f0 05 6d a0 f8 31 44 de 9c 54 7e 24 Data Ascii: o'/*}fGb3!12A "3#$04B%56@&CDAZC!5B:=0x?cjRKjihUSKLX\|SblXTUTzBcScSjIEk",:'B3ykA{-/d2oMPVijm1DT~$
2023-10-31 15:20:32 UTC	12	IN	Data Raw: e5 6c ad ea b7 e9 9b 68 31 4f 94 fc 51 48 c0 f0 6f 90 df 30 9a 13 50 57 41 0b 04 d2 9a 72 8c a6 9d f0 12 7e ba af dd 47 e1 17 7e 39 dd 78 5f db 51 e2 dd a2 1e 89 c6 fd e9 ba 7d 15 4a 55 8a ff 00 06 ea 3e ba 7a 67 54 39 c1 b1 27 3e cb cc 41 e9 af b8 12 6d 2c 9e d3 52 5f 54 1f 65 e6 26 cc 99 22 8d e8 39 34 ac 67 0c ff 00 2f 1c 51 88 63 47 d1 db 31 9f 39 9f 45 4e d0 62 5b bd ce b4 6d 70 7a 16 10 e7 6d 9a 9a 9b 90 41 04 c4 10 40 a0 56 04 7f 3e 53 78 3c 24 76 bf bf c3 be dc 4f c6 8e d1 86 b1 fe df 31 ab ce 62 f3 98 a7 98 6a d4 a9 4d fd 35 4a 55 89 ff 00 05 51 d3 be a6 a6 79 63 82 29 26 45 eb cc 4d 7a 6b 95 d5 4c ba 5b 14 ba aa 7c cb 2d 49 b2 26 48 99 22 8e 4d d8 e4 11 17 5c 65 db f6 59 73 9d 61 b5 2e 20 2e f9 4d e3 8d 49 f1 b7 26 a0 9a 80 28 20 17 29 b9 0e 50 Data Ascii: lh1OQHo0PWAr~G~9x_Q}JU>zgT9'>Am,R_Te&"94g/QcG19ENb[mpzmA@V>Sx<$vO1bjM5JUQyc)&EMzkL[\|-I&H"M\eYsa. .MI&( )P
2023-10-31 15:20:32 UTC	13	IN	Data Raw: 99 cd 4f 56 51 bf 52 09 a8 64 d4 1b b8 62 0c 08 04 02 d2 aa 2e b0 cf 87 94 54 3f 0d 62 6e e2 b3 e1 1f 1c 7b b7 d3 aa ca 77 ee 45 de eb a9 19 a8 53 12 e8 8b 4d b1 21 af d2 57 7c a5 6d c4 ed 6b 64 6f 85 30 e9 e3 f2 21 82 a9 14 37 4d e4 26 6c 9a 77 62 85 42 ad 64 7f 78 5e 28 3f 8e 7a a3 e6 a7 af 2a 23 f6 82 0b b8 37 01 68 4d 62 0c 41 88 34 29 59 65 56 3d d8 6f 19 53 9f b1 57 c3 37 6d 5f c1 19 fb 50 f4 65 7c cb 93 b2 21 48 6c 29 b6 4c 55 da 7c 92 02 e7 2b a2 13 8a be fd de 15 5b 17 85 71 11 fe 0a 97 76 5d 11 74 db 26 8d 82 6a 69 4c d9 41 ba 80 22 8f ec 39 f7 f1 4f c5 fd a3 1e e9 fa af 95 09 f6 0e 01 cd bc 8e 02 6a 6f 21 1d d5 70 d2 ec 37 94 55 31 fb 55 3d 2c f8 ea 77 86 23 78 a9 fe 35 7c ae 89 5d 8e 45 4a 54 6f fc bb d9 98 ac 9f 4f 8e 48 34 95 1d 33 a4 4d a5 Data Ascii: OVQRdb.T?bn{wESM!W\|mkdo0!7M&lwbBdx^(?z*#7hMbA4)YeV=oSW7m_Pe\|!Hl)LU\|+[qv]t&jiLA"9Ojo!p7U1U=,w#x5\|]EJToOH43M
2023-10-31 15:20:32 UTC	15	IN	Data Raw: 55 d5 ff 00 4f 6c 77 79 d8 9f f0 1e a5 2f 07 8a 3d e2 ee dc da 8a a1 da b5 99 85 88 8f b9 44 6f 4f db fb 77 66 d5 80 af ff 00 75 47 c2 d8 7c d9 bc 45 4c 20 c2 d9 f7 46 a4 5e 9a 2e 85 90 e0 5d 04 0a 08 13 7a bd b1 2a 53 66 dd 0d d6 2f 4d f5 14 72 0d dc 83 ac a3 72 3e e1 88 32 ed a4 f9 99 7c e9 f9 a1 6e a5 4a dd 8a ec bb fe e1 91 e9 c5 fe 68 c2 9b e0 2b b4 88 f4 e1 ee bc 61 04 32 6a 2a 0f 6e 22 33 0b 11 f9 30 dd e9 53 95 f6 e2 a8 ba cb 56 ba a9 c7 da 86 76 b2 9b 17 8c d4 61 58 2d 47 d5 60 f7 ba 68 b2 08 2b a1 b9 ba d9 5d 5e ca b7 fe 9d 3f 4f 7b ae 45 7c 1f 4f 52 e5 a9 30 a8 ca ae 8b db 00 b5 4b 10 39 53 b6 ca 89 41 b4 79 77 ef e8 e1 76 fd 52 6d 1e 2a 7e ec 6a 7f 85 12 a4 e7 fa 61 e7 da 32 e1 04 39 ee 36 c4 07 3d d0 2b 10 1e ec 25 d7 a5 ec e5 7d 8c 66 59 e1 Data Ascii: UOlwy/=DoOwfuG\|EL F^.]zSf/Mrr>2\|nJh+a2jn"30SVvaX-G`h+]^?O{E\|OR0K9SAywvRm*~ja296=+%}fY
2023-10-31 15:20:32 UTC	16	IN	Data Raw: 73 03 ac a3 7d 99 85 6f 8c f8 a6 23 26 08 d4 14 2a 90 5d 42 14 43 db 95 95 97 39 0c 87 39 f7 b7 a4 2f 14 bb ef b5 37 89 39 4f e0 29 7a c2 a1 3b 8c 82 05 04 79 87 db 5a 10 ce bb ae 8c ea 81 51 1f b8 79 e7 20 bb 6e b4 dd 59 a0 6c d4 5c 2e fd 89 76 f7 d8 f2 1d 65 c9 de f5 9c b0 d9 c3 3c 42 3f 36 88 a7 1c a1 d9 31 de dc 0e e7 16 af 63 aa a8 47 b4 a8 55 29 b1 81 44 e2 1b ac af 30 ad 65 79 8b 59 0b cc 2b cc 2b 5a d6 b5 2d 6b 52 d4 b5 ad 4a f7 5a 96 a4 1c bc 4e f0 ea a6 75 70 c7 f2 53 f7 ca 6d 9c a8 fa c2 08 1c 9a ad b9 da b0 14 0a 05 03 b5 78 f7 61 e6 f4 ea 99 da 66 d7 65 e6 07 22 eb 2d 41 02 b5 6d ae c3 55 d1 7a b8 b1 dd 1d d1 0b 62 b4 ab 6d ba ae 94 32 47 48 83 96 b4 1f 65 7d 42 a5 be 54 a7 28 53 1d 66 f8 7f f9 f7 b9 c4 60 fa 6a ce 54 2a 97 9a 55 19 b3 51 ce Data Ascii: s}o#&]BC99/79O)z;yZQy nYl\.ve<B?61cGU)D0eyY++Z-kRJZNupSmxafe"-AmUzbm2GHe}BT(Sf`jTUQ
2023-10-31 15:20:32 UTC	17	IN	Data Raw: 0a 6a 1a 82 37 41 e2 c4 dd 5a cb de ae 1c 99 25 a3 d6 d2 e0 4a 91 c1 79 8e 09 c0 ea bd d7 24 b7 53 40 d2 eb 5d 5d c9 fa f5 7b f5 46 c0 e4 3d a1 c2 e2 7e 61 3e f0 76 a1 7f e2 31 c2 eb c4 4e b4 87 63 86 b8 f9 f8 9c 5a f0 98 2b e2 a5 92 92 08 a6 9a 3a 4a a8 69 a1 99 86 29 b1 8a 0a 67 54 63 14 93 31 e5 d5 35 71 53 c9 36 1d 47 b4 0f 91 c8 c8 83 c5 8b 86 a7 5a da 76 d3 a5 dd b5 6f c3 f1 df 81 dd 51 a9 77 7a 3c 65 ff c4 00 35 11 00 02 01 03 02 05 03 01 06 04 07 00 00 00 00 00 00 01 02 03 10 11 21 31 04 12 20 30 41 05 22 32 13 06 14 23 42 81 f0 15 51 a1 b1 24 33 34 71 91 d1 e1 ff da 00 08 01 03 01 01 3f 01 c5 97 4c d9 a6 0c e8 2d 6e 98 ad 8c a2 3b 59 21 24 b7 39 d2 1b 4c e7 3e a0 85 b8 b7 16 c6 49 54 1b cf 57 81 0e c9 0a d9 32 37 82 a4 87 2f 69 cd ed 21 23 9c c8 Data Ascii: j7AZ%Jy$S@]]{F=~a>v1NcZ+:Ji)gTc15qS6GZvoQwz<e5!1 0A"2#BQ$34q?L-n;Y!$9L>ITW27/i!#
2023-10-31 15:20:32 UTC	19	IN	Data Raw: 6f ff c4 00 31 11 00 02 01 03 03 03 04 00 04 05 05 00 00 00 00 00 00 01 02 03 11 31 04 10 21 12 20 41 05 22 30 32 14 42 51 f0 06 13 61 81 a1 15 23 34 52 b1 ff da 00 08 01 02 01 01 3f 01 93 1b 19 71 31 32 dc 94 90 91 15 c9 25 bf 45 c9 d0 f2 8b 34 5e c4 b9 12 da 34 dc b9 15 2b 0a e7 4d ce 82 a6 4a 96 e0 a8 ae 87 b2 8d cb 25 dd 43 ec 36 21 ec c6 5e c4 59 15 72 9c 2f 82 10 f7 58 54 fd f6 2a 46 c7 49 62 3b 55 85 d1 61 88 8d 2e a2 31 e9 56 da db 5f 82 ae 49 12 9f 06 45 1d ed db 43 ed da f7 8c 48 22 82 e4 8a 4a a0 f8 99 55 f2 5c b5 d1 6b 3d a5 82 4a db 58 87 08 48 b6 ed 93 e4 90 df c5 43 3b 2d 9e cc 44 08 94 72 3e 26 3f b1 3d a2 3c ec f0 55 16 04 40 43 68 e0 72 be cd 93 2c 2d d7 75 0c 9e 6c 2c 6c c7 bd 31 14 5f 24 fe c3 c9 3d a0 3c ef 54 f0 60 83 3a 92 44 eb c2 Data Ascii: o11! A"02BQa#4R?q12%E4^4+MJ%C6!^Yr/XT*FIb;Ua.1V_IECH"JU\k=JXHC;-Dr>&?=<U@Chr,-ul,l1_$=<T`:D
2023-10-31 15:20:32 UTC	20	IN	Data Raw: 76 b6 49 92 e7 b2 d6 28 7d 49 8c a3 92 ae 0a 35 54 6e 52 ac a5 e0 94 d2 43 a0 aa 72 54 83 a6 f7 b6 fa 5c 0b 22 da 24 97 03 5b c9 0d 10 2d c9 4f 1d 8d 8c 7d ac a0 55 56 63 29 64 a9 f5 28 52 55 2e 74 2a 45 49 ca 5c 22 8a 6b 26 a0 b7 6e 99 0b 22 db ff c4 00 41 10 00 01 02 03 05 05 05 06 05 03 03 03 05 00 00 00 01 00 02 03 11 21 10 20 31 41 51 04 12 61 71 81 22 30 32 40 72 13 42 52 62 91 a1 05 82 b1 c1 d1 14 23 33 43 63 e1 53 73 a2 24 50 92 f0 f1 ff da 00 08 01 01 00 06 3f 02 b9 4b d5 58 e6 ba da df 4a 86 87 24 de 05 30 f0 0b f1 51 f3 83 f6 bb ba fc 38 62 83 a9 eb d5 36 24 b7 67 95 e9 2d 9f d0 6f ea 51 66 27 44 66 86 2a 8a b2 0b 1f a2 ec 89 9c e7 92 e0 85 4b b8 05 0f d9 9d d7 ce 66 4b 75 e6 87 14 ea 00 f6 e2 06 7c 56 25 df ba 60 d0 ee df a7 7b 1b 9f 75 45 27 Data Ascii: vI(}I5TnRCrT\"$[-O}UVc)d(RU.tEI\"k&n"A! 1AQaq"02@rBRb#3CcSs$P?KXJ$0Q8b6$g-oQf'DfKfKu\|V%`{uE'
2023-10-31 15:20:32 UTC	21	IN	Data Raw: bf fb 3c 6e 48 26 c8 4e a8 f6 65 3e fb 1b 0d 8e ce 98 d9 35 29 94 44 d4 76 38 4c 16 e0 81 00 b4 0d 0a 9b 36 88 8d ea 87 b3 da 09 e0 e0 9d b4 3e 41 d3 a3 9b 45 fd 26 df 0b fa b7 03 47 fc 23 45 0e 0c 3d a9 fe c5 87 c1 11 b5 5b cc 0e 95 94 b7 d9 48 b9 fc 14 5d c6 34 be 72 6b 5a 6a 54 6d e9 61 d9 6e 60 fc 48 fd 7b a3 e7 63 79 51 c5 b6 9c 94 48 a6 a1 a1 6f 97 00 1c c9 b8 1f 75 13 08 ef ee d8 78 ac 2c 19 aa 60 a6 9c 44 c4 cc e4 9a 5a 7b 47 24 0c 41 17 68 26 85 ad 08 17 6c 31 77 b8 b1 13 0b 65 7e ce f0 da 3f d9 e1 c5 6e c5 70 7e ff 00 6c 38 52 6c c8 91 72 b7 8a 22 f8 b0 79 48 d6 0f 26 cb 79 27 8a fb 31 59 e8 9a 21 97 39 c3 b4 e9 3b dd 50 cc 16 8d e0 ea ef 0c 1b 9a 71 17 05 8e ac 8a 9e e9 20 63 24 c6 c8 eb c4 2d ef 6b 17 da 6b bc b7 8c 48 cd 87 f1 38 e2 bf ba e8 Data Ascii: <nH&Ne>5)Dv8L6>AE&G#E=[H]4rkZjTman`H{cyQHoux,`DZ{G$Ah&l1we~?np~l8Rlr"yH&y'1Y!9;Pq c$-kkH8
2023-10-31 15:20:32 UTC	23	IN	Data Raw: df 38 64 a9 e1 01 6c d1 72 64 50 54 09 62 e8 37 fe 51 e5 62 fa ac 37 02 17 8a 89 ce e9 e8 85 8d 5d 53 b9 58 f4 d2 0e eb 83 c5 54 37 11 ba e1 e2 67 15 2c b6 8d 9c fd ae 4f 2d 55 10 dd 06 53 a9 0a 3f fe 92 2f 69 d3 f0 a9 37 64 8b 3d 77 50 3f d1 bf 9b 94 3f ea 76 40 63 4b b4 e9 e6 a5 fd 18 51 60 b0 6e b1 a6 41 bc 13 a2 32 b2 c4 2d d8 9f fc 93 b7 64 5c de d0 5f 7b 24 02 de 8b 41 a2 dc 65 84 f5 5f 87 c5 c4 bb 64 6d d1 67 3f 2b 17 d5 61 b8 d4 2f 10 a2 58 6c 92 72 16 33 9a 08 d8 f4 f8 0e 34 71 09 85 d3 73 99 ef e7 25 f8 4e d0 3f ea 7b 37 1e 68 e4 b8 ad 55 56 81 60 16 bc d6 1f 4b 30 b3 69 f5 a8 8a 7e 17 29 b7 ff 00 15 37 b4 b4 9a aa 9f a9 5d 89 13 f2 a9 78 5b 69 50 9a 7f d3 6e e8 e5 74 20 3c b4 4f 55 c3 63 7b 87 5d 3c 93 39 58 cf 55 d3 c1 54 52 20 aa 6c 66 b6 b0 Data Ascii: 8dlrdPTb7Qb7]SXT7g,O-US?/i7d=wP??v@cKQ`nA2-d\_{$Ae_dmg?+a/Xlr34qs%N?{7hUV`K0i~)7]x[iPnt <OUc{]<9XUTR lf
2023-10-31 15:20:32 UTC	24	IN	Data Raw: 10 a5 39 71 59 4b 82 3e f1 38 a1 a0 58 f5 5a 85 84 c6 68 4a 85 4c 67 8a aa c0 2d 15 00 9f ea a9 d4 2a 2a 65 aa e0 b0 92 9c 90 6c a7 32 a2 89 60 27 77 31 37 15 2c 51 33 9e eb b7 90 b4 20 72 45 4f 45 aa c1 4c 8a a9 1c 33 46 99 2a 55 76 71 53 ca c2 06 6b 9a 39 21 5b 70 46 5a 2e b6 0b c3 b8 9f 14 2e 14 fb 27 92 cd 7e 8b 0f aa d2 4a 74 92 9c a6 b0 27 aa af 64 23 a6 a8 cb 3d 54 c3 ab c9 19 9e 2a 7d 68 b5 9d 51 fe 14 a7 5d 55 70 3a 2c 56 45 61 44 2c 39 52 7c 94 9d 46 b9 38 68 65 71 a8 11 92 8a cc 88 5c ed 0b 85 93 cd 62 a6 b5 5f ca 33 35 e0 8e b3 53 9d 10 55 5c 57 e8 ab 52 b2 58 23 33 5c d7 24 fe 59 21 60 ee 07 78 6c 0a 6d 27 8d 13 72 e2 b0 ae 6b e5 18 29 52 78 05 33 53 c1 4e 52 e4 8d 1d 5d 57 65 d2 aa 69 99 ae aa 6a 45 b3 2b 1a 66 a7 2c 57 00 bf 50 a5 97 04 49 Data Ascii: 9qYK>8XZhJLg-*el2`'w17,Q3 rEOEL3FUvqSk9![pFZ..'~Jt'd#=T*}hQ]Up:,VEaD,9R\|F8heq\b_35SU\WRX#3\$Y!`xlm'rk)Rx3SNR]WeijE+f,WPI
2023-10-31 15:20:32 UTC	26	IN	Data Raw: f8 b2 1d f8 45 16 24 89 58 45 97 92 4c 8f f5 0d 68 6b a1 d6 56 9f 06 e1 65 c1 16 a4 1a 13 b9 0c dc ac 8d 92 b5 06 76 c6 c8 8b 64 a7 d4 49 19 c0 b3 ae 24 09 c5 7e 32 dc 60 50 2d 18 24 b6 25 16 21 46 92 10 8f 66 12 c9 59 10 96 92 3d 79 77 e2 19 7f c1 2b e3 a1 7e d6 ce 47 48 9d 17 7c 89 b0 6d b7 91 72 6d a8 6d 96 e4 92 6c 73 4b 6c 94 b1 2a d9 47 94 64 61 75 b0 d4 8d 00 3e 0b f6 1b 41 46 cf fa 31 98 32 2d e7 84 2a c8 76 04 8d 61 2a 62 9c 56 f7 62 24 73 02 12 da 26 6e 71 04 33 14 b5 c1 eb 28 5c 30 43 ec a5 95 23 a9 dc 18 f5 c1 fb 0a 1d 0d 1f 43 32 20 83 b8 e1 e3 62 12 0b d6 8b fb 62 f7 e1 40 a0 4a 06 13 b1 19 76 7c a8 ae 86 dd 22 b9 04 86 82 fe cc 44 08 19 71 32 2f 50 6a e8 2c 3e 07 1c a8 62 7d 96 50 b3 12 18 38 c9 25 46 17 b4 04 e5 7c 04 af 22 09 0a 8c 22 7d Data Ascii: E$XELhkVevdI$~2`P-$%!FfY=yw+~GH\|mrmmlsKlGdau>AF12-va*bVb$s&nq3(\0C#C2 bb@Jv\|"Dq2/Pj,>b}P8%F\|""}
2023-10-31 15:20:32 UTC	27	IN	Data Raw: 86 4f af 42 98 66 8a 6b 94 f6 35 2e a4 9d 09 5f 64 78 4a 7c 16 04 c5 62 57 e3 92 87 06 04 6c da 3f 3d fa 1a 7d c3 14 65 6e 96 8f a0 3c 8b 4b 5e 2c 85 91 66 02 41 5f a2 91 f4 20 9d 14 ed 72 3a 45 ba 39 7e 07 c4 a3 08 39 33 0b f6 12 23 89 7f 63 ca b8 50 91 97 ab e0 7b ee d1 6e e3 ec 23 0f 2f 02 58 bb 32 e6 7f 93 23 65 10 3c fa e3 72 9e c8 0d ac 8b a1 44 cd c2 5e ad 20 ec d6 b9 db 62 ab 6e 30 8e 94 ca ca 69 9f 8e 0d 09 e5 de c4 6d 5b a8 64 24 2f 6c 5d 4a 22 21 64 87 54 40 a6 a0 51 1b 21 08 13 f0 54 98 c3 f2 22 71 c5 b3 e2 23 f3 da fa 70 46 56 20 6a b2 48 8d 09 48 df 5e 30 2a 54 4a 04 59 05 86 84 f0 c0 90 ee 1c fc b2 24 4d 42 d1 25 21 ad f6 4c 04 37 05 f4 84 a2 46 91 a9 91 95 d0 8d 68 77 88 22 f7 62 b8 28 a5 06 e9 42 25 5d 23 91 3e d2 09 1a 72 c9 7d 1d 65 fd Data Ascii: OBfk5._dxJ\|bWl?=}en<K^,fA_ r:E9~93#cP{n#/X2#e<rD^ bn0im[d$/l]J"!dT@Q!T"q#pFV jHH^0*TJY$MB%!L7Fhw"b(B%]#>r}e
2023-10-31 15:20:32 UTC	28	IN	Data Raw: c1 80 ed 1b 42 3a 1b 1b b1 64 8f 32 2b 4b a1 a3 d6 49 fa 15 3e d5 51 8f d0 c5 81 a8 7a 2b 92 13 9f 81 66 cc 44 f0 5d 2f 07 b1 93 09 41 4d 9a 50 d5 a8 c3 3d b0 28 78 2d a8 17 d9 37 66 6c e2 26 9b d1 1c fc 98 5b c5 90 da dd 33 e9 08 a1 3e 48 54 ec e4 6e 26 e5 ae cc 0c af 91 50 53 3e 54 88 29 23 d0 93 6c 21 ac 49 a6 2a 62 c2 e6 c6 2b 34 74 94 35 05 85 67 5d 12 bb e9 70 86 c9 11 e3 ad 2f 74 f8 32 57 0b b1 a9 c0 e5 2a c9 61 30 7b 6c 4c 68 7f a1 5b 8c 92 be 46 32 43 50 b3 7b 2b ec c4 b9 46 05 44 c9 f1 a4 63 61 9a 5d b8 24 74 e4 88 9a f1 06 88 30 64 44 91 44 82 f1 af 11 68 d8 78 0b b2 e8 5b 35 4f 43 66 1e 25 9c 18 68 c7 52 33 d3 c1 27 cc 6e 89 2a 26 2a 04 fc 4f 12 7b 5a 20 35 26 7c 91 3b 9f c8 5d 53 d8 51 49 31 ec 86 67 be 85 16 a1 d0 b0 f6 35 70 12 99 4b 81 44 Data Ascii: B:d2+KI>Qz+fD]/AMP=(x-7fl&[3>HTn&PS>T)#l!Ib+4t5g]p/t2Wa0{lLh[F2CP{+FDca]$t0dDDhx[5OCf%hR3'n&O{Z 5&\|;]SQI1g5pKD
2023-10-31 15:20:32 UTC	30	IN	Data Raw: 74 7b 2d f8 a1 f9 80 95 0a db 3e 0c 2c bf 86 cc c1 45 da 24 01 a7 e7 13 30 11 24 fa 35 99 2f 64 41 89 5b 8d 91 06 17 f6 b0 fd a2 88 5e 8d 85 d3 50 4d 0a d0 94 e4 91 3a dc cb d9 60 e4 e4 3f f2 03 05 bf dc 0b 65 0d c9 64 d3 de b4 72 f6 48 ba c8 fa 55 5b ea e8 58 e9 07 87 58 0d b6 12 f4 34 8b 2e 09 a6 86 89 33 9e 4b 43 af 0b 91 e0 6a 84 af e1 a1 78 98 f1 05 78 df c0 9d 89 78 cc 2c fd f8 59 9f b1 f0 37 48 79 3d 09 04 e0 4b e1 e1 67 e0 16 54 a3 a2 66 42 57 07 43 76 96 3b 31 e4 15 f0 2b 6d 08 40 f5 fa a2 df 43 93 40 94 8e f9 68 9b 1a 05 1b c5 36 85 92 06 76 26 8b f2 bd 73 b1 95 62 2f b1 fb 76 76 35 47 6c b3 e8 ed 7f 91 1a 2a 5f 28 ad 12 c2 bd 0f a7 0e 07 37 7a 58 1f b5 f8 4c 98 c3 9a 3e 93 10 d9 78 ca 08 9f a8 67 53 13 90 bb eb 03 54 3b a5 14 38 ec fd 04 31 e7 Data Ascii: t{->,E$0$5/dA[^PM:`?edrHU[XX4.3KCjxxx,Y7Hy=KgTfBWCv;1+m@C@h6v&sb/vv5Gl*_(7zXL>xgST;81
2023-10-31 15:20:32 UTC	31	IN	Data Raw: 6b ec 7d cb 7e 46 93 d1 80 91 f4 16 f6 c4 82 4b 6c 14 dd b8 10 ed a9 35 26 f4 98 e8 9b 7d dd 97 44 d6 2a 23 b0 d1 b9 42 46 c8 72 84 72 08 76 09 0d 56 16 9e 60 67 bb 74 68 24 f4 78 e1 16 46 a6 ee 92 df 3b 71 8c e3 55 22 80 7f b0 b8 0a f7 67 f7 11 d4 95 8d be 45 23 d9 3e b4 5c 3c de da e8 84 88 b9 03 6f 48 8e 47 e4 96 c5 2a 6d 09 22 36 3b fa 0a 44 ec af f6 3e 11 26 90 a6 01 9c a1 58 aa 97 b2 34 37 0f 22 7e 23 ca 33 e1 f0 34 3c 10 35 3f c1 60 58 13 a9 3b bb 0e 9b 78 c4 41 a2 88 2c 86 b6 5e 27 b3 30 84 9c 78 7c 80 d0 af 63 c8 87 47 f4 3e a5 3f c8 a3 8a 47 31 d8 94 cd d9 89 3c 99 f6 72 7d 61 09 87 33 c3 32 30 1b 70 22 80 d4 e0 65 21 04 8c 27 0c ac 29 7a 0f 09 b7 05 b3 69 d2 c1 6c e9 12 ca f9 90 8d 09 a7 c8 6c 94 12 e5 04 4d cb 22 5d b3 22 a5 3b 52 d0 98 78 12 Data Ascii: k}~FKl5&}D#BFrrvV`gth$xF;qU"gE#>\<oHGm"6;D>&X47"~#34<5?`X;xA,^'0x\|cG>?G1<r}a320p"e!')zillM"]";Rx
2023-10-31 15:20:32 UTC	32	IN	Data Raw: e6 44 9e 11 3b 24 a1 2b 1e fc 86 24 45 bc 98 14 27 1d 16 f6 c3 b9 e6 4a 77 29 e5 09 6b 50 d1 61 04 55 8c d8 c4 92 96 10 df 0c 11 18 e3 28 4f fb 1e 4b 16 08 b1 38 6c 97 3e 24 67 34 3b 80 d1 42 76 3c 11 e5 51 23 a1 26 03 21 bc c2 2c fb 16 02 28 24 58 fb 1d 33 1a 3d 04 58 d3 f0 15 0f 0a 45 33 1a 28 2f d0 fc 45 dc 12 d9 3f 81 27 2b 82 61 4c 90 2e a4 ce 07 8f 92 c8 99 59 27 6d 11 36 e6 5f 3f e9 58 1b 87 ef f0 6a a9 e8 9c 4e 06 41 c3 4e 1f e8 54 9a 32 5d 7d 8e 62 29 7a 12 87 08 0f 05 bd 10 87 3f 81 a5 0c a4 4b 99 7c 89 b1 32 54 28 c4 13 c9 3e 17 37 38 4c 5c 88 ff 00 b0 f3 e8 3c 47 0c 94 ac 84 37 b8 15 16 71 1d 26 09 a3 72 25 0d 19 d1 14 8c 24 19 4a 72 25 5e 24 6e c6 cd 93 43 70 38 92 8a 32 6c 6c 96 68 58 27 c1 9b f0 84 72 a4 dc 58 0b 17 26 41 64 98 f9 19 62 ed Data Ascii: D;$+$E'Jw)kPaU(OK8l>$g4;Bv<Q#&!,($X3=XE3(/E?'+aL.Y'm6_?XjNANT2]}b)z?K\|2T(>78L\<G7q&r%$Jr%^$nCp82llhX'rX&Adb
2023-10-31 15:20:32 UTC	34	IN	Data Raw: 4b 44 f4 a1 b1 2c 9b fb 39 1c 5a 0a d9 74 24 e8 49 4c 09 1a 44 9f 46 7d 14 58 47 6c 6b 20 a5 83 23 9b 42 49 94 ac 16 d0 59 c8 df b3 82 c9 bf 5b 7b 47 32 46 e8 4d a6 3f 21 ea bc 0e c8 26 b5 91 23 3d 26 5b 42 59 56 a9 8a af 45 af 93 70 3c a4 55 e3 e4 51 60 1a 1a 0c c3 28 ca 2f f6 23 55 86 47 ab c5 50 dc 35 fc 8f 49 1e 07 39 bf 41 4b 71 15 73 fb 92 3b 3e e0 75 89 04 bc c9 f6 2e c5 40 e0 90 d2 12 63 48 32 a8 e0 6a 23 5e 03 2f a8 65 1e a8 75 3f 02 42 92 4f f0 4d ac 28 19 b8 65 23 3b 2f f9 13 15 16 f8 9f 62 44 a8 0c 11 1d 89 65 07 c9 26 1a 41 a9 15 85 f3 1e 7c 3e c2 d3 a4 a3 21 23 94 24 c3 5e 5a 74 84 12 0a 2e d7 02 9b 4d 84 c5 84 47 dc 5f 62 23 80 9c 09 32 d1 df f6 27 27 0d 43 a2 e9 7f a2 9a ca e2 c6 b1 ff 00 d8 d4 1e 9c a5 ed 74 40 a3 4e 3f b2 77 85 d8 b7 85 Data Ascii: KD,9Zt$ILDF}XGlk #BIY[{G2FM?!&#=&[BYVEp<UQ`(/#UGP5I9AKqs;>u.@cH2j#^/eu?BOM(e#;/bDe&A\|>!#$^Zt.MG_b#2''Ct@N?w
2023-10-31 15:20:32 UTC	35	IN	Data Raw: e0 c3 5b 1a 44 dc cb 31 49 ff 00 73 b2 b4 da 9a 03 65 35 8e 45 a1 a8 65 16 b1 6c 92 19 db 80 90 49 c1 49 0a 9b 27 3d 09 67 21 34 55 11 27 15 1c b1 26 be 70 2c 22 00 8f 26 5b 91 a9 0a 5d d1 39 24 92 55 44 37 44 ba 6a 93 4d 0c be 10 97 63 6c 87 0d dc a7 96 d0 b5 4c a3 68 ca 6b 29 c8 ac 6e e0 47 b3 62 90 db 2c c6 81 0e c2 6d 7d ca 4e 28 90 87 2f e0 3d 84 3c db f4 2c a8 84 f2 e8 21 29 c6 16 be 08 da 92 85 52 37 1e 76 2b 18 7b 70 2d 4c eb 8d 3e d7 f4 15 22 c4 5d 29 69 2b fb 0c 6d 6e c5 4a 09 ee 79 6a 49 31 3c ae 51 2a a9 0d b8 2a 6f a3 15 d4 e5 b3 38 11 40 c9 83 bc 4b 28 15 48 e0 de 5c 08 4f 4a 79 f1 c9 47 34 95 8a 38 04 a9 4d b1 be 83 b6 a5 ee 0e 6e 1a 13 19 9a d0 47 04 53 55 29 b3 e4 9b 09 c9 02 20 59 a2 b8 6c 89 21 b7 82 7c 5a 4e 5e c2 75 22 da 12 91 5e c4 Data Ascii: [D1Ise5EelII'=g!4U'&p,"&[]9$UD7DjMclLhk)nGb,m}N(/=<,!)R7v+{p-L>"])i+mnJyjI1<Q**o8@K(H\OJyG48MnGSU) Yl!\|ZN^u"^
2023-10-31 15:20:32 UTC	36	IN	Data Raw: 79 97 e8 7e 12 70 a4 22 81 8a 20 34 f2 74 38 b0 84 a9 2e 05 5e 92 68 9e 25 9a 02 a6 24 68 a9 12 4b 0c 6a e7 11 fb 10 d5 6d 77 c0 9c 20 6c 17 44 a9 11 41 e2 b8 4b 05 e8 b4 37 23 93 13 a6 3d c9 6d 41 a3 ff da 00 0c 03 01 00 02 00 03 00 00 00 10 b4 6c c7 8f 66 ce 31 23 ff 00 6b e7 68 ab 84 bc b1 5d 09 85 34 63 d6 0e 4b 85 12 f1 5a ae 8b a1 2d 16 cd 64 f4 88 86 d8 08 3f 38 45 63 03 fb 22 69 e4 be 46 5d 6a 16 04 de 6b f4 cd 62 1e b1 19 61 c1 2c 48 bf 6e eb 0f 3c 60 6c 6f c6 bd f2 29 59 b9 68 7f d4 c8 f4 ed 95 48 b2 4e d0 ab f7 6a 42 7e 0a fc 07 1f 2c 99 b5 32 8b e3 4c 12 ea 24 23 e7 d3 1f 68 8e a7 bc bf 2c d2 41 52 e5 8b 11 3a 7c a7 af 2a 13 6e 62 05 c2 1d 00 29 c1 76 7f 4d a7 21 a2 4c 01 44 39 0f 7e 7a 16 64 48 f4 3c 35 af 2a 41 d6 50 0b 7d 48 63 8a c6 1c 5f Data Ascii: y~p" 4t8.^h%$hKjmw lDAK7#=mAlf1#kh]4cKZ-d?8Ec"iF]jkba,Hn<`lo)YhHNjB~,2L$#h,AR:\|nb)vM!LD9~zdH<5AP}Hc_
2023-10-31 15:20:32 UTC	38	IN	Data Raw: 2f 48 8c 3d 5b 2f 50 b8 a5 cb 04 86 cb 25 a1 a6 0f 74 1e e1 e2 f6 12 e2 c8 9b 97 0e c4 b8 95 96 d2 a1 de 0a 0b 35 2e 28 21 36 97 4c 3b 89 72 87 21 b4 b9 51 c7 84 ba 0b 77 2f 56 59 a4 a8 28 b9 bb 0c 34 4b bc dc b9 57 2a a3 f5 82 ad 36 c8 66 d9 22 10 5b 82 d9 82 b6 9e 89 63 98 a8 b8 a0 d0 5c 1a c1 83 52 89 79 48 db 7a 8b d6 73 09 2b 53 63 c2 a5 61 8f 51 e8 47 51 4c 37 97 04 4b 9a a0 4b 40 68 86 d8 95 38 c5 08 11 03 8c 56 3c 05 c4 72 b1 b6 c6 06 0d 51 d6 a6 de 4c 78 ce 18 ad 34 65 e4 b4 e4 b8 ee 6c 5c 71 3a 4f 79 ee 25 cd 10 8e a7 37 3d 51 29 8f db fa 0e af c1 b8 da 89 f8 fd 0b fc 84 23 70 f7 57 fb 17 f8 18 0c 5f 5c f5 f0 9d 1f 86 9c 53 84 0b 62 ad 60 d4 2c 21 e6 f4 9c ce 18 45 65 e4 a5 95 7b 0b 35 95 4c 55 b6 5f a4 34 82 13 74 4a 23 b1 a6 ff 00 e1 f7 5d 11 Data Ascii: /H=[/P%t5.(!6L;r!Qw/VY(4KW*6f"[c\RyHzs+ScaQGQL7KK@h8V<rQLx4el\q:Oy%7=Q)#pW_\Sb`,!Ee{5LU_4tJ#]
2023-10-31 15:20:32 UTC	39	IN	Data Raw: ec ef db 3e ee 9c 03 7d eb 8f 5f 2f 0f 16 a6 bc 0f 21 87 6b 18 e9 06 79 4a 14 ee fd 76 07 62 78 17 ae 61 d7 2e ce 0e cb 76 dd ce 48 87 65 ef cc 47 8b d7 99 e0 24 26 c0 8e b3 db 18 87 08 73 ec a8 e8 b6 74 e7 43 21 84 9a c3 b8 30 43 8d 2f 19 36 cb 0c ed 2e e6 a4 7c 88 b2 16 0c cb 53 cc cc 29 d5 a2 61 05 8f 5f 51 dd da c1 77 62 f5 1b 6b 0b c8 7d 5e 0d de 31 2e af 3b 98 89 b1 eb 19 c1 0c 47 e9 3d 93 ee 6c cc f2 7f 23 cf 91 e7 1d 9d 9f 73 92 6f 23 0d e9 96 2b 6d eb 7d b4 00 60 88 e3 11 e9 9c fc 9f b4 f5 2f d5 e3 2c e2 02 26 b7 d5 d5 b6 76 17 56 3c b2 ce 32 d8 6d e9 8c a1 db 93 66 4a 59 b7 21 ce ef 73 84 76 a2 75 de 08 f6 46 e7 12 31 02 d6 ce ec a2 7b 59 40 46 af 90 f6 ee e1 17 d4 75 bc 71 ed 96 59 17 d4 f2 ed a9 7a ba 3c 8c ea f2 c7 dc 85 e5 e7 2c 00 25 a7 04 Data Ascii: >}_/!kyJvbxa.vHeG$&stC!0C/6.\|S)a_Qwbk}^1.;G=l#so#+m}`/,&vV<2mfJY!svuF1{Y@FuqYz<,%
2023-10-31 15:20:32 UTC	40	IN	Data Raw: fc 26 b0 79 94 16 b0 ea 59 1a 5b 7e 13 e7 1c 9c eb 03 a3 f6 cc 8c ac 6e 1e 90 d5 f9 50 d9 d3 5c 4b f2 d7 b3 30 b1 78 e6 38 84 2f b6 90 4b 70 7f 36 1a bf e0 8d c5 db d4 4a 41 7e 62 01 9a b8 0d a0 90 df 4c 23 a0 92 37 e3 d9 96 bc 9d 2d a7 83 c4 59 08 b8 c8 7d 43 aa c2 ef b8 18 68 28 3c bd ca 97 65 39 c5 17 61 f8 52 79 8e d8 f9 57 1b f9 8a 3c 6b 9a 0e 1f 53 2c 3f 58 13 4f 99 67 bb cd 38 38 60 74 6b a9 31 fc 14 85 da 35 2e b5 67 d4 44 54 86 b7 7c d7 c5 d7 c4 50 54 7d 33 89 8d 58 5a c4 eb 75 1c 45 8a 55 b0 6a 35 82 83 27 b8 78 ab 32 f9 99 4b cb 7b 89 68 e4 b7 fc 20 01 8d 40 bb 1a 86 49 45 e6 08 b6 51 57 24 e9 b9 56 82 b9 fd 83 cc d3 ea 20 bd e6 07 83 ee 7e d9 79 fa ca 50 25 38 6f 98 42 c7 26 88 79 0f 88 ac 99 73 10 12 bc f3 2c 44 1b 7e 10 32 aa 77 67 3f 3e 22 Data Ascii: &yY[~nP\K0x8/Kp6JA~bL#7-Y}Ch(<e9aRyW<kS,?XOg88`tk15.gDT\|PT}3XZuEUj5'x2K{h @IEQW$V ~yP%8oB&ys,D~2wg?>"
2023-10-31 15:20:32 UTC	42	IN	Data Raw: 86 cd 1c b0 6b 2c ca c5 43 98 35 1c 3e 62 22 05 00 a4 aa 18 11 4e 69 94 38 0a 37 af 33 00 e5 83 87 31 95 60 29 d0 38 8e 96 68 2a dc 46 85 f4 31 0e d4 42 09 55 4c c6 e6 0b 5c 6a 08 a3 bb 07 0d 84 7c 40 d7 02 04 2d 14 ab c1 0d 6a 23 2a c9 61 fd 4b 1b 0f 1d 41 6c a4 05 c2 55 c1 64 b0 99 38 82 d5 d5 4b ac c5 c5 b4 44 07 6e 22 f0 33 70 39 a7 7d c4 d6 b9 9d de 20 6b 98 d8 26 90 1a aa 80 c2 f1 9f c8 0e b5 6d f1 78 8a a5 ed c4 01 b7 5b 87 91 24 6c 0c 91 8b 64 ad 30 5d 8b 6a 59 e1 e8 9a 65 d7 dc 64 53 88 a2 ba dc d5 6d 42 b9 d9 42 05 13 64 65 45 0a d0 e6 91 ba 30 23 74 cb 2f 9c 46 eb 19 e2 1d 41 6a fb 20 88 0a 45 d8 44 12 82 c8 e4 4f f7 19 ea 21 fc 1b 94 50 1f 36 b6 5a 8e af fc 90 1e f0 ce cc 93 1d 05 6e 1a f4 bf cf fc 2a 1d a8 43 0e 60 af 5f 10 79 70 ff 00 1f e3 Data Ascii: k,C5>b"Ni8731`)8hF1BUL\j\|@-j#aKAlUd8KDn"3p9} k&mx[$ld0]jYedSmBBdeE0#t/FAj EDO!P6Zn*C`_yp
2023-10-31 15:20:32 UTC	43	IN	Data Raw: da 52 06 8a 63 d4 d5 6a d2 cf 76 05 6a 01 96 f6 92 ac 6c ca aa ee 0f 3d c7 b2 5c fa 70 0e 17 77 17 52 b8 b6 83 cb cb e6 5d 1c 7e b1 9b 8e 17 0d e0 db 9b 5d c5 2d bc ad e6 fc 43 3c 7e a1 f3 01 ac 45 43 5f d1 88 ee 10 98 7c 91 79 88 67 70 40 c1 d5 50 54 3e e7 e1 51 f6 5c f9 2c 46 0f 0a 40 9a 9c 28 9d 5d 5f 31 01 be 63 23 2f cb e4 97 85 5e ee c5 85 b7 7b 94 70 74 73 67 0c a6 db 7a 87 c9 ee 59 ae 23 5c a5 ab ba f1 2e 28 80 bc 55 4a 20 80 80 ab bf c9 90 bb 19 6b 66 11 4d 8d 41 a6 8a 62 55 dc 55 dd fe 4a 68 d5 cb 8b 16 7d d9 10 9a d7 f7 b7 31 48 6c 5e aa 2c 4a ea 37 e6 59 e5 57 a8 2e cc 51 0c 52 c7 75 30 2c 0b dc 00 af 8e 60 50 39 88 11 9b 63 55 54 d3 0b f8 87 98 6b 93 10 5a 8b a8 42 8b 45 a8 e3 c4 ed a5 ca e6 e1 42 5d 1d 77 28 14 6c ea 24 00 35 62 b5 c7 30 8e Data Ascii: Rcjvjl=\pwR]~]-C<~EC_\|ygp@PT>Q\,F@(]_1c#/^{ptsgzY#\.(UJ kfMAbUUJh}1Hl^,J7YW.QRu0,`P9cUTkZBEB]w(l$5b0
2023-10-31 15:20:32 UTC	44	IN	Data Raw: 83 37 2e 9e e2 b1 0b bc 86 44 32 0e 9b 2d 88 40 2e af 53 fd b2 d6 2b 11 f4 49 43 00 aa 1a cb 0e b7 cc a2 19 a3 4c ea 86 e5 21 8c 28 ba 4f e5 8e 12 87 87 15 56 30 be e0 eb 7b 32 84 e3 e6 60 85 54 c7 0b 51 d0 53 6a fe e0 54 c0 6e fb 8e 1c 77 ab d4 53 b7 f1 c0 b2 9f e7 72 b3 9f 6c 19 3c 25 29 e5 94 2e 10 d0 68 17 91 e1 3a da bc 47 48 b5 0b 65 6f 7d 78 8a 99 59 b5 1d b2 d0 ca 3e 60 b9 ca 52 e5 37 ee 73 cb ba dc 36 1f 22 bf b8 26 04 41 d4 52 5a 71 0c b7 b8 46 ad f9 8b a9 45 9c de 22 15 56 5f ce 06 88 c2 dc b0 73 04 4f 33 90 e4 e5 8b 50 e5 e6 3b ce 5c c5 6e 6d bd a2 97 d0 6a 17 e8 10 4e 4e a2 a9 36 a1 5f fe cc 95 c6 dc cd b5 d4 6e 68 86 44 67 88 72 4e df dc 21 64 ba d7 1b 95 2b dc b5 54 b5 cd 58 7e e0 55 f9 36 3c b3 f1 13 18 54 66 2b 16 d4 08 b7 0a ab 40 ab f6 Data Ascii: 7.D2-@.S+ICL!(OV0{2`TQSjTnwSrl<%).h:GHeo}xY>`R7s6"&ARZqFE"V_sO3P;\nmjNN6_nhDgrN!d+TX~U6<Tf+@
2023-10-31 15:20:32 UTC	46	IN	Data Raw: ba 3b 48 54 4e 8e 35 59 1d 62 3f ee 45 97 77 93 df c6 10 b9 5d a0 aa c9 8b 35 e1 85 78 11 51 66 e6 65 a3 0d 05 6e 22 d7 51 8e 63 e2 07 04 03 1d c7 78 f5 0b 95 ac 41 45 d8 41 03 9b 7f c0 86 bd 12 bd dd cf 85 58 5b 0a 5e e5 27 61 18 80 e0 62 b5 a0 de 19 b2 c6 2a f3 26 76 f1 36 94 fa 4b b4 5c 41 00 4b 76 93 21 e7 12 97 0c 2f 10 81 6f c1 9f c8 4b 8a e4 dc db bd c5 9c 45 91 ab 9d fe 2c 43 aa 67 57 31 c0 e2 29 19 a6 1d 42 1c ea b8 9a 45 6f 72 87 32 a3 7b 80 05 ef 50 81 74 47 5e a8 55 a4 36 e2 5c db 63 37 2f 69 91 05 3b 60 50 b7 33 01 51 d2 58 3c 0f c8 d0 23 28 04 98 1c 9e 23 21 2b 2b 71 03 0e 5a 47 9f 48 3f ea fb cb 1f 11 81 dd f4 b7 ee 1f be e2 be b8 8b c1 13 d2 52 8c 45 6f dc 74 29 a8 22 e1 2a bb 78 83 e2 30 93 5c 47 d2 09 b6 70 ac b8 cc aa e4 84 04 c9 55 e0 Data Ascii: ;HTN5Yb?Ew]5xQfen"QcxAEAX[^'ab&v6K\AKv!/oKE,CgW1)BEor2{PtG^U6\c7/i;`P3QX<#(#!++qZGH?REot)"x0\GpU
2023-10-31 15:20:32 UTC	47	IN	Data Raw: 86 58 c5 50 dc b1 68 4d 3d cb b5 ac c2 56 c4 6d 06 b1 2b c2 e3 28 64 33 06 0e e3 8a 4c c5 2d a5 6e a3 6c 18 87 24 ae 85 6f 30 94 6b 27 33 59 fa 66 73 78 81 60 b4 b7 ee e6 4b 25 83 40 54 f0 35 ea 15 4c 1b 6a cf 63 a8 dd ac 5c ce 09 8e e0 6e cb c4 cf da 56 67 5a 3e 60 2d d4 05 ca 9b 39 98 4a 6d e1 d4 47 28 a6 9d a4 07 73 c0 51 fc 97 11 9f 2c 9e c2 5b 5e 62 0a 08 7a 54 c7 cb 37 e2 51 47 94 11 7d e6 55 1f b7 2a 44 7c 12 01 c0 22 a9 3e 57 cc 1a 29 7b 86 f0 0d 6a 1a 00 54 5b ee 9a cc a7 5f 10 3b 40 6f 76 c0 d6 e2 b6 b8 80 c8 83 50 d4 5a 60 db c4 a6 b4 c1 46 48 9d 10 a7 5a 8a 0b b4 87 32 55 ea e0 68 11 8b 0f 04 b0 df fd 29 8d fb 5d 7d c5 f2 b8 9d 1c 4d f0 dc 4b 42 c7 45 70 b3 98 a9 f3 67 b0 41 20 6d ea 05 73 56 c3 22 af 51 50 72 7b 95 da 0e 59 1b 45 f6 8b 8b 2c Data Ascii: XPhM=Vm+(d3L-nl$o0k'3Yfsx`K%@T5Ljc\nVgZ>`-9JmG(sQ,[^bzT7QG}U*D\|">W){jT[_;@ovPZ`FHZ2Uh)]}MKBEpgA msV"QPr{YE,
2023-10-31 15:20:32 UTC	48	IN	Data Raw: 95 ee e2 bb 2c b1 4f 54 4b 56 a0 68 b3 94 dc 36 42 b1 6e 05 89 91 f2 e1 01 62 1c 95 66 b5 8e bd f1 16 b3 54 60 7d 94 74 c4 b5 f7 81 2a a6 11 6b 26 ba 8a b0 58 b4 e4 a6 a2 ab 6e 0c b5 e3 a8 a6 02 32 9c 41 ec 0e 12 81 40 82 d0 7c 73 15 81 c8 01 bf ad 43 8b dc 14 53 fd cc 6c 05 a3 a1 5f ab 80 cb 47 e4 42 ee 6d b2 fa 8a 9c e9 ab 79 81 d7 cc 7a 16 95 1e 50 b5 f2 d7 c4 cc 09 2a d6 05 fe dc ac 2b 01 6b 79 2c fc 48 84 01 21 4b ea 3f 70 06 85 7c 1c 7b 8b 44 e4 76 27 86 62 33 94 76 cb e2 2d ac a3 e2 0e 9f 49 e3 3f 97 2a ce 52 9a d8 10 28 be b2 6d 4a 45 28 a5 a1 5b 98 8a 8b d4 45 84 1d 10 04 17 2b 72 24 23 75 b4 f2 41 a5 37 17 b9 6a 2c 1d 5c 20 8d 45 de 0e 65 d5 d6 33 6d c6 cd c5 d4 4e 53 3d ca 69 22 a9 46 23 46 05 63 2e 28 8e a0 f2 a6 74 19 7c 5c cf 7a 96 05 24 fe Data Ascii: ,OTKVh6BnbfT`}tk&Xn2A@\|sCSl_GBmyzP+ky,H!K?p\|{Dv'b3v-I?*R(mJE([E+r$#uA7j,\ Ee3mNS=i"F#Fc.(t\|\z$
2023-10-31 15:20:32 UTC	50	IN	Data Raw: e1 c9 2d 7d 53 1a ff 00 66 2c 3b e8 07 a2 29 99 f2 25 c0 0a 35 6c 35 f4 00 10 d4 3a ae a3 cb dc 37 7a 0a 72 b5 6c aa 74 b8 71 85 b1 5b 0b 21 38 05 7d b5 2d 98 54 5a f1 2f 65 47 50 86 95 77 00 79 2b 17 0d ec 95 54 f7 31 86 72 ce e5 ea 05 56 23 95 b9 b1 98 ad 99 65 5a 17 b8 65 b6 6a ab 19 8d 9a 6a 64 ad 5c cf 3c 41 9e bc c7 52 97 57 88 1b 36 71 01 c7 50 1a 65 c4 c9 6b 73 32 ef 35 04 2a 57 c0 f8 82 6d c2 ee 9a 2d 19 49 d9 34 73 29 bd d5 dd b1 ab 36 c4 02 eb a9 80 b8 c5 42 ac cd 05 46 89 79 cc 16 4e fc 4b dc c8 11 ab b5 43 27 22 c6 31 1a 14 aa ea 2e 4d 46 b2 18 95 65 67 cc 4c 3a 53 06 16 ae fc 50 82 7e 92 4b 01 5c 31 ac 98 47 0f 55 0b 1b e0 51 e0 8c 03 4d 8f 77 1b 1e 5a f3 a1 98 d4 a5 ab c2 ed 89 f0 14 b1 ca 3a 4b 25 48 30 d9 9a 8e d9 54 8a 2f b3 61 8a 2c cb Data Ascii: -}Sf,;)%5l5:7zrltq[!8}-TZ/eGPwy+T1rV#eZejjd\<ARW6qPeks25*Wm-I4s)6BFyNKC'"1.MFegL:SP~K\1GUQMwZ:K%H0T/a,
2023-10-31 15:20:32 UTC	51	IN	Data Raw: 06 9c cb 4b d4 c2 ab 77 ee 26 9a f3 31 31 dc 61 be 63 08 1e 53 b5 4f f2 64 6e 1f d1 2a d0 31 7f dc c5 f9 bf 22 af da 20 38 45 07 1a 8c a5 e0 08 d7 33 54 99 ab aa 8f 5a 62 22 e1 a9 65 1d ca 89 7a c9 11 f9 8d 30 27 61 25 7e 19 4f c3 a9 62 c5 b5 2a 1a 5d ff 00 13 c7 43 fb 85 3e 51 2e f0 9d f8 73 39 20 b4 37 34 e8 f3 71 ab 4b b2 ad 38 db 67 8d cd b4 1c 00 eb 5b e5 61 07 8c a7 c8 26 09 13 65 bf 67 0f 08 56 34 9a 63 23 0e 50 b7 ab d5 55 d6 12 e6 ad 0d 97 83 44 15 2f 8e a1 6c 7f a4 5c 8f d4 30 cd a0 a6 3f d9 1b 04 86 b6 a4 54 18 4c db 59 b7 f5 9c ca b2 17 06 83 b9 16 1f fc c2 50 bc e6 61 33 cc c8 03 94 dc 23 a1 7c 6f fa 4a 04 b6 33 b2 e8 dc 77 1a 10 26 a5 b1 99 74 d2 23 89 e4 09 8f 6a 35 f9 37 cd ee 35 b8 1d 2c 28 06 46 9a 8c 88 14 e6 e0 f3 01 73 72 5e d7 3c 47 Data Ascii: Kw&11acSOdn1" 8E3TZb"ez0'a%~Ob]C>Q.s9 74qK8g[a&egV4c#PUD/l\0?TLYPa3#\|oJ3w&t#j575,(Fsr^<G
2023-10-31 15:20:32 UTC	52	IN	Data Raw: 3b d4 b4 2d 90 6c 30 7f 4c 73 15 6e 0c ac 02 ee 5a 0a 9a d3 99 4d cb ac b3 29 af 69 89 90 9d 40 fd 26 0a f5 10 5a 96 32 ec 83 45 f5 0b 92 87 0a f2 c2 58 77 d4 a0 51 c6 33 11 a4 cd 11 f6 99 ab c4 01 86 90 ca c9 a1 1b 35 fe 2a 55 04 9e e3 6f 54 d5 81 46 69 ce a3 8a d8 3a 89 4c 58 9c 2e a6 4d a2 54 b8 6d 71 04 e2 de 65 7e 7a 44 0c 54 4e de a0 a8 db dc a1 84 75 3a e7 c4 77 a9 0b 48 18 0d 6a e7 38 54 2a 5b cd 82 1a 8a af 55 71 d2 a9 6a ab b9 de 81 67 a6 89 80 8f 98 ad 97 ac 26 e3 1a 95 92 eb b8 2b 2a 84 0d f0 ba 8f 0a 4b c8 f4 03 9e 84 09 90 e1 bb b4 f2 1e 20 b4 02 35 d8 22 c7 21 70 e9 b1 00 14 6e a3 cb 0d d6 51 65 a0 32 86 9e 27 2d 03 c6 90 67 50 60 b6 60 8d e6 52 24 ca 00 8c a2 23 90 35 4a a8 96 ee e6 9b b2 e1 28 5d e5 1d 62 eb 98 c4 42 d2 da 5f b0 15 bf 24 Data Ascii: ;-l0LsnZM)i@&Z2EXwQ35UoTFi:LX.MTmqe~zDTNu:wHj8T[Uqjg&+*K 5"!pnQe2'-gP``R$#5J(]bB_$
2023-10-31 15:20:32 UTC	54	IN	Data Raw: ab ca 09 44 e8 4e 48 04 18 47 5c dc 68 de f5 9f 12 82 f8 e5 33 44 6b c3 06 88 32 73 0f 06 2c f3 75 50 06 6e a5 6b 82 93 1c 69 1a c4 b2 cf 65 80 a5 d2 ab 11 02 f1 fe 34 62 5a 7c fa 62 c4 35 6d c7 88 ca af 1f 8a 98 08 54 6d a8 4a 18 a8 28 51 45 32 d6 6f f5 2d 49 aa ee 2b 13 cc 32 56 da ca 0a 6f 17 01 1b 5b 82 86 e1 a1 56 99 1c 54 0a 5a 98 2b 72 d7 c7 dc 72 b7 08 b0 2e a3 47 1e 65 d5 af 89 60 f2 80 31 79 99 9b 80 e7 19 62 cb 48 28 15 4a 66 01 50 e7 23 05 c9 b5 44 b7 54 f1 70 02 ac f9 44 0d 6b cc aa ae 10 c4 76 9b 83 63 3e a3 53 18 61 5d dc 51 c3 87 72 e2 f4 c4 cc 6f 11 02 d8 a8 c2 f3 44 07 98 86 ac e0 88 b0 ac 1b 21 54 b4 23 19 69 f8 c1 cc 6c 75 0e fb d4 b7 4d fc 43 30 05 b3 41 ed 59 42 88 d2 7a 13 24 04 d8 b1 4f 07 98 d4 28 5d f1 9d c0 82 af 99 c1 19 54 e1 Data Ascii: DNHG\h3Dk2s,uPnkie4bZ\|b5mTmJ(QE2o-I+2Vo[VTZ+rr.Ge`1ybH(JfP#DTpDkvc>Sa]QroD!T#iluMC0AYBz$O(]T
2023-10-31 15:20:32 UTC	55	IN	Data Raw: 05 4f 3f a6 79 9a 6d 2b 74 47 f2 4b 58 ec 2a 2e c4 e2 64 3b 5c 2a d4 30 ec c4 a1 a4 3a 28 76 c0 43 91 7e 60 15 c3 0b 6b 2c e2 3e 6b 70 65 91 6c ae 60 1b bc f8 82 d4 dc 2a e0 83 b3 98 e3 53 11 b2 d9 11 65 e7 10 0d e9 a8 43 a5 02 78 58 c3 db 15 1f 37 32 b1 67 dd 37 dc e5 f8 0e fc 17 64 15 09 0d aa ef f0 cd c2 ab 95 2e 1f e8 80 82 8e a9 2d 5e 08 23 25 11 7f 1f 33 0f 9a 36 75 52 b1 50 16 80 28 79 a8 81 94 2d 8e 39 62 d0 29 be 00 7a 8b 5d f2 ab 74 f9 3f d4 60 ca 56 c1 f1 51 1c a2 e3 18 66 8b 35 48 f3 ee 5d 02 ba 36 49 78 6b 41 f7 04 a5 b8 be 44 5f fe 60 84 24 ab 00 77 5b 62 3b 23 12 8c 72 94 71 5e c8 ac b0 aa 6c 7c bc c1 97 c5 9c 1f 30 5e 74 5d df 37 e2 5b 34 50 37 75 a8 f5 40 3f 00 74 fb 84 6c 95 97 98 46 a3 0b 50 03 ca 5b d6 00 e0 88 61 1f fa 5e a3 04 f0 03 Data Ascii: O?ym+tGKX.d;\0:(vC~`k,>kpel`*SeCxX72g7d.-^#%36uRP(y-9b)z]t?`VQf5H]6IxkAD_`$w[b;#rq^l\|0^t]7[4P7u@?tlFP[a^
2023-10-31 15:20:32 UTC	57	IN	Data Raw: 52 ec 1f 52 9c c6 a5 82 7a 5e 65 dd b1 61 ba a3 f5 a8 92 33 16 df 0c af 30 6f b8 4b 64 b7 17 cf 89 8b de 88 d2 f3 4a ae ab 70 04 6e 87 b4 a9 65 a0 8a d2 76 c3 a0 14 ca 58 5f 10 ad 29 74 2c e0 b5 fa 23 67 80 6d 30 68 ff 00 32 81 9b a6 88 2b aa 0a 56 cd b3 00 5a 5d fb 4b a2 1b 34 2f 97 88 80 87 71 c0 e1 8b 10 9f 6e 66 5c 43 ec 4c 68 08 21 ed c4 19 81 01 d0 77 70 47 29 e5 f8 cc 3a 01 22 f4 bf 12 d4 a6 a3 85 2c b6 94 0b 38 47 11 b5 2a 1b c8 8a cd 95 4f 5b 79 97 1c 05 54 c5 0c 58 b2 a6 8d db 72 f4 04 22 dd 22 4a 66 2b 63 aa cc a8 cd 42 de ab 25 fe 75 00 12 c8 1a 22 8a f8 9f 2c 94 53 51 b6 33 d2 58 1b c6 30 a3 b8 4f 09 61 69 aa a9 63 b5 a4 fe 4a 03 89 d0 ac 23 60 60 88 23 ab 28 8b 75 98 67 4a b5 44 1b c7 11 09 81 34 c7 5e 9e a3 04 fe 63 7c b1 05 b7 d1 57 39 8a Data Ascii: RRz^ea30oKdJpnevX_)t,#gm0h2+VZ]K4/qnf\CLh!wpG):",8G*O[yTXr""Jf+cB%u",SQ3X0OaicJ#``#(ugJD4^c\|W9
2023-10-31 15:20:32 UTC	58	IN	Data Raw: 35 e5 74 f5 30 e5 98 19 5c d1 02 91 b4 96 37 25 42 e3 00 fb 65 64 8e a5 51 30 ea 61 a4 5f 7d 71 5a 88 c2 6e 6f b0 f3 14 35 68 9c 48 76 71 02 5b ed 92 e3 a9 a6 18 ff 00 40 f3 32 c6 a6 a0 2e cc c3 26 cb d0 37 58 c7 79 f5 18 70 5a 61 b4 e7 ed 15 cb 54 09 a1 d0 63 29 50 92 c2 da 27 8c 3d c5 3d c9 55 c1 e2 0c 98 3a 0f 77 08 83 11 f1 66 cf 88 4d ea cc c1 cb 16 54 a4 5a 3b b8 a0 62 a3 95 a4 50 b2 ae e7 f4 7c 40 61 ab 73 5e 0f e4 44 be 32 f1 9e 33 c4 00 26 e5 07 4d 16 7a 87 63 a3 17 b1 2f 5f 52 a3 5c 50 c2 6d 95 46 c8 56 9e 1a 94 52 28 2e 6d 09 9b c4 2f 24 39 a8 4b 35 e6 e5 78 7f 70 6b 6b fe a2 1b 76 9b 9e 31 c4 44 22 92 9c 83 bf 98 da 2b 39 c1 6f 5e a2 36 c7 80 21 89 5c 42 da ad 8b 99 95 0c c8 6f 93 8a 8b 7e ec ca 16 87 f7 2e d4 56 da 86 57 ca 11 99 09 a7 d5 1c Data Ascii: 5t0\7%BedQ0a_}qZno5hHvq[@2.&7XypZaTc)P'==U:wfMTZ;bP\|@as^D23&Mzc/_R\PmFVR(.m/$9K5xpkkv1D"+9o^6!\Bo~.VW

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.4	49742	146.75.28.159	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-31 15:20:32 UTC	59	OUT	GET /favicon.ico HTTP/1.1 Host: pbs.twimg.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pbs.twimg.com/card_img/1715476623690993664/-J1Q20YC?format=jpg&name=small Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	146.75.28.159	443	192.168.2.4	49742	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-31 15:20:32 UTC	59	IN	HTTP/1.1 200 OK Connection: close Content-Length: 1150 perf: 7626143928 content-type: image/x-icon cache-control: max-age=3600, must-revalidate x-transaction-id: 3b13d1904216c0e3 strict-transport-security: max-age=631138519 X-Content-Type-Options: nosniff Accept-Ranges: bytes Date: Tue, 31 Oct 2023 15:20:32 GMT X-Cache: MISS, HIT Vary: Accept-Encoding x-tw-cdn: FT x-served-by: cache-pdk-kpdk1780123-PDK, cache-iad-kiad7000173-IAD, cache-tw-ZZZ1 Server-Timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
2023-10-31 15:20:32 UTC	60	IN	Data Raw: 00 00 01 00 01 00 10 10 00 00 01 00 20 00 68 04 00 00 16 00 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 0c ff ff ff 1f ff ff ff 1f ff ff ff 1f ff ff ff 18 ff ff ff 07 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff Data Ascii: h(

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.4	49745	146.75.28.159	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-31 15:20:33 UTC	61	OUT	GET /favicon.ico HTTP/1.1 Host: pbs.twimg.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	146.75.28.159	443	192.168.2.4	49745	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-31 15:20:33 UTC	61	IN	HTTP/1.1 200 OK Connection: close Content-Length: 1150 perf: 7626143928 content-type: image/x-icon cache-control: max-age=3600, must-revalidate x-transaction-id: 3b13d1904216c0e3 strict-transport-security: max-age=631138519 X-Content-Type-Options: nosniff Accept-Ranges: bytes Date: Tue, 31 Oct 2023 15:20:33 GMT X-Cache: MISS, HIT Vary: Accept-Encoding x-tw-cdn: FT x-served-by: cache-pdk-kpdk1780123-PDK, cache-iad-kiad7000173-IAD, cache-tw-ZZZ1 Server-Timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
2023-10-31 15:20:33 UTC	62	IN	Data Raw: 00 00 01 00 01 00 10 10 00 00 01 00 20 00 68 04 00 00 16 00 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 0c ff ff ff 1f ff ff ff 1f ff ff ff 1f ff ff ff 18 ff ff ff 07 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff Data Ascii: h(

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

Target ID:	0
Start time:	16:20:26
Start date:	31/10/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	16:20:27
Start date:	31/10/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=2008,i,9892753901427623029,17665841518712517881,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	16:20:30
Start date:	31/10/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" "https://pbs.twimg.com/card_img/1715476623690993664/-J1Q20YC?format=jpg&name=small
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-117.0.5938.132Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /card_img/1715476623690993664/-J1Q20YC?format=jpg&name=small HTTP/1.1Host: pbs.twimg.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: pbs.twimg.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pbs.twimg.com/card_img/1715476623690993664/-J1Q20YC?format=jpg&name=smallAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: pbs.twimg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=5fpvVvnfpkPPu5g&MD=G8m55Ols HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=5fpvVvnfpkPPu5g&MD=G8m55Ols HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://pbs.twimg.com/card_img/1715476623690993664/-J1Q20YC?format=jpg&name=small

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 57

Chrome Cache Entry: 58

Chrome Cache Entry: 59

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 4928, Parent PID: 4856

General

File Activities

File Opened

File Created

File Deleted

File Moved

Other File Operations

Registry Activities

Key Deleted

Key Value Deleted

Process Activities

Process Created

Windows Analysis Report
https://pbs.twimg.com/card_img/1715476623690993664/-J1Q20YC?format=jpg&name=small