Please review any and all PUBLIC repositories, groups and associate files. These allow anyone on the Internet to access without authentication. Repository and group owners are responsible for their content and permission settings. Go to your project(s), click on Settings > General and expand the "Visibility, project features, permissions" to change this setting.

Update Raw-Capture/2020-02-26/KiwiIRC/KA-20200226.cab,...

Update Raw-Capture/2020-02-26/KiwiIRC/KA-20200226.cab, Raw-Capture/2020-02-26/KiwiIRC/KA-20200226-compare_periods.pdf, Raw-Capture/2020-02-26/KiwiIRC/KA-20200226-compare_periods.png, Raw-Capture/2020-02-26/KiwiIRC/KA-20200226-compare_timing_both.pdf, Raw-Capture/2020-02-26/KiwiIRC/KA-20200226-compare_timing_both.png, Raw-Capture/2020-02-26/KiwiIRC/KA-20200226-do_a_compare_periods.pdf, Raw-Capture/2020-02-26/KiwiIRC/KA-20200226-do-a_tls_export_unix.pdf, Raw-Capture/2020-02-26/KiwiIRC/KA-20200226-do-a_tls_export_unix.xlsx, Raw-Capture/2020-02-26/KiwiIRC/KA-20200226-do-a_tls_export_unix2.pdf, Raw-Capture/2020-02-26/KiwiIRC/KA-20200226-key_tls_times.xlsx, Raw-Capture/2020-02-26/KiwiIRC/KA-20200226-keystroke.xlsx, Raw-Capture/2020-02-26/KiwiIRC/KA-20200226-keystroke_tls_time_pretty.png, Raw-Capture/2020-02-26/KiwiIRC/KA-20200226-kiwiirc_compare_periods.pdf, Raw-Capture/2020-02-26/KiwiIRC/KA-20200226-kiwiirc_tls_export_unix.pdf, Raw-Capture/2020-02-26/KiwiIRC/KA-20200226-kiwiirc_tls_export_unix.xlsx, Raw-Capture/2020-02-26/KiwiIRC/KA-20200226-Lengths.pdf, Raw-Capture/2020-02-26/KiwiIRC/KAB-20200226-do-a_tls_export_unix.png, Raw-Capture/2020-02-26/KiwiIRC/KABh-20200226-do-a_tls_export_unix.pdf, Raw-Capture/2020-02-26/KiwiIRC/KB-20200226-compare_periods.png, Raw-Capture/2020-02-26/KiwiIRC/KB-20200226-do_a_compare_periods.pdf, Raw-Capture/2020-02-26/KiwiIRC/KB-20200226-do-a_tls_export_unix.pdf, Raw-Capture/2020-02-26/KiwiIRC/KB-20200226-do-a_tls_export_unix2.pdf, Raw-Capture/2020-02-26/KiwiIRC/KB-20200226-kiwiirc_compare_periods.pdf, Raw-Capture/2020-02-26/KiwiIRC/KB-20200226-kiwiirc_tls_export_unix.pdf, Raw-Capture/2020-02-26/KiwiIRC/KA-20200226-do-a_tls_export_unix.csv, Raw-Capture/2020-02-26/KiwiIRC/KA-20200226-do-a_tls_export_unix_2way.csv, Raw-Capture/2020-02-26/KiwiIRC/KA-20200226-keystroke.csv, Raw-Capture/2020-02-26/KiwiIRC/KA-20200226-kiwiirc_tls_export_unix.csv, Raw-Capture/2020-02-26/KiwiIRC/KA-20200226-kiwiirc_tls_export_unix_2way.csv, Raw-Capture/2020-02-26/KiwiIRC/KA-20200226-Log.txt, Raw-Capture/2020-02-26/KiwiIRC/KA-20200226-SessionKeys.log, Raw-Capture/2020-02-26/KiwiIRC/KB-20200226-do-a_tls_export_unix.csv, Raw-Capture/2020-02-26/KiwiIRC/KB-20200226-do-a_tls_export_unix_2way.csv, Raw-Capture/2020-02-26/KiwiIRC/KB-20200226-keymouseclick.csv, Raw-Capture/2020-02-26/KiwiIRC/KB-20200226-keystroke.csv, Raw-Capture/2020-02-26/KiwiIRC/KB-20200226-kiwiirc_tls_export_unix.csv, Raw-Capture/2020-02-26/KiwiIRC/KB-20200226-kiwiirc_tls_export_unix_2way.csv, Raw-Capture/2020-02-26/KiwiIRC/KB-20200226-Log.txt, Raw-Capture/2020-02-26/KiwiIRC/KB-20200226-SessionKeys.log, Raw-Capture/2020-02-26/KiwiIRC/KA-20200226-keymouseclick.csv, Raw-Capture/2020-02-26/KiwiIRC/KA-20200226.pcapng, Raw-Capture/2020-02-26/KiwiIRC/KB-20200226.pcapng, Raw-Capture/2020-02-26/KiwiIRC/KB-20200226.cab, Raw-Capture/2020-02-26/KiwiIRC/KM-20200226.pcapng, Raw-Capture/2020-02-26/KiwiIRC/KB-20200226.etl, Raw-Capture/2020-02-26/KiwiIRC/KA-20200226.etl, Raw-Capture/2020-02-26/LinearEnvv1-0.bat, Raw-Capture/2020-02-26/MessageChatScript.txt, Raw-Capture/2020-02-26/Side notes.txt files
parent 6ba60caf
==== Initiated Capture At 13:43:23.54 on the Wed 02/26/2020 ====
Initialized at 13:43:23.56 on the Wed 02/26/2020
Host Name: DESKTOP-UOQMGH6
OS Name: Microsoft Windows 10 Home
OS Version: 10.0.17763 N/A Build 17763
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Workstation
OS Build Type: Multiprocessor Free
Registered Owner: BullockPC
Registered Organization:
Product ID: 00326-10000-00000-AA193
Original Install Date: 12/2/2019, 5:43:32 PM
System Boot Time: 2/24/2020, 12:53:25 PM
System Manufacturer: LENOVO
System Model: 20377
System Type: x64-based PC
Processor(s): 1 Processor(s) Installed.
[01]: AMD64 Family 22 Model 48 Stepping 1 AuthenticAMD ~2000 Mhz
BIOS Version: LENOVO 9FCN23WW, 10/3/2014
Windows Directory: C:\Windows
System Directory: C:\Windows\system32
Boot Device: \Device\HarddiskVolume1
System Locale: en-us;English (United States)
Input Locale: en-us;English (United States)
Time Zone: (UTC-08:00) Pacific Time (US & Canada)
Total Physical Memory: 7,099 MB
Available Physical Memory: 4,849 MB
Virtual Memory: Max Size: 8,251 MB
Virtual Memory: Available: 5,831 MB
Virtual Memory: In Use: 2,420 MB
Page File Location(s): C:\pagefile.sys
Domain: WORKGROUP
Logon Server: \\DESKTOP-UOQMGH6
Hotfix(s): 7 Hotfix(s) Installed.
[01]: KB4534131
[02]: KB4465065
[03]: KB4486153
[04]: KB4516115
[05]: KB4523204
[06]: KB4537759
[07]: KB4532691
Network Card(s): 2 NIC(s) Installed.
[01]: Qualcomm Atheros AR956x Wireless Network Adapter
Connection Name: Wi-Fi
Status: Hardware not present
[02]: Realtek PCIe GBE Family Controller
Connection Name: Ethernet
DHCP Enabled: No
IP address(es)
[01]: 207.140.106.29
[02]: fe80::315b:7945:b5bb:43ee
Hyper-V Requirements: VM Monitor Mode Extensions: Yes
Virtualization Enabled In Firmware: Yes
Second Level Address Translation: Yes
Data Execution Prevention Available: Yes
==== Initiated IP-Config At 13:43:30.21 on the Wed 02/26/2020 ====
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:135 DESKTOP-UOQMGH6:0 LISTENING
TCP 0.0.0.0:445 DESKTOP-UOQMGH6:0 LISTENING
TCP 0.0.0.0:5040 DESKTOP-UOQMGH6:0 LISTENING
TCP 0.0.0.0:5357 DESKTOP-UOQMGH6:0 LISTENING
TCP 0.0.0.0:8732 DESKTOP-UOQMGH6:0 LISTENING
TCP 0.0.0.0:49664 DESKTOP-UOQMGH6:0 LISTENING
TCP 0.0.0.0:49665 DESKTOP-UOQMGH6:0 LISTENING
TCP 0.0.0.0:49666 DESKTOP-UOQMGH6:0 LISTENING
TCP 0.0.0.0:49669 DESKTOP-UOQMGH6:0 LISTENING
TCP 0.0.0.0:49670 DESKTOP-UOQMGH6:0 LISTENING
TCP 0.0.0.0:49671 DESKTOP-UOQMGH6:0 LISTENING
TCP 207.140.106.29:139 DESKTOP-UOQMGH6:0 LISTENING
TCP 207.140.106.29:51075 52.230.222.68:https ESTABLISHED
TCP 207.140.106.29:51290 a23-50-49-181:https CLOSE_WAIT
==== Initiated Set SSL Key Log At 13:43:36.79 on the Wed 02/26/2020 ====
Set SSLKEYLOGFILE at 13:43:37.07
Trace configuration:
-------------------------------------------------------------------
Status: Running
Trace File: KA-20200226.etl
Append: Off
Circular: On
Max Size: 250 MB
Report: Off
Trace started at: 13:43:42.07
Ping ran for self synchronization. TTL set at 3.
Pinging 207.140.106.1 with 32 bytes of data:
Reply from 207.140.106.1: bytes=32 time=1ms TTL=255
Reply from 207.140.106.1: bytes=32 time=1ms TTL=255
Reply from 207.140.106.1: bytes=32 time=1ms TTL=255
Ping statistics for 207.140.106.1:
Packets: Sent = 3, Received = 3, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 1ms, Average = 1ms
Browers started for "https://kiwiirc.com/nextclient/".
Keylogger started at: 13:43:44.83
Reverted SSL Keylog variable at 13:48:49.40
==== Initiated netsh merge At 13:48:49.51 on the Wed 02/26/2020 ====
Finished Merge at 13:51:01.28
==== Initiated Exiting At 13:52:18.95 on the Wed 02/26/2020 ====
This diff is collapsed.
No.,Time,Source,Destination,Protocol,Length,Info,,,
1506,1582753438.34122,207.140.106.29,do-a.clients.kiwiirc.com,TCP,66,51338 > 443 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM=1,,,
1509,1582753438.42021,207.140.106.29,do-a.clients.kiwiirc.com,TLSv1.2,60,Client Hello,,,571
1515,1582753438.52580,207.140.106.29,do-a.clients.kiwiirc.com,TLSv1.2,60,"Client Key Exchange, Change Cipher Spec, Finished",,,180
1534,1582753438.59812,207.140.106.29,do-a.clients.kiwiirc.com,HTTP,60,GET /webirc/kiwiirc/info?sid=y734pigbbc7b&p=4&t=1582753438306 HTTP/1.1 ,,,755
1551,1582753438.71052,207.140.106.29,do-a.clients.kiwiirc.com,TCP,66,51340 > 443 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM=1,,,
1559,1582753438.78844,207.140.106.29,do-a.clients.kiwiirc.com,TLSv1.2,60,Client Hello,,,641
1580,1582753438.89532,207.140.106.29,do-a.clients.kiwiirc.com,TLSv1.2,105,"Change Cipher Spec, Finished",,,
1581,1582753438.89906,207.140.106.29,do-a.clients.kiwiirc.com,HTTP,66,GET /webirc/kiwiirc/117/5q4ey121/websocket?sid=y734pigbbc7b&p=4 HTTP/1.1 ,,,905
1595,1582753438.98872,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,109,WebSocket Text [FIN] [MASKED],,,
1596,1582753438.98923,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,95,WebSocket Text [FIN] [MASKED],,,
1613,1582753439.11418,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,119,WebSocket Text [FIN] [MASKED],,,
1614,1582753439.11446,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,109,WebSocket Text [FIN] [MASKED],,,
1615,1582753439.11657,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,106,WebSocket Text [FIN] [MASKED],,,
1616,1582753439.11836,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,109,WebSocket Text [FIN] [MASKED],,,
1617,1582753439.11861,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,134,WebSocket Text [FIN] [MASKED],,,
1661,1582753439.91025,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,175,WebSocket Text [FIN] [MASKED],,,
1662,1582753439.91245,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,109,WebSocket Text [FIN] [MASKED],,,
1668,1582753440.19554,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,103,WebSocket Text [FIN] [MASKED],,,
1683,1582753440.47880,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,108,WebSocket Text [FIN] [MASKED],,,
1684,1582753440.48004,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,108,WebSocket Text [FIN] [MASKED],,,
1709,1582753441.26906,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,108,WebSocket Text [FIN] [MASKED],,,
1710,1582753441.27055,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,107,WebSocket Text [FIN] [MASKED],,,
1914,1582753469.12593,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,123,WebSocket Text [FIN] [MASKED],,,
1999,1582753484.64868,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,132,WebSocket Text [FIN] [MASKED],,,
2026,1582753487.75281,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,132,WebSocket Text [FIN] [MASKED],,,
2066,1582753490.72024,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,142,WebSocket Text [FIN] [MASKED],,,
2130,1582753499.13286,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,123,WebSocket Text [FIN] [MASKED],,,
2150,1582753500.78228,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,132,WebSocket Text [FIN] [MASKED],,,
2167,1582753503.67683,207.140.106.29,do-a.clients.kiwiirc.com,TLSv1.2,85,"Alert (Level: Warning, Description: Close Notify)",,,
2168,1582753503.67696,207.140.106.29,do-a.clients.kiwiirc.com,TCP,54,"51338 > 443 [FIN, ACK] Seq=1376 Ack=3781 Win=130304 Len=0",,,
2177,1582753503.90936,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,132,WebSocket Text [FIN] [MASKED],,,
2192,1582753507.23919,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,132,WebSocket Text [FIN] [MASKED],,,
2211,1582753510.32286,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,132,WebSocket Text [FIN] [MASKED],,,
2216,1582753511.86707,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,160,WebSocket Text [FIN] [MASKED],,,
2292,1582753525.50733,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,132,WebSocket Text [FIN] [MASKED],,,
2309,1582753529.14265,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,123,WebSocket Text [FIN] [MASKED],,,
2311,1582753529.48123,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,132,WebSocket Text [FIN] [MASKED],,,
2326,1582753532.51394,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,132,WebSocket Text [FIN] [MASKED],,,
2347,1582753535.63429,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,151,WebSocket Text [FIN] [MASKED],,,
2476,1582753553.78921,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,132,WebSocket Text [FIN] [MASKED],,,
2493,1582753556.82125,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,132,WebSocket Text [FIN] [MASKED],,,
2497,1582753559.15279,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,123,WebSocket Text [FIN] [MASKED],,,
2503,1582753559.94176,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,132,WebSocket Text [FIN] [MASKED],,,
2521,1582753564.41866,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,132,WebSocket Text [FIN] [MASKED],,,
2542,1582753567.90164,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,132,WebSocket Text [FIN] [MASKED],,,
2558,1582753570.94692,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,132,WebSocket Text [FIN] [MASKED],,,
2563,1582753571.85234,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,159,WebSocket Text [FIN] [MASKED],,,
2623,1582753589.16079,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,123,WebSocket Text [FIN] [MASKED],,,
2719,1582753604.28505,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,132,WebSocket Text [FIN] [MASKED],,,
2758,1582753607.63700,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,132,WebSocket Text [FIN] [MASKED],,,
2763,1582753610.72574,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,132,WebSocket Text [FIN] [MASKED],,,
2767,1582753611.90825,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,136,WebSocket Text [FIN] [MASKED],,,
2784,1582753616.28443,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,132,WebSocket Text [FIN] [MASKED],,,
2796,1582753619.17601,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,123,WebSocket Text [FIN] [MASKED],,,
2798,1582753619.33080,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,132,WebSocket Text [FIN] [MASKED],,,
2804,1582753622.40094,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,132,WebSocket Text [FIN] [MASKED],,,
2807,1582753622.57854,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,155,WebSocket Text [FIN] [MASKED],,,
2835,1582753631.06472,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,132,WebSocket Text [FIN] [MASKED],,,
2843,1582753634.13094,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,132,WebSocket Text [FIN] [MASKED],,,
2850,1582753637.27428,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,132,WebSocket Text [FIN] [MASKED],,,
2859,1582753638.06369,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,142,WebSocket Text [FIN] [MASKED],,,
2895,1582753649.19311,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,123,WebSocket Text [FIN] [MASKED],,,
2969,1582753676.16520,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,132,WebSocket Text [FIN] [MASKED],,,
2975,1582753679.18054,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,132,WebSocket Text [FIN] [MASKED],,,
2976,1582753679.20182,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,123,WebSocket Text [FIN] [MASKED],,,
2998,1582753682.23469,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,132,WebSocket Text [FIN] [MASKED],,,
3006,1582753688.04971,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,132,WebSocket Text [FIN] [MASKED],,,
3013,1582753689.55146,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,133,WebSocket Text [FIN] [MASKED],,,
3021,1582753693.05597,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,132,WebSocket Text [FIN] [MASKED],,,
3033,1582753696.07313,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,132,WebSocket Text [FIN] [MASKED],,,
3040,1582753697.62314,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,133,WebSocket Text [FIN] [MASKED],,,
3055,1582753701.83885,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,132,WebSocket Text [FIN] [MASKED],,,
3065,1582753704.06741,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,139,WebSocket Text [FIN] [MASKED],,,
3079,1582753709.21223,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,123,WebSocket Text [FIN] [MASKED],,,
3387,1582753720.06067,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,117,WebSocket Text [FIN] [MASKED],,,
3392,1582753721.50859,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,132,WebSocket Text [FIN] [MASKED],,,
3394,1582753722.20880,207.140.106.29,do-a.clients.kiwiirc.com,WebSocket,115,WebSocket Text [FIN] [MASKED],,,
This source diff could not be displayed because it is too large. You can view the blob instead.
This diff is collapsed.
"No.","Time","Source","Destination","Protocol","Length","Info"
"129","1582753427.673652","207.140.106.29","kiwiirc.com","TCP","66","51308 > 443 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM=1"
"132","1582753427.689520","207.140.106.29","kiwiirc.com","TLSv1.3","571","Client Hello"
"139","1582753427.737457","207.140.106.29","kiwiirc.com","TLSv1.3","118","Change Cipher Spec, Finished"
"140","1582753427.739517","207.140.106.29","kiwiirc.com","HTTP2","224","Magic, SETTINGS[0], WINDOW_UPDATE[0], PRIORITY[3], PRIORITY[5], PRIORITY[7], PRIORITY[9], PRIORITY[11], PRIORITY[13]"
"141","1582753427.739614","207.140.106.29","kiwiirc.com","HTTP2","595","HEADERS[15]: GET /nextclient/, WINDOW_UPDATE[15]"
"145","1582753427.751103","207.140.106.29","kiwiirc.com","HTTP2","85","SETTINGS[0]"
"402","1582753428.644567","207.140.106.29","kiwiirc.com","HTTP2","219","HEADERS[17]: GET /nextclient/static/css/app.ddaae50186c736b3376a18233a202c99.css, WINDOW_UPDATE[17]"
"453","1582753428.784833","207.140.106.29","kiwiirc.com","HTTP2","203","HEADERS[19]: GET /nextclient/static/js/manifest.c1c488558af5cca6da40.js, WINDOW_UPDATE[19]"
"454","1582753428.785311","207.140.106.29","kiwiirc.com","HTTP2","198","HEADERS[21]: GET /nextclient/static/js/vendor.b8fc3daf635799c3ec19.js, WINDOW_UPDATE[21]"
"455","1582753428.785730","207.140.106.29","kiwiirc.com","HTTP2","172","HEADERS[23]: GET /nextclient/static/js/app.eb379d806b0e478cd3fd.js, WINDOW_UPDATE[23]"
"572","1582753429.433500","207.140.106.29","kiwiirc.com","HTTP2","186","HEADERS[25]: GET /nextplugins/fileuploader.js?cb=20, WINDOW_UPDATE[25]"
"575","1582753429.669312","207.140.106.29","kiwiirc.com","TCP","186","[TCP Retransmission] 51308 > 443 [PSH, ACK] Seq=1900 Ack=36915 Win=131328 Len=132"
"577","1582753429.673846","207.140.106.29","kiwiirc.com","HTTP2","157","HEADERS[27]: GET /favicon.ico, WINDOW_UPDATE[27]"
"580","1582753429.700122","207.140.106.29","kiwiirc.com","HTTP2","89","RST_STREAM[27]"
"604","1582753429.978250","207.140.106.29","kiwiirc.com","TCP","324","[TCP Retransmission] 51308 > 443 [PSH, ACK] Seq=1900 Ack=36915 Win=131328 Len=270"
"624","1582753430.396172","207.140.106.29","kiwiirc.com","HTTP2","158","HEADERS[29]: GET /nextplugins/location.js?cb=17, WINDOW_UPDATE[29]"
"683","1582753430.747804","207.140.106.29","kiwiirc.com","TCP","158","[TCP Retransmission] 51308 > 443 [PSH, ACK] Seq=2170 Ack=41155 Win=130048 Len=104"
"750","1582753431.268252","207.140.106.29","kiwiirc.com","HTTP2","186","HEADERS[31]: GET /nextplugins/gatewayupdate.js?cb=1, WINDOW_UPDATE[31]"
"806","1582753431.509548","207.140.106.29","kiwiirc.com","TCP","186","[TCP Retransmission] 51308 > 443 [PSH, ACK] Seq=2274 Ack=41525 Win=131584 Len=132"
"987","1582753432.189362","207.140.106.29","kiwiirc.com","HTTP2","170","HEADERS[33]: GET /nextclient/static/themes/default/theme.css?cb=19, WINDOW_UPDATE[33]"
"1047","1582753432.394825","207.140.106.29","kiwiirc.com","HTTP2","236","HEADERS[35]: GET /nextclient/static/fonts/fontawesome-webfont.af7ae50.woff2, WINDOW_UPDATE[35]"
"1072","1582753432.446933","207.140.106.29","kiwiirc.com","TCP","352","[TCP Retransmission] 51308 > 443 [PSH, ACK] Seq=2406 Ack=41611 Win=131328 Len=298"
"1073","1582753432.467895","207.140.106.29","kiwiirc.com","HTTP2","293","HEADERS[37]: GET /nextclient/static/highlight.mp3, WINDOW_UPDATE[37]"
"1089","1582753432.518014","207.140.106.29","kiwiirc.com","HTTP2","214","HEADERS[39]: GET /nextclient/static/themes/common/base.css, WINDOW_UPDATE[39]"
"1092","1582753432.523386","207.140.106.29","kiwiirc.com","HTTP2","89","RST_STREAM[37]"
"1171","1582753432.775043","207.140.106.29","kiwiirc.com","TCP","488","[TCP Retransmission] 51308 > 443 [PSH, ACK] Seq=2704 Ack=82903 Win=131584 Len=434"
"1261","1582753433.225166","207.140.106.29","kiwiirc.com","HTTP2","168","HEADERS[41]: GET /nextclient/?sid=y734pigbbc7b&gatewayonly=1, WINDOW_UPDATE[41]"
"1497","1582753438.265361","207.140.106.29","kiwiirc.com","HTTP2","219","HEADERS[43]: GET /404/e12.json?h=943&w=1153&t=true&st=6157&mcnt=53&dcnt=1&v=visible&f=true&h=false&d=0&pl=0&lng=1&nick=MacoAlex, WINDOW_UPDATE[43]"
"2109","1582753497.381979","207.140.106.29","kiwiirc.com","HTTP2","93","PING[0]"
"2483","1582753555.525123","207.140.106.29","kiwiirc.com","HTTP2","93","PING[0]"
"2632","1582753590.308234","207.140.106.29","kiwiirc.com","HTTP2","583","HEADERS[45]: GET /shared/emoji/1f602.png, WINDOW_UPDATE[45]"
"2890","1582753648.565611","207.140.106.29","kiwiirc.com","HTTP2","93","PING[0]"
"3070","1582753706.600811","207.140.106.29","kiwiirc.com","HTTP2","93","PING[0]"
"3147","1582753715.574223","207.140.106.29","kiwiirc.com","HTTP2","154","HEADERS[47]: GET /shared/emoji/2764.png, WINDOW_UPDATE[47]"
"3152","1582753715.581346","207.140.106.29","kiwiirc.com","HTTP2","155","HEADERS[49]: GET /shared/emoji/1f611.png, WINDOW_UPDATE[49]"
"3154","1582753715.589272","207.140.106.29","kiwiirc.com","HTTP2","155","HEADERS[51]: GET /shared/emoji/1f605.png, WINDOW_UPDATE[51]"
"3156","1582753715.592021","207.140.106.29","kiwiirc.com","HTTP2","155","HEADERS[53]: GET /shared/emoji/1f606.png, WINDOW_UPDATE[53]"
"3157","1582753715.596234","207.140.106.29","kiwiirc.com","HTTP2","155","HEADERS[55]: GET /shared/emoji/1f613.png, WINDOW_UPDATE[55]"
"3158","1582753715.597783","207.140.106.29","kiwiirc.com","HTTP2","155","HEADERS[57]: GET /shared/emoji/1f620.png, WINDOW_UPDATE[57]"
"3159","1582753715.598842","207.140.106.29","kiwiirc.com","HTTP2","155","HEADERS[59]: GET /shared/emoji/1f622.png, WINDOW_UPDATE[59]"
"3160","1582753715.600772","207.140.106.29","kiwiirc.com","HTTP2","155","HEADERS[61]: GET /shared/emoji/1f607.png, WINDOW_UPDATE[61]"
"3161","1582753715.602293","207.140.106.29","kiwiirc.com","HTTP2","155","HEADERS[63]: GET /shared/emoji/1f61b.png, WINDOW_UPDATE[63]"
"3162","1582753715.604858","207.140.106.29","kiwiirc.com","HTTP2","155","HEADERS[65]: GET /shared/emoji/1f494.png, WINDOW_UPDATE[65]"
"3165","1582753715.608692","207.140.106.29","kiwiirc.com","HTTP2","155","HEADERS[67]: GET /shared/emoji/1f603.png, WINDOW_UPDATE[67]"
"3173","1582753715.616418","207.140.106.29","kiwiirc.com","HTTP2","155","HEADERS[69]: GET /shared/emoji/1f609.png, WINDOW_UPDATE[69]"
"3174","1582753715.618501","207.140.106.29","kiwiirc.com","HTTP2","155","HEADERS[71]: GET /shared/emoji/1f618.png, WINDOW_UPDATE[71]"
"3177","1582753715.622122","207.140.106.29","kiwiirc.com","HTTP2","155","HEADERS[73]: GET /shared/emoji/1f61c.png, WINDOW_UPDATE[73]"
"3183","1582753715.631392","207.140.106.29","kiwiirc.com","HTTP2","155","HEADERS[75]: GET /shared/emoji/1f61e.png, WINDOW_UPDATE[75]"
"3186","1582753715.633176","207.140.106.29","kiwiirc.com","HTTP2","155","HEADERS[77]: GET /shared/emoji/1f623.png, WINDOW_UPDATE[77]"
"3187","1582753715.636442","207.140.106.29","kiwiirc.com","HTTP2","155","HEADERS[79]: GET /shared/emoji/1f635.png, WINDOW_UPDATE[79]"
"3188","1582753715.639679","207.140.106.29","kiwiirc.com","HTTP2","155","HEADERS[81]: GET /shared/emoji/1f646.png, WINDOW_UPDATE[81]"
"3191","1582753715.644027","207.140.106.29","kiwiirc.com","HTTP2","155","HEADERS[83]: GET /shared/emoji/1f60e.png, WINDOW_UPDATE[83]"
"3196","1582753715.649194","207.140.106.29","kiwiirc.com","HTTP2","155","HEADERS[85]: GET /shared/emoji/1f615.png, WINDOW_UPDATE[85]"
"3197","1582753715.652904","207.140.106.29","kiwiirc.com","HTTP2","155","HEADERS[87]: GET /shared/emoji/1f62e.png, WINDOW_UPDATE[87]"
"3200","1582753715.658134","207.140.106.29","kiwiirc.com","HTTP2","155","HEADERS[89]: GET /shared/emoji/1f636.png, WINDOW_UPDATE[89]"
"3206","1582753715.664478","207.140.106.29","kiwiirc.com","HTTP2","155","HEADERS[91]: GET /shared/emoji/1f642.png, WINDOW_UPDATE[91]"
"3207","1582753715.667505","207.140.106.29","kiwiirc.com","HTTP2","155","HEADERS[93]: GET /shared/emoji/1f44d.png, WINDOW_UPDATE[93]"
"3208","1582753715.672080","207.140.106.29","kiwiirc.com","HTTP2","155","HEADERS[95]: GET /shared/emoji/1f628.png, WINDOW_UPDATE[95]"
"3211","1582753715.675558","207.140.106.29","kiwiirc.com","HTTP2","155","HEADERS[97]: GET /shared/emoji/1f633.png, WINDOW_UPDATE[97]"
==== Initiated Capture At 13:41:20.41 on the Wed 02/26/2020 ====
Initialized at 13:41:20.44 on the Wed 02/26/2020
Host Name: BULLOCK-PC
OS Name: Microsoft Windows 10 Pro
OS Version: 10.0.17763 N/A Build 17763
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Workstation
OS Build Type: Multiprocessor Free
Registered Owner: BullockPC
Registered Organization:
Product ID: 00330-81470-29136-AA581
Original Install Date: 12/3/2019, 12:37:23 PM
System Boot Time: 2/24/2020, 5:41:55 PM
System Manufacturer: TOSHIBA
System Model: Satellite A215
System Type: x64-based PC
Processor(s): 1 Processor(s) Installed.
[01]: AMD64 Family 15 Model 104 Stepping 1 AuthenticAMD ~1800 Mhz
BIOS Version: Phoenix Technologies LTD 2.00 , 1/25/2010
Windows Directory: C:\Windows
System Directory: C:\Windows\system32
Boot Device: \Device\HarddiskVolume1
System Locale: en-us;English (United States)
Input Locale: en-us;English (United States)
Time Zone: (UTC-08:00) Pacific Time (US & Canada)
Total Physical Memory: 1,918 MB
Available Physical Memory: 883 MB
Virtual Memory: Max Size: 2,686 MB
Virtual Memory: Available: 1,303 MB
Virtual Memory: In Use: 1,383 MB
Page File Location(s): C:\pagefile.sys
Domain: WORKGROUP
Logon Server: \\BULLOCK-PC
Hotfix(s): 7 Hotfix(s) Installed.
[01]: KB4534131
[02]: KB4465065
[03]: KB4486153
[04]: KB4516115
[05]: KB4523204
[06]: KB4537759
[07]: KB4532691
Network Card(s): 2 NIC(s) Installed.
[01]: Realtek PCIe FE Family Controller
Connection Name: Ethernet
DHCP Enabled: No
IP address(es)
[01]: 207.140.106.30
[02]: fe80::2412:b02c:f38:9608
[02]: Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter
Connection Name: Wi-Fi
Status: Hardware not present
Hyper-V Requirements: VM Monitor Mode Extensions: Yes
Virtualization Enabled In Firmware: Yes
Second Level Address Translation: No
Data Execution Prevention Available: Yes
==== Initiated IP-Config At 13:41:30.77 on the Wed 02/26/2020 ====
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:135 Bullock-PC:0 LISTENING
TCP 0.0.0.0:445 Bullock-PC:0 LISTENING
TCP 0.0.0.0:5040 Bullock-PC:0 LISTENING
TCP 0.0.0.0:5357 Bullock-PC:0 LISTENING
TCP 0.0.0.0:49664 Bullock-PC:0 LISTENING
TCP 0.0.0.0:49665 Bullock-PC:0 LISTENING
TCP 0.0.0.0:49666 Bullock-PC:0 LISTENING
TCP 0.0.0.0:49667 Bullock-PC:0 LISTENING
TCP 0.0.0.0:49668 Bullock-PC:0 LISTENING
TCP 0.0.0.0:49669 Bullock-PC:0 LISTENING
TCP 207.140.106.30:139 Bullock-PC:0 LISTENING
TCP 207.140.106.30:50104 52.242.211.89:https ESTABLISHED
TCP 207.140.106.30:50112 72.21.91.29:http CLOSE_WAIT
==== Initiated Set SSL Key Log At 13:43:34.04 on the Wed 02/26/2020 ====
Set SSLKEYLOGFILE at 13:43:34.41
Trace configuration:
-------------------------------------------------------------------
Status: Running
Trace File: KB-20200226.etl
Append: Off
Circular: On
Max Size: 250 MB
Report: Off
Trace started at: 13:43:37.25
Ping ran for self synchronization. TTL set at 3.
Pinging 207.140.106.1 with 32 bytes of data:
Reply from 207.140.106.1: bytes=32 time=1ms TTL=255
Reply from 207.140.106.1: bytes=32 time=1ms TTL=255
Reply from 207.140.106.1: bytes=32 time=1ms TTL=255
Ping statistics for 207.140.106.1:
Packets: Sent = 3, Received = 3, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 1ms, Average = 1ms
Browers started for "https://kiwiirc.com/nextclient/".
Keylogger started at: 13:43:40.19
Reverted SSL Keylog variable at 13:48:57.99
==== Initiated netsh merge At 13:48:58.22 on the Wed 02/26/2020 ====
Finished Merge at 13:52:33.91
==== Initiated Exiting At 13:53:02.95 on the Wed 02/26/2020 ====
This diff is collapsed.
No.,Time,Source,Destination,Protocol,Length,Info
1794,1582753444.93057,207.140.106.30,do-a.clients.kiwiirc.com,HTTP,60,GET /webirc/kiwiirc/318/rvoprdbk/websocket?sid=2srvel5m7nok8&p=4 HTTP/1.1
1790,1582753444.84507,207.140.106.30,do-a.clients.kiwiirc.com,TLSv1.2,60,Client Hello
1842,1582753448.30520,207.140.106.30,do-a.clients.kiwiirc.com,WebSocket,175,WebSocket Text [FIN] [MASKED]
3560,1582753704.44381,207.140.106.30,do-a.clients.kiwiirc.com,WebSocket,163,WebSocket Text [FIN] [MASKED]
3470,1582753675.78534,207.140.106.30,do-a.clients.kiwiirc.com,WebSocket,156,WebSocket Text [FIN] [MASKED]
3143,1582753599.90929,207.140.106.30,do-a.clients.kiwiirc.com,WebSocket,147,WebSocket Text [FIN] [MASKED]
3594,1582753714.87946,207.140.106.30,do-a.clients.kiwiirc.com,WebSocket,144,WebSocket Text [FIN] [MASKED]
2447,1582753522.59020,207.140.106.30,do-a.clients.kiwiirc.com,WebSocket,142,WebSocket Text [FIN] [MASKED]
2662,1582753552.43199,207.140.106.30,do-a.clients.kiwiirc.com,WebSocket,141,WebSocket Text [FIN] [MASKED]
1807,1582753445.19769,207.140.106.30,do-a.clients.kiwiirc.com,WebSocket,137,WebSocket Text [FIN] [MASKED]
2256,1582753495.05226,207.140.106.30,do-a.clients.kiwiirc.com,WebSocket,132,WebSocket Text [FIN] [MASKED]
2290,1582753498.17069,207.140.106.30,do-a.clients.kiwiirc.com,WebSocket,132,WebSocket Text [FIN] [MASKED]
2414,1582753516.93406,207.140.106.30,do-a.clients.kiwiirc.com,WebSocket,132,WebSocket Text [FIN] [MASKED]
2435,1582753520.10544,207.140.106.30,do-a.clients.kiwiirc.com,WebSocket,132,WebSocket Text [FIN] [MASKED]
2553,1582753541.21798,207.140.106.30,do-a.clients.kiwiirc.com,WebSocket,132,WebSocket Text [FIN] [MASKED]
2568,1582753544.53487,207.140.106.30,do-a.clients.kiwiirc.com,WebSocket,132,WebSocket Text [FIN] [MASKED]
2852,1582753576.79475,207.140.106.30,do-a.clients.kiwiirc.com,WebSocket,132,WebSocket Text [FIN] [MASKED]
3102,1582753592.11570,207.140.106.30,do-a.clients.kiwiirc.com,WebSocket,132,WebSocket Text [FIN] [MASKED]
3119,1582753595.29198,207.140.106.30,do-a.clients.kiwiirc.com,WebSocket,132,WebSocket Text [FIN] [MASKED]
3140,1582753598.37732,207.140.106.30,do-a.clients.kiwiirc.com,WebSocket,132,WebSocket Text [FIN] [MASKED]
3348,1582753643.34139,207.140.106.30,do-a.clients.kiwiirc.com,WebSocket,132,WebSocket Text [FIN] [MASKED]
3403,1582753662.46012,207.140.106.30,do-a.clients.kiwiirc.com,WebSocket,132,WebSocket Text [FIN] [MASKED]
3414,1582753665.59049,207.140.106.30,do-a.clients.kiwiirc.com,WebSocket,132,WebSocket Text [FIN] [MASKED]
3433,1582753668.66901,207.140.106.30,do-a.clients.kiwiirc.com,WebSocket,132,WebSocket Text [FIN] [MASKED]
3464,1582753673.91410,207.140.106.30,do-a.clients.kiwiirc.com,WebSocket,132,WebSocket Text [FIN] [MASKED]
3515,1582753693.43837,207.140.106.30,do-a.clients.kiwiirc.com,WebSocket,132,WebSocket Text [FIN] [MASKED]
3527,1582753696.58403,207.140.106.30,do-a.clients.kiwiirc.com,WebSocket,132,WebSocket Text [FIN] [MASKED]
3546,1582753699.60266,207.140.106.30,do-a.clients.kiwiirc.com,WebSocket,132,WebSocket Text [FIN] [MASKED]
3553,1582753702.61780,207.140.106.30,do-a.clients.kiwiirc.com,WebSocket,132,WebSocket Text [FIN] [MASKED]
3576,1582753709.27622,207.140.106.30,do-a.clients.kiwiirc.com,WebSocket,132,WebSocket Text [FIN] [MASKED]
3586,1582753712.43163,207.140.106.30,do-a.clients.kiwiirc.com,WebSocket,132,WebSocket Text [FIN] [MASKED]
2298,1582753499.54264,207.140.106.30,do-a.clients.kiwiirc.com,WebSocket,129,WebSocket Text [FIN] [MASKED]
3393,1582753657.80043,207.140.106.30,do-a.clients.kiwiirc.com,WebSocket,128,WebSocket Text [FIN] [MASKED]
2105,1582753475.21580,207.140.106.30,do-a.clients.kiwiirc.com,WebSocket,123,WebSocket Text [FIN] [MASKED]
2340,1582753505.23046,207.140.106.30,do-a.clients.kiwiirc.com,WebSocket,123,WebSocket Text [FIN] [MASKED]
2516,1582753535.24526,207.140.106.30,do-a.clients.kiwiirc.com,WebSocket,123,WebSocket Text [FIN] [MASKED]
2783,1582753565.28659,207.140.106.30,do-a.clients.kiwiirc.com,WebSocket,123,WebSocket Text [FIN] [MASKED]
3120,1582753595.29314,207.140.106.30,do-a.clients.kiwiirc.com,WebSocket,123,WebSocket Text [FIN] [MASKED]
3276,1582753625.30556,207.140.106.30,do-a.clients.kiwiirc.com,WebSocket,123,WebSocket Text [FIN] [MASKED]
3386,1582753655.32142,207.140.106.30,do-a.clients.kiwiirc.com,WebSocket,123,WebSocket Text [FIN] [MASKED]
3497,1582753685.33965,207.140.106.30,do-a.clients.kiwiirc.com,WebSocket,123,WebSocket Text [FIN] [MASKED]
3597,1582753715.34119,207.140.106.30,do-a.clients.kiwiirc.com,WebSocket,123,WebSocket Text [FIN] [MASKED]
3098,1582753590.88435,207.140.106.30,do-a.clients.kiwiirc.com,WebSocket,122,WebSocket Text [FIN] [MASKED]
1803,1582753445.18060,207.140.106.30,do-a.clients.kiwiirc.com,WebSocket,119,WebSocket Text [FIN] [MASKED]
1806,1582753445.19597,207.140.106.30,do-a.clients.kiwiirc.com,WebSocket,112,WebSocket Text [FIN] [MASKED]
1861,1582753448.80201,207.140.106.30,do-a.clients.kiwiirc.com,WebSocket,111,WebSocket Text [FIN] [MASKED]
1799,1582753445.02110,207.140.106.30,do-a.clients.kiwiirc.com,WebSocket,109,WebSocket Text [FIN] [MASKED]
1804,1582753445.18371,207.140.106.30,do-a.clients.kiwiirc.com,WebSocket,109,WebSocket Text [FIN] [MASKED]
1843,1582753448.30809,207.140.106.30,do-a.clients.kiwiirc.com,WebSocket,109,WebSocket Text [FIN] [MASKED]
1862,1582753448.80640,207.140.106.30,do-a.clients.kiwiirc.com,WebSocket,108,WebSocket Text [FIN] [MASKED]
1882,1582753449.53712,207.140.106.30,do-a.clients.kiwiirc.com,WebSocket,108,WebSocket Text [FIN] [MASKED]
1888,1582753449.55666,207.140.106.30,do-a.clients.kiwiirc.com,WebSocket,107,WebSocket Text [FIN] [MASKED]
1805,1582753445.19080,207.140.106.30,do-a.clients.kiwiirc.com,WebSocket,106,WebSocket Text [FIN] [MASKED]
1793,1582753444.92467,207.140.106.30,do-a.clients.kiwiirc.com,TLSv1.2,105,"Change Cipher Spec, Finished"
1849,1582753448.53544,207.140.106.30,do-a.clients.kiwiirc.com,WebSocket,103,WebSocket Text [FIN] [MASKED]
1800,1582753445.02216,207.140.106.30,do-a.clients.kiwiirc.com,WebSocket,95,WebSocket Text [FIN] [MASKED]
3691,1582753734.35061,207.140.106.30,do-a.clients.kiwiirc.com,WebSocket,89,WebSocket Connection Close [FIN] [MASKED]
3696,1582753734.42532,207.140.106.30,do-a.clients.kiwiirc.com,TLSv1.2,85,"Alert (Level: Warning, Description: Close Notify)"
1784,1582753444.76492,207.140.106.30,do-a.clients.kiwiirc.com,TCP,66,50432 > 443 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM=1
3697,1582753734.42536,207.140.106.30,do-a.clients.kiwiirc.com,TCP,54,"50432 > 443 [FIN, ACK] Seq=5290 Ack=7221 Win=130560 Len=0"
This diff is collapsed.
This diff is collapsed.
"No.","Time","Source","Destination","Protocol","Length","Info"
"154","1582753428.187484","207.140.106.30","kiwiirc.com","TCP","66","50400 > 443 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM=1"
"160","1582753428.203945","207.140.106.30","kiwiirc.com","TLSv1.3","571","Client Hello"
"179","1582753428.265969","207.140.106.30","kiwiirc.com","TLSv1.3","118","Change Cipher Spec, Finished"
"180","1582753428.267109","207.140.106.30","kiwiirc.com","HTTP2","224","Magic, SETTINGS[0], WINDOW_UPDATE[0], PRIORITY[3], PRIORITY[5], PRIORITY[7], PRIORITY[9], PRIORITY[11], PRIORITY[13]"
"181","1582753428.267247","207.140.106.30","kiwiirc.com","HTTP2","470","HEADERS[15]: GET /nextclient/, WINDOW_UPDATE[15]"
"204","1582753428.441705","207.140.106.30","kiwiirc.com","HTTP2","85","SETTINGS[0]"
"330","1582753430.045327","207.140.106.30","kiwiirc.com","HTTP2","199","HEADERS[17]: GET /nextclient/static/js/vendor.b8fc3daf635799c3ec19.js, WINDOW_UPDATE[17]"
"331","1582753430.046095","207.140.106.30","kiwiirc.com","HTTP2","169","HEADERS[19]: GET /nextclient/static/js/app.eb379d806b0e478cd3fd.js, WINDOW_UPDATE[19]"
"339","1582753430.078628","207.140.106.30","kiwiirc.com","HTTP2","219","HEADERS[21]: GET /nextclient/static/css/app.ddaae50186c736b3376a18233a202c99.css, WINDOW_UPDATE[21]"
"346","1582753430.162314","207.140.106.30","kiwiirc.com","HTTP2","196","HEADERS[23]: GET /nextclient/static/js/manifest.c1c488558af5cca6da40.js, WINDOW_UPDATE[23]"
"439","1582753430.523021","207.140.106.30","kiwiirc.com","TCP","361","[TCP Retransmission] 50400 > 443 [PSH, ACK] Seq=1459 Ack=83175 Win=130048 Len=307"
"1239","1582753436.096208","207.140.106.30","kiwiirc.com","HTTP2","184","HEADERS[25]: GET /nextplugins/fileuploader.js?cb=20, WINDOW_UPDATE[25]"
"1405","1582753438.957085","207.140.106.30","kiwiirc.com","HTTP2","181","HEADERS[27]: GET /nextplugins/location.js?cb=17, WINDOW_UPDATE[27]"
"1498","1582753439.099400","207.140.106.30","kiwiirc.com","HTTP2","159","HEADERS[29]: GET /nextplugins/gatewayupdate.js?cb=1, WINDOW_UPDATE[29]"
"1549","1582753440.528087","207.140.106.30","kiwiirc.com","HTTP2","194","HEADERS[31]: GET /nextclient/static/themes/default/theme.css?cb=19, WINDOW_UPDATE[31]"
"1552","1582753441.239909","207.140.106.30","kiwiirc.com","HTTP2","235","HEADERS[33]: GET /nextclient/static/fonts/fontawesome-webfont.af7ae50.woff2, WINDOW_UPDATE[33]"
"1554","1582753441.385209","207.140.106.30","kiwiirc.com","HTTP2","291","HEADERS[35]: GET /nextclient/static/highlight.mp3, WINDOW_UPDATE[35]"
"1555","1582753441.386770","207.140.106.30","kiwiirc.com","HTTP2","212","HEADERS[37]: GET /nextclient/static/themes/common/base.css, WINDOW_UPDATE[37]"
"1569","1582753441.501835","207.140.106.30","kiwiirc.com","HTTP2","89","RST_STREAM[35]"
"1585","1582753441.781552","207.140.106.30","kiwiirc.com","HTTP2","167","HEADERS[39]: GET /nextclient/?sid=2srvel5m7nok8&gatewayonly=1, WINDOW_UPDATE[39]"
"1725","1582753443.996184","207.140.106.30","kiwiirc.com","HTTP2","232","HEADERS[41]: GET /404/e12.json?h=1063&w=928&t=true&st=3730&mcnt=14&dcnt=1&v=visible&f=true&h=false&d=0&pl=0&lng=1&nick=MacoBullock, WINDOW_UPDATE[41]"
"2313","1582753503.367364","207.140.106.30","kiwiirc.com","HTTP2","93","PING[0]"
"2768","1582753561.555085","207.140.106.30","kiwiirc.com","HTTP2","93","PING[0]"
"2861","1582753579.743109","207.140.106.30","kiwiirc.com","HTTP2","567","HEADERS[43]: GET /shared/emoji/2764.png, WINDOW_UPDATE[43]"
"2863","1582753579.756864","207.140.106.30","kiwiirc.com","HTTP2","153","HEADERS[45]: GET /shared/emoji/1f611.png, WINDOW_UPDATE[45]"
"2875","1582753579.917419","207.140.106.30","kiwiirc.com","HTTP2","153","HEADERS[47]: GET /shared/emoji/1f602.png, WINDOW_UPDATE[47]"
"2876","1582753579.926950","207.140.106.30","kiwiirc.com","HTTP2","153","HEADERS[49]: GET /shared/emoji/1f605.png, WINDOW_UPDATE[49]"
"2878","1582753579.950418","207.140.106.30","kiwiirc.com","HTTP2","153","HEADERS[51]: GET /shared/emoji/1f606.png, WINDOW_UPDATE[51]"
"2893","1582753579.988269","207.140.106.30","kiwiirc.com","HTTP2","153","HEADERS[53]: GET /shared/emoji/1f613.png, WINDOW_UPDATE[53]"
"2907","1582753580.039321","207.140.106.30","kiwiirc.com","HTTP2","153","HEADERS[55]: GET /shared/emoji/1f620.png, WINDOW_UPDATE[55]"
"2908","1582753580.058019","207.140.106.30","kiwiirc.com","HTTP2","153","HEADERS[57]: GET /shared/emoji/1f622.png, WINDOW_UPDATE[57]"
"2922","1582753580.117544","207.140.106.30","kiwiirc.com","HTTP2","153","HEADERS[59]: GET /shared/emoji/1f607.png, WINDOW_UPDATE[59]"
"2930","1582753580.173878","207.140.106.30","kiwiirc.com","HTTP2","153","HEADERS[61]: GET /shared/emoji/1f61b.png, WINDOW_UPDATE[61]"
"2931","1582753580.199357","207.140.106.30","kiwiirc.com","HTTP2","153","HEADERS[63]: GET /shared/emoji/1f494.png, WINDOW_UPDATE[63]"
"2934","1582753580.207333","207.140.106.30","kiwiirc.com","HTTP2","153","HEADERS[65]: GET /shared/emoji/1f603.png, WINDOW_UPDATE[65]"
"2941","1582753580.228252","207.140.106.30","kiwiirc.com","HTTP2","153","HEADERS[67]: GET /shared/emoji/1f609.png, WINDOW_UPDATE[67]"
"2944","1582753580.238638","207.140.106.30","kiwiirc.com","HTTP2","153","HEADERS[69]: GET /shared/emoji/1f618.png, WINDOW_UPDATE[69]"
"2952","1582753580.250962","207.140.106.30","kiwiirc.com","HTTP2","153","HEADERS[71]: GET /shared/emoji/1f61c.png, WINDOW_UPDATE[71]"
"2954","1582753580.257055","207.140.106.30","kiwiirc.com","HTTP2","153","HEADERS[73]: GET /shared/emoji/1f61e.png, WINDOW_UPDATE[73]"
"2973","1582753580.308660","207.140.106.30","kiwiirc.com","HTTP2","153","HEADERS[75]: GET /shared/emoji/1f623.png, WINDOW_UPDATE[75]"
"2990","1582753580.361856","207.140.106.30","kiwiirc.com","HTTP2","153","HEADERS[77]: GET /shared/emoji/1f635.png, WINDOW_UPDATE[77]"
"2991","1582753580.383884","207.140.106.30","kiwiirc.com","HTTP2","153","HEADERS[79]: GET /shared/emoji/1f646.png, WINDOW_UPDATE[79]"
"2994","1582753580.394541","207.140.106.30","kiwiirc.com","HTTP2","153","HEADERS[81]: GET /shared/emoji/1f60e.png, WINDOW_UPDATE[81]"
"2997","1582753580.401031","207.140.106.30","kiwiirc.com","HTTP2","153","HEADERS[83]: GET /shared/emoji/1f615.png, WINDOW_UPDATE[83]"
"3009","1582753580.426277","207.140.106.30","kiwiirc.com","HTTP2","153","HEADERS[85]: GET /shared/emoji/1f62e.png, WINDOW_UPDATE[85]"
"3022","1582753580.466640","207.140.106.30","kiwiirc.com","HTTP2","153","HEADERS[87]: GET /shared/emoji/1f636.png, WINDOW_UPDATE[87]"
"3028","1582753580.490295","207.140.106.30","kiwiirc.com","HTTP2","153","HEADERS[89]: GET /shared/emoji/1f642.png, WINDOW_UPDATE[89]"
"3039","1582753580.533511","207.140.106.30","kiwiirc.com","HTTP2","153","HEADERS[91]: GET /shared/emoji/1f44d.png, WINDOW_UPDATE[91]"
"3040","1582753580.541624","207.140.106.30","kiwiirc.com","HTTP2","153","HEADERS[93]: GET /shared/emoji/1f628.png, WINDOW_UPDATE[93]"
"3041","1582753580.549053","207.140.106.30","kiwiirc.com","HTTP2","153","HEADERS[95]: GET /shared/emoji/1f633.png, WINDOW_UPDATE[95]"
"3329","1582753638.664631","207.140.106.30","kiwiirc.com","HTTP2","93","PING[0]"
"3530","1582753696.742833","207.140.106.30","kiwiirc.com","HTTP2","93","PING[0]"
"3703","1582753734.576287","207.140.106.30","kiwiirc.com","HTTP2","93","GOAWAY[0]"
"3708","1582753734.577854","207.140.106.30","kiwiirc.com","TLSv1.3","78","Alert (Level: Warning, Description: Close Notify)"
"3709","1582753734.577896","207.140.106.30","kiwiirc.com","TCP","54","50400 > 443 [FIN, ACK] Seq=6476 Ack=446629 Win=131328 Len=0"
@ECHO OFF
pushd "%~dp0"
:: ===================================================================
:: Simple Auto Capture Setup Script
SET Ver=1.0
:: Programmed by Jeana M. Verkempinck
:: MACO 2020 - Metadata Analysis Capstone
::
:: Designed to prep and tear-down Windows user enviorment to packet
:: capture using netsh trace to .etl files.
::
:: Also, to capture of SSL key logs from Chrome and Firefox.
::
:: ===================================================================
SET URL=NA
SET MiURL=N
SET FiOwn=N
SET Tfp=NA
TITLE AutoCapture %Ver
openfiles>nul 2>&1
if %errorlevel% EQU 0 GOTO BEGIN
CALL :BYE A
:DspTitle
CLS
ECHO ************************************************************
ECHO Simple Auto Capture Setup Script
ECHO Version %Ver%
ECHO ************************************************************
IF NOT [%1]==[] (
ECHO %*
ECHO ************************************************************
)
ECHO.
GOTO :EOF
:FiSelect
CALL :DspTitle Client Choice
CHOICE /C ABM /M "Select client currently in use: "
IF ERRORLEVEL 1 SET FiOwn=A
IF ERRORLEVEL 2 SET FiOwn=B
IF ERRORLEVEL 3 SET FiOwn=C
GOTO :EOF
:URLCHOICE
:: Select which site to initiate test with on Firefox:
CALL :DspTitle Choose URL
ECHO F - Facebook
ECHO K - Kiwi (IRC)
ECHO G - Google
CHOICE /C FKG /M "Select the site to use: "
IF ERRORLEVEL 1 SET MiURL=F&& SET URL="https://www.facebook.com/messages/"
IF ERRORLEVEL 2 SET MiURL=K&& SET URL="https://kiwiirc.com/nextclient/"
IF ERRORLEVEL 3 SET MiURL=G&& SET URL="https://hangouts.google.com/"
GOTO :EOF
:SetOut
CALL :DspTitle Verify Logfile
SET Tfp=%MiURL%%FiOwn%-%date:~10,4%%date:~4,2%%date:~7,2%
ECHO Directory to store: %userprofile%\Desktop\%Tfp%\
ECHO.
SET /P Tfp=Filename is currently %Tfp%, type in new filename or [ENTER] to continue: || SET Tfp=%Tfp%
GOTO :EOF
:LogBreak