Edit tour

Windows Analysis Report
http://proftrafficcounter.com

Overview

General Information

Sample URL:	http://proftrafficcounter.com
Analysis ID:	1544854
Infos:

Detection

Score:	20
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

AI detected suspicious URL

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 4780 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6072 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1916,i,17807868710430920358,7715825273349590589,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6036 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://proftrafficcounter.com" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: https://proftrafficcounter.com/

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.8:49728 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: proftrafficcounter.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: proftrafficcounter.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://proftrafficcounter.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: proftrafficcounter.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net

Source: global traffic	DNS traffic detected: DNS query: proftrafficcounter.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Tue, 29 Oct 2024 18:21:05 GMTContent-Type: text/htmlContent-Length: 555Connection: closeServer: nginx/1.21.6

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.8:49728 version: TLS 1.2

Source: classification engine

Classification label: sus20.win@17/11@8/6

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1916,i,17807868710430920358,7715825273349590589,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://proftrafficcounter.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1916,i,17807868710430920358,7715825273349590589,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Persistence and Installation Behavior

AI detected suspicious URL

Source: Email

JoeBoxAI: AI detected suspicious URL: URL: http://proftrafficcounter.com

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.214.172	true	false	unknown
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true	false	unknown
www.google.com	142.250.186.100	true	false	unknown
proftrafficcounter.com	3.123.58.60	true	true	unknown
default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com	217.20.57.34	true	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://proftrafficcounter.com/favicon.ico	false		unknown
https://proftrafficcounter.com/	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
18.185.36.251	unknown	United States	16509	AMAZON-02US	false
3.123.58.60	proftrafficcounter.com	United States	16509	AMAZON-02US	true
142.250.186.100	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.11
192.168.2.8

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1544854
Start date and time:	2024-10-29 19:19:57 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 25s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://proftrafficcounter.com
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	SUS
Classification:	sus20.win@17/11@8/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.78, 66.102.1.84, 142.250.181.227, 34.104.35.123, 4.245.163.56, 217.20.57.34, 13.85.23.206, 20.3.187.198, 93.184.221.240, 142.250.186.131, 88.221.110.91, 2.16.100.168
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.afd.azureedge.net, clientservices.googleapis.com, a767.dspw65.akamai.net, wu.azureedge.net, clients2.google.com, glb.cws.prod.dcat.dsp.trafficmanager.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, fs.microsoft.com, accounts.google.com, ctldl.windowsupdate.com.delivery.microsoft.com, otelrules.azureedge.net, wu.ec.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, azureedge-t-prod.trafficmanager.net, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://proftrafficcounter.com

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 17:21:04 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9843572047575733
Encrypted:	false
SSDEEP:	48:8BN0dQTUofHDidAKZdA1oehwiZUklqehly+3:8BN/vEqy
MD5:	37146337A2E33A9E31E7C70A497A0808
SHA1:	15AE778BB32E5CE30336EF5CE8F3A7933CEE4C04
SHA-256:	92F3D0AEB6ACACCED88385BBF4D867309A8300826BA96028B374B66F5046F8D9
SHA-512:	0DD31C6D22A2B80F309EB8379046604E930CBCD420BAF27134AE2DF5B16171F000AAEBF9D402A606CFD5915651BA37D1DE273DB8E4B79F0161E21BAECE00F5A2
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....u.P/..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I]Y......B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V]Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V]Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V]Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............r.5.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 17:21:04 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9990812905858903
Encrypted:	false
SSDEEP:	48:810dQTUofHDidAKZdA1leh/iZUkAQkqehay+2:81/v29Qny
MD5:	F3A1BD79EA273B7A254DAE842FCEA8CB
SHA1:	D278E03D02E9D2505BC178B298881DDA63550A04
SHA-256:	1143E5124C6B47A75416C18DC1102D2ACD13F1B458B8F7E3D4F4BFE58AEC18C1
SHA-512:	4B40298552C420100E4500A919BFFEF5467AB26DAC682CB21B94C694ABF69C663B3710BC81E75B09B3DE00F9F11A6C7B944FD9973E62C568E8298A2ECF27A55B
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....71.P/..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I]Y......B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V]Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V]Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V]Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............r.5.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:00:51 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.011294066806611
Encrypted:	false
SSDEEP:	48:890dQTUobHDidAKZdA14t5eh7sFiZUkmgqeh7sMy+BX:89/vynmy
MD5:	0E0F95FCEBE82CCFE345AB8275D74004
SHA1:	69CED009AB5E73BDC96F4D558DFC906CC4BB2AB2
SHA-256:	BA1698770527336EDC37CB23475E785C3001CB2DDDD91B751A8CC9C350047954
SHA-512:	777DEF569ED948D9758589F35D6811DD59758A5D63F6BCC7844C31D6BE69F8D96200B083071C9BAB1A34D232616B3A51684EFA905DDD954A11C96ABA4D0603A9
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....C..b...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I]Y......B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V]Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V]Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VEW.@...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............r.5.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 17:21:04 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9972469606274723
Encrypted:	false
SSDEEP:	48:8q0dQTUofHDidAKZdA16ehDiZUkwqehey+R:8q/vtky
MD5:	D79A297193F8D7848A708ED6CABB25CF
SHA1:	D249A0AC80E06B81779DB83197757083C05E4639
SHA-256:	915D58E8A6B73E232052737211551787F1CF035A7EF2009263519015A7211A2F
SHA-512:	5F597284CD098FBA46D1E83EC023E5120FE024DFEE552BB2B1C9F4D041BCA3C16ACCC7325F9051A6A38C3FBCEA0ECC9FB7ACD2AD168FDA44132ABA84588DEB46
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....dj.P/..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I]Y......B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V]Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V]Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V]Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............r.5.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 17:21:04 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9864814925894354
Encrypted:	false
SSDEEP:	48:860dQTUofHDidAKZdA1UehBiZUk1W1qehoy+C:86/vN9Iy
MD5:	5828C00C7CB010324BD7559DBAA555DE
SHA1:	61254D36B5A9505ABFCF56CF484FA3C3407005D7
SHA-256:	1A8C7AF6A6146C8AE1B9B6AAEE78A93D74C09E8B89F68F3075D35095E15BCCCC
SHA-512:	D9CD8363D5D07F4ABDEEAA2EE8CBA5B54417EAC220035B09C55A2A41F60397403A1113E7E380D45229606EB541811FA5CB9E20E86E022F088322FC80FA2CFA3B
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....@A.P/..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I]Y......B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V]Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V]Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V]Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............r.5.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 17:21:03 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.9962142407818892
Encrypted:	false
SSDEEP:	48:8G0dQTUofHDidAKZdA1duTrehOuTbbiZUk5OjqehOuTbmy+yT+:8G/vKTYTbxWOvTbmy7T
MD5:	AF8E28D0EE7F75C6E0342232BE47DFA9
SHA1:	5B874C4FB220E1B416D62319205179639642EBBF
SHA-256:	B3999D63B3AD3045972968DECC5A2F66BA08BA02902BDA8C5B237C1FDA94775F
SHA-512:	B76B4B4E994587D87B09E5C9FDF3361AACA25954533E746FC28AD409BD7A2DB0DDB5B09451B992C41335FF4E21B8BC02838549DB58E05E8CDC36D24957E33F7C
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,...."PyP/..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I]Y......B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V]Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V]Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V]Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............r.5.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 59

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	7
Entropy (8bit):	2.8073549220576046
Encrypted:	false
SSDEEP:	3:Nn:Nn
MD5:	D02A42D9CB3DEC9320E5F550278911C7
SHA1:	2BA3A0D7878316DE5AAA6EED7FAED9E4BA4E9F09
SHA-256:	053233181F82273590A596E2A6897CE3FDE944E9942C0FB9802F495738FCCF66
SHA-512:	BBF7C109ABE4957E9282EF516AF1EDB5D894FF91B0E26824FD9A148F92FF4AEFCFB246373595A57F5C0E03B280778F6990DFBBC4ACDDBB91533DBC2EA86D32E8
Malicious:	false
Reputation:	low
Preview:	favicon

Chrome Cache Entry: 60

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	7
Entropy (8bit):	2.8073549220576046
Encrypted:	false
SSDEEP:	3:Nn:Nn
MD5:	D02A42D9CB3DEC9320E5F550278911C7
SHA1:	2BA3A0D7878316DE5AAA6EED7FAED9E4BA4E9F09
SHA-256:	053233181F82273590A596E2A6897CE3FDE944E9942C0FB9802F495738FCCF66
SHA-512:	BBF7C109ABE4957E9282EF516AF1EDB5D894FF91B0E26824FD9A148F92FF4AEFCFB246373595A57F5C0E03B280778F6990DFBBC4ACDDBB91533DBC2EA86D32E8
Malicious:	false
Reputation:	low
URL:	https://proftrafficcounter.com/favicon.ico
Preview:	favicon

Chrome Cache Entry: 61

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	555
Entropy (8bit):	4.712829248003797
Encrypted:	false
SSDEEP:	12:TvgsoCVIogs01lI5rutNGlTF5TF5TF5TF5TF5TFK:cEQtnQTPTPTPTPTPTc
MD5:	8C976DB3FB949415BBF739E5D9D49767
SHA1:	49BD832A90687B706D2EA2FB9BC2913914D7CCCE
SHA-256:	45A20E206CE288D80C4E70F68A1BF83674895E2C7DD180DC428B268B6C0540D2
SHA-512:	B27A72CF7B08739F9EFCF7240ECA1171F231874E809F3CFC5EA39761D2E841DE8C1860D2288ECD11C6BE55285C90BA17E44941B706495CEF490ACC09F991D9AD
Malicious:	false
Reputation:	low
URL:	https://proftrafficcounter.com/
Preview:	<html>..<head><title>403 Forbidden</title></head>..<body>..<center><h1>403 Forbidden</h1></center>..<hr><center>nginx/1.21.6</center>..</body>..</html>.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->..

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 29, 2024 19:20:54.688479900 CET	49673	443	192.168.2.8	23.206.229.226
Oct 29, 2024 19:20:55.032183886 CET	49672	443	192.168.2.8	23.206.229.226
Oct 29, 2024 19:20:57.579134941 CET	49676	443	192.168.2.8	52.182.143.211
Oct 29, 2024 19:21:00.204148054 CET	49677	80	192.168.2.8	192.229.211.108
Oct 29, 2024 19:21:03.676800013 CET	49709	80	192.168.2.8	3.123.58.60
Oct 29, 2024 19:21:03.676958084 CET	49710	80	192.168.2.8	3.123.58.60
Oct 29, 2024 19:21:03.683145046 CET	80	49709	3.123.58.60	192.168.2.8
Oct 29, 2024 19:21:03.683253050 CET	80	49710	3.123.58.60	192.168.2.8
Oct 29, 2024 19:21:03.683331013 CET	49709	80	192.168.2.8	3.123.58.60
Oct 29, 2024 19:21:03.683370113 CET	49710	80	192.168.2.8	3.123.58.60
Oct 29, 2024 19:21:03.697128057 CET	49711	443	192.168.2.8	18.185.36.251
Oct 29, 2024 19:21:03.697151899 CET	443	49711	18.185.36.251	192.168.2.8
Oct 29, 2024 19:21:03.697232962 CET	49711	443	192.168.2.8	18.185.36.251
Oct 29, 2024 19:21:03.697658062 CET	49711	443	192.168.2.8	18.185.36.251
Oct 29, 2024 19:21:03.697669029 CET	443	49711	18.185.36.251	192.168.2.8
Oct 29, 2024 19:21:04.296216965 CET	49673	443	192.168.2.8	23.206.229.226
Oct 29, 2024 19:21:04.635636091 CET	49672	443	192.168.2.8	23.206.229.226
Oct 29, 2024 19:21:04.864983082 CET	443	49711	18.185.36.251	192.168.2.8
Oct 29, 2024 19:21:04.891803026 CET	49711	443	192.168.2.8	18.185.36.251
Oct 29, 2024 19:21:04.891824007 CET	443	49711	18.185.36.251	192.168.2.8
Oct 29, 2024 19:21:04.892927885 CET	443	49711	18.185.36.251	192.168.2.8
Oct 29, 2024 19:21:04.893001080 CET	49711	443	192.168.2.8	18.185.36.251
Oct 29, 2024 19:21:04.965055943 CET	49711	443	192.168.2.8	18.185.36.251
Oct 29, 2024 19:21:04.965214014 CET	443	49711	18.185.36.251	192.168.2.8
Oct 29, 2024 19:21:04.966877937 CET	49711	443	192.168.2.8	18.185.36.251
Oct 29, 2024 19:21:04.966892004 CET	443	49711	18.185.36.251	192.168.2.8
Oct 29, 2024 19:21:05.009979010 CET	49711	443	192.168.2.8	18.185.36.251
Oct 29, 2024 19:21:05.397588968 CET	443	49711	18.185.36.251	192.168.2.8
Oct 29, 2024 19:21:05.397686005 CET	443	49711	18.185.36.251	192.168.2.8
Oct 29, 2024 19:21:05.397733927 CET	49711	443	192.168.2.8	18.185.36.251
Oct 29, 2024 19:21:05.618860006 CET	49711	443	192.168.2.8	18.185.36.251
Oct 29, 2024 19:21:05.618892908 CET	443	49711	18.185.36.251	192.168.2.8
Oct 29, 2024 19:21:05.828491926 CET	49713	443	192.168.2.8	18.185.36.251
Oct 29, 2024 19:21:05.828548908 CET	443	49713	18.185.36.251	192.168.2.8
Oct 29, 2024 19:21:05.828612089 CET	49713	443	192.168.2.8	18.185.36.251
Oct 29, 2024 19:21:05.829365969 CET	49713	443	192.168.2.8	18.185.36.251
Oct 29, 2024 19:21:05.829400063 CET	443	49713	18.185.36.251	192.168.2.8
Oct 29, 2024 19:21:06.495798111 CET	443	49703	23.206.229.226	192.168.2.8
Oct 29, 2024 19:21:06.495968103 CET	49703	443	192.168.2.8	23.206.229.226
Oct 29, 2024 19:21:06.662761927 CET	49715	443	192.168.2.8	142.250.186.100
Oct 29, 2024 19:21:06.662873983 CET	443	49715	142.250.186.100	192.168.2.8
Oct 29, 2024 19:21:06.662986040 CET	49715	443	192.168.2.8	142.250.186.100
Oct 29, 2024 19:21:06.663263083 CET	49715	443	192.168.2.8	142.250.186.100
Oct 29, 2024 19:21:06.663291931 CET	443	49715	142.250.186.100	192.168.2.8
Oct 29, 2024 19:21:06.697511911 CET	443	49713	18.185.36.251	192.168.2.8
Oct 29, 2024 19:21:06.703078985 CET	49713	443	192.168.2.8	18.185.36.251
Oct 29, 2024 19:21:06.703095913 CET	443	49713	18.185.36.251	192.168.2.8
Oct 29, 2024 19:21:06.703507900 CET	443	49713	18.185.36.251	192.168.2.8
Oct 29, 2024 19:21:06.745018005 CET	49713	443	192.168.2.8	18.185.36.251
Oct 29, 2024 19:21:06.812655926 CET	49713	443	192.168.2.8	18.185.36.251
Oct 29, 2024 19:21:06.812824965 CET	443	49713	18.185.36.251	192.168.2.8
Oct 29, 2024 19:21:06.834779024 CET	49713	443	192.168.2.8	18.185.36.251
Oct 29, 2024 19:21:06.879333019 CET	443	49713	18.185.36.251	192.168.2.8
Oct 29, 2024 19:21:07.101722002 CET	443	49713	18.185.36.251	192.168.2.8
Oct 29, 2024 19:21:07.101797104 CET	443	49713	18.185.36.251	192.168.2.8
Oct 29, 2024 19:21:07.101897955 CET	49713	443	192.168.2.8	18.185.36.251
Oct 29, 2024 19:21:07.214778900 CET	49713	443	192.168.2.8	18.185.36.251
Oct 29, 2024 19:21:07.214812994 CET	443	49713	18.185.36.251	192.168.2.8
Oct 29, 2024 19:21:07.568228960 CET	443	49715	142.250.186.100	192.168.2.8
Oct 29, 2024 19:21:07.590399981 CET	49715	443	192.168.2.8	142.250.186.100
Oct 29, 2024 19:21:07.590449095 CET	443	49715	142.250.186.100	192.168.2.8
Oct 29, 2024 19:21:07.591563940 CET	443	49715	142.250.186.100	192.168.2.8
Oct 29, 2024 19:21:07.591641903 CET	49715	443	192.168.2.8	142.250.186.100
Oct 29, 2024 19:21:07.602333069 CET	49715	443	192.168.2.8	142.250.186.100
Oct 29, 2024 19:21:07.602443933 CET	443	49715	142.250.186.100	192.168.2.8
Oct 29, 2024 19:21:07.698904991 CET	49715	443	192.168.2.8	142.250.186.100
Oct 29, 2024 19:21:07.698926926 CET	443	49715	142.250.186.100	192.168.2.8
Oct 29, 2024 19:21:07.853279114 CET	49716	443	192.168.2.8	184.28.90.27
Oct 29, 2024 19:21:07.853312016 CET	443	49716	184.28.90.27	192.168.2.8
Oct 29, 2024 19:21:07.853538036 CET	49716	443	192.168.2.8	184.28.90.27
Oct 29, 2024 19:21:07.857044935 CET	49716	443	192.168.2.8	184.28.90.27
Oct 29, 2024 19:21:07.857063055 CET	443	49716	184.28.90.27	192.168.2.8
Oct 29, 2024 19:21:07.867675066 CET	49715	443	192.168.2.8	142.250.186.100
Oct 29, 2024 19:21:07.895020962 CET	49717	443	192.168.2.8	3.123.58.60
Oct 29, 2024 19:21:07.895081997 CET	443	49717	3.123.58.60	192.168.2.8
Oct 29, 2024 19:21:07.895179033 CET	49717	443	192.168.2.8	3.123.58.60
Oct 29, 2024 19:21:07.895417929 CET	49717	443	192.168.2.8	3.123.58.60
Oct 29, 2024 19:21:07.895437956 CET	443	49717	3.123.58.60	192.168.2.8
Oct 29, 2024 19:21:08.729782104 CET	443	49716	184.28.90.27	192.168.2.8
Oct 29, 2024 19:21:08.729872942 CET	49716	443	192.168.2.8	184.28.90.27
Oct 29, 2024 19:21:08.775069952 CET	49716	443	192.168.2.8	184.28.90.27
Oct 29, 2024 19:21:08.775091887 CET	443	49716	184.28.90.27	192.168.2.8
Oct 29, 2024 19:21:08.775551081 CET	443	49716	184.28.90.27	192.168.2.8
Oct 29, 2024 19:21:08.961476088 CET	49716	443	192.168.2.8	184.28.90.27
Oct 29, 2024 19:21:08.985850096 CET	443	49717	3.123.58.60	192.168.2.8
Oct 29, 2024 19:21:08.986301899 CET	49717	443	192.168.2.8	3.123.58.60
Oct 29, 2024 19:21:08.986331940 CET	443	49717	3.123.58.60	192.168.2.8
Oct 29, 2024 19:21:08.987246990 CET	443	49717	3.123.58.60	192.168.2.8
Oct 29, 2024 19:21:08.987307072 CET	49717	443	192.168.2.8	3.123.58.60
Oct 29, 2024 19:21:08.987951040 CET	49717	443	192.168.2.8	3.123.58.60
Oct 29, 2024 19:21:08.988010883 CET	443	49717	3.123.58.60	192.168.2.8
Oct 29, 2024 19:21:08.988353014 CET	49717	443	192.168.2.8	3.123.58.60
Oct 29, 2024 19:21:08.988359928 CET	443	49717	3.123.58.60	192.168.2.8
Oct 29, 2024 19:21:09.039572001 CET	49717	443	192.168.2.8	3.123.58.60
Oct 29, 2024 19:21:09.160931110 CET	49716	443	192.168.2.8	184.28.90.27
Oct 29, 2024 19:21:09.207333088 CET	443	49716	184.28.90.27	192.168.2.8
Oct 29, 2024 19:21:09.233053923 CET	443	49717	3.123.58.60	192.168.2.8
Oct 29, 2024 19:21:09.233247042 CET	443	49717	3.123.58.60	192.168.2.8
Oct 29, 2024 19:21:09.233499050 CET	49717	443	192.168.2.8	3.123.58.60
Oct 29, 2024 19:21:09.291907072 CET	49717	443	192.168.2.8	3.123.58.60
Oct 29, 2024 19:21:09.291929007 CET	443	49717	3.123.58.60	192.168.2.8
Oct 29, 2024 19:21:09.409871101 CET	443	49716	184.28.90.27	192.168.2.8
Oct 29, 2024 19:21:09.409971952 CET	443	49716	184.28.90.27	192.168.2.8
Oct 29, 2024 19:21:09.410047054 CET	49716	443	192.168.2.8	184.28.90.27
Oct 29, 2024 19:21:09.410145044 CET	49716	443	192.168.2.8	184.28.90.27
Oct 29, 2024 19:21:09.410145044 CET	49716	443	192.168.2.8	184.28.90.27
Oct 29, 2024 19:21:09.410161972 CET	443	49716	184.28.90.27	192.168.2.8
Oct 29, 2024 19:21:09.410170078 CET	443	49716	184.28.90.27	192.168.2.8
Oct 29, 2024 19:21:09.463777065 CET	49719	443	192.168.2.8	184.28.90.27
Oct 29, 2024 19:21:09.463856936 CET	443	49719	184.28.90.27	192.168.2.8
Oct 29, 2024 19:21:09.463944912 CET	49719	443	192.168.2.8	184.28.90.27
Oct 29, 2024 19:21:09.464267015 CET	49719	443	192.168.2.8	184.28.90.27
Oct 29, 2024 19:21:09.464292049 CET	443	49719	184.28.90.27	192.168.2.8
Oct 29, 2024 19:21:10.339629889 CET	443	49719	184.28.90.27	192.168.2.8
Oct 29, 2024 19:21:10.339701891 CET	49719	443	192.168.2.8	184.28.90.27
Oct 29, 2024 19:21:10.341190100 CET	49719	443	192.168.2.8	184.28.90.27
Oct 29, 2024 19:21:10.341202021 CET	443	49719	184.28.90.27	192.168.2.8
Oct 29, 2024 19:21:10.341542959 CET	443	49719	184.28.90.27	192.168.2.8
Oct 29, 2024 19:21:10.342645884 CET	49719	443	192.168.2.8	184.28.90.27
Oct 29, 2024 19:21:10.387324095 CET	443	49719	184.28.90.27	192.168.2.8
Oct 29, 2024 19:21:10.589636087 CET	443	49719	184.28.90.27	192.168.2.8
Oct 29, 2024 19:21:10.589701891 CET	443	49719	184.28.90.27	192.168.2.8
Oct 29, 2024 19:21:10.589835882 CET	49719	443	192.168.2.8	184.28.90.27
Oct 29, 2024 19:21:10.590521097 CET	49719	443	192.168.2.8	184.28.90.27
Oct 29, 2024 19:21:10.590549946 CET	443	49719	184.28.90.27	192.168.2.8
Oct 29, 2024 19:21:10.590590000 CET	49719	443	192.168.2.8	184.28.90.27
Oct 29, 2024 19:21:10.590600967 CET	443	49719	184.28.90.27	192.168.2.8
Oct 29, 2024 19:21:17.746256113 CET	443	49715	142.250.186.100	192.168.2.8
Oct 29, 2024 19:21:17.746330023 CET	443	49715	142.250.186.100	192.168.2.8
Oct 29, 2024 19:21:17.746391058 CET	49715	443	192.168.2.8	142.250.186.100
Oct 29, 2024 19:21:18.857433081 CET	49715	443	192.168.2.8	142.250.186.100
Oct 29, 2024 19:21:18.857526064 CET	443	49715	142.250.186.100	192.168.2.8
Oct 29, 2024 19:21:48.696402073 CET	49709	80	192.168.2.8	3.123.58.60
Oct 29, 2024 19:21:48.696499109 CET	49710	80	192.168.2.8	3.123.58.60
Oct 29, 2024 19:21:48.775373936 CET	80	49709	3.123.58.60	192.168.2.8
Oct 29, 2024 19:21:48.775388002 CET	80	49710	3.123.58.60	192.168.2.8
Oct 29, 2024 19:22:04.527338982 CET	80	49710	3.123.58.60	192.168.2.8
Oct 29, 2024 19:22:04.527421951 CET	49710	80	192.168.2.8	3.123.58.60
Oct 29, 2024 19:22:04.541122913 CET	80	49709	3.123.58.60	192.168.2.8
Oct 29, 2024 19:22:04.541178942 CET	49709	80	192.168.2.8	3.123.58.60
Oct 29, 2024 19:22:04.854561090 CET	49710	80	192.168.2.8	3.123.58.60
Oct 29, 2024 19:22:04.854598045 CET	49709	80	192.168.2.8	3.123.58.60
Oct 29, 2024 19:22:04.860275984 CET	80	49710	3.123.58.60	192.168.2.8
Oct 29, 2024 19:22:04.861105919 CET	80	49709	3.123.58.60	192.168.2.8
Oct 29, 2024 19:22:06.587898016 CET	49725	443	192.168.2.8	142.250.186.100
Oct 29, 2024 19:22:06.587934971 CET	443	49725	142.250.186.100	192.168.2.8
Oct 29, 2024 19:22:06.588068962 CET	49725	443	192.168.2.8	142.250.186.100
Oct 29, 2024 19:22:06.588474989 CET	49725	443	192.168.2.8	142.250.186.100
Oct 29, 2024 19:22:06.588488102 CET	443	49725	142.250.186.100	192.168.2.8
Oct 29, 2024 19:22:07.487204075 CET	443	49725	142.250.186.100	192.168.2.8
Oct 29, 2024 19:22:07.487611055 CET	49725	443	192.168.2.8	142.250.186.100
Oct 29, 2024 19:22:07.487634897 CET	443	49725	142.250.186.100	192.168.2.8
Oct 29, 2024 19:22:07.487948895 CET	443	49725	142.250.186.100	192.168.2.8
Oct 29, 2024 19:22:07.488359928 CET	49725	443	192.168.2.8	142.250.186.100
Oct 29, 2024 19:22:07.488409996 CET	443	49725	142.250.186.100	192.168.2.8
Oct 29, 2024 19:22:07.539369106 CET	49725	443	192.168.2.8	142.250.186.100
Oct 29, 2024 19:22:12.973126888 CET	49728	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:12.973182917 CET	443	49728	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:12.973304987 CET	49728	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:12.973771095 CET	49728	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:12.973787069 CET	443	49728	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:13.876442909 CET	443	49728	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:13.876530886 CET	49728	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:13.882355928 CET	49728	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:13.882369041 CET	443	49728	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:13.882647038 CET	443	49728	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:13.899827957 CET	49728	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:13.947330952 CET	443	49728	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:14.207148075 CET	443	49728	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:14.207175970 CET	443	49728	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:14.207192898 CET	443	49728	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:14.207251072 CET	49728	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:14.207294941 CET	443	49728	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:14.207338095 CET	49728	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:14.207354069 CET	49728	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:14.333288908 CET	443	49728	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:14.333317041 CET	443	49728	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:14.333375931 CET	49728	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:14.333405018 CET	443	49728	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:14.333434105 CET	49728	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:14.333473921 CET	49728	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:14.454721928 CET	443	49728	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:14.454746962 CET	443	49728	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:14.454818964 CET	49728	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:14.454854965 CET	443	49728	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:14.454893112 CET	49728	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:14.566140890 CET	443	49728	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:14.566179037 CET	443	49728	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:14.566227913 CET	49728	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:14.566265106 CET	443	49728	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:14.566282988 CET	49728	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:14.566306114 CET	49728	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:14.685941935 CET	443	49728	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:14.685976982 CET	443	49728	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:14.686022997 CET	49728	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:14.686063051 CET	443	49728	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:14.686084032 CET	49728	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:14.686157942 CET	49728	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:14.804908037 CET	443	49728	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:14.804939032 CET	443	49728	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:14.804986000 CET	49728	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:14.805006981 CET	443	49728	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:14.805037022 CET	49728	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:14.805054903 CET	49728	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:14.927165985 CET	443	49728	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:14.927191019 CET	443	49728	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:14.927278042 CET	49728	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:14.927370071 CET	443	49728	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:14.927413940 CET	49728	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:14.927469015 CET	49728	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:15.029129028 CET	443	49728	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:15.029158115 CET	443	49728	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:15.029243946 CET	49728	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:15.029274940 CET	443	49728	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:15.029293060 CET	49728	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:15.029330015 CET	49728	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:15.124686003 CET	443	49728	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:15.124708891 CET	443	49728	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:15.124771118 CET	49728	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:15.124803066 CET	443	49728	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:15.124839067 CET	49728	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:15.124851942 CET	49728	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:15.248753071 CET	443	49728	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:15.248788118 CET	443	49728	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:15.248863935 CET	49728	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:15.248898029 CET	443	49728	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:15.248924971 CET	49728	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:15.248949051 CET	49728	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:15.298095942 CET	443	49728	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:15.298122883 CET	443	49728	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:15.298260927 CET	49728	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:15.298290014 CET	443	49728	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:15.298331022 CET	49728	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:15.412311077 CET	443	49728	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:15.412336111 CET	443	49728	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:15.412379026 CET	49728	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:15.412406921 CET	443	49728	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:15.412426949 CET	49728	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:15.412445068 CET	49728	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:15.488147020 CET	443	49728	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:15.488173962 CET	443	49728	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:15.488229036 CET	49728	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:15.488255978 CET	443	49728	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:15.488280058 CET	49728	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:15.488300085 CET	49728	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:15.531853914 CET	443	49728	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:15.531941891 CET	49728	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:15.531961918 CET	443	49728	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:15.532016039 CET	49728	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:15.548659086 CET	49728	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:15.548702002 CET	443	49728	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:15.548717022 CET	49728	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:15.548724890 CET	443	49728	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:15.600483894 CET	49729	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:15.600529909 CET	443	49729	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:15.600596905 CET	49729	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:15.602583885 CET	49731	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:15.602616072 CET	443	49731	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:15.602685928 CET	49731	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:15.602720022 CET	49730	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:15.602777958 CET	443	49730	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:15.602838039 CET	49730	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:15.603415012 CET	49732	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:15.603456020 CET	443	49732	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:15.603720903 CET	49732	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:15.603935957 CET	49732	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:15.603951931 CET	443	49732	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:15.603974104 CET	49729	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:15.604001045 CET	443	49729	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:15.604293108 CET	49731	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:15.604306936 CET	443	49731	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:15.604486942 CET	49730	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:15.604523897 CET	443	49730	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:15.609801054 CET	49733	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:15.609827042 CET	443	49733	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:15.609886885 CET	49733	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:15.610033035 CET	49733	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:15.610039949 CET	443	49733	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:16.438055038 CET	443	49731	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:16.438632965 CET	49731	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:16.438664913 CET	443	49731	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:16.439137936 CET	49731	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:16.439146996 CET	443	49731	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:16.442989111 CET	443	49730	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:16.443342924 CET	49730	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:16.443382025 CET	443	49730	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:16.443721056 CET	49730	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:16.443727016 CET	443	49730	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:16.448693037 CET	443	49729	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:16.449143887 CET	49729	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:16.449162960 CET	443	49729	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:16.449554920 CET	49729	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:16.449565887 CET	443	49729	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:16.478576899 CET	443	49733	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:16.479123116 CET	49733	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:16.479137897 CET	443	49733	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:16.479688883 CET	49733	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:16.479692936 CET	443	49733	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:16.493884087 CET	443	49732	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:16.494405985 CET	49732	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:16.494431019 CET	443	49732	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:16.494880915 CET	49732	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:16.494894028 CET	443	49732	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:16.569756031 CET	443	49731	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:16.569825888 CET	443	49731	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:16.569888115 CET	49731	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:16.569927931 CET	443	49731	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:16.569968939 CET	443	49731	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:16.569974899 CET	49731	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:16.570010900 CET	49731	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:16.570184946 CET	49731	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:16.570202112 CET	443	49731	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:16.570215940 CET	49731	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:16.570221901 CET	443	49731	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:16.573369980 CET	49734	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:16.573409081 CET	443	49734	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:16.573477030 CET	49734	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:16.573659897 CET	49734	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:16.573671103 CET	443	49734	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:16.578493118 CET	443	49730	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:16.578561068 CET	443	49730	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:16.578608990 CET	49730	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:16.578860044 CET	49730	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:16.578881979 CET	443	49730	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:16.578892946 CET	49730	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:16.578898907 CET	443	49730	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:16.581635952 CET	49735	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:16.581681013 CET	443	49735	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:16.581737041 CET	49735	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:16.581902027 CET	49735	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:16.581918001 CET	443	49735	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:16.590670109 CET	443	49729	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:16.590703964 CET	443	49729	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:16.590768099 CET	49729	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:16.590781927 CET	443	49729	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:16.590815067 CET	443	49729	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:16.590837002 CET	49729	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:16.590857029 CET	49729	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:16.591063976 CET	49729	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:16.591078997 CET	443	49729	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:16.591089964 CET	49729	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:16.591097116 CET	443	49729	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:16.593858957 CET	49736	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:16.593909025 CET	443	49736	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:16.593983889 CET	49736	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:16.594218969 CET	49736	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:16.594234943 CET	443	49736	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:16.614773035 CET	443	49733	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:16.614854097 CET	443	49733	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:16.614916086 CET	49733	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:16.615216017 CET	49733	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:16.615235090 CET	443	49733	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:16.615250111 CET	49733	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:16.615257025 CET	443	49733	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:16.618170023 CET	49737	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:16.618217945 CET	443	49737	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:16.618289948 CET	49737	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:16.618477106 CET	49737	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:16.618493080 CET	443	49737	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:16.635596037 CET	443	49732	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:16.635621071 CET	443	49732	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:16.635701895 CET	49732	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:16.635720968 CET	443	49732	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:16.635904074 CET	49732	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:16.635921955 CET	443	49732	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:16.635927916 CET	49732	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:16.635948896 CET	443	49732	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:16.636002064 CET	443	49732	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:16.638880014 CET	49738	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:16.638933897 CET	443	49738	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:16.639027119 CET	49738	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:16.639309883 CET	49738	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:16.639331102 CET	443	49738	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:17.304801941 CET	443	49735	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:17.304923058 CET	443	49734	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:17.305350065 CET	49735	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:17.305366039 CET	443	49735	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:17.305445910 CET	49734	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:17.305471897 CET	443	49734	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:17.305869102 CET	49735	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:17.305875063 CET	443	49735	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:17.305943966 CET	49734	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:17.305951118 CET	443	49734	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:17.342959881 CET	443	49736	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:17.343580961 CET	49736	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:17.343602896 CET	443	49736	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:17.344091892 CET	49736	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:17.344099045 CET	443	49736	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:17.353146076 CET	443	49737	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:17.353672028 CET	49737	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:17.353696108 CET	443	49737	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:17.354147911 CET	49737	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:17.354159117 CET	443	49737	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:17.363225937 CET	443	49738	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:17.363743067 CET	49738	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:17.363766909 CET	443	49738	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:17.364247084 CET	49738	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:17.364253998 CET	443	49738	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:18.437118053 CET	443	49734	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:18.437130928 CET	443	49735	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:18.437191010 CET	443	49735	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:18.437376022 CET	49735	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:18.437601089 CET	443	49734	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:18.437619925 CET	49735	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:18.437623024 CET	443	49736	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:18.437635899 CET	443	49735	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:18.437648058 CET	49735	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:18.437653065 CET	443	49735	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:18.437659025 CET	49734	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:18.437700033 CET	49734	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:18.437700033 CET	49734	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:18.437709093 CET	443	49736	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:18.437712908 CET	443	49737	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:18.437721014 CET	443	49734	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:18.437731028 CET	443	49734	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:18.437757015 CET	49736	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:18.438088894 CET	443	49737	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:18.438119888 CET	443	49738	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:18.438134909 CET	49737	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:18.438174009 CET	443	49738	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:18.438208103 CET	49738	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:18.438224077 CET	49736	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:18.438230038 CET	443	49725	142.250.186.100	192.168.2.8
Oct 29, 2024 19:22:18.438241005 CET	443	49736	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:18.438256979 CET	49736	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:18.438265085 CET	443	49736	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:18.438304901 CET	443	49725	142.250.186.100	192.168.2.8
Oct 29, 2024 19:22:18.438344002 CET	49725	443	192.168.2.8	142.250.186.100
Oct 29, 2024 19:22:18.438967943 CET	49738	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:18.438975096 CET	443	49738	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:18.440166950 CET	49737	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:18.440182924 CET	443	49737	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:18.440190077 CET	49737	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:18.440196991 CET	443	49737	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:18.443286896 CET	49739	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:18.443324089 CET	443	49739	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:18.443454027 CET	49739	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:18.443860054 CET	49740	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:18.443907976 CET	443	49740	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:18.443977118 CET	49740	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:18.444232941 CET	49741	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:18.444284916 CET	443	49741	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:18.444452047 CET	49741	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:18.444617987 CET	49739	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:18.444628954 CET	443	49739	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:18.444708109 CET	49740	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:18.444720984 CET	443	49740	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:18.445005894 CET	49741	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:18.445024014 CET	443	49741	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:18.445247889 CET	49742	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:18.445261002 CET	443	49742	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:18.445380926 CET	49742	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:18.445612907 CET	49742	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:18.445621967 CET	443	49742	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:18.445895910 CET	49743	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:18.445909977 CET	443	49743	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:18.446096897 CET	49743	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:18.446240902 CET	49743	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:18.446249962 CET	443	49743	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:18.854919910 CET	49725	443	192.168.2.8	142.250.186.100
Oct 29, 2024 19:22:18.854957104 CET	443	49725	142.250.186.100	192.168.2.8
Oct 29, 2024 19:22:19.175995111 CET	443	49742	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:19.176069021 CET	443	49743	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:19.176543951 CET	49742	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:19.176578999 CET	443	49742	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:19.176589966 CET	49743	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:19.176615000 CET	443	49743	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:19.177062035 CET	49743	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:19.177068949 CET	443	49743	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:19.177139997 CET	49742	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:19.177145958 CET	443	49742	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:19.177251101 CET	443	49739	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:19.177561998 CET	49739	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:19.177599907 CET	443	49739	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:19.177906036 CET	49739	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:19.177912951 CET	443	49739	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:19.191225052 CET	443	49741	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:19.191637039 CET	49741	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:19.191648960 CET	443	49741	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:19.192059040 CET	49741	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:19.192063093 CET	443	49741	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:19.208741903 CET	443	49740	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:19.209223032 CET	49740	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:19.209254026 CET	443	49740	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:19.209649086 CET	49740	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:19.209656954 CET	443	49740	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:19.305181026 CET	443	49743	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:19.305515051 CET	443	49743	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:19.305632114 CET	49743	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:19.305676937 CET	49743	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:19.305696011 CET	443	49743	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:19.305701971 CET	49743	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:19.305707932 CET	443	49743	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:19.306164026 CET	443	49742	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:19.306338072 CET	443	49742	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:19.306387901 CET	49742	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:19.306508064 CET	49742	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:19.306529045 CET	443	49742	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:19.306551933 CET	49742	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:19.306559086 CET	443	49742	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:19.308110952 CET	443	49739	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:19.308168888 CET	443	49739	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:19.308408976 CET	49739	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:19.309179068 CET	49739	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:19.309194088 CET	443	49739	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:19.309202909 CET	49739	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:19.309209108 CET	443	49739	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:19.309376955 CET	49744	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:19.309401035 CET	443	49744	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:19.309489965 CET	49744	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:19.309731007 CET	49744	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:19.309741974 CET	443	49744	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:19.311465979 CET	49745	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:19.311513901 CET	443	49745	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:19.311600924 CET	49746	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:19.311609030 CET	443	49746	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:19.311635971 CET	49745	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:19.311667919 CET	49746	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:19.311902046 CET	49746	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:19.311912060 CET	443	49746	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:19.311912060 CET	49745	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:19.311930895 CET	443	49745	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:19.326508999 CET	443	49741	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:19.327105999 CET	443	49741	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:19.327769041 CET	49741	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:19.327869892 CET	49741	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:19.327877045 CET	443	49741	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:19.327888966 CET	49741	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:19.327894926 CET	443	49741	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:19.330216885 CET	49747	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:19.330271959 CET	443	49747	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:19.330329895 CET	49747	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:19.330517054 CET	49747	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:19.330538034 CET	443	49747	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:19.338999033 CET	443	49740	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:19.339586020 CET	443	49740	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:19.339903116 CET	49740	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:19.339921951 CET	49740	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:19.339921951 CET	49740	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:19.339934111 CET	443	49740	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:19.339943886 CET	443	49740	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:19.341953039 CET	49748	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:19.341995955 CET	443	49748	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:19.342068911 CET	49748	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:19.342189074 CET	49748	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:19.342199087 CET	443	49748	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:20.044985056 CET	443	49744	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:20.045666933 CET	49744	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:20.045687914 CET	443	49744	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:20.046408892 CET	49744	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:20.046413898 CET	443	49744	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:20.057811975 CET	443	49746	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:20.058314085 CET	49746	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:20.058342934 CET	443	49746	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:20.058806896 CET	49746	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:20.058813095 CET	443	49746	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:20.062526941 CET	443	49745	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:20.063066959 CET	49745	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:20.063088894 CET	443	49745	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:20.063560009 CET	49745	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:20.063568115 CET	443	49745	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:20.067929983 CET	443	49748	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:20.068522930 CET	49748	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:20.068564892 CET	443	49748	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:20.069287062 CET	49748	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:20.069299936 CET	443	49748	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:20.080069065 CET	443	49747	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:20.080657959 CET	49747	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:20.080677032 CET	443	49747	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:20.081127882 CET	49747	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:20.081136942 CET	443	49747	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:20.186403036 CET	443	49744	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:20.186491966 CET	443	49744	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:20.186569929 CET	49744	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:20.186759949 CET	49744	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:20.186784029 CET	443	49744	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:20.186856985 CET	49744	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:20.186865091 CET	443	49744	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:20.192723036 CET	443	49746	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:20.192797899 CET	443	49746	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:20.192923069 CET	49746	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:20.194005013 CET	49749	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:20.194053888 CET	443	49749	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:20.194118023 CET	443	49745	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:20.194144011 CET	49749	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:20.194284916 CET	443	49745	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:20.194293022 CET	49746	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:20.194310904 CET	443	49746	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:20.194325924 CET	49746	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:20.194330931 CET	443	49746	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:20.194351912 CET	49745	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:20.195730925 CET	49745	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:20.195730925 CET	49745	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:20.195761919 CET	443	49745	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:20.195774078 CET	443	49745	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:20.196491957 CET	443	49748	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:20.196696043 CET	49749	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:20.196710110 CET	443	49749	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:20.197314978 CET	443	49748	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:20.197448015 CET	49748	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:20.197513103 CET	49748	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:20.197530985 CET	443	49748	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:20.197612047 CET	49748	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:20.197619915 CET	443	49748	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:20.199709892 CET	49750	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:20.199739933 CET	443	49750	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:20.199790955 CET	49750	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:20.200040102 CET	49751	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:20.200054884 CET	443	49751	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:20.200144053 CET	49751	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:20.200450897 CET	49751	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:20.200464010 CET	443	49751	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:20.201247931 CET	49752	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:20.201288939 CET	443	49752	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:20.201338053 CET	49752	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:20.201463938 CET	49750	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:20.201476097 CET	443	49750	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:20.201628923 CET	49752	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:20.201642036 CET	443	49752	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:20.211905956 CET	443	49747	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:20.212348938 CET	443	49747	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:20.212424040 CET	49747	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:20.212611914 CET	49747	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:20.212611914 CET	49747	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:20.212634087 CET	443	49747	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:20.212644100 CET	443	49747	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:20.215570927 CET	49753	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:20.215619087 CET	443	49753	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:20.215722084 CET	49753	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:20.215830088 CET	49753	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:20.215847015 CET	443	49753	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:21.233895063 CET	443	49752	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:21.234476089 CET	49752	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:21.234498024 CET	443	49752	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:21.234621048 CET	443	49749	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:21.234927893 CET	49749	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:21.234956980 CET	443	49749	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:21.235395908 CET	49752	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:21.235405922 CET	443	49752	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:21.235575914 CET	49749	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:21.235584974 CET	443	49749	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:21.236099958 CET	443	49753	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:21.236493111 CET	49753	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:21.236520052 CET	443	49753	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:21.236994028 CET	49753	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:21.237001896 CET	443	49753	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:21.237103939 CET	443	49750	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:21.237407923 CET	49750	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:21.237432003 CET	443	49750	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:21.238008022 CET	49750	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:21.238020897 CET	443	49750	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:21.238092899 CET	443	49751	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:21.238354921 CET	49751	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:21.238370895 CET	443	49751	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:21.238902092 CET	49751	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:21.238908052 CET	443	49751	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:21.363043070 CET	443	49752	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:21.363472939 CET	443	49752	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:21.363523006 CET	49752	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:21.363560915 CET	49752	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:21.363574028 CET	443	49752	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:21.363588095 CET	49752	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:21.363593102 CET	443	49752	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:21.366314888 CET	49754	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:21.366339922 CET	443	49754	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:21.366391897 CET	49754	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:21.366564035 CET	49754	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:21.366574049 CET	443	49754	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:21.367362976 CET	443	49753	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:21.367425919 CET	443	49753	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:21.367464066 CET	49753	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:21.367577076 CET	49753	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:21.367598057 CET	443	49753	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:21.367609978 CET	49753	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:21.367615938 CET	443	49753	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:21.369158030 CET	443	49750	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:21.369252920 CET	443	49750	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:21.369255066 CET	443	49749	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:21.369306087 CET	49750	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:21.369380951 CET	443	49749	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:21.369416952 CET	49749	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:21.370141029 CET	49750	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:21.370161057 CET	443	49750	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:21.370161057 CET	49755	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:21.370172977 CET	49750	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:21.370178938 CET	443	49750	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:21.370187044 CET	443	49755	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:21.370285988 CET	49755	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:21.370346069 CET	49749	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:21.370367050 CET	443	49749	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:21.370378971 CET	49749	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:21.370384932 CET	443	49749	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:21.371733904 CET	49755	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:21.371746063 CET	443	49755	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:21.373140097 CET	49756	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:21.373171091 CET	443	49756	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:21.373218060 CET	49756	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:21.373321056 CET	49756	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:21.373331070 CET	443	49756	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:21.373357058 CET	49757	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:21.373389959 CET	443	49757	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:21.373497009 CET	49757	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:21.373750925 CET	49757	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:21.373765945 CET	443	49757	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:21.380315065 CET	443	49751	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:21.380470037 CET	443	49751	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:21.380532980 CET	49751	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:21.380644083 CET	49751	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:21.380664110 CET	443	49751	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:21.380676031 CET	49751	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:21.380681992 CET	443	49751	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:21.383285999 CET	49758	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:21.383310080 CET	443	49758	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:21.383371115 CET	49758	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:21.383531094 CET	49758	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:21.383543015 CET	443	49758	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:22.111285925 CET	443	49755	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:22.111880064 CET	49755	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:22.111917019 CET	443	49755	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:22.112561941 CET	49755	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:22.112575054 CET	443	49755	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:22.115731955 CET	443	49754	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:22.116082907 CET	49754	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:22.116106987 CET	443	49754	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:22.116461992 CET	49754	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:22.116468906 CET	443	49754	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:22.118710995 CET	443	49756	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:22.118792057 CET	443	49757	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:22.119043112 CET	49756	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:22.119060040 CET	443	49756	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:22.119174004 CET	49757	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:22.119195938 CET	443	49757	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:22.119492054 CET	49756	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:22.119498014 CET	443	49756	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:22.119569063 CET	49757	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:22.119575024 CET	443	49757	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:22.130950928 CET	443	49758	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:22.131319046 CET	49758	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:22.131329060 CET	443	49758	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:22.131769896 CET	49758	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:22.131774902 CET	443	49758	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:22.240663052 CET	443	49755	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:22.241053104 CET	443	49755	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:22.241146088 CET	49755	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:22.241146088 CET	49755	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:22.241811037 CET	49755	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:22.241837978 CET	443	49755	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:22.244136095 CET	49759	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:22.244172096 CET	443	49759	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:22.244502068 CET	49759	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:22.244502068 CET	49759	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:22.244534016 CET	443	49759	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:22.246690989 CET	443	49754	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:22.246787071 CET	443	49754	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:22.246926069 CET	49754	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:22.246926069 CET	49754	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:22.247066021 CET	49754	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:22.247082949 CET	443	49754	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:22.249181032 CET	49760	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:22.249212027 CET	443	49760	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:22.249432087 CET	443	49757	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:22.249483109 CET	443	49757	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:22.249492884 CET	49760	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:22.249492884 CET	49760	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:22.249521017 CET	443	49760	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:22.249658108 CET	49757	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:22.249658108 CET	49757	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:22.251455069 CET	49757	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:22.251470089 CET	443	49757	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:22.251699924 CET	49761	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:22.251724005 CET	443	49761	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:22.251799107 CET	49761	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:22.252043009 CET	49761	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:22.252053976 CET	443	49761	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:22.252274036 CET	443	49756	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:22.252424002 CET	443	49756	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:22.252496004 CET	49756	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:22.252496958 CET	49756	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:22.252648115 CET	49756	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:22.252662897 CET	443	49756	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:22.254846096 CET	49762	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:22.254875898 CET	443	49762	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:22.254942894 CET	49762	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:22.255095959 CET	49762	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:22.255110025 CET	443	49762	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:22.261204958 CET	443	49758	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:22.261358976 CET	443	49758	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:22.261460066 CET	49758	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:22.261610985 CET	49758	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:22.261610985 CET	49758	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:22.261627913 CET	443	49758	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:22.261639118 CET	443	49758	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:22.264121056 CET	49763	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:22.264132977 CET	443	49763	13.107.246.45	192.168.2.8
Oct 29, 2024 19:22:22.264307976 CET	49763	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:22.264307976 CET	49763	443	192.168.2.8	13.107.246.45
Oct 29, 2024 19:22:22.264326096 CET	443	49763	13.107.246.45	192.168.2.8

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 29, 2024 19:21:02.495961905 CET	53	55616	1.1.1.1	192.168.2.8
Oct 29, 2024 19:21:02.498997927 CET	53	58748	1.1.1.1	192.168.2.8
Oct 29, 2024 19:21:03.667776108 CET	57848	53	192.168.2.8	1.1.1.1
Oct 29, 2024 19:21:03.667907953 CET	50566	53	192.168.2.8	1.1.1.1
Oct 29, 2024 19:21:03.675646067 CET	53	57848	1.1.1.1	192.168.2.8
Oct 29, 2024 19:21:03.676047087 CET	53	50566	1.1.1.1	192.168.2.8
Oct 29, 2024 19:21:03.687459946 CET	52626	53	192.168.2.8	1.1.1.1
Oct 29, 2024 19:21:03.687732935 CET	62207	53	192.168.2.8	1.1.1.1
Oct 29, 2024 19:21:03.695858955 CET	53	52626	1.1.1.1	192.168.2.8
Oct 29, 2024 19:21:03.696078062 CET	53	62207	1.1.1.1	192.168.2.8
Oct 29, 2024 19:21:03.853077888 CET	53	63767	1.1.1.1	192.168.2.8
Oct 29, 2024 19:21:06.537787914 CET	55339	53	192.168.2.8	1.1.1.1
Oct 29, 2024 19:21:06.538023949 CET	52652	53	192.168.2.8	1.1.1.1
Oct 29, 2024 19:21:06.545490026 CET	53	52652	1.1.1.1	192.168.2.8
Oct 29, 2024 19:21:06.545525074 CET	53	55339	1.1.1.1	192.168.2.8
Oct 29, 2024 19:21:07.884605885 CET	55385	53	192.168.2.8	1.1.1.1
Oct 29, 2024 19:21:07.884748936 CET	52676	53	192.168.2.8	1.1.1.1
Oct 29, 2024 19:21:07.893481970 CET	53	52676	1.1.1.1	192.168.2.8
Oct 29, 2024 19:21:07.894352913 CET	53	55385	1.1.1.1	192.168.2.8
Oct 29, 2024 19:21:20.886686087 CET	53	52351	1.1.1.1	192.168.2.8
Oct 29, 2024 19:21:38.426368952 CET	138	138	192.168.2.8	192.168.2.255
Oct 29, 2024 19:21:39.647856951 CET	53	63016	1.1.1.1	192.168.2.8
Oct 29, 2024 19:22:01.987231016 CET	53	52334	1.1.1.1	192.168.2.8
Oct 29, 2024 19:22:02.160002947 CET	53	50477	1.1.1.1	192.168.2.8

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 29, 2024 19:21:03.667776108 CET	192.168.2.8	1.1.1.1	0x7f32	Standard query (0)	proftrafficcounter.com	A (IP address)	IN (0x0001)	false
Oct 29, 2024 19:21:03.667907953 CET	192.168.2.8	1.1.1.1	0xd8ed	Standard query (0)	proftrafficcounter.com	65	IN (0x0001)	false
Oct 29, 2024 19:21:03.687459946 CET	192.168.2.8	1.1.1.1	0x7b36	Standard query (0)	proftrafficcounter.com	A (IP address)	IN (0x0001)	false
Oct 29, 2024 19:21:03.687732935 CET	192.168.2.8	1.1.1.1	0x1407	Standard query (0)	proftrafficcounter.com	65	IN (0x0001)	false
Oct 29, 2024 19:21:06.537787914 CET	192.168.2.8	1.1.1.1	0x20fa	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 29, 2024 19:21:06.538023949 CET	192.168.2.8	1.1.1.1	0xe66e	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 29, 2024 19:21:07.884605885 CET	192.168.2.8	1.1.1.1	0x39a2	Standard query (0)	proftrafficcounter.com	A (IP address)	IN (0x0001)	false
Oct 29, 2024 19:21:07.884748936 CET	192.168.2.8	1.1.1.1	0x42b	Standard query (0)	proftrafficcounter.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 29, 2024 19:21:03.675646067 CET	1.1.1.1	192.168.2.8	0x7f32	No error (0)	proftrafficcounter.com		3.123.58.60	A (IP address)	IN (0x0001)	false
Oct 29, 2024 19:21:03.675646067 CET	1.1.1.1	192.168.2.8	0x7f32	No error (0)	proftrafficcounter.com		18.185.36.251	A (IP address)	IN (0x0001)	false
Oct 29, 2024 19:21:03.695858955 CET	1.1.1.1	192.168.2.8	0x7b36	No error (0)	proftrafficcounter.com		18.185.36.251	A (IP address)	IN (0x0001)	false
Oct 29, 2024 19:21:03.695858955 CET	1.1.1.1	192.168.2.8	0x7b36	No error (0)	proftrafficcounter.com		3.123.58.60	A (IP address)	IN (0x0001)	false
Oct 29, 2024 19:21:06.545490026 CET	1.1.1.1	192.168.2.8	0xe66e	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 29, 2024 19:21:06.545525074 CET	1.1.1.1	192.168.2.8	0x20fa	No error (0)	www.google.com		142.250.186.100	A (IP address)	IN (0x0001)	false
Oct 29, 2024 19:21:07.894352913 CET	1.1.1.1	192.168.2.8	0x39a2	No error (0)	proftrafficcounter.com		3.123.58.60	A (IP address)	IN (0x0001)	false
Oct 29, 2024 19:21:07.894352913 CET	1.1.1.1	192.168.2.8	0x39a2	No error (0)	proftrafficcounter.com		18.185.36.251	A (IP address)	IN (0x0001)	false
Oct 29, 2024 19:21:14.105231047 CET	1.1.1.1	192.168.2.8	0xb5ce	No error (0)	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 29, 2024 19:21:14.105231047 CET	1.1.1.1	192.168.2.8	0xb5ce	No error (0)	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.57.34	A (IP address)	IN (0x0001)	false
Oct 29, 2024 19:21:14.105231047 CET	1.1.1.1	192.168.2.8	0xb5ce	No error (0)	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.57.18	A (IP address)	IN (0x0001)	false
Oct 29, 2024 19:21:35.980305910 CET	1.1.1.1	192.168.2.8	0x87e8	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Oct 29, 2024 19:21:35.980305910 CET	1.1.1.1	192.168.2.8	0x87e8	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Oct 29, 2024 19:22:12.972268105 CET	1.1.1.1	192.168.2.8	0x2dd0	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	s-part-0017.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 29, 2024 19:22:12.972268105 CET	1.1.1.1	192.168.2.8	0x2dd0	No error (0)	s-part-0017.t-0009.t-msedge.net		13.107.246.45	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

proftrafficcounter.com

https:

fs.microsoft.com

otelrules.azureedge.net

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.8	49709	3.123.58.60	80	6072	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Oct 29, 2024 19:21:48.696402073 CET	6	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.8	49710	3.123.58.60	80	6072	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Oct 29, 2024 19:21:48.696499109 CET	6	OUT	Data Raw: 00 Data Ascii:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.8	49711	18.185.36.251	443	6072	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-29 18:21:04 UTC	665	OUT	GET / HTTP/1.1 Host: proftrafficcounter.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-29 18:21:05 UTC	150	IN	HTTP/1.1 403 Forbidden Date: Tue, 29 Oct 2024 18:21:05 GMT Content-Type: text/html Content-Length: 555 Connection: close Server: nginx/1.21.6
2024-10-29 18:21:05 UTC	555	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 31 2e 36 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx/1.21.6</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.8	49713	18.185.36.251	443	6072	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-29 18:21:06 UTC	600	OUT	GET /favicon.ico HTTP/1.1 Host: proftrafficcounter.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://proftrafficcounter.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-29 18:21:07 UTC	155	IN	HTTP/1.1 200 OK Server: awselb/2.0 Date: Tue, 29 Oct 2024 18:21:06 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 7 Connection: close
2024-10-29 18:21:07 UTC	7	IN	Data Raw: 66 61 76 69 63 6f 6e Data Ascii: favicon

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.8	49717	3.123.58.60	443	6072	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-29 18:21:08 UTC	357	OUT	GET /favicon.ico HTTP/1.1 Host: proftrafficcounter.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-29 18:21:09 UTC	155	IN	HTTP/1.1 200 OK Server: awselb/2.0 Date: Tue, 29 Oct 2024 18:21:09 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 7 Connection: close
2024-10-29 18:21:09 UTC	7	IN	Data Raw: 66 61 76 69 63 6f 6e Data Ascii: favicon

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.8	49716	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 18:21:09 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-29 18:21:09 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=66819 Date: Tue, 29 Oct 2024 18:21:09 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.8	49719	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 18:21:10 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-29 18:21:10 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=66872 Date: Tue, 29 Oct 2024 18:21:10 GMT Content-Length: 55 Connection: close X-CID: 2
2024-10-29 18:21:10 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.8	49728	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 18:22:13 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 18:22:14 UTC	540	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 18:22:14 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public Last-Modified: Mon, 28 Oct 2024 13:23:36 GMT ETag: "0x8DCF753BAA1B278" x-ms-request-id: acfedf75-801e-002a-2768-2931dc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T182213Z-17c5cb586f65j4snvy39m6qus4000000026000000000cxe8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 18:22:14 UTC	15844	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-10-29 18:22:14 UTC	16384	IN	Data Raw: 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e Data Ascii: "0" /> </L> <R> <V V="400" T="I32" /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" />
2024-10-29 18:22:14 UTC	16384	IN	Data Raw: 20 20 3c 53 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 53 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 38 32 30 76 33 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 Data Ascii: <ST> <S T="1" /> </ST></R><$!#>10820v3+<?xml version="1.0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-781
2024-10-29 18:22:14 UTC	16384	IN	Data Raw: 20 54 3d 22 55 36 34 22 20 49 3d 22 38 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 45 76 65 6e 74 73 5f 41 76 67 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 41 76 65 72 61 67 65 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 Data Ascii: T="U64" I="8" O="false" N="Events_Avg"> <S T="2" F="Average" /> </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32"
2024-10-29 18:22:14 UTC	16384	IN	Data Raw: 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f Data Ascii: "0" O="false" N="Count_CreateCard_ValidPersona_False"> <C> <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Co
2024-10-29 18:22:14 UTC	16384	IN	Data Raw: 20 20 20 20 3c 53 20 54 3d 22 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 39 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a Data Ascii: <S T="31" /> </C> </C> <C T="U32" I="19" O="false" N="Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C>
2024-10-29 18:22:14 UTC	16384	IN	Data Raw: 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 Data Ascii: <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMillisec
2024-10-29 18:22:15 UTC	16384	IN	Data Raw: 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e Data Ascii: R> <V V="0" T="I32" /> </R> </O> </F> </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIn
2024-10-29 18:22:15 UTC	16384	IN	Data Raw: 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: R> </O> </F> <F T="6"> <O T="AND"> <L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L>
2024-10-29 18:22:15 UTC	16384	IN	Data Raw: 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c Data Ascii: T="6"> <O T="EQ"> <L> <S T="2" F="HttpStatus" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.8	49731	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 18:22:16 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 18:22:16 UTC	563	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 18:22:16 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 834668b8-301e-0052-121c-2765d6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T182216Z-15b8d89586f42m673h1quuee4s0000000ax000000000hr20 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 18:22:16 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.8	49730	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 18:22:16 UTC	192	OUT	GET /rules/rule224902v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 18:22:16 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 18:22:16 GMT Content-Type: text/xml Content-Length: 450 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT ETag: "0x8DC582BD4C869AE" x-ms-request-id: 9a0790d9-e01e-0052-7cad-26d9df000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T182216Z-16849878b78g2m84h2v9sta29000000005pg0000000113wy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 18:22:16 UTC	450	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.8	49729	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 18:22:16 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 18:22:16 UTC	563	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 18:22:16 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: 5d69bbb7-d01e-008e-6d6a-27387a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T182216Z-r197bdfb6b4bs5qf58wn14wgm000000005v000000000mec8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 18:22:16 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.8	49733	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 18:22:16 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 18:22:16 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 18:22:16 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: 7920d540-e01e-0085-1f11-29c311000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T182216Z-15b8d89586f6nn8zqg1h5suba8000000021g00000000k2zp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 18:22:16 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.8	49732	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 18:22:16 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 18:22:16 UTC	563	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 18:22:16 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: fc6998d3-101e-008d-52ad-2692e5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T182216Z-16849878b786fl7gm2qg4r5y70000000072g00000000vgea x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 18:22:16 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.8	49735	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 18:22:17 UTC	192	OUT	GET /rules/rule120611v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 18:22:18 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 18:22:17 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT ETag: "0x8DC582B9F6F3512" x-ms-request-id: e5fe76b8-601e-0050-2e06-262c9c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T182217Z-17c5cb586f65j4snvy39m6qus4000000024000000000mh2e x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 18:22:18 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.8	49734	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 18:22:17 UTC	192	OUT	GET /rules/rule120610v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 18:22:18 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 18:22:17 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT ETag: "0x8DC582B9964B277" x-ms-request-id: 7aa3dd97-101e-005a-6a20-26882b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T182217Z-r197bdfb6b48pl4k4a912hk2g40000000680000000002ktv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 18:22:18 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.8	49736	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 18:22:17 UTC	192	OUT	GET /rules/rule120612v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 18:22:18 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 18:22:17 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT ETag: "0x8DC582BB10C598B" x-ms-request-id: a2622e57-d01e-008e-28ea-28387a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T182217Z-r197bdfb6b42rt68rzg9338g1g000000084g00000000btpz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 18:22:18 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.8	49737	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 18:22:17 UTC	192	OUT	GET /rules/rule120613v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 18:22:18 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 18:22:17 GMT Content-Type: text/xml Content-Length: 632 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6E3779E" x-ms-request-id: 91249574-801e-0078-3dc7-27bac6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T182217Z-17c5cb586f6mkpfkkpsf1dpups000000026000000000cdfm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 18:22:18 UTC	632	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]\|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.8	49738	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 18:22:17 UTC	192	OUT	GET /rules/rule120614v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 18:22:18 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 18:22:17 GMT Content-Type: text/xml Content-Length: 467 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6C038BC" x-ms-request-id: bebabdad-901e-0029-5d45-28274a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T182217Z-r197bdfb6b4c8q4qvwwy2byzsw000000078g000000007h7z x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 18:22:18 UTC	467	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.8	49743	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 18:22:19 UTC	192	OUT	GET /rules/rule120619v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 18:22:19 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 18:22:19 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT ETag: "0x8DC582B9698189B" x-ms-request-id: abb1733e-f01e-005d-6a3c-2813ba000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T182219Z-15b8d89586fhl2qtatrz3vfkf00000000d400000000083es x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 18:22:19 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.8	49742	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 18:22:19 UTC	192	OUT	GET /rules/rule120618v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 18:22:19 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 18:22:19 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT ETag: "0x8DC582B9018290B" x-ms-request-id: b80877bf-b01e-0084-28e3-26d736000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T182219Z-r197bdfb6b4bs5qf58wn14wgm0000000062g000000001aqd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 18:22:19 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.8	49739	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 18:22:19 UTC	192	OUT	GET /rules/rule120615v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 18:22:19 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 18:22:19 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBAD04B7B" x-ms-request-id: 3c9c0adf-d01e-0028-0c96-257896000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T182219Z-16849878b78km6fmmkbenhx76n000000069g0000000081e9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 18:22:19 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.8	49741	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 18:22:19 UTC	192	OUT	GET /rules/rule120616v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 18:22:19 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 18:22:19 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB344914B" x-ms-request-id: 9985b9b7-a01e-0021-5827-28814c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T182219Z-15b8d89586f8l5961kfst8fpb00000000hs00000000013a8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 18:22:19 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.8	49740	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 18:22:19 UTC	192	OUT	GET /rules/rule120617v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 18:22:19 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 18:22:19 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT ETag: "0x8DC582BA310DA18" x-ms-request-id: cb18986a-b01e-0053-40f0-27cdf8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T182219Z-r197bdfb6b4bq7nf8dgr5rzeq4000000024g00000000f70x x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 18:22:19 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.8	49744	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 18:22:20 UTC	192	OUT	GET /rules/rule120620v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 18:22:20 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 18:22:20 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA701121" x-ms-request-id: 2fd6bd5d-d01e-007a-394f-26f38c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T182220Z-16849878b78xblwksrnkakc08w000000060g00000000zcx0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-29 18:22:20 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.8	49746	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 18:22:20 UTC	192	OUT	GET /rules/rule120622v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 18:22:20 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 18:22:20 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8CEAC16" x-ms-request-id: 9a09e836-e01e-0052-3cae-26d9df000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T182220Z-16849878b78p49s6zkwt11bbkn00000006gg00000000n65b x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 18:22:20 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.8	49745	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 18:22:20 UTC	192	OUT	GET /rules/rule120621v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 18:22:20 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 18:22:20 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA41997E3" x-ms-request-id: d7829477-101e-008d-1890-2792e5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T182220Z-17c5cb586f67hfgj2durhqcxk800000005qg00000000fpt5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 18:22:20 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.8	49748	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 18:22:20 UTC	192	OUT	GET /rules/rule120624v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 18:22:20 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 18:22:20 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB7010D66" x-ms-request-id: 389e5e1f-601e-000d-2325-282618000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T182220Z-r197bdfb6b4d9xksru4x6qbqr000000006wg00000000fepp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 18:22:20 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.8	49747	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 18:22:20 UTC	192	OUT	GET /rules/rule120623v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 18:22:20 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 18:22:20 GMT Content-Type: text/xml Content-Length: 464 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97FB6C3C" x-ms-request-id: 214ea441-b01e-00ab-0e9b-27dafd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T182220Z-15b8d89586fbmg6qpd9yf8zhm000000001w00000000069ht x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 18:22:20 UTC	464	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.8	49752	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 18:22:21 UTC	192	OUT	GET /rules/rule120628v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 18:22:21 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 18:22:21 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C8E04C8" x-ms-request-id: ebbbec6e-b01e-0021-1c83-29cab7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T182221Z-17c5cb586f6wnfhvhw6gvetfh400000006bg00000000bp9k x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-29 18:22:21 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.8	49749	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 18:22:21 UTC	192	OUT	GET /rules/rule120625v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 18:22:21 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 18:22:21 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT ETag: "0x8DC582B9748630E" x-ms-request-id: cfe50472-201e-00aa-2cfd-263928000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T182221Z-17c5cb586f6wmhkn5q6fu8c5ss000000065g00000000hvd1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 18:22:21 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.8	49753	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 18:22:21 UTC	192	OUT	GET /rules/rule120629v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 18:22:21 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 18:22:21 GMT Content-Type: text/xml Content-Length: 428 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC4F34CA" x-ms-request-id: 03fc6633-801e-0048-4d87-29f3fb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T182221Z-17c5cb586f6g6g2sa7kg5c0gg0000000022g00000000ngg2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 18:22:21 UTC	428	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.8	49750	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 18:22:21 UTC	192	OUT	GET /rules/rule120627v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 18:22:21 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 18:22:21 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT ETag: "0x8DC582B9E8EE0F3" x-ms-request-id: 04619d75-001e-0014-5e75-295151000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T182221Z-r197bdfb6b4gx6v9pg74w9f47s000000090g000000007gyz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 18:22:21 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.8	49751	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 18:22:21 UTC	192	OUT	GET /rules/rule120626v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 18:22:21 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 18:22:21 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DACDF62" x-ms-request-id: 864201cb-901e-0015-2b18-26b284000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T182221Z-16849878b78tg5n42kspfr0x4800000006x000000000gcka x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-29 18:22:21 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.8	49755	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 18:22:22 UTC	192	OUT	GET /rules/rule120631v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 18:22:22 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 18:22:22 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B988EBD12" x-ms-request-id: 50755ed9-801e-00ac-015e-27fd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T182222Z-17c5cb586f66g7mvgrudxte95400000001u000000000g04a x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 18:22:22 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.8	49754	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 18:22:22 UTC	192	OUT	GET /rules/rule120630v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 18:22:22 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 18:22:22 GMT Content-Type: text/xml Content-Length: 499 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT ETag: "0x8DC582B98CEC9F6" x-ms-request-id: afbd30f1-101e-007a-739c-27047e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T182222Z-17c5cb586f69w69mgazyf263an000000066g000000001fdx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 18:22:22 UTC	499	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.8	49756	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 18:22:22 UTC	192	OUT	GET /rules/rule120633v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 18:22:22 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 18:22:22 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB32BB5CB" x-ms-request-id: 2760be74-301e-0096-200b-26e71d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T182222Z-16849878b78j7llf5vkyvvcehs000000080g00000000asbp x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 18:22:22 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.8	49757	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 18:22:22 UTC	192	OUT	GET /rules/rule120632v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 18:22:22 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 18:22:22 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5815C4C" x-ms-request-id: f6d28dea-a01e-0002-4ae8-285074000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T182222Z-15b8d89586f8l5961kfst8fpb00000000hng00000000792c x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 18:22:22 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.8	49758	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 18:22:22 UTC	192	OUT	GET /rules/rule120634v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 18:22:22 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 18:22:22 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8972972" x-ms-request-id: fa11464d-701e-0032-1f49-27a540000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T182222Z-16849878b786lft2mu9uftf3y4000000081g00000000y3gp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 18:22:22 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.8	49761	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 18:22:22 UTC	192	OUT	GET /rules/rule120637v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 18:22:23 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 18:22:23 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT ETag: "0x8DC582BA909FA21" x-ms-request-id: 69b48820-e01e-0099-092d-27da8a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T182223Z-17c5cb586f6fqqst87nqkbsx1c00000005a000000000bhdn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 18:22:23 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.8	49759	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 18:22:22 UTC	192	OUT	GET /rules/rule120635v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 18:22:23 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 18:22:23 GMT Content-Type: text/xml Content-Length: 420 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DAE3EC0" x-ms-request-id: 892d3b27-201e-005d-7649-27afb3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T182223Z-16849878b78fssff8btnns3b14000000073g00000000r5z5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 18:22:23 UTC	420	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.8	49762	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 18:22:22 UTC	192	OUT	GET /rules/rule120638v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 18:22:23 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 18:22:23 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT ETag: "0x8DC582B92FCB436" x-ms-request-id: baee9024-801e-00ac-4757-29fd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T182223Z-17c5cb586f6wmhkn5q6fu8c5ss00000006b0000000006x8f x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 18:22:23 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.8	49763	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 18:22:23 UTC	192	OUT	GET /rules/rule120639v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 18:22:23 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 18:22:23 GMT Content-Type: text/xml Content-Length: 423 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT ETag: "0x8DC582BB7564CE8" x-ms-request-id: 5e4053db-f01e-0052-6472-279224000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T182223Z-16849878b786lft2mu9uftf3y4000000087000000000644q x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 18:22:23 UTC	423	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0

Session ID	Source IP	Source Port	Destination IP	Destination Port
40	192.168.2.8	49760	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 18:22:23 UTC	192	OUT	GET /rules/rule120636v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 18:22:23 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 18:22:23 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D43097E" x-ms-request-id: 3201f11f-301e-006e-7658-27f018000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T182223Z-17c5cb586f6r59nt869u8w8xt800000005x000000000929p x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 18:22:23 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
41	192.168.2.8	49764	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 18:22:23 UTC	192	OUT	GET /rules/rule120640v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 18:22:23 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 18:22:23 GMT Content-Type: text/xml Content-Length: 478 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT ETag: "0x8DC582B9B233827" x-ms-request-id: 6856914c-401e-0029-0667-279b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T182223Z-16849878b78qfbkc5yywmsbg0c00000006fg00000000uap6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 18:22:23 UTC	478	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
42	192.168.2.8	49765	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 18:22:23 UTC	192	OUT	GET /rules/rule120641v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 18:22:23 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 18:22:23 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B95C61A3C" x-ms-request-id: 5e2f3c3f-901e-0048-1b49-28b800000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T182223Z-17c5cb586f672xmrz843mf85fn00000005n000000000m9rt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 18:22:23 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
43	192.168.2.8	49766	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 18:22:23 UTC	192	OUT	GET /rules/rule120642v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 18:22:23 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 18:22:23 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT ETag: "0x8DC582BB046B576" x-ms-request-id: 0ce3105a-501e-0029-7cd2-26d0b8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T182223Z-16849878b78qfbkc5yywmsbg0c00000006e0000000010t4b x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 18:22:23 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
44	192.168.2.8	49768	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 18:22:23 UTC	192	OUT	GET /rules/rule120644v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 18:22:24 UTC	470	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 18:22:23 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7D702D0" x-ms-request-id: b2eb4648-201e-0051-526d-287340000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T182223Z-17c5cb586f6b6kj91vqtm6kxaw00000005pg0000000066nw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-29 18:22:24 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.8	49767	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-29 18:22:23 UTC	192	OUT	GET /rules/rule120643v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-29 18:22:24 UTC	491	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 18:22:23 GMT Content-Type: text/xml Content-Length: 400 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2D62837" x-ms-request-id: a96fbf53-401e-0016-5d5d-2653e0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241029T182223Z-16849878b78fssff8btnns3b14000000075000000000g84w x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-29 18:22:24 UTC	400	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 4780, Parent PID: 2648

General

Target ID:	0
Start time:	14:20:56
Start date:	29/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff678760000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6072, Parent PID: 4780

General

Target ID:	2
Start time:	14:21:00
Start date:	29/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1916,i,17807868710430920358,7715825273349590589,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff678760000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6036, Parent PID: 2648

General

Target ID:	3
Start time:	14:21:03
Start date:	29/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://proftrafficcounter.com"
Imagebase:	0x7ff678760000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://proftrafficcounter.com

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Persistence and Installation Behavior

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 59

Chrome Cache Entry: 60

Chrome Cache Entry: 61

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 4780, Parent PID: 2648

General

Chronological Activities

Windows Analysis Report
http://proftrafficcounter.com