Edit tour

Windows Analysis Report
EFT.html

Overview

General Information

Sample Name:	EFT.html
Analysis ID:	693884
MD5:	e31bf939bff8e529c23cd2df93914841
SHA1:	5a3dab3933ef8abf425b9a292b5c5fe20281dde2
SHA256:	8bbd2939b4e0528a773eb032ed75b6b87a07890230c697564fe1186119481c81
Infos:

Detection

HTMLPhisher

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected HtmlPhish10

IP address seen in connection with other malware

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5168 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 5548 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1932 --field-trial-handle=1660,i,10036823863339729682,14770610602174319638,131072 /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 6364 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\EFT.html MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
EFT.html	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: classification engine

Classification label: mal48.phis.winHTML@34/0@4/6

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\GoogleUpdater

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1932 --field-trial-handle=1660,i,10036823863339729682,14770610602174319638,131072 /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\EFT.html
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1932 --field-trial-handle=1660,i,10036823863339729682,14770610602174319638,131072 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\GoogleUpdater

Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	2 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	3 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	4 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	1 Ingress Tool Transfer	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
EFT.html	2%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
accounts.google.com	142.250.185.237	true	false	high
www.google.com	142.250.185.228	true	false	high
clients.l.google.com	172.217.16.142	true	false	high
ipv4.imgur.map.fastly.net	151.101.112.193	true	false	unknown
clients2.google.com	unknown	unknown	false	high
i.imgur.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
https://i.imgur.com/uounNtC.jpg	false	high
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1	false	high
https://i.imgur.com/0FXymj8.png	false	high
https://i.imgur.com/removed.png	false	high
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false	high
https://i.imgur.com/5ewTMfP.png	false	high
https://i.imgur.com/wcfR1X8.png	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://i.imgur.com/uounNtC.jpg)	EFT.html	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.228	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
151.101.112.193	ipv4.imgur.map.fastly.net	United States	54113	FASTLYUS	false
142.250.185.237	accounts.google.com	United States	15169	GOOGLEUS	false
172.217.16.142	clients.l.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	35.0.0 Citrine
Analysis ID:	693884
Start date and time:	2022-08-31 09:20:54 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 7m 3s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	EFT.html
Cookbook file name:	defaultwindowshtmlcookbook.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	22
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.phis.winHTML@34/0@4/6
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .html Adjust boot time Enable AMSI

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, WMIADAP.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.35, 34.104.35.123, 142.250.186.42
Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, client.wns.windows.com, fs.microsoft.com, edgedl.me.gvt1.com, eudb.ris.api.iris.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, img-prod-cms-rt-microsoft-com.akamaized.net, optimizationguide-pa.googleapis.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtWriteVirtualMemory calls found.

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link
239.255.255.250	e-Financials222908.htm	Get hash	malicious	Browse
	EFT.html	Get hash	malicious	Browse
	https://indd.adobe.com/view/d5de32bc-19f1-4d48-af24-65a232a9d368	Get hash	malicious	Browse
	https://app.pandadoc.com/p/45f6d75d1cfc8000e8436b20e2927586ba0fcdea???	Get hash	malicious	Browse
	http://uyv24.revolutionbyjigsaw.com/#/.#.aHR0cHM6Ly90aW1lc2hhcmUtc2VsbC5jb20vY2dpL2hhbmdsdW5nLmNvbS92ZXJhd3VAaGFuZ2x1bmcuY29t	Get hash	malicious	Browse
	http://tiersock.com/alienormagda/index.php?bladan=zzzd&L=zpO&p4UZTF=O7aDTpR&wk6hbSQAkx=pI8l&tZu1=Ff&9MM=FgPuro6Etm	Get hash	malicious	Browse
	https://aVF0WThM.kayseriyenihaber.com.tr/#OjxtZXRhIGh0dHAtZXF1aXY9InJlZnJlc2giIGNvbnRlbnQ9IjA7IHVybD1odHRwczovL2lRdFk4TC5rYXlzZXJpeWVuaWhhYmVyLmNvbS50ci9jaXNjbyNibTlqUUdKMFp5NWpieTV1ZWcwPSI+	Get hash	malicious	Browse
	https://lydixj4dsmwjx.xcacherdie.stream	Get hash	malicious	Browse
	4dzlU0beKB.exe	Get hash	malicious	Browse
	http://download-lb.utorrent.com/endpoint/hydra-ut/os/win10/track/stable/cc-tag/292/browser/chrome/os-region/US/os-lang/en/os-ver/10.0/enc-ver/111915401/	Get hash	malicious	Browse
	http://secbankfiles.com/basic.php?k=36f490d9919b4dea18ae0e3640f887a55378fd63	Get hash	malicious	Browse
	http://secbankfiles.com/basic.php?k=36f490d9919b4dea18ae0e3640f887a55378fd63	Get hash	malicious	Browse
	https://govnotifications.com/basic.php?k=19c3ac34d7267c6e32ef23b3466ec4cb5f9dd9bb	Get hash	malicious	Browse
	https://govnotifications.com/basic.php?k=19c3ac34d7267c6e32ef23b3466ec4cb5f9dd9bb	Get hash	malicious	Browse
	https://(%5B084d549b35bfe07f5fc9414e12ebc18b%5D):%%5E&$%3E+%3C@301.link/Rq#bWFyay5odWRzb25AdmlyZ2lubW9uZXl1a3BsYy5jb20=	Get hash	malicious	Browse
	https://dessoucheuse.fr//secure/link.html	Get hash	malicious	Browse
	https://cityofttcom-my.sharepoint.com/:o:/g/personal/cityofterrytown_cityoftt_com/Eo0F4GuGT9VAs70rfFtEaa8BkYISIUl4HLV-0fU3lL5wXg?e=5%3aMvtQlT&at=9	Get hash	malicious	Browse
	https://cntr.click/1GH4ApC	Get hash	malicious	Browse
	https://ipfs.io/ipfs/QmWCS5kVEh2SoUdvVPPiiiYFjExPCNazzXXvn2xaWyMkYf?filename=index.html#	Get hash	malicious	Browse
	https://patifilestore-secondary.z13.web.core.windows.net/	Get hash	malicious	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
ipv4.imgur.map.fastly.net	EFT.html	Get hash	malicious	Browse	151.101.112.193
	FACT 220488.html	Get hash	malicious	Browse	151.101.112.193
	https://www.evernote.com/shard/s686/sh/720dc5d4-150e-9cfc-029c-4f9665155ae3/30c305471862dbfef0c50de0fe552a0c	Get hash	malicious	Browse	151.101.12.193
	https://lacrossinc.com/protectedmessage.html	Get hash	malicious	Browse	151.101.112.193
	Remittance-608-pdf.htm	Get hash	malicious	Browse	151.101.112.193
	Document.htm	Get hash	malicious	Browse	151.101.12.193
	https://mighty-fortress-14913.herokuapp.com/#scott@csipaints.com&d=DwMFAw	Get hash	malicious	Browse	151.101.112.193
	rodriguez.dangerfield@mylrh.org.html	Get hash	malicious	Browse	151.101.12.193
	voicemail_wireless caller70284000.HTM	Get hash	malicious	Browse	151.101.112.193
	https://faxdocument1-secondary.z13.web.core.windows.net	Get hash	malicious	Browse	151.101.12.193
	https://pvcreationn-expeurbf4-online.hostingerapp.com/a2a	Get hash	malicious	Browse	151.101.12.193
	E-Contact Form.Htm	Get hash	malicious	Browse	151.101.12.193
	voicemail_wireless caller70284000.HTM	Get hash	malicious	Browse	151.101.112.193
	Hanglung draft_clean_version_8n7s_03 August, 2022.html	Get hash	malicious	Browse	151.101.112.193
	https://docgenerated-online.hostingerapp.com/home	Get hash	malicious	Browse	151.101.112.193
	asim5528 BACS Remittance Advise.hta	Get hash	malicious	Browse	151.101.112.193
	http://ska-lv.9129.omnistonegroup.com/#info@ska-lv.de	Get hash	malicious	Browse	151.101.12.193
	http://ska-lv.9129.omnistonegroup.com/#info@ska-lv.de	Get hash	malicious	Browse	151.101.12.193
	PO88272AA.html	Get hash	malicious	Browse	151.101.112.193
	https://click.smartsheet.com/f/a/kEE30rALh2f2BdNFUt9HPA~~/AARF7wA~/RgRkzKKdP0UIZG93bmxvYWREV2h0dHBzOi8vYXBwLnNtYXJ0c2hlZXQuY29tL2IvZG93bmxvYWQvYXR0LzEvNjU1Mjg2NzQ4Mjk1MzYwNC9jZjBpMnlkdm5wa2Z6ZXExZWpoemF0cjljcFcDc3BjQgpi6Z4d6mJjyWSKUhNnam9obnN0b0BoeWNpdGUuY29tWAQAAAAA	Get hash	malicious	Browse	151.101.12.193

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
FASTLYUS	EFT.html	Get hash	malicious	Browse	151.101.112.193
	S2VMK4RNcO.exe	Get hash	malicious	Browse	185.199.108.133
	aEMSIAZE79.exe	Get hash	malicious	Browse	151.101.1.211
	https://t.co/z2onJ9k2bR	Get hash	malicious	Browse	151.101.2.137
	file.exe	Get hash	malicious	Browse	185.199.110.133
	FACT 220488.html	Get hash	malicious	Browse	151.101.129.46
	http://pdf-sharefile-66dx.squarespace.com/	Get hash	malicious	Browse	151.101.0.238
	file.exe	Get hash	malicious	Browse	185.199.108.133
	file.exe	Get hash	malicious	Browse	185.199.109.133
	http://pdf-sharefile-66dx.squarespace.com/	Get hash	malicious	Browse	151.101.0.238
	https://reviewkhachsan.com/user1/alibaba/Alibaba/ali/app/Login.php	Get hash	malicious	Browse	199.232.136.157
	https://www.evernote.com/shard/s686/sh/720dc5d4-150e-9cfc-029c-4f9665155ae3/30c305471862dbfef0c50de0fe552a0c	Get hash	malicious	Browse	185.199.108.153
	http://www.247careersforfresher.net	Get hash	malicious	Browse	199.232.136.159
	https://paper.li/rfrDHS6pmUFqom5Zulv1H/story/awt-environmental-services-inc-aM7H5Yj7hUNPooxImDuGQ	Get hash	malicious	Browse	199.232.188.159
	file.exe	Get hash	malicious	Browse	185.199.109.133
	https://lacrossinc.com/protectedmessage.html	Get hash	malicious	Browse	151.101.112.193
	REQUEST FOR QUOTE (SUPPLIES).exe	Get hash	malicious	Browse	151.101.1.211
	file.exe	Get hash	malicious	Browse	185.199.108.133
	https://www.718dorothymortgage.com/	Get hash	malicious	Browse	151.101.1.46
	KaDWE3q2Ri.exe	Get hash	malicious	Browse	185.199.109.133

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	HTML document, ASCII text, with CRLF line terminators
Entropy (8bit):	5.333448073442888
TrID:	HyperText Markup Language (15015/1) 100.00%
File name:	EFT.html
File size:	3512
MD5:	e31bf939bff8e529c23cd2df93914841
SHA1:	5a3dab3933ef8abf425b9a292b5c5fe20281dde2
SHA256:	8bbd2939b4e0528a773eb032ed75b6b87a07890230c697564fe1186119481c81
SHA512:	f6f315562b8e89de83f7e66f9d85450eba959f2542f0265db45f25c21cf8b63a595d109d0b8927a93a5cb19d0526f9328a259d9dfb75520d297d8818ff7839f8
SSDEEP:	96:M2hGTLJzXbp5nVdG9Sxr8Lou8vntsYhe/uQrVg81RuyPU4u/K:vhGTVzXbp5nZRSKtsYho1rVg81fs4/
TLSH:	737110538192BCDED63680B0E2908BDDC3D347115332C980A5236A7FEDC9865DAB76AC
File Content Preview:	<!DOCTYPE html>..<head>..<meta name="viewport" content="width=device-width, initial-scale=1.0"/>..<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />..<link rel="stylesheet" type="text/css" href="/resp.css">..<title>Microdrive Excel onli

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 31, 2022 09:22:00.308640003 CEST	49715	443	192.168.2.7	142.250.185.237
Aug 31, 2022 09:22:00.308705091 CEST	443	49715	142.250.185.237	192.168.2.7
Aug 31, 2022 09:22:00.308810949 CEST	49715	443	192.168.2.7	142.250.185.237
Aug 31, 2022 09:22:00.309426069 CEST	49715	443	192.168.2.7	142.250.185.237
Aug 31, 2022 09:22:00.309446096 CEST	443	49715	142.250.185.237	192.168.2.7
Aug 31, 2022 09:22:00.337733030 CEST	49717	443	192.168.2.7	172.217.16.142
Aug 31, 2022 09:22:00.337779045 CEST	443	49717	172.217.16.142	192.168.2.7
Aug 31, 2022 09:22:00.337892056 CEST	49717	443	192.168.2.7	172.217.16.142
Aug 31, 2022 09:22:00.338124990 CEST	49717	443	192.168.2.7	172.217.16.142
Aug 31, 2022 09:22:00.338136911 CEST	443	49717	172.217.16.142	192.168.2.7
Aug 31, 2022 09:22:00.364285946 CEST	443	49715	142.250.185.237	192.168.2.7
Aug 31, 2022 09:22:00.364746094 CEST	49715	443	192.168.2.7	142.250.185.237
Aug 31, 2022 09:22:00.364800930 CEST	443	49715	142.250.185.237	192.168.2.7
Aug 31, 2022 09:22:00.367789984 CEST	443	49715	142.250.185.237	192.168.2.7
Aug 31, 2022 09:22:00.367892981 CEST	49715	443	192.168.2.7	142.250.185.237
Aug 31, 2022 09:22:00.392947912 CEST	443	49717	172.217.16.142	192.168.2.7
Aug 31, 2022 09:22:00.395252943 CEST	49717	443	192.168.2.7	172.217.16.142
Aug 31, 2022 09:22:00.395299911 CEST	443	49717	172.217.16.142	192.168.2.7
Aug 31, 2022 09:22:00.396039009 CEST	443	49717	172.217.16.142	192.168.2.7
Aug 31, 2022 09:22:00.396107912 CEST	49717	443	192.168.2.7	172.217.16.142
Aug 31, 2022 09:22:00.397960901 CEST	443	49717	172.217.16.142	192.168.2.7
Aug 31, 2022 09:22:00.398094893 CEST	49717	443	192.168.2.7	172.217.16.142
Aug 31, 2022 09:22:00.653598070 CEST	49717	443	192.168.2.7	172.217.16.142
Aug 31, 2022 09:22:00.653796911 CEST	443	49717	172.217.16.142	192.168.2.7
Aug 31, 2022 09:22:00.654154062 CEST	49717	443	192.168.2.7	172.217.16.142
Aug 31, 2022 09:22:00.654175997 CEST	443	49717	172.217.16.142	192.168.2.7
Aug 31, 2022 09:22:00.654403925 CEST	49715	443	192.168.2.7	142.250.185.237
Aug 31, 2022 09:22:00.654562950 CEST	49715	443	192.168.2.7	142.250.185.237
Aug 31, 2022 09:22:00.654577017 CEST	443	49715	142.250.185.237	192.168.2.7
Aug 31, 2022 09:22:00.654625893 CEST	443	49715	142.250.185.237	192.168.2.7
Aug 31, 2022 09:22:00.685617924 CEST	443	49717	172.217.16.142	192.168.2.7
Aug 31, 2022 09:22:00.685745955 CEST	49717	443	192.168.2.7	172.217.16.142
Aug 31, 2022 09:22:00.685805082 CEST	443	49717	172.217.16.142	192.168.2.7
Aug 31, 2022 09:22:00.685926914 CEST	443	49717	172.217.16.142	192.168.2.7
Aug 31, 2022 09:22:00.686005116 CEST	49717	443	192.168.2.7	172.217.16.142
Aug 31, 2022 09:22:00.687818050 CEST	49717	443	192.168.2.7	172.217.16.142
Aug 31, 2022 09:22:00.687849045 CEST	443	49717	172.217.16.142	192.168.2.7
Aug 31, 2022 09:22:00.699255943 CEST	49715	443	192.168.2.7	142.250.185.237
Aug 31, 2022 09:22:00.699335098 CEST	443	49715	142.250.185.237	192.168.2.7
Aug 31, 2022 09:22:00.704380035 CEST	443	49715	142.250.185.237	192.168.2.7
Aug 31, 2022 09:22:00.704509974 CEST	443	49715	142.250.185.237	192.168.2.7
Aug 31, 2022 09:22:00.704562902 CEST	49715	443	192.168.2.7	142.250.185.237
Aug 31, 2022 09:22:00.704608917 CEST	49715	443	192.168.2.7	142.250.185.237
Aug 31, 2022 09:22:00.706464052 CEST	49715	443	192.168.2.7	142.250.185.237
Aug 31, 2022 09:22:00.706522942 CEST	443	49715	142.250.185.237	192.168.2.7
Aug 31, 2022 09:22:03.896265984 CEST	49719	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:03.896320105 CEST	443	49719	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:03.896434069 CEST	49719	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:03.918467999 CEST	49720	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:03.918560028 CEST	443	49720	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:03.918684959 CEST	49720	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:03.920886040 CEST	49721	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:03.920938015 CEST	443	49721	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:03.921032906 CEST	49721	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:03.921371937 CEST	49719	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:03.921412945 CEST	443	49719	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:03.921637058 CEST	49720	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:03.921686888 CEST	443	49720	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:03.921829939 CEST	49721	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:03.921854019 CEST	443	49721	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:03.931895971 CEST	49722	443	192.168.2.7	142.250.185.228
Aug 31, 2022 09:22:03.931952953 CEST	443	49722	142.250.185.228	192.168.2.7
Aug 31, 2022 09:22:03.932085037 CEST	49722	443	192.168.2.7	142.250.185.228
Aug 31, 2022 09:22:03.953185081 CEST	49722	443	192.168.2.7	142.250.185.228
Aug 31, 2022 09:22:03.953227043 CEST	443	49722	142.250.185.228	192.168.2.7
Aug 31, 2022 09:22:03.989376068 CEST	443	49721	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:03.992017031 CEST	443	49719	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:03.994687080 CEST	443	49720	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.002873898 CEST	443	49722	142.250.185.228	192.168.2.7
Aug 31, 2022 09:22:04.015458107 CEST	49721	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:04.015491962 CEST	443	49721	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.015799999 CEST	49719	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:04.015835047 CEST	443	49719	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.016024113 CEST	49720	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:04.016057968 CEST	443	49720	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.016180038 CEST	49722	443	192.168.2.7	142.250.185.228
Aug 31, 2022 09:22:04.016213894 CEST	443	49722	142.250.185.228	192.168.2.7
Aug 31, 2022 09:22:04.016683102 CEST	443	49721	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.016856909 CEST	49721	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:04.017010927 CEST	443	49719	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.017087936 CEST	49719	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:04.017855883 CEST	443	49722	142.250.185.228	192.168.2.7
Aug 31, 2022 09:22:04.017966032 CEST	49722	443	192.168.2.7	142.250.185.228
Aug 31, 2022 09:22:04.017977953 CEST	443	49720	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.018079996 CEST	49720	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:04.049252987 CEST	49721	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:04.049462080 CEST	443	49721	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.052197933 CEST	49721	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:04.052227974 CEST	443	49721	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.052799940 CEST	49720	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:04.053127050 CEST	443	49720	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.053162098 CEST	49720	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:04.053335905 CEST	49719	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:04.053565979 CEST	443	49719	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.055541039 CEST	49719	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:04.055594921 CEST	443	49719	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.055717945 CEST	49722	443	192.168.2.7	142.250.185.228
Aug 31, 2022 09:22:04.056006908 CEST	443	49722	142.250.185.228	192.168.2.7
Aug 31, 2022 09:22:04.078412056 CEST	443	49719	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.078500032 CEST	443	49719	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.078562021 CEST	49719	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:04.078568935 CEST	443	49719	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.078598976 CEST	443	49719	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.078696966 CEST	49719	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:04.078737020 CEST	443	49719	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.078808069 CEST	49719	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:04.078810930 CEST	443	49719	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.078834057 CEST	443	49719	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.078953981 CEST	49719	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:04.078974962 CEST	443	49719	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.079673052 CEST	443	49719	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.079788923 CEST	49719	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:04.079813957 CEST	443	49719	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.081207991 CEST	443	49719	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.081283092 CEST	443	49719	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.081346035 CEST	443	49719	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.081376076 CEST	49719	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:04.081399918 CEST	443	49719	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.081428051 CEST	49719	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:04.082024097 CEST	443	49719	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.082119942 CEST	49719	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:04.082142115 CEST	443	49719	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.082798004 CEST	443	49719	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.082880020 CEST	49719	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:04.082901955 CEST	443	49719	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.084382057 CEST	443	49719	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.084465027 CEST	443	49719	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.084492922 CEST	49719	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:04.084512949 CEST	443	49719	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.084582090 CEST	49719	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:04.085200071 CEST	443	49719	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.086059093 CEST	443	49719	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.086163044 CEST	49719	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:04.086178064 CEST	443	49719	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.086210966 CEST	443	49719	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.086317062 CEST	49719	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:04.086915970 CEST	443	49719	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.087668896 CEST	443	49719	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.087755919 CEST	443	49719	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.087771893 CEST	49719	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:04.087796926 CEST	443	49719	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.087874889 CEST	49719	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:04.094063997 CEST	49720	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:04.094091892 CEST	443	49720	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.097716093 CEST	443	49719	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.097944021 CEST	443	49719	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.098045111 CEST	443	49719	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.098081112 CEST	49719	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:04.098114014 CEST	443	49719	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.098181963 CEST	49719	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:04.098195076 CEST	443	49719	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.098808050 CEST	443	49719	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.098893881 CEST	49719	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:04.098906994 CEST	443	49719	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.098982096 CEST	443	49719	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.099056005 CEST	49719	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:04.170270920 CEST	443	49720	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.170452118 CEST	49720	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:04.173609972 CEST	49721	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:04.176930904 CEST	443	49721	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.177033901 CEST	443	49721	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.177117109 CEST	49721	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:04.194386959 CEST	49719	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:04.194422960 CEST	443	49719	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.239661932 CEST	49720	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:04.239706039 CEST	443	49720	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.240278006 CEST	49721	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:04.240334034 CEST	443	49721	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.259073019 CEST	49723	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:04.259147882 CEST	443	49723	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.259289980 CEST	49723	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:04.259623051 CEST	49723	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:04.259658098 CEST	443	49723	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.267401934 CEST	443	49722	142.250.185.228	192.168.2.7
Aug 31, 2022 09:22:04.267559052 CEST	49722	443	192.168.2.7	142.250.185.228
Aug 31, 2022 09:22:04.302232027 CEST	443	49723	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.303244114 CEST	49723	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:04.303282022 CEST	443	49723	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.304006100 CEST	443	49723	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.304755926 CEST	49723	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:04.304936886 CEST	443	49723	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.304940939 CEST	49723	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:04.340245962 CEST	443	49723	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.340393066 CEST	49723	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:04.365926981 CEST	49723	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:04.365963936 CEST	443	49723	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.384031057 CEST	49725	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:04.384076118 CEST	443	49725	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.384179115 CEST	49725	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:04.384418964 CEST	49725	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:04.384440899 CEST	443	49725	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.429052114 CEST	443	49725	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.429460049 CEST	49725	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:04.429490089 CEST	443	49725	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.430162907 CEST	443	49725	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.431998014 CEST	49725	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:04.432152987 CEST	49725	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:04.432166100 CEST	443	49725	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.432188988 CEST	443	49725	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.486587048 CEST	49725	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:04.584907055 CEST	443	49725	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.585026979 CEST	443	49725	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:04.585139990 CEST	49725	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:04.586756945 CEST	49725	443	192.168.2.7	151.101.112.193
Aug 31, 2022 09:22:04.586796045 CEST	443	49725	151.101.112.193	192.168.2.7
Aug 31, 2022 09:22:13.996633053 CEST	443	49722	142.250.185.228	192.168.2.7
Aug 31, 2022 09:22:13.996747017 CEST	443	49722	142.250.185.228	192.168.2.7
Aug 31, 2022 09:22:13.996866941 CEST	49722	443	192.168.2.7	142.250.185.228
Aug 31, 2022 09:22:16.421618938 CEST	49722	443	192.168.2.7	142.250.185.228
Aug 31, 2022 09:22:16.421655893 CEST	443	49722	142.250.185.228	192.168.2.7
Aug 31, 2022 09:23:03.409148932 CEST	49756	443	192.168.2.7	142.250.185.228
Aug 31, 2022 09:23:03.409213066 CEST	443	49756	142.250.185.228	192.168.2.7
Aug 31, 2022 09:23:03.409445047 CEST	49756	443	192.168.2.7	142.250.185.228
Aug 31, 2022 09:23:03.409959078 CEST	49756	443	192.168.2.7	142.250.185.228
Aug 31, 2022 09:23:03.409987926 CEST	443	49756	142.250.185.228	192.168.2.7
Aug 31, 2022 09:23:03.459579945 CEST	443	49756	142.250.185.228	192.168.2.7
Aug 31, 2022 09:23:03.471523046 CEST	49756	443	192.168.2.7	142.250.185.228
Aug 31, 2022 09:23:03.471571922 CEST	443	49756	142.250.185.228	192.168.2.7
Aug 31, 2022 09:23:03.472197056 CEST	443	49756	142.250.185.228	192.168.2.7
Aug 31, 2022 09:23:03.510030031 CEST	49756	443	192.168.2.7	142.250.185.228
Aug 31, 2022 09:23:03.510343075 CEST	443	49756	142.250.185.228	192.168.2.7
Aug 31, 2022 09:23:03.610650063 CEST	49756	443	192.168.2.7	142.250.185.228
Aug 31, 2022 09:23:13.451385975 CEST	443	49756	142.250.185.228	192.168.2.7
Aug 31, 2022 09:23:13.451519966 CEST	443	49756	142.250.185.228	192.168.2.7
Aug 31, 2022 09:23:13.451596022 CEST	49756	443	192.168.2.7	142.250.185.228
Aug 31, 2022 09:23:58.461325884 CEST	49756	443	192.168.2.7	142.250.185.228
Aug 31, 2022 09:23:58.461374044 CEST	443	49756	142.250.185.228	192.168.2.7
Aug 31, 2022 09:24:43.472420931 CEST	49756	443	192.168.2.7	142.250.185.228
Aug 31, 2022 09:24:43.472459078 CEST	443	49756	142.250.185.228	192.168.2.7

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 31, 2022 09:22:00.177510023 CEST	63926	53	192.168.2.7	8.8.8.8
Aug 31, 2022 09:22:00.178924084 CEST	53336	53	192.168.2.7	8.8.8.8
Aug 31, 2022 09:22:00.197315931 CEST	53	63926	8.8.8.8	192.168.2.7
Aug 31, 2022 09:22:00.206576109 CEST	53	53336	8.8.8.8	192.168.2.7
Aug 31, 2022 09:22:03.765949965 CEST	50024	53	192.168.2.7	8.8.8.8
Aug 31, 2022 09:22:03.785408020 CEST	53	50024	8.8.8.8	192.168.2.7
Aug 31, 2022 09:22:03.864494085 CEST	49516	53	192.168.2.7	8.8.8.8
Aug 31, 2022 09:22:03.884186983 CEST	53	49516	8.8.8.8	192.168.2.7

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Aug 31, 2022 09:22:00.177510023 CEST	192.168.2.7	8.8.8.8	0x938f	Standard query (0)	accounts.google.com	A (IP address)	IN (0x0001)
Aug 31, 2022 09:22:00.178924084 CEST	192.168.2.7	8.8.8.8	0x3cc	Standard query (0)	clients2.google.com	A (IP address)	IN (0x0001)
Aug 31, 2022 09:22:03.765949965 CEST	192.168.2.7	8.8.8.8	0xac70	Standard query (0)	i.imgur.com	A (IP address)	IN (0x0001)
Aug 31, 2022 09:22:03.864494085 CEST	192.168.2.7	8.8.8.8	0xc8bf	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Aug 31, 2022 09:22:00.197315931 CEST	8.8.8.8	192.168.2.7	0x938f	No error (0)	accounts.google.com		142.250.185.237	A (IP address)	IN (0x0001)
Aug 31, 2022 09:22:00.206576109 CEST	8.8.8.8	192.168.2.7	0x3cc	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)
Aug 31, 2022 09:22:00.206576109 CEST	8.8.8.8	192.168.2.7	0x3cc	No error (0)	clients.l.google.com		172.217.16.142	A (IP address)	IN (0x0001)
Aug 31, 2022 09:22:03.785408020 CEST	8.8.8.8	192.168.2.7	0xac70	No error (0)	i.imgur.com	ipv4.imgur.map.fastly.net		CNAME (Canonical name)	IN (0x0001)
Aug 31, 2022 09:22:03.785408020 CEST	8.8.8.8	192.168.2.7	0xac70	No error (0)	ipv4.imgur.map.fastly.net		151.101.112.193	A (IP address)	IN (0x0001)
Aug 31, 2022 09:22:03.884186983 CEST	8.8.8.8	192.168.2.7	0xc8bf	No error (0)	www.google.com		142.250.185.228	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

clients2.google.com

accounts.google.com

i.imgur.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.7	49717	172.217.16.142	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2022-08-31 07:22:00 UTC	0	OUT	GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1 Host: clients2.google.com Connection: keep-alive X-Goog-Update-Interactivity: fg X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda X-Goog-Update-Updater: chromecrx-104.0.5112.81 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2022-08-31 07:22:00 UTC	1	IN	HTTP/1.1 200 OK Content-Security-Policy: script-src 'report-sample' 'nonce-a1zZ6hwJMXWucXWThEmGHw' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Wed, 31 Aug 2022 07:22:00 GMT Content-Type: text/xml; charset=UTF-8 X-Daynum: 5721 X-Daystart: 1320 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2022-08-31 07:22:00 UTC	2	IN	Data Raw: 32 63 38 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 35 37 32 31 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 31 33 32 30 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 20 Data Ascii: 2c8<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="5721" elapsed_seconds="1320"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
2022-08-31 07:22:00 UTC	2	IN	Data Raw: 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 2e 63 72 78 22 20 66 70 3d 22 31 2e 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 Data Ascii: kkegccagdldgiimedpiccmgmieda.crx" fp="1.81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gup
2022-08-31 07:22:00 UTC	2	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.7	49715	142.250.185.237	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2022-08-31 07:22:00 UTC	0	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2022-08-31 07:22:00 UTC	1	OUT	Data Raw: 20 Data Ascii:
2022-08-31 07:22:00 UTC	2	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Access-Control-Allow-Origin: https://www.google.com Access-Control-Allow-Credentials: true X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Wed, 31 Aug 2022 07:22:00 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Content-Security-Policy: script-src 'report-sample' 'nonce-8seDsKtJ9aHKWZCyi_PPCw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport Cross-Origin-Opener-Policy: same-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-platform=, ch-ua-platform-version=* Server: ESF X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2022-08-31 07:22:00 UTC	4	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2022-08-31 07:22:00 UTC	4	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.7	49721	151.101.112.193	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2022-08-31 07:22:04 UTC	4	OUT	GET /5ewTMfP.png HTTP/1.1 Host: i.imgur.com Connection: keep-alive sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2022-08-31 07:22:04 UTC	52	IN	HTTP/1.1 302 Moved Temporarily Connection: close Content-Length: 0 Retry-After: 0 Location: https://i.imgur.com/removed.png Accept-Ranges: bytes Date: Wed, 31 Aug 2022 07:22:04 GMT Age: 0 X-Served-By: cache-iad-kjyo7100033-IAD, cache-hhn4026-HHN X-Cache: HIT, MISS X-Cache-Hits: 0, 0 X-Timer: S1661930524.059793,VS0,VE104 Strict-Transport-Security: max-age=300 Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Origin: * Server: cat factory 1.0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.7	49720	151.101.112.193	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2022-08-31 07:22:04 UTC	4	OUT	GET /wcfR1X8.png HTTP/1.1 Host: i.imgur.com Connection: keep-alive sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2022-08-31 07:22:04 UTC	52	IN	HTTP/1.1 302 Moved Temporarily Connection: close Content-Length: 0 Retry-After: 0 Location: https://i.imgur.com/removed.png Accept-Ranges: bytes Date: Wed, 31 Aug 2022 07:22:04 GMT Age: 0 X-Served-By: cache-iad-kcgs7200030-IAD, cache-hhn4024-HHN X-Cache: HIT, MISS X-Cache-Hits: 0, 0 X-Timer: S1661930524.059979,VS0,VE97 Strict-Transport-Security: max-age=300 Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Origin: * Server: cat factory 1.0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.7	49719	151.101.112.193	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2022-08-31 07:22:04 UTC	5	OUT	GET /uounNtC.jpg HTTP/1.1 Host: i.imgur.com Connection: keep-alive sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2022-08-31 07:22:04 UTC	5	IN	HTTP/1.1 200 OK Connection: close Content-Length: 47034 Last-Modified: Wed, 25 Jul 2018 11:29:17 GMT ETag: "5c79ac97452cfa23762c22c5496a09e7" Content-Type: image/jpeg cache-control: public, max-age=31536000 Accept-Ranges: bytes Date: Wed, 31 Aug 2022 07:22:04 GMT Age: 44182 X-Served-By: cache-iad-kjyo7100171-IAD, cache-hhn4038-HHN X-Cache: HIT, HIT X-Cache-Hits: 1, 1 X-Timer: S1661930524.062082,VS0,VE1 Strict-Transport-Security: max-age=300 Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Origin: * Server: cat factory 1.0 X-Content-Type-Options: nosniff
2022-08-31 07:22:04 UTC	6	IN	Data Raw: ff d8 ff fe 00 34 4f 70 74 69 6d 69 7a 65 64 20 62 79 20 4a 50 45 47 6d 69 6e 69 20 33 2e 31 34 2e 31 34 2e 37 32 36 37 30 38 36 30 20 30 78 30 61 31 62 64 64 36 36 00 ff db 00 43 00 0d 08 08 0e 0a 0e 17 0d 0d 17 1c 16 11 16 1c 23 1e 1c 1c 1e 23 25 2f 31 19 35 47 45 48 44 41 3b 40 3f 48 53 66 57 48 4d 61 4e 3f 40 59 77 5a 61 69 6c 71 72 71 46 56 7c 84 7b 6e 83 66 6f 71 6d ff db 00 43 01 0e 0e 0e 12 1d 12 3e 23 23 3e 71 4c 41 4c 71 71 6e 6e 6e 6e 71 6f 6d 6d 6d 6d 6d 6f 6f 6d 6d 6d 6d 6d 6d 6f 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d 6d ff c0 00 11 08 03 5d 06 40 03 01 22 00 02 11 01 03 11 01 ff c4 00 1b 00 01 00 03 01 01 01 01 00 00 00 00 00 00 00 00 00 00 01 02 04 03 05 06 07 ff c4 00 2c 10 00 02 01 04 02 03 00 02 Data Ascii: 4Optimized by JPEGmini 3.14.14.72670860 0x0a1bdd66C##%/15GEHDA;@?HSfWHMaN?@YwZailqrqFV\|{nfoqmC>##>qLALqqnnnnqommmmmoommmmmmommmmmmmmmmmmmmmmmmmmmmmmmmmm]@",
2022-08-31 07:22:04 UTC	7	IN	Data Raw: 1c 38 7d 14 95 b6 4d 40 0c 9d 62 7a e6 a0 06 47 6c 47 54 d8 00 c7 d5 2d 1b 6c 1a 80 1c 1d 2f 45 1d 03 50 03 1c a8 1c 9d a9 e8 6a 35 40 61 8d a9 3d 63 6e a8 6a 06 35 6e 5e 9d 0c 33 4e a0 0e 33 a5 92 9d 63 50 03 2f 58 3b 5c 9a 80 19 55 b6 09 e0 34 80 32 bb 6c 85 43 06 a0 06 57 6d 91 1b 7c 1a 80 1c 5c 3d 1c f8 4d 44 6a 06 67 43 23 ae 6a 00 65 95 b9 cf ad ec dc 46 a0 64 ea 92 ad 4d 60 0c 9d 51 d6 35 80 31 bb 62 61 47 0c d4 e2 46 a0 71 95 1c 95 eb 1a 49 03 2f 58 87 6d 93 58 03 1f 57 07 4a 74 f0 68 00 53 52 b3 a7 93 a8 03 2b b6 c8 eb 1a 80 19 7a e1 db 9a 80 19 3a c3 ac 6b 00 65 56 d8 25 d0 ca 34 80 32 f5 87 5c d4 00 c9 d6 3a d2 a5 a9 d8 00 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 8}M@bzGlGT-l/EPj5@a=cnj5n^3N3cP/X;\U42lCWm\|\=MDjgC#jeFdM`Q51baGFqI/XmXWJthSR+z:keV%42\:$
2022-08-31 07:22:04 UTC	9	IN	Data Raw: 38 91 1c 31 34 68 4e 80 66 e0 89 78 c1 44 ed a1 1a 01 0a 43 72 74 27 40 2b b9 59 7e 45 f4 1a 01 c3 89 11 c3 13 be 84 e8 06 7e 18 9d 23 88 9d 34 27 40 2b b8 dc 38 91 e8 9a 1b 94 94 53 2f e8 7a 1b 07 27 49 0e 24 76 d4 9d 06 8e 1c 48 71 23 46 83 42 8e 31 8a 89 75 22 fc 63 40 2b b8 dc b6 83 40 28 fd 94 70 4c ed c6 38 c0 cf c4 87 12 34 71 8d 00 e7 1c 44 b6 c5 b4 1a 01 5d c6 e4 e8 35 26 88 dc 6e 5b 41 c6 51 5d c6 e5 b8 c7 18 15 dc 6e 5b 8c 71 81 5d c6 e5 b8 c7 18 15 dc 6e 5b 8c 71 81 5d c6 e5 b8 c7 18 15 dc 6e 5b 8c 68 05 77 1b 93 a0 d0 08 dc 6e 4e 84 e8 05 77 1b 96 d0 68 05 77 1b 96 d0 68 05 77 1b 96 d0 68 05 77 1b 96 d0 68 05 77 1b 96 d0 68 05 77 1b 96 d0 68 05 77 1b 96 d0 68 05 77 1b 96 d0 68 05 77 1b 93 a1 1a 00 dc 6e 4e 84 e8 05 77 1b 92 e2 72 9e 10 17 e4 Data Ascii: 814hNfxDCrt'@+Y~E~#4'@+8S/z'I$vHq#FB1u"c@+@(pL84qD]5&n[AQ]n[q]n[q]n[hwnNwhwhwhwhwhwhwhwhwnNwr
2022-08-31 07:22:04 UTC	10	IN	Data Raw: e3 42 a3 4c f4 2c ea e5 9c fc 9c e3 a7 35 eb c7 e0 2b 4f da 24 e4 db 85 7c a3 24 ea b8 9b ea 45 33 ce bb 8e 3e 16 21 d8 34 53 bb 4b eb 3c df 78 32 d5 ab 38 bf 46 f9 e3 58 b5 f4 11 bc 8b fd 9a 29 d4 52 f8 7c b5 1b 8a 99 3d df 1f 36 d7 b1 df 18 b3 a6 e9 7c 31 57 93 4c dd fa 32 d7 8a 67 38 d3 17 33 45 a9 dc e1 fb 2b 52 29 18 ea d4 d5 fa 27 55 be 38 d7 b7 4a b2 91 db e9 e5 59 54 93 fa 7a 74 fe 12 1d f3 f5 5a bf 0c 75 32 6c ab f0 cd 52 3e 8d c6 2b 2c b2 47 bc 99 ae ae 34 64 da d7 e4 67 6f ce e3 1e df 5b 76 68 d3 6f 5b 26 69 47 d1 6b 6f a7 2a db d1 24 af e8 93 2a f3 3c a5 57 05 e8 f3 6d 2e a5 29 e0 f5 bc 85 bb aa 8f 3e da c1 c2 59 03 d6 a7 3c 47 27 0a 97 7a b3 bc 29 fe 38 33 d5 b4 72 79 20 77 bd 14 8d f3 6c ac ac d9 31 b2 65 17 95 e3 22 17 84 74 d9 1d 46 07 49 Data Ascii: BL,5+O$\|$E3>!4SK<x28FX)R\|=6\|1WL2g83E+R)'U8JYTztZu2lR>+,G4dgo[vho[&iGko$<Wm.)>Y<G'z)83ry wl1e"tFI
2022-08-31 07:22:04 UTC	11	IN	Data Raw: 3b 82 5e aa c8 89 7a 46 4a f2 35 cb e1 8a be 72 48 b5 9a a6 59 c3 ad bc 8d 1e cb d1 83 c9 6a ce ab b5 bd b2 8a 35 46 38 22 9f a4 74 26 25 ae 35 7e 19 6a 4b d1 ae b7 c3 05 6f 45 e5 9a f3 2f 69 b9 32 6c a0 e0 fd 9d aa 7b 65 a9 41 fe 8e ff 00 a7 fa b9 ce 3e b4 4a 7e 8b 5b 7b 65 38 e4 ce d6 d4 9a 67 1b 5d 1b 7f 44 91 fa 1f a3 2d 39 d5 9a 5f 4e 3c f0 4c e7 79 3c 1e 6c ab fe 5f 4d f3 cf c6 6f 4f 72 95 45 2f 87 4f 47 99 6d 59 a4 74 ed e1 98 bf d6 a3 76 a8 9d 51 83 ba 68 a7 71 95 90 34 68 86 88 e7 0a b9 3b 44 0a f1 a1 a2 3a 00 2a 58 10 06 6b af 87 85 79 3c 3c 1e e5 e7 a8 b3 c0 b8 84 a7 32 5a df 38 8a 34 f2 b2 76 a3 47 69 17 a3 45 eb 83 4d b5 bb 52 c8 d6 7a 8d b6 b4 14 51 ac e7 4b d2 3a 95 19 ae a5 84 7c f7 93 ab e9 9f 43 75 0d 91 e0 df d9 ce 79 c1 d3 8b 18 ea 3c Data Ascii: ;^zFJ5rHYj5F8"t&%5~jKoE/i2l{eA>J~[{e8g]D-9_N<Ly<l_MoOrE/OGmYtvQhq4h;D:*Xky<<2Z84vGiEMRzQK:\|Cuy<
2022-08-31 07:22:04 UTC	13	IN	Data Raw: dd 44 74 85 bc 62 67 ee 94 ef e0 ba 37 f1 c4 b4 70 8f 3b f9 02 68 de b9 b2 0f 4c 8f d1 48 4b 64 5f ea 03 c9 f2 53 6b 38 3c 7d e4 e6 7d 15 d5 a7 21 93 f8 c4 9e 4e fc f7 31 ce cb a5 9c 5c a2 75 95 ab 66 9b 6b 75 04 69 d1 1c 7a bf 5b 93 e3 c9 ea cb 26 ca 14 5a 46 9e 34 5b 54 88 ae 74 e9 60 ef f0 82 40 90 40 02 48 04 01 c6 b4 54 97 b3 37 4e 2d e4 e9 73 51 c4 cd db c1 09 5a a3 6f 18 9d 23 08 a3 0c af 49 a5 74 e4 51 e8 6e 91 7d 8f 2e 77 6d 33 55 0a db a0 34 4e 4b f6 70 e3 84 8e 57 55 5c 7e 19 e3 74 d0 1b e3 46 11 f8 25 4e 32 31 77 48 ee 36 c6 8d 9c 10 5e ce d0 c2 f8 79 f5 2e 9a 47 5b 6b 9d 80 d9 22 62 57 e9 30 03 a0 20 01 20 80 04 82 06 40 90 46 46 40 90 46 46 40 90 46 46 40 90 46 46 40 90 46 40 10 cc b7 14 77 34 90 c0 f2 ea 58 95 56 6c f4 e4 70 7f 40 cb d2 66 Data Ascii: Dtbg7p;hLHKd_Sk8<}}!N1\ufkuiz[&ZF4[Tt`@@HT7N-sQZo#ItQn}.wm3U4NKpWU\~tF%N21wH6^y.G[k"bW0 @FF@FF@FF@FF@F@w4XVlp@f
2022-08-31 07:22:04 UTC	14	IN	Data Raw: d3 6c db 57 d1 14 bd 81 96 36 58 36 d1 a7 aa 3a 7a 24 0e 17 14 f6 46 39 59 b6 7a 7f 48 d5 01 e5 f4 48 e8 e4 f4 2a fa 2b 4f db 03 17 45 9a 6d ed f4 35 6a 89 03 85 5a 3b 19 e5 68 7a 04 01 e6 74 d9 12 b2 c9 e8 cf d2 39 47 db 03 0f 41 9d 28 59 38 b3 d1 8c 51 3a a0 29 18 ea 8e 91 2a 00 4f 08 cf 3a a9 0a f5 75 3c ea d7 2d bc 17 11 e9 d3 ad 91 2b 8c 19 2d f3 24 45 4c 91 5b 3b 48 9e d4 4f 2a 7b af 85 76 98 1e cc 6e 13 2d cc 8f 32 d7 67 f4 db a3 60 68 8c f2 5c e3 4f d1 d4 0b 10 41 12 f8 41 96 eb 0c c5 2a 39 3a dd d4 69 fa 33 4a bb 48 0e b1 b6 c9 d6 16 f8 32 42 ed a3 bd 3b bc 94 4d 4b 66 d9 aa da 9e a8 a6 f9 47 5a 40 56 bc 14 8c d2 b6 4c e9 75 51 c4 cd db 68 0e 9d 51 1b 5c 33 97 71 96 ed e5 01 7a 94 32 74 b6 a3 a3 39 52 ae e4 cd 30 93 03 4f e8 bc 0e 51 f6 8e 91 02 Data Ascii: lW6X6:z$F9YzHH+OEm5jZ;hzt9GA(Y8Q:)O:u<-+-$EL[;HO{vn-2g`h\OAA9:i3JH2B;MKfGZ@VLuQhQ\3qz2t9R0OQ
2022-08-31 07:22:04 UTC	15	IN	Data Raw: 60 4d c6 5f c3 3b d8 ea e6 d9 56 51 c6 53 92 2d 09 49 93 28 36 4c 7d 04 55 ec 16 c7 40 15 4f c9 93 1c e4 b2 27 d8 1a e8 4b 08 eb b2 30 aa 8d 13 cd 22 0d bb 21 b2 31 73 48 73 48 0d bb a1 ba 31 73 48 73 48 0d bb a1 ba 31 73 48 73 48 0d bb a1 ba 31 73 48 73 48 0d bb a1 b2 31 73 48 73 48 0d bb 21 b2 31 73 48 73 30 35 54 91 c1 4d a6 73 75 5b 23 66 06 c8 cc ba 92 30 aa 8d 12 ab 48 0d bb 21 b2 31 73 48 73 48 0d bb 21 b2 31 73 48 73 30 3b 5c 7b 46 27 94 ce d2 a8 d9 47 ec 0a 39 48 af e4 75 05 1c bf 22 56 c5 c9 08 eb 43 3f b3 5c 64 61 8c 9a 2c aa b2 2b 6e c8 6c 8c 5c d2 1c d2 03 6e c8 6c 8c 5c d2 1c d2 03 76 c8 e7 52 46 5e 69 10 ea b6 07 58 cf d9 da 33 31 ec c9 e4 60 6d 52 44 ec 8c 4a b4 87 34 80 db b2 1b 23 17 34 87 34 80 db b2 1b 23 17 34 87 34 80 db b2 27 64 61 Data Ascii: `M_;VQS-I(6L}U@O'K0"!1sHsH1sHsH1sHsH1sHsH1sHsH!1sHs05TMsu[#f0H!1sHsH!1sHs0;\{F'G9Hu"VC?\da,+nl\nl\vRF^iX31`mRDJ4#44#44'da
2022-08-31 07:22:04 UTC	17	IN	Data Raw: 1d 44 6c 00 63 ea 21 d4 46 c0 06 3e a2 1d 43 60 03 1f 51 0e a2 36 00 31 f5 10 e9 a3 60 1a 31 f4 d0 e9 a3 60 1a 31 f4 d0 ea 23 60 1a 31 f5 10 ea 23 60 03 1f 51 0e a2 36 00 31 f5 10 ea 23 60 03 1f 51 0e a2 36 00 31 f5 10 ea 23 60 03 1f 50 75 11 b0 01 8f a8 87 51 1b 00 18 fa 88 75 11 b0 60 0c 7d 44 3a 88 d9 80 06 3e a2 1d 44 6c c0 03 1f 50 75 11 b3 00 0c 6e d1 1c 6b 5b 60 f4 99 9a e3 e0 47 99 2a 69 05 4f 25 6e 1b 4f d1 7b 76 df d3 43 65 9d 44 91 a9 55 47 8d 42 b3 48 ed d8 66 71 5e a7 2a 1c a8 f3 3b 2c 76 58 c1 e9 f2 a1 ca 8f 33 b2 c9 55 d8 c1 e9 72 a1 ca 8f 3b 9d 91 ce c6 0d d3 a8 9a 3c fb 8b 55 51 e4 b7 33 21 d5 63 07 0e 9e 0d 36 94 f4 29 ca 4a aa d0 c4 d7 a3 1a 89 16 e5 47 9a ab b2 79 d8 c5 7a 3c a8 72 a3 ce e7 63 9d 8c 1e 8f 2a 1c a8 f3 b9 d8 e7 63 07 a3 Data Ascii: Dlc!F>C`Q61`1`1#`1#`Q61#`Q61#`PuQu`}D:>DlPunk[`GiO%nO{vCeDUGBHfq^;,vX3Ur;<UQ3!c6)JGyz<rc*c
2022-08-31 07:22:04 UTC	18	IN	Data Raw: 05 38 c7 19 70 05 38 c7 19 70 34 71 9f e2 70 df 2c ef 5f e1 c2 9f d1 a3 bc 23 94 5b 8c 98 7c 2e 15 4e 32 38 ce 80 22 9c 63 8c b8 03 8b 81 2a 05 a4 4c 42 a3 8c 71 97 00 53 8c 71 97 00 73 e3 29 57 f1 47 73 85 cf c0 38 42 ae 5e 0d 11 8e 4c 50 fe c6 ea 3f 00 b7 18 e3 2e 00 a7 18 e3 2e 00 e7 c6 55 c0 ec 52 40 56 30 2d c6 4c 4b 01 cf 8c e7 5b f0 46 83 3d d7 c2 8c d0 af 97 83 5c 23 94 79 f4 a2 f6 3d 2a 5f 08 1c 64 f1 97 01 1c a5 4c 88 c0 e9 22 22 03 43 8d 7f c1 1a 4c b7 7e d0 57 1a 55 b6 78 35 c6 19 46 2b 6a 4f 6c 9e 84 7d 20 23 42 8e 07 62 8c 08 50 27 8c b2 24 0a 71 90 e1 83 a1 49 fc 03 3d 49 e1 97 a5 f9 19 aa e7 26 8b 60 3a f1 93 c6 5c 01 4e 32 b2 81 d4 ac 82 39 c6 05 f8 c4 4b 81 4e 31 c6 5c 05 67 ad 2d 0e 11 ac 9b 2f 79 f0 c7 47 3b 01 e9 42 39 45 b8 c8 a3 f0 Data Ascii: 8p8p4qp,_#[\|.N28"cLBqSqs)WGs8B^LP?..UR@V0-LK[F=\#y=_dL""CL~WUx5F+jOl} #BbP'$qI=I&`:\N29KN1\g-/yG;B9E
2022-08-31 07:22:04 UTC	19	IN	Data Raw: 63 e2 63 89 9b 34 43 44 06 3e 26 44 a9 33 6e 88 38 20 3c 9a 96 d2 93 3a d2 b7 71 47 a1 c4 82 a6 80 c9 c4 c7 13 36 68 86 88 0c 7c 4c 71 33 66 88 68 80 c7 c4 c7 13 36 68 86 88 0c 7c 4c 71 33 66 88 68 80 c7 c4 c7 13 36 68 86 88 0c 7c 4c 71 33 66 88 68 80 c3 c2 c9 e1 66 dd 10 d1 01 8f 89 8e 26 6c d1 0d 10 18 f8 98 e2 66 cd 10 d1 01 8f 89 8e 26 6c d1 0d 10 18 f8 98 e2 66 cd 10 d1 01 8f 89 8e 26 6c d1 0d 10 18 f8 99 ca ad b3 91 e8 e8 86 88 0f 26 16 38 79 34 46 8b 48 dd c6 86 88 0c 7c 4c 71 33 66 88 68 80 c7 c4 c7 13 36 68 86 88 0c 7c 4c 71 33 66 88 68 80 c7 c4 c7 13 36 68 86 88 0c 7c 4c 71 33 66 88 68 80 c7 c4 ca 4a 93 37 e8 8a 4a 08 0c 91 a4 cb 71 33 54 60 8b 68 80 c7 c4 c8 e2 66 dd 10 d1 01 e5 55 b4 72 64 d2 b5 71 3d 3e 34 4f 1a 03 17 13 27 89 9b 34 43 44 06 Data Ascii: cc4CD>&D3n8 <:qG6h\|Lq3fh6h\|Lq3fh6h\|Lq3fhf&lf&lf&l&8y4FH\|Lq3fh6h\|Lq3fh6h\|Lq3fhJ7Jq3T`hfUrdq=>4O'4CD
2022-08-31 07:22:04 UTC	21	IN	Data Raw: 0a e0 60 b0 02 b8 18 2c 00 ae 06 0b 00 2b 81 82 c0 0a e0 60 b0 02 b8 18 2c 00 ae 06 0b 00 2b 81 82 c0 0a e0 60 b0 02 b8 38 d5 ab a1 a1 a3 1d ec 1b 5e 80 85 76 99 78 57 52 3c 95 26 9e 05 4b b7 48 0f 69 4d 13 ba 3c 28 79 56 ce 8b c9 b6 c0 f6 25 3c 15 55 53 3c f9 de 3d 72 61 7e 55 c6 58 03 dd 9d 65 12 b0 b9 52 78 c9 e2 55 f2 6e 51 f4 66 a5 e4 a5 19 01 f5 3b a2 1d 54 78 6b ca bc 1c 67 e5 65 90 3e 85 d6 44 73 23 c0 8f 93 6c 89 f9 56 bd 01 ef 2a e9 bc 1d 14 91 e0 db 5e b9 3c 9d a7 e4 9c 59 07 b3 b2 29 29 c5 1e 34 fc b3 48 e1 2f 2c e5 e8 11 ee c6 bc 5b c1 db d3 47 cd d0 f2 12 72 3d bb 6a fb c4 d0 9a d7 0a 98 a5 72 a6 60 f2 33 69 fa 33 d1 b9 70 46 51 ef 29 a0 e7 13 c3 7e 51 af 44 3f 26 db 03 dd 58 65 65 28 c4 c1 46 ed b8 e4 cd 75 e4 1a f4 15 e9 f6 23 9c 17 e4 58 Data Ascii: `,+`,+`8^vxWR<&KHiM<(yV%<US<=ra~UXeRxUnQf;Txkge>Ds#lV*^<Y))4H/,[Gr=jr`3i3pFQ)~QD?&Xee(Fu#X
2022-08-31 07:22:04 UTC	21	IN	Data Raw: 3c 9e 15 2f 2b b3 c1 ea db 56 e4 59 03 4e 06 09 44 81 5c 0c 16 00 57 03 05 80 15 c0 c1 60 05 70 30 58 01 5c 0c 16 00 57 03 05 80 15 c0 c1 60 05 70 30 58 01 5c 0c 16 00 57 03 05 80 15 c0 c1 60 05 70 30 58 01 5c 0c 16 00 57 03 05 80 15 c0 c1 60 05 70 30 58 01 5c 0c 16 00 57 03 05 80 15 c1 46 8e b8 29 20 21 22 d8 11 2d 80 2b 81 82 c0 0a e0 60 b0 02 b8 18 2c 00 ae 08 68 b9 12 40 73 48 b6 02 2c 90 11 81 82 d8 00 57 03 05 80 15 c0 c1 60 05 70 30 5b 01 81 cf 04 a4 0b 24 04 60 60 b0 02 b8 18 2c 00 ae 06 0b 00 39 54 5e 8c ef e9 aa a2 f4 65 7f 42 57 3a df 0c f4 bf b1 a2 b7 c3 3d 2f ec 69 1d b2 73 aa fd 16 c1 59 44 2b 27 bd 8d 74 9f a3 9e 8b 27 48 c4 0e b1 7e cd 94 5f a3 0c 17 b3 65 15 e8 ca bb e4 9c 94 c0 c0 17 c8 c9 4c 0c 01 7c 8c 94 c0 c0 17 c8 c9 4c 0c 01 7c 8c Data Ascii: </+VYND\W`p0X\W`p0X\W`p0X\W`p0X\WF) !"-+`,h@sH,W`p0[$``,9T^eBW:=/isYD+'t'H~_eL\|L\|
2022-08-31 07:22:04 UTC	23	IN	Data Raw: 60 60 64 64 06 0c f7 31 cc 4d 19 39 56 f6 80 f0 6e 22 d4 8c f2 9b 8b 3d 3a d6 ed b3 25 5b 36 d9 07 3a 75 59 ea 5a 54 f4 79 ca d2 48 d9 6d 4e 51 2a 36 4a a6 11 8e b5 cb 46 d8 d3 ca f6 71 a9 68 98 57 93 71 73 2c 9c fb 92 37 57 f1 f9 67 1f e3 58 1a ac 6b b9 af 64 5e 4f 05 ad ad 9d 34 72 b9 a3 29 30 33 2a f2 c9 ae 8d 57 a9 ca 16 4c d7 4a d7 08 0f 3e b5 c4 94 89 95 e3 48 ef 56 c5 ca 59 12 f1 d9 44 18 5d f4 8e f4 ae 1b 45 9f 8c 68 e9 0b 27 14 51 ca 55 e5 83 92 ad 29 3c 1b 15 9b 65 a9 58 61 e4 0c 8e 9c be 9c 2a 56 9c 0f 69 da fa 33 55 f1 fb 30 3c c8 dc cf 27 af e3 aa b9 7d 38 ff 00 1a 6c b7 b7 e2 40 6a a9 ee 27 8b 77 55 c2 47 aa e4 df a3 0d d5 ab a8 c8 3c ea b7 92 68 9a 15 e5 23 b3 f1 cc b4 2c 1c 4b 07 1a f5 a5 14 65 ec cb 27 a3 3b 27 34 70 7e 35 e4 0e 71 af 26 Data Ascii: ``dd1M9Vn"=:%[6:uYZTyHmNQ6JFqhWqs,7WgXkd^O4r)03WLJ>HVYD]Eh'QU)<eXa*Vi3U0<'}8l@j'wUG<h#,Ke';'4p~5q&
2022-08-31 07:22:04 UTC	24	IN	Data Raw: c7 b2 f8 18 02 9e c7 b2 f8 18 02 9e c7 b2 f8 18 02 9e c7 b2 f8 18 02 9e c7 b2 f8 18 02 9e c7 b2 f8 18 02 9e c7 b2 f8 18 02 9e c7 b2 f8 18 02 9e c7 b2 f8 18 02 9e c7 b2 f8 18 02 9e c7 b2 f8 18 02 9e c7 b2 f8 18 02 9e c7 b2 f8 18 02 9e c7 b2 f8 18 02 9e c7 b2 f8 18 02 9e c7 b2 f8 18 02 9e c7 b2 f8 18 02 9e ca b3 ae 0a 49 01 08 9f 64 c5 16 c0 14 f6 3d 97 c0 c0 14 f6 3d 97 c0 c0 14 f6 3d 97 c0 c0 14 f6 43 c9 d3 04 49 01 cd 16 f6 11 64 80 af b1 ec be 06 00 a7 b1 ec be 06 00 a7 b1 ec be 06 00 a7 b0 5f 04 34 07 32 56 49 2c 90 15 f6 3d 97 c0 c0 14 f6 3d 97 c0 c0 14 f6 3d 97 c0 c0 1c 6a 67 07 07 f4 d5 51 7a 32 bf a1 2b 9d 6f 86 7a 5f d8 d1 5b e1 9e 97 f6 34 8e e7 3a d2 c2 2d b1 4a 8b 64 15 85 d7 7b e0 dd 42 59 46 29 5b fe 59 36 51 fc 50 1d e3 f4 d9 47 e1 86 32 f6 Data Ascii: Id===CId_42VI,===jgQz2+oz_[4:-Jd{BYF)[Y6QPG2
2022-08-31 07:22:04 UTC	25	IN	Data Raw: 03 03 91 64 3f 65 d0 15 d4 6a 58 01 5d 46 a5 80 15 d4 6a 58 01 5d 46 0b 00 39 b4 12 2d 21 10 18 1a 96 00 57 51 a9 60 05 75 1a 96 00 57 51 a9 60 05 75 23 05 c8 60 72 94 d4 7e 9c fb 31 ff 00 4e 57 d3 71 5e 8f 22 57 12 4c 0f a0 8d 45 22 d9 47 85 4b c9 e9 f4 bf f3 0b 3f 40 f6 89 3c ba 3e 4d 4c f4 28 d4 dd 64 0e b8 1a 96 40 0a ea 35 2c 00 ae a3 52 c0 0a ea 35 2c 00 ae a3 05 80 1c da 09 16 90 40 30 35 2c 00 ae a3 52 c0 0a ea 35 2c 00 ae a3 52 c0 0a ea 35 2c 00 ae a3 52 c0 0a ea 35 2c 00 ae a4 60 b9 0c 0a 91 92 27 e8 c7 5a e5 c1 81 b7 24 6c 60 ee fa 28 ef f0 07 a7 91 93 cd 85 fe 44 af c0 f4 b2 32 79 9f c8 16 8d f6 40 f4 4a b3 2f 6d 63 25 a8 dc a9 b0 35 45 16 c1 10 f6 5c 0a ea 35 2c 00 ae a3 52 c0 0a ea 35 2c 00 ae a4 34 5c 89 01 cd 22 f8 21 17 40 57 51 a9 60 05 Data Ascii: d?ejX]FjX]F9-!WQ`uWQ`u#`r~1NWq^"WLE"GK?@<>ML(d@5,R5,@05,R5,R5,R5,`'Z$l`(D2y@J/mc%5E\5,R5,4\"!@WQ`
2022-08-31 07:22:04 UTC	27	IN	Data Raw: c5 81 f4 0b 0c a4 e4 a2 62 b4 bc e4 3a dc d4 78 02 ca e1 67 07 68 cd 33 cc 8b 7f 49 95 e6 80 7a 9b 21 b2 3c 3a 9e 55 c4 53 f2 d9 60 7b b9 43 28 f2 d7 90 ca 0f c8 01 e9 b9 21 b2 3c af e4 1b 11 bd 79 03 d4 93 47 27 55 26 60 95 ff 00 bc 10 ab b9 3c 81 ea c6 49 97 58 3c c9 5e 68 8b db 5f 29 b0 3d 1c 1c aa 4f 52 d1 9e c8 cf 75 2c 20 3a 42 aa 91 d7 d1 e7 51 ab 82 2a 5f ea f0 07 a4 72 a9 59 44 e7 46 e3 78 e4 cb 71 36 d8 1b 21 5d 48 ec a4 8f 2d 54 70 f6 44 bc 86 00 f5 b6 44 39 24 79 51 bf 6c 99 5f e1 01 ba 55 d2 78 3a 46 69 9e 2b bc d9 9d 55 fe a8 0f 61 60 e7 52 a2 89 82 95 fe c5 6b d7 72 40 6c 8d ca 6c ef 19 26 78 5d 87 06 69 a5 7f e8 0f 55 c9 23 9b aa b2 79 d3 f2 25 23 77 b3 03 d7 52 4c ba c3 3c 97 7a e2 6b b5 b9 dc 0d 83 52 50 02 92 08 b4 88 40 48 d4 94 00 8d Data Ascii: b:xgh3Iz!<:US`{C(!<yG'U&`<IX<^h_)=ORu, :BQ*_rYDFxq6!]H-TpDD9$yQl_Ux:Fi+Ua`Rkr@ll&x]iU#y%#wRL<zkRP@H
2022-08-31 07:22:04 UTC	28	IN	Data Raw: eb e9 35 2e 55 34 56 4f 06 1b d9 4a 5f 0c d5 6c a7 e4 53 3a 2f 25 16 f0 78 19 9c 45 2d dc 80 fa 9a 55 94 d1 79 18 ac 33 aa c9 b5 fc 03 05 fd c7 12 67 83 57 cc 49 4f 19 3d af 29 4f 31 67 ca d7 a0 f9 00 fa 1b 2f 20 e7 1c b2 97 9e 4d c3 e1 9a c2 9b 50 38 de c1 b6 06 db 5f 25 29 7d 2f 75 e4 1c 51 86 ce 18 2d 76 bd 01 7a 7e 52 4d 9e c5 85 cb a8 8f 98 a6 bf 23 e8 7c 5c 70 90 1e bc 4b 60 ac 7e 16 01 81 80 00 60 60 00 18 18 00 06 06 00 01 81 80 00 60 60 00 18 18 00 06 0a b4 58 89 01 09 13 82 11 60 18 18 00 06 06 00 01 81 80 00 60 60 00 18 18 00 06 06 00 02 92 44 c5 09 08 81 6c 0c 00 00 00 00 00 00 00 00 00 00 00 00 a4 8b 95 90 10 8b 10 8b 20 00 00 00 00 00 00 2b 22 11 69 10 80 92 42 00 00 00 19 46 5d 94 60 59 12 42 24 00 00 00 00 00 00 08 21 96 65 58 08 96 2b 12 Data Ascii: 5.U4VOJ_lS:/%xE-Uy3gWIO=)O1g/ MP8_%)}/uQ-vz~RM#\|\pK`~````X```Dl +"iBF]`YB$!eX+
2022-08-31 07:22:04 UTC	29	IN	Data Raw: 00 15 90 88 90 88 16 00 00 00 00 00 00 00 00 00 00 00 00 2b 22 c5 64 01 16 2a 8b 00 00 00 00 00 00 01 12 21 13 22 10 16 40 20 00 00 01 94 65 d9 46 05 d0 21 12 00 00 00 00 00 00 01 95 65 99 56 02 25 8a c4 b0 00 00 00 00 00 00 00 c1 0c 0a fe cb a2 85 d0 00 00 00 00 00 00 00 00 15 91 28 89 12 80 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 15 90 88 90 88 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2b 22 c5 64 02 25 8a c4 b0 00 00 00 00 00 00 02 24 49 12 02 a8 ba 28 8b 20 24 00 00 00 00 00 00 30 18 14 2e 8a 17 40 00 00 00 00 00 00 52 a7 c3 2b fa 6a a9 f0 ca fe 84 ae 75 be 19 e9 7f 63 45 6f 86 7a 5f d8 d2 3a 6c 44 8b ea 40 57 1e 15 9c 9d 22 4e c8 90 11 fa 68 84 14 91 9c b4 6e 94 7d 19 57 7e 14 47 Data Ascii: +"d*!"@ eF!eV%(+"d%$I( $0.@R+jucEoz_:lD@W"Nhn}W~G
2022-08-31 07:22:04 UTC	31	IN	Data Raw: b8 02 84 32 e4 30 28 8b 13 12 c0 50 17 00 50 17 00 50 17 00 50 32 e4 30 39 96 43 f6 59 01 50 5c 01 40 5c 01 40 5c 01 40 5c 01 cd 84 59 84 04 02 e0 0a 02 e0 0a 02 e0 0a 02 e0 0a 02 e0 0a 02 e0 0a 02 e0 0a 02 e0 0a 02 e0 0a 02 e0 0a 02 e0 0a 02 e0 0a 02 e0 0e 4c 94 5a 41 01 00 b8 02 80 b8 02 80 b8 02 80 b8 02 80 b8 02 80 b8 02 80 b8 02 80 b8 02 80 b8 02 80 b8 02 80 b8 02 80 b8 02 85 59 d4 a4 80 84 49 31 2c 05 01 70 05 01 70 05 01 70 05 08 67 42 24 07 34 58 22 c8 0a 82 e0 0a 02 e0 0a 02 e0 0a 02 e4 30 39 96 40 b2 02 a0 b8 02 80 b8 02 80 b8 03 8d 4f 87 07 f4 d5 53 e1 95 fd 09 5c eb 7c 33 d2 fe c6 8a df 0c f4 bf b1 a4 77 31 dc 7d 35 6c 67 ad 0d 98 56 7d 9e 0e 94 33 92 78 4e 94 e9 ea 07 59 7c 3c fa f4 9c a5 e8 df 2f 85 35 59 c9 15 96 14 e5 14 70 ad 9c 9e 94 e2 Data Ascii: 20(PPPP209CYP\@\@\@\YLZAYI1,pppgB$4X"09@OS\\|3w1}5lgV}3xNY\|</5Yp
2022-08-31 07:22:04 UTC	32	IN	Data Raw: 75 0d 9e 89 f4 06 2e a0 ea 1b 7d 11 e8 0c 7d 41 d4 66 cf 44 fa 03 0b b4 66 6b 8b 77 13 d5 72 46 5b bc 34 06 3b 6a 0e 46 a5 68 c8 b3 fa 6f 40 62 ea 0e a1 b7 d0 f4 06 2e a0 ea 1b 7d 0f 40 62 ea 0e a1 b3 d0 f4 06 3e a3 39 d4 b5 69 1e 8f a3 9d 6f 80 79 0a 93 db 06 b8 5b 3c 14 5f dc db 0f 48 0c ce d8 8e b9 17 97 8a 91 e7 3f 34 b3 80 3d 2e b8 eb 9e 7c 7c c2 67 4f e5 13 03 67 5c 70 18 25 e5 d2 39 bf 32 80 f4 f8 09 ea e4 f3 e8 79 3e 49 60 f6 28 4b 68 e4 0f 3a e2 83 8b 2d 6f 6e e4 68 ba fa 5e d7 e0 14 ea 32 7a 86 d4 00 c5 d4 1d 43 68 03 17 50 75 0d a0 0c 5d 41 d4 36 80 31 75 07 50 da 3d 01 8b a8 3a 86 df 43 d0 18 ba 83 a8 6d f4 3d 10 62 ea 0e a1 b1 e1 0f 40 63 ea 0e a1 b4 14 62 ea 0e a1 b4 01 8b a8 3a 86 d0 06 2e a0 ea 1b 40 18 ba 84 3b 46 6e 0c 0f 1e e2 83 8b 2d Data Ascii: u.}}AfDfkwrF[4;jFho@b.}@b>9ioy[<_H?4=.\|\|gOg\p%92y>I`(Kh:-onh^2zChPu]A61uP=:Cm=b@cb:.@;Fn-
2022-08-31 07:22:04 UTC	34	IN	Data Raw: 29 1e 24 eb ca 45 a1 71 28 81 ee f6 11 5e d2 c9 e4 2b 89 48 29 4f 39 03 da 57 08 bc 6a 6c 78 ae bc 91 be ce a3 97 d0 37 a0 22 00 00 00 00 00 00 00 33 05 df d3 7b 30 5d fd 03 ad a7 c3 51 96 d3 e1 a8 00 00 00 00 00 00 01 12 24 89 01 54 5d 14 45 d0 00 00 00 00 00 00 00 c0 60 50 ba 28 5d 00 00 00 00 00 00 01 5a 9f 0c 8f e9 ae a7 c3 23 fa 12 b9 d6 f8 67 a5 fd 8d 15 be 19 e9 7f 63 48 ee 71 9d 5d 59 d4 c9 5f e8 57 4e 62 f4 aa 6c 64 db d1 da d8 0d 51 fa 68 8c 36 46 68 fd 35 52 9a c1 9a aa 75 11 49 58 44 d7 c8 86 e8 83 2d 3b 25 12 d5 a1 ac 4d 1b a3 3d cd 45 82 8e 76 df d8 f4 23 f0 f3 2d aa 2d 8f 42 35 16 00 b8 2b c8 87 22 02 c0 af 22 1c 88 0b 14 9c 49 e4 44 72 20 31 d7 b3 55 0e 1f c5 c7 3f 0f 4b 74 37 88 18 7f 8f 5f e1 1f c7 23 7e e8 6f 10 3c ff 00 e3 91 92 bf 89 Data Ascii: )$Eq(^+H)O9Wjlx7"3{0]Q$T]E`P(]Z#gcHq]Y_WNbldQh6Fh5RuIXD-;%M=Ev#--B5+""IDr 1U?Kt7_#~o<
2022-08-31 07:22:04 UTC	35	IN	Data Raw: 6d 54 50 18 7f 31 f9 9b f8 50 e1 40 60 fc c7 e6 6f e1 43 85 01 83 f3 1f 99 bf 85 0e 14 06 0f cc 7e 66 fe 14 38 50 18 3f 31 f9 9b f8 50 e1 40 60 fc c3 dc df c2 88 74 50 1e 25 d6 f9 3a 5a ef 83 4d dd 25 93 ad a5 15 80 39 7e 64 3d cf 43 85 0e 14 07 97 2a 52 97 d2 9d 57 fe 1e bf 0a 1c 28 0f 25 5b 3f f0 4a dd 9e b7 0a 23 85 01 e4 2b 56 4f 57 ff 00 87 ad c2 89 e1 40 79 1d 5f fe 11 d6 69 9e c7 0a 23 85 01 e6 d3 8c a2 74 cc cd dc 28 9e 14 06 06 e6 63 b9 73 c9 ed 3a 28 c3 75 49 64 0c d6 ce 78 34 a7 33 ad ad 25 83 4a a2 80 c0 f7 21 a9 1e 8f 0a 1c 28 0f 31 d3 93 26 30 92 3d 2e 14 38 50 1e 7f e6 4e 66 6f e1 43 85 01 e3 dd 39 e0 e7 6a e7 93 d2 bb a4 b0 72 b4 a4 b2 04 27 32 73 33 72 a2 89 e1 40 60 cc c6 66 6f e1 43 85 01 e7 c9 cf 06 0a db ec 7b b2 a2 b0 79 f5 e9 2d 80 Data Ascii: mTP1P@`oC~f8P?1P@`tP%:ZM%9~d=C*RW(%[?J#+VOW@y_i#t(cs:(uIdx43%J!(1&0=.8PNfoC9jr'2s3r@`foC{y-
2022-08-31 07:22:04 UTC	36	IN	Data Raw: 5f e8 ff 00 da 29 7f a0 7d 0b 30 dd 7d 33 da 79 a8 57 f4 99 d6 bc b6 f6 06 8b 4f 86 a3 2d a7 c3 50 00 00 00 00 00 00 02 24 49 12 02 a8 ba 28 8b a0 00 00 00 00 00 00 01 80 c0 a1 74 50 ba 00 00 00 00 00 00 02 27 f0 c3 5b e9 ba 7f 0c 35 be 96 25 73 22 3f 49 44 2f a6 91 60 01 14 00 01 31 fa 6c a3 f0 c7 1f a6 ca 3f 0c ab a8 00 01 9e eb e1 a0 cf 75 f0 0c f6 df d8 f4 23 f0 f3 ed bf b1 e8 47 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 2d df c3 51 96 ef e0 1c ed 7e 9b 91 86 d7 e9 b9 00 00 00 00 00 00 00 00 00 00 00 0c 06 06 1b bf a7 4b 4f 87 3b bf a7 4b 4f 80 6a 00 00 00 00 00 00 00 00 00 00 00 00 66 1b bf a6 e6 61 bb fa 05 ed 3e 1a cc 96 9f 0d 60 00 00 00 00 00 00 64 bc f8 73 b4 fa 74 bc f8 73 b4 fa 06 f4 02 00 00 00 44 be 1e 7d 7f ec Data Ascii: _)}0}3yWO-P$I(tP'[5%s"?ID/`1l?u#G-Q~KO;KOjfa>`dstsD}
2022-08-31 07:22:04 UTC	38	IN	Data Raw: c7 e9 b2 8f c3 2a ea 00 20 19 ee be 1a 0c d7 5f 0a 38 5b 7f 63 d0 8f c3 ce b6 fe c7 a1 1f 80 48 00 00 00 00 00 00 04 01 20 00 00 00 00 00 00 00 00 00 00 00 00 00 06 5b bf 86 a3 2d df c0 39 da fd 37 23 0d af d3 6a 02 40 00 01 00 09 00 00 00 00 04 12 00 30 18 18 6e fe 9d 2d 3e 1c ee be 9d 2d 3e 01 a8 00 00 0c 91 90 24 0c 8c 80 03 23 20 00 c8 c8 00 46 49 c8 06 61 bb fa 6e 66 1b bf a0 5e d3 e1 ac c9 69 f0 d6 00 00 00 0c 8c 80 00 01 92 f3 e1 ce d3 e9 d2 f3 e1 ce d3 e8 1b d0 21 32 72 00 00 04 4b e1 e7 d7 fe c7 a1 2f 87 9f 5f fb 01 ae db e1 d8 e3 6d f0 ec 00 00 00 00 00 00 01 99 2e fe 1a d9 92 ef e0 14 b3 fa 6e 46 1b 3f a6 e4 00 00 00 00 00 00 00 a5 6f 85 ca 56 f8 06 08 ff 00 73 d0 a7 f0 f3 e3 fd cf 42 9f c0 2c 00 00 00 00 00 00 18 0c 0f 3a f8 c5 1a d1 8b f6 6d Data Ascii: * _8[cH [-97#j@0n->->$# FIanf^i!2rK/_m.nF?oVsB,:m
2022-08-31 07:22:04 UTC	39	IN	Data Raw: ed 22 ae fa 28 f3 2b d4 69 99 6a 55 90 1e f4 2f 14 99 a6 13 d8 f9 eb 4a 92 6c f6 ed be 01 a5 14 ad f0 ba 39 d6 f8 06 15 fd cf 42 97 c3 ce 8f f7 3d 0a 5f 00 bb 33 d6 ae a0 76 91 e6 79 29 34 bd 10 77 ef a2 7b c8 f1 21 52 4d 89 54 92 28 f6 bb f1 ff 00 4b d3 bb 53 3e 75 d5 9e 4d b6 33 93 60 7b d1 96 4b 1c 68 fc 3a fe 80 c1 7a 65 84 23 fb 34 df 1e 74 e4 d7 c0 36 46 10 3b 2a 51 67 97 cd 34 4a bd 92 03 d2 76 d0 64 ab 38 b3 04 6f 64 cd 96 b7 0e 5f 42 3a f4 62 c9 56 28 d3 1f 65 d0 56 45 64 8b 2b 34 6a 00 66 95 a2 68 a7 42 3f e1 b0 01 8b a1 12 63 67 18 9b 00 19 5d aa 64 3b 24 cd 60 0c 7d 28 8e 9c 4d 80 0c aa d1 22 ce d9 60 d0 00 c6 ec a2 c7 46 26 c0 06 3e 8a 0a c9 1a c9 03 2a b3 47 68 52 51 3a 00 08 30 18 18 6e fe 9c ff 00 e8 74 bb fa 72 ff 00 a0 1e 07 92 fe cc c0 Data Ascii: "(+ijU/Jl9B=_3vy)4w{!RMT(KS>uM3`{Kh:ze#4t6F;Qg4Jvd8od_B:bV(eVEd+4jfhB?cg]d;$`}(M"`F&>GhRQ:0ntr
2022-08-31 07:22:04 UTC	40	IN	Data Raw: b2 7a 63 a6 04 76 c7 6c 9e 98 e9 81 1d b0 ee c9 e9 87 66 06 2b ab ac b2 29 d7 da 38 2d 75 6b 86 5a d6 d3 28 0f 3e e6 df 91 e4 e1 d1 3e 83 a4 87 45 01 f3 dd 1f fe 13 d1 3e 83 a2 87 45 01 f3 dd 1f fe 0e 89 f4 3d 14 3a 08 0f 9d e8 93 d1 3e 87 a0 87 45 01 f3 ca c7 ff 00 86 cb 3a 5c 4c f5 7a 28 9e 92 02 90 b9 c2 2d db 27 a6 3a 60 47 6c 76 c9 e9 8e 98 11 db 1d b2 7a 63 a6 04 76 c7 6c 9e 98 e9 81 1d b1 db 27 a6 3a 60 47 6c 76 c9 e9 8e 98 11 db 1d b2 7a 63 a6 05 5d d9 92 bd c6 cc da ed 0c 75 ed f5 60 6b b3 97 a3 5e c6 4b 38 fa 35 ea 03 61 b0 d4 6a 03 61 b0 d4 6a 03 61 b0 d4 6a 03 62 1c 89 d4 87 10 2a 8b 6c 55 17 d4 06 c3 61 a8 d4 06 c3 61 a8 d4 06 c3 61 a8 d4 06 c4 39 13 a9 0e 20 54 b2 2b a9 75 10 1b 0d 86 a3 50 1b 0d 86 a3 50 1b 0d 86 a3 50 2b 39 7a 32 55 fa 6b Data Ascii: zcvlf+)8-ukZ(>>E>E=:>E:\Lz(-':`Glvzcvl':`Glvzc]u`k^K85ajajajb*lUaaa9 T+uPPP+9z2Uk
2022-08-31 07:22:04 UTC	42	IN	Data Raw: c7 04 f4 96 4e aa d0 0f 32 e6 97 23 c9 ca 16 a9 1e c7 4d 0e 92 03 c7 9d b6 44 6d 16 3e 1e c7 49 0e 9a 03 c5 95 9a c9 6e a4 71 f0 f6 3a 48 74 d0 1e 2d 3b 34 a5 93 d2 a1 51 53 58 34 74 90 ea 01 8e e2 bb 6c bd bd c3 89 da 56 49 93 1b 3c 01 3d b2 7b 63 a8 3a 80 3b 63 b6 3a 83 a8 03 b6 3b 63 a8 3a 80 3b 63 b6 3a 83 a8 03 b6 3b 63 a8 3a 80 3b 63 b6 3a 83 a8 03 b6 3b 63 a8 3a 80 3b 63 b6 3a 83 a8 03 b6 3b 63 a8 3a 80 3b 63 b6 3a 83 a8 03 b6 3b 63 a8 3a 80 3b 63 b6 3a 83 a8 03 b6 1d d8 ea 0e a0 18 ee 6e 1c 99 7b 6b 97 13 b4 ec 93 26 36 78 02 7b 64 f6 c7 50 75 00 76 c7 6c 75 07 50 07 6c 76 c7 50 75 00 76 c7 6c 75 07 50 07 6c 76 c7 50 75 00 76 c7 6c 75 07 50 07 6c 76 c7 50 75 00 76 c7 6c 75 07 50 07 6c 76 c7 50 75 00 76 c7 6c 75 07 50 07 6c 76 c7 50 75 00 76 c7 6c Data Ascii: N2#MDm>Inq:Ht-;4QSX4tlVI<={c:;c:;c:;c:;c:;c:;c:;c:;c:;c:;c:;c:n{k&6x{dPuvluPlvPuvluPlvPuvluPlvPuvluPlvPuvluPlvPuvl
2022-08-31 07:22:04 UTC	43	IN	Data Raw: 70 b9 f2 93 92 14 7d 25 2b d8 c9 e3 26 98 d5 8b 3e 2a 87 90 a9 17 93 d1 a1 e5 66 ca 3e 97 92 24 6f 13 e7 6a 79 79 44 ac 7c c4 98 1f 49 b4 4a cf 09 64 f0 21 e5 a4 de 0d dd d6 e9 e4 83 a5 5b a8 45 e0 ef 46 ac 64 b2 8f 93 bd be 97 27 a3 d6 f1 57 2e 71 f6 20 f4 2e 2f 63 4d e0 e7 1f 21 16 79 3e 56 a4 94 bd 19 e1 52 4a 39 20 fa 8a 37 31 a8 77 fc 4f 92 a1 e4 e5 4d e0 d9 1f 2f 26 8a 3d e9 4e 08 ac a7 09 1e 05 6f 25 3f a8 e5 1f 29 30 3e 82 3a 26 69 84 d6 0f 95 fe 52 49 9e 95 9d f4 aa 20 3d 2a f7 4a 05 69 dd a9 1e 3d ed 79 39 1d 28 4d c6 39 03 db 8d 44 cb 9e 07 f2 6e 32 c1 e9 db 5e a9 af 60 ad 15 aa 68 b2 67 85 f2 94 b0 45 ed 5c c1 e0 f1 69 57 6a a1 07 d1 73 ac 1c ea 5e 46 3f b3 c5 ba f2 12 82 f4 79 f3 f2 53 93 28 fa ea 15 d5 4f 87 73 c6 f0 f7 0e 49 64 f6 63 2c 81 Data Ascii: p}%+&>f>$ojyyD\|IJd![EFd'W.q ./cM!y>VRJ9 71wOM/&=No%?)0>:&iRI =Ji=y9(M9Dn2^`hgE\iWjs^F?yS(OsIdc,
2022-08-31 07:22:04 UTC	44	IN	Data Raw: 13 b1 0e 43 52 18 10 8b 22 88 b0 16 d8 6c 46 a3 50 27 61 b1 1a 8d 40 9d 86 c4 6a 35 02 76 21 c8 6a 43 88 10 59 48 a1 64 05 b6 1b 11 a8 d4 09 d8 6c 46 a3 50 27 61 b1 1a 8d 40 89 cb d1 8a b7 d3 64 fe 19 2a fd 2c 1c c8 5f 49 21 7d 34 ca 59 92 e3 d3 34 b9 1c 2a c3 66 45 65 9c 99 da d7 24 f0 9d 29 53 d4 0d 30 36 d1 f8 61 84 8d 94 65 e8 8a ee 0a ec 4e c4 12 44 86 c5 5c 80 22 e8 e4 a4 5d 4c 0b 02 36 1b 01 20 8d 86 c0 48 23 61 b0 12 0a ec 36 02 c0 ae c3 60 2c 0a ec 36 02 c0 8d 86 c0 48 23 61 b0 12 0a ee 37 02 c0 ae e3 70 2c 0a ee 37 02 c4 11 b9 1b 81 25 8e 7b 16 d8 0b 02 bb 8d c0 b0 2b b8 dc 0b 02 bb 8d c0 b0 2b b8 dc 0b 02 bb 8d c0 b0 2b b8 dc 04 84 4a ca 43 70 3a 02 9b 93 b8 16 05 77 1b 81 60 57 71 b8 16 05 77 1b 81 60 57 71 b8 16 05 77 1b 81 62 b2 1b 95 72 02 Data Ascii: CR"lFP'a@j5v!jCYHdlFP'a@d,_I!}4Y4fEe$)S06aeND\"]L6 H#a6`,6H#a7p,7%{+++JCp:w`Wqw`Wqwbr
2022-08-31 07:22:04 UTC	46	IN	Data Raw: ca c6 4b 53 ae a7 f0 f1 5d 59 69 e8 ed e3 6a c9 cb d8 1e bc e5 aa c9 99 de c5 3c 64 eb 71 fd 0f 9a bd af 38 54 f4 07 d3 46 e2 2d 67 22 57 11 4b e9 f3 11 f2 55 12 c1 d6 17 93 9c 40 f6 65 e4 22 a5 8c 9d e9 dc 29 23 e6 63 39 b9 e4 d3 2b c9 d3 58 03 e8 79 a2 82 af 13 e6 df 90 9b 3a 2b ca 9a e4 0f a1 55 a2 cb af 67 ce 5b 5e ce 53 c3 3d ba 35 1b 86 40 eb 2a 8a 3f 48 e7 8f fa 78 de 4e f6 54 df a3 04 7c 9c d8 1f 50 ab c5 93 cd 13 e7 a8 5e 54 91 35 7c 84 e2 c0 f7 6a 5c 46 2b 39 38 c6 fe 2d e3 27 81 5f c8 4d c4 c5 1b da 8a 59 03 ec e3 5a 2f f6 5b 96 27 cb 53 f2 93 48 d3 4b c8 4e 40 7d 03 ad 12 63 51 4b e1 f3 95 bc 84 d7 c3 55 8d fb 7f d8 0f 62 a4 d4 56 4c 73 bf 8a 78 c9 17 37 1b 43 d1 f3 f7 15 e6 a6 07 d0 4b c8 45 7e ce 72 f2 d1 5f b3 c0 9d 7a 8d 19 2b ce af e8 0f Data Ascii: KS]Yij<dq8TF-g"WKU@e")#c9+Xy:+Ug[^S=5@*?HxNT\|P^T5\|j\F+98-'_MYZ/['SHKN@}cQKUbVLsx7CKE~r_z+
2022-08-31 07:22:04 UTC	47	IN	Data Raw: 95 d4 66 68 8e 18 1e 2b f0 b1 6f 38 3d 2b 3b 5e 25 83 5a 82 65 94 00 cb 75 6f ca b0 79 8f c4 7b c9 ef 68 47 1a 03 c5 87 8b d5 e4 f4 ed e9 f1 ac 1d 5c 10 40 65 bc b6 e5 47 97 3f 0a 9b ce 0f a0 d7 24 71 a0 3c 15 e2 14 57 c3 84 fc 53 72 f8 7d 2b a6 8a f0 20 3c 5a 5e 27 d7 c2 eb c5 24 7b 3c 69 11 a2 03 c7 8f 8a 49 e4 bc bc 76 4f 59 41 13 c6 80 f3 63 65 f8 e0 e9 6f 69 c6 f2 6e d0 28 01 ca 71 cc 70 79 97 3e 31 54 96 70 7b 3a 91 c6 80 f0 d7 87 5f e1 d2 1e 31 45 60 f6 38 d0 e3 40 78 f1 f1 89 3c e0 9a 9e 31 48 f5 f4 45 5c 40 f1 bf 8a 47 65 e3 96 30 7a 6a 08 b6 88 0f 26 97 8d 51 96 4d f1 a7 ac 70 77 d1 13 a8 1e 15 fd 8b ab 23 95 2f 11 ff 00 c3 df 74 53 25 52 48 0f 2a 8f 8e 50 22 af 8c 52 67 af c6 87 1a 03 c3 9f 88 4d 1c bf 85 5f e1 f4 3c 68 ab a6 80 f0 63 e1 91 da Data Ascii: fh+o8=+;^%Zeuoy{hG\@eG?$q<WSr}+ <Z^'${<iIvOYAceoin(qpy>1Tp{:_1E`8@x<1HE\@Ge0zj&QMpw#/tS%RH*P"RgM_<hc
2022-08-31 07:22:04 UTC	48	IN	Data Raw: 62 5e d9 d2 f2 e7 2b d3 33 2b 1a 89 e4 99 d9 d4 92 03 b5 8d c3 c9 ea 5b d7 6d 9e 75 9d 8c a3 f4 f4 e8 5b 38 b0 37 d3 f6 8e 87 28 7a 45 80 b8 2a 40 13 22 22 43 21 01 d0 92 80 0b 82 a0 09 65 58 65 58 1d 11 27 34 48 17 05 40 16 05 40 16 05 40 16 28 c1 0c 0b 44 b1 c9 16 02 e0 a8 02 c0 a8 02 c0 a8 02 c4 32 a1 80 2e 8e 45 80 b8 2a 00 b0 2a 00 b0 2a 00 b0 2a 40 12 c2 2a c2 03 a0 28 48 16 05 48 d8 0b 82 9b 0d 80 b8 28 00 b8 29 b0 d8 0b 82 9b 0d 80 b8 29 b0 d8 0b 82 9b 0d 80 b8 29 b0 d8 0b 82 9b 0d 80 b8 29 b0 d8 0b 82 9b 0d 80 b8 29 b0 d8 04 89 45 19 28 0e 80 a0 d8 0b 82 9b 0d 80 b8 29 b0 d8 0b 82 9b 0d 80 b8 29 b0 d8 0b 82 9b 0d 80 b8 29 b0 d8 0b 82 9b 0d 80 b8 29 b0 d8 0b 82 9b 0d 80 b8 29 b0 d8 0b 82 9b 0d 80 b9 49 0d 8a b0 2f 12 c7 34 4e c0 5c 14 d8 6c 05 c1 Data Ascii: b^+3+[mu[87(zE@""C!eXeX'4H@@@(D2.E**@(HH()))))E()))))I/4N\l
2022-08-31 07:22:04 UTC	50	IN	Data Raw: e2 23 4f f4 5e 54 23 05 83 75 49 98 ee 32 4a 46 29 d8 c6 6f 23 f8 e8 b3 b4 7d 7d 2f 4e a6 59 79 94 aa 53 b1 8c 56 0e f4 69 2a 6f 27 55 f0 1a c4 5e 55 72 b0 65 95 04 e5 93 42 88 d4 60 cf 3b 75 24 72 e9 a3 6e a3 51 88 c1 d2 59 2d d4 46 dd 46 a3 06 7e 1f 58 11 a3 83 46 a3 51 83 1f 55 37 92 25 66 99 b7 51 a8 c5 79 d3 f1 d1 97 e8 bd bd 92 a5 f0 dd a8 d4 60 e7 08 ea cd 1c de b0 73 d4 0c 1c ab d2 55 3d 99 a5 67 b2 37 6a 35 18 8f 3e 3e 3d 45 e7 05 ba 68 dd a8 d4 60 c1 3b 15 22 3a 08 f4 35 1a 8c 1c 6d a8 aa 5f 0d 5c de b0 73 d4 6a 31 58 ee ad 55 57 96 72 87 8f 51 3d 1d 46 a3 06 3e a2 1d 44 8d 9a 93 a8 c4 62 e9 a6 57 a3 16 6f d4 8d 46 0f 3f f8 f8 ff 00 84 7f 1b 1c e7 07 a3 a8 d4 60 cb d5 48 d3 43 fe 35 82 75 1a 8c 13 5a 5c 8b 06 19 d9 a9 33 6e a3 51 83 0c 2c 23 17 Data Ascii: #O^T#uI2JF)o#}}/NYySVi*o'U^UreB`;u$rnQY-FF~XFQU7%fQy`sU=g7j5>>=Eh`;":5m_\sj1XUWrQ=F>DbWoF?`HC5uZ\3nQ,#
2022-08-31 07:22:04 UTC	51	IN	Data Raw: 63 8d 0e 34 03 9d 87 5d 8e 34 38 d0 1c 6a 4b 61 4e 6e 27 6e 24 38 90 05 5d 8e 76 38 d0 e3 40 39 d8 e7 63 8d 0e 34 03 9d 8e 76 38 d0 e3 40 39 d8 e7 63 8d 0e 34 03 b0 c8 77 24 4a 08 e1 53 d1 cb be f1 ae 79 68 ed 0e d1 8d cb 01 4c e5 fb b5 e8 db d8 1d 83 26 f8 21 d6 48 f4 73 d7 c6 2c 6c ec 0e c1 96 9d 45 22 f2 c2 2a 3b f6 07 60 c7 2a a9 1d 69 62 40 77 e7 63 b0 c8 d1 14 7a a0 ae 9c ec 73 b3 8f 24 50 e5 88 31 db 9d 8e 76 73 8e b2 3a 68 8a 87 60 76 0a f1 e4 70 81 6e c0 e7 65 54 11 3c 68 09 e7 63 9d 8e 34 38 d0 0e 76 56 55 5b 2d c6 82 82 01 02 fb 15 f4 88 fa 41 7d 89 d8 e7 f0 b2 28 9d 88 97 b4 4f a1 e8 0c 95 2d f6 79 3a 28 6a 8e de 83 c3 03 82 f4 74 84 89 70 43 d2 22 ad b9 11 97 b2 a4 c4 23 9d 4a 9e 8f 36 bd 59 26 6c 97 cf 66 7a 9a 67 d8 57 15 75 24 1d f4 90 9f Data Ascii: c4]48jKaNn'n$8]v8@9c4v8@9c4w$JSyhL&!Hs,lE";`ib@wczs$P1vs:h`vpneT<hc48vVU[-A}(O-y:(jtpC"#J6Y&lfzgWu$

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.7	49723	151.101.112.193	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2022-08-31 07:22:04 UTC	53	OUT	GET /removed.png HTTP/1.1 Host: i.imgur.com Connection: keep-alive sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2022-08-31 07:22:04 UTC	53	IN	HTTP/1.1 200 OK Connection: close Content-Length: 503 Last-Modified: Wed, 14 May 2014 05:44:36 GMT ETag: "d835884373f4d6c8f24742ceabe74946" Content-Type: image/png cache-control: public, max-age=31536000 Accept-Ranges: bytes Date: Wed, 31 Aug 2022 07:22:04 GMT Age: 28342811 X-Served-By: cache-bwi5156-BWI, cache-hhn4032-HHN X-Cache: HIT, HIT X-Cache-Hits: 1, 311170 X-Timer: S1661930524.326556,VS0,VE0 Strict-Transport-Security: max-age=300 Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Origin: * Server: cat factory 1.0 X-Content-Type-Options: nosniff
2022-08-31 07:22:04 UTC	54	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 a1 00 00 00 51 01 03 00 00 00 80 0d 54 ec 00 00 00 06 50 4c 54 45 22 22 22 ff ff ff 5e 87 20 31 00 00 01 ac 49 44 41 54 78 5e ed d0 2f 6f db 40 18 06 f0 d7 51 96 b9 cc 36 ac 6e d5 e5 40 6a 10 90 54 01 05 d3 74 93 6e cb 81 48 55 59 60 40 41 a0 9d 91 8d 9d 07 96 3b b2 e8 86 5a 52 55 25 a5 fb 0a 45 49 99 3f 82 53 34 98 b1 90 49 bb 9c 9b bf 33 19 68 b7 49 7b 24 93 9f 5e 3d 3a 3f f0 f7 c6 f9 01 40 7f e5 aa 81 02 ed 65 6f ce a3 34 93 f7 f8 f8 66 ad da 7b 7b a6 9a 9e 0a 30 9b 88 95 fa 1e 63 7b be 77 1a e0 b2 dc d0 19 63 1f fc 99 d1 97 a3 0d 05 c6 94 0f 46 99 84 ad 86 8b a6 57 0d 70 67 a3 c1 cb 18 eb a7 19 9e 66 ad 21 6c c7 03 5c f0 87 19 50 78 84 70 80 92 05 0a ae b3 52 ba 56 b0 7a 53 d1 08 7d fb 9a ee 1f Data Ascii: PNGIHDRQTPLTE"""^ 1IDATx^/o@Q6n@jTtnHUY`@A;ZRU%EI?S4I3hI{$^=:?@eo4f{{0c{wcFWpgf!l\PxpRVzS}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.7	49725	151.101.112.193	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2022-08-31 07:22:04 UTC	55	OUT	GET /0FXymj8.png HTTP/1.1 Host: i.imgur.com Connection: keep-alive sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2022-08-31 07:22:04 UTC	55	IN	HTTP/1.1 302 Moved Temporarily Connection: close Content-Length: 0 Retry-After: 0 Location: https://i.imgur.com/removed.png Accept-Ranges: bytes Date: Wed, 31 Aug 2022 07:22:04 GMT Age: 0 X-Served-By: cache-iad-kcgs7200097-IAD, cache-hhn4076-HHN X-Cache: HIT, MISS X-Cache-Hits: 0, 0 X-Timer: S1661930524.453289,VS0,VE118 Strict-Transport-Security: max-age=300 Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Origin: * Server: cat factory 1.0

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 5168, Parent PID: 588

General

Target ID:	1
Start time:	09:21:55
Start date:	31/08/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Imagebase:	0x7ff7c2920000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 5548, Parent PID: 5168

General

Target ID:	2
Start time:	09:21:58
Start date:	31/08/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1932 --field-trial-handle=1660,i,10036823863339729682,14770610602174319638,131072 /prefetch:8
Imagebase:	0x7ff7c2920000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6364, Parent PID: 588

General

Target ID:	4
Start time:	09:21:59
Start date:	31/08/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\EFT.html
Imagebase:	0x7ff7c2920000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-104.0.5112.81Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /5ewTMfP.png HTTP/1.1Host: i.imgur.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wcfR1X8.png HTTP/1.1Host: i.imgur.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /uounNtC.jpg HTTP/1.1Host: i.imgur.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /removed.png HTTP/1.1Host: i.imgur.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /0FXymj8.png HTTP/1.1Host: i.imgur.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: EFT.html	String found in binary or memory: https://i.imgur.com/0FXymj8.png
Source: EFT.html	String found in binary or memory: https://i.imgur.com/5ewTMfP.png
Source: EFT.html	String found in binary or memory: https://i.imgur.com/uounNtC.jpg)
Source: EFT.html	String found in binary or memory: https://i.imgur.com/wcfR1X8.png

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report EFT.html

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Initial Sample

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

Behavior

System Behavior

Analysis Process: chrome.exePID: 5168, Parent PID: 588

General

Chronological Activities

Analysis Process: chrome.exePID: 5548, Parent PID: 5168

General

Chronological Activities

Analysis Process: chrome.exePID: 6364, Parent PID: 588

General

Chronological Activities

Disassembly

Windows Analysis Report
EFT.html