Edit tour

Windows Analysis Report
http://www.sgtllcsales.ae

Overview

General Information

Sample URL:	http://www.sgtllcsales.ae
Analysis ID:	1554991
Infos:

Errors URL not reachable

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Detected non-DNS traffic on DNS port

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 4720 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3536 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2000 --field-trial-handle=1980,i,13586612571391427626,8045038456143489032,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4952 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.sgtllcsales.ae" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknown

HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:55348 version: TLS 1.2

Source: global traffic	TCP traffic: 192.168.2.5:65076 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.5:55347 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net

Source: global traffic	DNS traffic detected: DNS query: www.sgtllcsales.ae
Source: global traffic	DNS traffic detected: DNS query: google.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 55365 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55348
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55349
Source: unknown	Network traffic detected: HTTP traffic on port 55359 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55371 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55351
Source: unknown	Network traffic detected: HTTP traffic on port 55352 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55352
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55353
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55354
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55350
Source: unknown	Network traffic detected: HTTP traffic on port 55349 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55368 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55366 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55362 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55359
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55358 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55372 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55355
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55356
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55357
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55358
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55362
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55363
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55364
Source: unknown	Network traffic detected: HTTP traffic on port 55355 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55365
Source: unknown	Network traffic detected: HTTP traffic on port 55351 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55360
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55361
Source: unknown	Network traffic detected: HTTP traffic on port 55348 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55361 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55369 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55363 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55357 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55373 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55366
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55367
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55368
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55369
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55373
Source: unknown	Network traffic detected: HTTP traffic on port 55354 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55350 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55370
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55371
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55372
Source: unknown	Network traffic detected: HTTP traffic on port 55360 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55364 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55370 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55356 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55353 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 55367 -> 443

Source: unknown

HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:55348 version: TLS 1.2

Source: classification engine

Classification label: unknown1.win@25/6@17/3

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2000 --field-trial-handle=1980,i,13586612571391427626,8045038456143489032,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.sgtllcsales.ae"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2000 --field-trial-handle=1980,i,13586612571391427626,8045038456143489032,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://www.sgtllcsales.ae	0%	Avira URL Cloud	safe
http://www.sgtllcsales.ae	0%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
www.sgtllcsales.ae	0%	Virustotal		Browse

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
google.com	142.250.184.238	true	false		high
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true	false		high
www.google.com	172.217.18.4	true	false		high
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false		high
www.sgtllcsales.ae	unknown	unknown	false	0%, Virustotal, Browse	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved		unknown	unknown	false
172.217.18.4	www.google.com	United States		15169	GOOGLEUS	false

Private

IP
192.168.2.5

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1554991
Start date and time:	2024-11-13 09:55:22 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 1m 58s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://www.sgtllcsales.ae
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	UNKNOWN
Classification:	unknown1.win@25/6@17/3
Cookbook Comments:	URL browsing timeout or error

Errors

URL not reachable

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.131, 216.58.206.46, 74.125.133.84, 34.104.35.123, 184.28.90.27, 20.109.210.53, 93.184.221.240, 192.229.221.95, 13.95.31.18, 20.3.187.198, 20.242.39.171
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.afd.azureedge.net, clientservices.googleapis.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, wu.azureedge.net, clients2.google.com, ocsp.digicert.com, e16604.g.akamaiedge.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, fs.microsoft.com, accounts.google.com, ctldl.windowsupdate.com.delivery.microsoft.com, otelrules.azureedge.net, wu.ec.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, azureedge-t-prod.trafficmanager.net, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Input	Output
URL: Model: claude-3-5-sonnet-latest	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": true, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: http://www.sgtllcsales.ae

Input

Output

URL: Model: claude-3-5-sonnet-latest

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": true,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}

URL: http://www.sgtllcsales.ae

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 13 07:56:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9732406185428464
Encrypted:	false
SSDEEP:	48:88dPTnjwHpidAKZdA19ehwiZUklqehNy+3:8MfmKy
MD5:	523DB55A845021A73A49C356199C5ACF
SHA1:	0435FCA00B2AB3521169524A80D193C84897A2E1
SHA-256:	3C72E879433962C9C71B203FBC7E475AAC5962BFE9CF9E592C178B8BDC03B638
SHA-512:	C8ED8F8CE3C2CEF2EDA77089D3E48B297A405971AB7A54173D74365D2E9516600CCCF4B371A55B0F4A9FE2DF23AD7884CDF941314BE92F060B7EB84E7AD2955D
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....0..5..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.ImY.G....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VmY.G....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VmY.G....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VmY.G..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VmY.G...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 13 07:56:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9898223610654973
Encrypted:	false
SSDEEP:	48:86dPTnjwHpidAKZdA1weh/iZUkAQkqeh6y+2:86fk9Q/y
MD5:	C1FD2BF9CA4D186186BFCD283DFFC674
SHA1:	1799E562D7192B1364639B78DBB937723FDE7C2E
SHA-256:	59EA6C717CE528FB9AD1E8B7FA173F960369FD78232760ABC61B534699DC80F3
SHA-512:	80E25D5ABA65931619EBAB3A7C4757D45757544E062CE1B6756D4EFC25BA97846F4AFD31773FFB5AEB0A308A1DBD78829F976031413D8763EDC3B109BB8894E4
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,........5..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.ImY.G....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VmY.G....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VmY.G....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VmY.G..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VmY.G...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.002799686633239
Encrypted:	false
SSDEEP:	48:8xMdPTnjsHpidAKZdA14tseh7sFiZUkmgqeh7s8y+BX:8x8fAn2y
MD5:	87FDE66107A7AF969F16845C107B90E9
SHA1:	EF0D8B0C0D568B2E7212C78AA714F569CC916217
SHA-256:	CE47625A69EDB45C43E7246D910A30FC21120A94C53C791DCB84BDEF956E10D5
SHA-512:	8546F27B090048C7FC36350588B3C746943561315EF44B0D07071FB6F64C085A25E411BAA173D217FBEDF47345DA11F070B39267505C2D9189AEB5BD88953189
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.ImY.G....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VmY.G....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VmY.G....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VmY.G..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 13 07:56:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.989962998598412
Encrypted:	false
SSDEEP:	48:83dPTnjwHpidAKZdA1vehDiZUkwqehOy+R:8Zfv0y
MD5:	BF4541C1AD6D2553A410EC0C43131645
SHA1:	D1041A62C7EEBDB262DB7C5A52110B3B47DDEBE7
SHA-256:	BE9E814E011396BD48265509B6E02B8D556BD46A836236B601F2B5AB4BCC3C52
SHA-512:	8C56D5DEB48A2F48D5E43E44CB824EF9CAFA1CC61625DA5E950A319A0B0811604A8A207D7BFBC04D5F484621364A9530A38BBEEAC60E3246135CED6F3EBECCE6
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....'...5..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.ImY.G....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VmY.G....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VmY.G....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VmY.G..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VmY.G...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 13 07:56:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9762446433899417
Encrypted:	false
SSDEEP:	48:8zdPTnjwHpidAKZdA1hehBiZUk1W1qehYy+C:8NfP94y
MD5:	CDA5809DECE661ACC3FA246AC7D55CB6
SHA1:	71F6AE522DCD31AA22FD056B52030422143EB099
SHA-256:	AE863448BDCF669368AAC980440494824B685760E2B46D459CDC7D77A9DAA5BF
SHA-512:	7679CEA1D0D2A6AB7155839E0BAA2C4D6E587264B4BE424EE5E8666593696ADDBB9351030C1366E4DA4B6899EC20D0A8971385AC865B309717AB8B896AD4277C
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....Gk..5..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.ImY.G....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VmY.G....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VmY.G....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VmY.G..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VmY.G...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 13 07:56:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.9897597158616827
Encrypted:	false
SSDEEP:	48:8YdPTnjwHpidAKZdA1duT+ehOuTbbiZUk5OjqehOuTb2y+yT+:8QfHT/TbxWOvTb2y7T
MD5:	3324F65FBF5481219F98FF7B95B599EC
SHA1:	0E4B88814FE7320A9EC3A958CBB3B7EE9123ABEE
SHA-256:	C20CD792925602AA255D64EFB2CC04EAC75DE562E3FFAB6FD06F31E0B8DB0E18
SHA-512:	3A030BD442103641584A2909BF7A080B1820FE15C2E9C2043645928E9C920D2123EA2B981F031D4F632E188E06C22882097028398B25C9E7D4CE441922283F76
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......}.5..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.ImY.G....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VmY.G....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VmY.G....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VmY.G..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VmY.G...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 13, 2024 09:56:06.763129950 CET	49675	443	192.168.2.5	23.1.237.91
Nov 13, 2024 09:56:06.763184071 CET	49674	443	192.168.2.5	23.1.237.91
Nov 13, 2024 09:56:06.872404099 CET	49673	443	192.168.2.5	23.1.237.91
Nov 13, 2024 09:56:16.373279095 CET	49674	443	192.168.2.5	23.1.237.91
Nov 13, 2024 09:56:16.406845093 CET	49675	443	192.168.2.5	23.1.237.91
Nov 13, 2024 09:56:16.513645887 CET	49673	443	192.168.2.5	23.1.237.91
Nov 13, 2024 09:56:18.226366997 CET	49711	443	192.168.2.5	172.217.18.4
Nov 13, 2024 09:56:18.226455927 CET	443	49711	172.217.18.4	192.168.2.5
Nov 13, 2024 09:56:18.226557016 CET	49711	443	192.168.2.5	172.217.18.4
Nov 13, 2024 09:56:18.226979017 CET	49711	443	192.168.2.5	172.217.18.4
Nov 13, 2024 09:56:18.227015972 CET	443	49711	172.217.18.4	192.168.2.5
Nov 13, 2024 09:56:18.251159906 CET	443	49703	23.1.237.91	192.168.2.5
Nov 13, 2024 09:56:18.251295090 CET	49703	443	192.168.2.5	23.1.237.91
Nov 13, 2024 09:56:19.099647999 CET	443	49711	172.217.18.4	192.168.2.5
Nov 13, 2024 09:56:19.103429079 CET	49711	443	192.168.2.5	172.217.18.4
Nov 13, 2024 09:56:19.103471041 CET	443	49711	172.217.18.4	192.168.2.5
Nov 13, 2024 09:56:19.104526997 CET	443	49711	172.217.18.4	192.168.2.5
Nov 13, 2024 09:56:19.104595900 CET	49711	443	192.168.2.5	172.217.18.4
Nov 13, 2024 09:56:19.386434078 CET	49711	443	192.168.2.5	172.217.18.4
Nov 13, 2024 09:56:19.386668921 CET	443	49711	172.217.18.4	192.168.2.5
Nov 13, 2024 09:56:19.436404943 CET	49711	443	192.168.2.5	172.217.18.4
Nov 13, 2024 09:56:19.436429977 CET	443	49711	172.217.18.4	192.168.2.5
Nov 13, 2024 09:56:19.483275890 CET	49711	443	192.168.2.5	172.217.18.4
Nov 13, 2024 09:56:20.100544930 CET	65076	53	192.168.2.5	1.1.1.1
Nov 13, 2024 09:56:20.105437994 CET	53	65076	1.1.1.1	192.168.2.5
Nov 13, 2024 09:56:20.107484102 CET	65076	53	192.168.2.5	1.1.1.1
Nov 13, 2024 09:56:20.107842922 CET	65076	53	192.168.2.5	1.1.1.1
Nov 13, 2024 09:56:20.112673044 CET	53	65076	1.1.1.1	192.168.2.5
Nov 13, 2024 09:56:20.733849049 CET	53	65076	1.1.1.1	192.168.2.5
Nov 13, 2024 09:56:20.734755993 CET	65076	53	192.168.2.5	1.1.1.1
Nov 13, 2024 09:56:20.740482092 CET	53	65076	1.1.1.1	192.168.2.5
Nov 13, 2024 09:56:20.740622044 CET	65076	53	192.168.2.5	1.1.1.1
Nov 13, 2024 09:56:29.133712053 CET	443	49711	172.217.18.4	192.168.2.5
Nov 13, 2024 09:56:29.133810997 CET	443	49711	172.217.18.4	192.168.2.5
Nov 13, 2024 09:56:29.133899927 CET	49711	443	192.168.2.5	172.217.18.4
Nov 13, 2024 09:56:29.971796036 CET	49711	443	192.168.2.5	172.217.18.4
Nov 13, 2024 09:56:29.971865892 CET	443	49711	172.217.18.4	192.168.2.5
Nov 13, 2024 09:56:30.898653984 CET	55347	53	192.168.2.5	1.1.1.1
Nov 13, 2024 09:56:30.903608084 CET	53	55347	1.1.1.1	192.168.2.5
Nov 13, 2024 09:56:30.903691053 CET	55347	53	192.168.2.5	1.1.1.1
Nov 13, 2024 09:56:30.903726101 CET	55347	53	192.168.2.5	1.1.1.1
Nov 13, 2024 09:56:30.910204887 CET	53	55347	1.1.1.1	192.168.2.5
Nov 13, 2024 09:56:31.368397951 CET	55348	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:31.368429899 CET	443	55348	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:31.368482113 CET	55348	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:31.370207071 CET	55348	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:31.370215893 CET	443	55348	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:31.499980927 CET	53	55347	1.1.1.1	192.168.2.5
Nov 13, 2024 09:56:31.504388094 CET	55347	53	192.168.2.5	1.1.1.1
Nov 13, 2024 09:56:31.509856939 CET	53	55347	1.1.1.1	192.168.2.5
Nov 13, 2024 09:56:31.509907007 CET	55347	53	192.168.2.5	1.1.1.1
Nov 13, 2024 09:56:32.090749979 CET	443	55348	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:32.092253923 CET	55348	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:32.097784042 CET	55348	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:32.097791910 CET	443	55348	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:32.097999096 CET	443	55348	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:32.111824036 CET	55348	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:32.159327030 CET	443	55348	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:32.350608110 CET	443	55348	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:32.350625992 CET	443	55348	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:32.350790024 CET	443	55348	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:32.350908041 CET	55348	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:32.350915909 CET	443	55348	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:32.350974083 CET	55348	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:32.351015091 CET	55348	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:32.466177940 CET	443	55348	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:32.466191053 CET	443	55348	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:32.467433929 CET	55348	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:32.467438936 CET	443	55348	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:32.470985889 CET	55348	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:32.581404924 CET	443	55348	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:32.581424952 CET	443	55348	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:32.581532955 CET	55348	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:32.581532955 CET	55348	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:32.581537008 CET	443	55348	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:32.581602097 CET	55348	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:32.697544098 CET	443	55348	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:32.697557926 CET	443	55348	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:32.697839975 CET	55348	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:32.697845936 CET	443	55348	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:32.698086023 CET	55348	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:32.812370062 CET	443	55348	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:32.812383890 CET	443	55348	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:32.812467098 CET	55348	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:32.812472105 CET	443	55348	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:32.812510014 CET	55348	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:32.928437948 CET	443	55348	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:32.928456068 CET	443	55348	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:32.928493023 CET	55348	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:32.928558111 CET	55348	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:32.928564072 CET	443	55348	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:32.928601027 CET	55348	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:33.042857885 CET	443	55348	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:33.042875051 CET	443	55348	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:33.042939901 CET	55348	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:33.042944908 CET	443	55348	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:33.042998075 CET	55348	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:33.504859924 CET	443	55348	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:33.504873991 CET	443	55348	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:33.504930019 CET	55348	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:33.504940987 CET	443	55348	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:33.504970074 CET	55348	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:33.504973888 CET	443	55348	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:33.505060911 CET	55348	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:33.505060911 CET	55348	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:33.505070925 CET	443	55348	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:33.505080938 CET	443	55348	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:33.505105972 CET	443	55348	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:33.505135059 CET	55348	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:33.505153894 CET	55348	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:33.505896091 CET	443	55348	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:33.505916119 CET	443	55348	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:33.505969048 CET	55348	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:33.505975008 CET	443	55348	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:33.505995989 CET	55348	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:33.506016970 CET	55348	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:33.509825945 CET	443	55348	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:33.509846926 CET	443	55348	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:33.509886026 CET	55348	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:33.509892941 CET	443	55348	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:33.509923935 CET	55348	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:33.509943962 CET	55348	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:33.511291981 CET	443	55348	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:33.511327982 CET	443	55348	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:33.511351109 CET	55348	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:33.511358023 CET	443	55348	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:33.511382103 CET	55348	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:33.511403084 CET	55348	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:33.547355890 CET	443	55348	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:33.547388077 CET	443	55348	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:33.547420979 CET	55348	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:33.547441959 CET	443	55348	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:33.547470093 CET	55348	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:33.547487974 CET	55348	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:33.599790096 CET	443	55348	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:33.599858999 CET	55348	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:33.599874020 CET	443	55348	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:33.599893093 CET	443	55348	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:33.599915028 CET	55348	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:33.599946976 CET	55348	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:33.600076914 CET	55348	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:33.600090981 CET	443	55348	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:33.600101948 CET	55348	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:33.600109100 CET	443	55348	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:33.642344952 CET	55349	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:33.642432928 CET	443	55349	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:33.642483950 CET	55350	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:33.642514944 CET	55349	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:33.642518997 CET	443	55350	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:33.642569065 CET	55350	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:33.642921925 CET	55350	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:33.642935991 CET	443	55350	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:33.643217087 CET	55349	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:33.643259048 CET	443	55349	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:33.644840002 CET	55351	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:33.644867897 CET	443	55351	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:33.644957066 CET	55351	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:33.645072937 CET	55351	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:33.645088911 CET	443	55351	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:33.646189928 CET	55352	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:33.646215916 CET	443	55352	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:33.646279097 CET	55352	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:33.646383047 CET	55352	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:33.646389961 CET	443	55352	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:33.647322893 CET	55353	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:33.647365093 CET	443	55353	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:33.647440910 CET	55353	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:33.647561073 CET	55353	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:33.647578955 CET	443	55353	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:34.375210047 CET	443	55350	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:34.375766039 CET	55350	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:34.375783920 CET	443	55350	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:34.375808954 CET	443	55349	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:34.376336098 CET	55350	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:34.376349926 CET	443	55350	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:34.376468897 CET	55349	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:34.376528978 CET	443	55349	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:34.376795053 CET	55349	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:34.376808882 CET	443	55349	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:34.378799915 CET	443	55351	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:34.379304886 CET	55351	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:34.379319906 CET	443	55351	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:34.379472971 CET	443	55352	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:34.379635096 CET	55351	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:34.379646063 CET	443	55351	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:34.380269051 CET	55352	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:34.380330086 CET	443	55352	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:34.380383968 CET	443	55353	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:34.380654097 CET	55352	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:34.380660057 CET	443	55352	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:34.380743027 CET	55353	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:34.380790949 CET	443	55353	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:34.381088018 CET	55353	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:34.381095886 CET	443	55353	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:34.504160881 CET	443	55349	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:34.504179001 CET	443	55349	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:34.504229069 CET	443	55349	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:34.504391909 CET	55349	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:34.504393101 CET	55349	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:34.504651070 CET	55349	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:34.504688978 CET	443	55349	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:34.504733086 CET	55349	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:34.504748106 CET	443	55349	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:34.505140066 CET	443	55350	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:34.505341053 CET	443	55350	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:34.505537987 CET	55350	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:34.505647898 CET	55350	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:34.505666971 CET	443	55350	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:34.505896091 CET	55350	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:34.505902052 CET	443	55350	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:34.508408070 CET	55354	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:34.508445024 CET	443	55354	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:34.508522987 CET	443	55351	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:34.508541107 CET	443	55351	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:34.508604050 CET	55351	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:34.508609056 CET	55354	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:34.508610010 CET	55355	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:34.508627892 CET	443	55351	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:34.508697033 CET	443	55355	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:34.508744955 CET	55354	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:34.508744955 CET	55351	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:34.508759975 CET	443	55351	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:34.508764982 CET	443	55354	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:34.508790016 CET	443	55351	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:34.508801937 CET	55355	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:34.508856058 CET	443	55352	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:34.508883953 CET	55351	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:34.509166956 CET	55351	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:34.509166956 CET	55351	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:34.509170055 CET	55355	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:34.509182930 CET	443	55351	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:34.509205103 CET	443	55351	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:34.509212971 CET	443	55355	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:34.509336948 CET	443	55352	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:34.509757996 CET	55352	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:34.510349035 CET	55352	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:34.510349035 CET	55352	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:34.510365963 CET	443	55352	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:34.510413885 CET	443	55352	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:34.512341976 CET	55356	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:34.512425900 CET	443	55356	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:34.512458086 CET	55357	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:34.512487888 CET	443	55357	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:34.512495041 CET	443	55353	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:34.512531042 CET	443	55353	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:34.512531042 CET	55356	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:34.512581110 CET	55357	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:34.512588024 CET	55353	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:34.512609959 CET	443	55353	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:34.512640953 CET	55356	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:34.512641907 CET	443	55353	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:34.512679100 CET	443	55356	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:34.512711048 CET	55353	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:34.512780905 CET	55357	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:34.512797117 CET	443	55357	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:34.512967110 CET	55353	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:34.512985945 CET	443	55353	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:34.513020992 CET	55353	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:34.513034105 CET	443	55353	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:34.514983892 CET	55358	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:34.515003920 CET	443	55358	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:34.515237093 CET	55358	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:34.515237093 CET	55358	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:34.515286922 CET	443	55358	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:35.234853029 CET	443	55358	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:35.235488892 CET	55358	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:35.235519886 CET	443	55358	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:35.235989094 CET	55358	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:35.236000061 CET	443	55358	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:35.237792969 CET	443	55354	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:35.238122940 CET	55354	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:35.238167048 CET	443	55354	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:35.238636017 CET	55354	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:35.238646030 CET	443	55354	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:35.239309072 CET	443	55355	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:35.239588022 CET	55355	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:35.239645958 CET	443	55355	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:35.239947081 CET	55355	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:35.239960909 CET	443	55355	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:35.256323099 CET	443	55357	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:35.256694078 CET	55357	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:35.256717920 CET	443	55357	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:35.257194996 CET	55357	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:35.257209063 CET	443	55357	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:35.283679962 CET	443	55356	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:35.284037113 CET	55356	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:35.284095049 CET	443	55356	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:35.284396887 CET	55356	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:35.284410954 CET	443	55356	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:35.361915112 CET	443	55358	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:35.362056017 CET	443	55358	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:35.362179041 CET	55358	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:35.362272978 CET	55358	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:35.362272978 CET	55358	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:35.362323046 CET	443	55358	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:35.362356901 CET	443	55358	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:35.364945889 CET	55359	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:35.365020990 CET	443	55359	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:35.365103006 CET	55359	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:35.365205050 CET	55359	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:35.365221977 CET	443	55359	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:35.369520903 CET	443	55354	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:35.369752884 CET	443	55354	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:35.369899035 CET	55354	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:35.369899988 CET	55354	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:35.369899988 CET	55354	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:35.371675014 CET	55360	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:35.371697903 CET	443	55360	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:35.371807098 CET	55360	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:35.371932030 CET	55360	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:35.371954918 CET	443	55360	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:35.373142958 CET	443	55355	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:35.373698950 CET	443	55355	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:35.373768091 CET	55355	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:35.373851061 CET	55355	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:35.373851061 CET	55355	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:35.373894930 CET	443	55355	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:35.373924971 CET	443	55355	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:35.375545025 CET	55361	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:35.375595093 CET	443	55361	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:35.375655890 CET	55361	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:35.375768900 CET	55361	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:35.375787020 CET	443	55361	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:35.386778116 CET	443	55357	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:35.386976957 CET	443	55357	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:35.387161016 CET	55357	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:35.387161016 CET	55357	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:35.387161970 CET	55357	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:35.388886929 CET	55362	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:35.388942957 CET	443	55362	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:35.389019966 CET	55362	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:35.389130116 CET	55362	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:35.389151096 CET	443	55362	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:35.421370983 CET	443	55356	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:35.421819925 CET	443	55356	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:35.421933889 CET	55356	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:35.421935081 CET	55356	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:35.422013998 CET	55356	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:35.422049046 CET	443	55356	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:35.423985004 CET	55363	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:35.424027920 CET	443	55363	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:35.424099922 CET	55363	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:35.424222946 CET	55363	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:35.424256086 CET	443	55363	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:35.669882059 CET	55354	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:35.669919014 CET	443	55354	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:35.701076031 CET	55357	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:35.701102972 CET	443	55357	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:36.108055115 CET	443	55361	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:36.108180046 CET	443	55359	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:36.108800888 CET	55359	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:36.108824968 CET	443	55359	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:36.108849049 CET	55361	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:36.108912945 CET	443	55361	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:36.109503031 CET	55361	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:36.109515905 CET	443	55361	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:36.109642029 CET	55359	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:36.109649897 CET	443	55359	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:36.122819901 CET	443	55360	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:36.123198986 CET	55360	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:36.123215914 CET	443	55360	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:36.123788118 CET	55360	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:36.123799086 CET	443	55360	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:36.124465942 CET	443	55362	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:36.124823093 CET	55362	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:36.124851942 CET	443	55362	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:36.125475883 CET	55362	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:36.125488043 CET	443	55362	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:36.143114090 CET	443	55363	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:36.143491030 CET	55363	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:36.143572092 CET	443	55363	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:36.144185066 CET	55363	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:36.144197941 CET	443	55363	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:36.240196943 CET	443	55359	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:36.240340948 CET	443	55359	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:36.240456104 CET	443	55361	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:36.240509987 CET	55359	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:36.240650892 CET	55359	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:36.240686893 CET	443	55359	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:36.240712881 CET	55359	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:36.240727901 CET	443	55359	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:36.240820885 CET	443	55361	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:36.241878033 CET	55361	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:36.241878033 CET	55361	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:36.241878986 CET	55361	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:36.244469881 CET	55364	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:36.244519949 CET	443	55364	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:36.244679928 CET	55365	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:36.244700909 CET	55364	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:36.244728088 CET	443	55365	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:36.244812965 CET	55364	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:36.244824886 CET	443	55364	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:36.244832993 CET	55365	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:36.244942904 CET	55365	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:36.244959116 CET	443	55365	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:36.251389027 CET	443	55362	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:36.251535892 CET	443	55362	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:36.251597881 CET	55362	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:36.251651049 CET	55362	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:36.251652002 CET	55362	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:36.251676083 CET	443	55362	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:36.251701117 CET	443	55362	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:36.253469944 CET	443	55360	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:36.253640890 CET	443	55360	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:36.253755093 CET	55360	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:36.254287004 CET	55366	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:36.254308939 CET	443	55366	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:36.254380941 CET	55366	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:36.254426956 CET	55360	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:36.254426956 CET	55360	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:36.254442930 CET	443	55360	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:36.254465103 CET	443	55360	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:36.254676104 CET	55366	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:36.254704952 CET	443	55366	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:36.256943941 CET	55367	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:36.256956100 CET	443	55367	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:36.257015944 CET	55367	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:36.257129908 CET	55367	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:36.257143021 CET	443	55367	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:36.291523933 CET	443	55363	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:36.291594028 CET	443	55363	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:36.291763067 CET	55363	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:36.291893959 CET	55363	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:36.291893959 CET	55363	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:36.291937113 CET	443	55363	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:36.291966915 CET	443	55363	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:36.294673920 CET	55368	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:36.294758081 CET	443	55368	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:36.295012951 CET	55368	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:36.295135975 CET	55368	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:36.295186996 CET	443	55368	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:36.544866085 CET	55361	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:36.544935942 CET	443	55361	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:36.970596075 CET	443	55366	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:36.971317053 CET	55366	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:36.971348047 CET	443	55366	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:36.971808910 CET	55366	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:36.971817017 CET	443	55366	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:36.974143982 CET	443	55365	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:36.974500895 CET	55365	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:36.974525928 CET	443	55365	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:36.974994898 CET	55365	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:36.975006104 CET	443	55365	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:36.984920979 CET	443	55364	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:36.985264063 CET	55364	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:36.985294104 CET	443	55364	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:36.985603094 CET	55364	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:36.985614061 CET	443	55364	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:36.995625973 CET	443	55367	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:36.995955944 CET	55367	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:36.995979071 CET	443	55367	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:36.996335030 CET	55367	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:36.996340990 CET	443	55367	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:37.035099983 CET	443	55368	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:37.035819054 CET	55368	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:37.035904884 CET	443	55368	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:37.036351919 CET	55368	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:37.036367893 CET	443	55368	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:37.096995115 CET	443	55366	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:37.097282887 CET	443	55366	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:37.097543001 CET	55366	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:37.097543001 CET	55366	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:37.097543001 CET	55366	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:37.100794077 CET	55369	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:37.100833893 CET	443	55369	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:37.101910114 CET	55369	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:37.101910114 CET	55369	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:37.101946115 CET	443	55369	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:37.104800940 CET	443	55365	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:37.104861021 CET	443	55365	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:37.104940891 CET	55365	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:37.105058908 CET	55365	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:37.105077028 CET	443	55365	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:37.105087042 CET	55365	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:37.105093002 CET	443	55365	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:37.107620955 CET	55370	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:37.107712030 CET	443	55370	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:37.107796907 CET	55370	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:37.107990026 CET	55370	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:37.108031034 CET	443	55370	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:37.118648052 CET	443	55364	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:37.119010925 CET	443	55364	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:37.119090080 CET	55364	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:37.119090080 CET	55364	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:37.119168043 CET	55364	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:37.119204998 CET	443	55364	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:37.122091055 CET	55371	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:37.122123957 CET	443	55371	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:37.122308016 CET	55371	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:37.122592926 CET	55371	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:37.122610092 CET	443	55371	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:37.126513958 CET	443	55367	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:37.126666069 CET	443	55367	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:37.126732111 CET	55367	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:37.126756907 CET	55367	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:37.126770973 CET	443	55367	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:37.126779079 CET	55367	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:37.126784086 CET	443	55367	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:37.129718065 CET	55372	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:37.129760981 CET	443	55372	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:37.129841089 CET	55372	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:37.129968882 CET	55372	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:37.129987955 CET	443	55372	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:37.167735100 CET	443	55368	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:37.168147087 CET	443	55368	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:37.168369055 CET	55368	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:37.168453932 CET	55368	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:37.168453932 CET	55368	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:37.168498039 CET	443	55368	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:37.168526888 CET	443	55368	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:37.171279907 CET	55373	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:37.171327114 CET	443	55373	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:37.171413898 CET	55373	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:37.171596050 CET	55373	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:37.171607971 CET	443	55373	13.107.246.45	192.168.2.5
Nov 13, 2024 09:56:37.404228926 CET	55366	443	192.168.2.5	13.107.246.45
Nov 13, 2024 09:56:37.404264927 CET	443	55366	13.107.246.45	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 13, 2024 09:56:13.815643072 CET	53	58547	1.1.1.1	192.168.2.5
Nov 13, 2024 09:56:13.820065022 CET	53	54046	1.1.1.1	192.168.2.5
Nov 13, 2024 09:56:14.854039907 CET	64400	53	192.168.2.5	1.1.1.1
Nov 13, 2024 09:56:14.854231119 CET	49723	53	192.168.2.5	1.1.1.1
Nov 13, 2024 09:56:14.863600016 CET	53	64400	1.1.1.1	192.168.2.5
Nov 13, 2024 09:56:14.863733053 CET	53	49723	1.1.1.1	192.168.2.5
Nov 13, 2024 09:56:14.864751101 CET	54893	53	192.168.2.5	1.1.1.1
Nov 13, 2024 09:56:14.986758947 CET	53	54893	1.1.1.1	192.168.2.5
Nov 13, 2024 09:56:15.024866104 CET	50339	53	192.168.2.5	8.8.8.8
Nov 13, 2024 09:56:15.025182009 CET	53907	53	192.168.2.5	1.1.1.1
Nov 13, 2024 09:56:15.031974077 CET	53	53907	1.1.1.1	192.168.2.5
Nov 13, 2024 09:56:15.031989098 CET	53	50339	8.8.8.8	192.168.2.5
Nov 13, 2024 09:56:15.065179110 CET	53	54083	1.1.1.1	192.168.2.5
Nov 13, 2024 09:56:16.051985979 CET	50044	53	192.168.2.5	1.1.1.1
Nov 13, 2024 09:56:16.052468061 CET	63017	53	192.168.2.5	1.1.1.1
Nov 13, 2024 09:56:16.061064959 CET	53	63017	1.1.1.1	192.168.2.5
Nov 13, 2024 09:56:16.175569057 CET	53	50044	1.1.1.1	192.168.2.5
Nov 13, 2024 09:56:18.211131096 CET	54769	53	192.168.2.5	1.1.1.1
Nov 13, 2024 09:56:18.211519003 CET	61505	53	192.168.2.5	1.1.1.1
Nov 13, 2024 09:56:18.223396063 CET	53	54769	1.1.1.1	192.168.2.5
Nov 13, 2024 09:56:18.223439932 CET	53	61505	1.1.1.1	192.168.2.5
Nov 13, 2024 09:56:20.099812031 CET	53	59931	1.1.1.1	192.168.2.5
Nov 13, 2024 09:56:21.192234039 CET	64679	53	192.168.2.5	1.1.1.1
Nov 13, 2024 09:56:21.192809105 CET	56607	53	192.168.2.5	1.1.1.1
Nov 13, 2024 09:56:21.204160929 CET	53	64679	1.1.1.1	192.168.2.5
Nov 13, 2024 09:56:21.226448059 CET	63283	53	192.168.2.5	1.1.1.1
Nov 13, 2024 09:56:21.323079109 CET	53	56607	1.1.1.1	192.168.2.5
Nov 13, 2024 09:56:21.361298084 CET	53	63283	1.1.1.1	192.168.2.5
Nov 13, 2024 09:56:27.727612972 CET	51944	53	192.168.2.5	1.1.1.1
Nov 13, 2024 09:56:27.727777004 CET	62991	53	192.168.2.5	1.1.1.1
Nov 13, 2024 09:56:27.738647938 CET	53	51944	1.1.1.1	192.168.2.5
Nov 13, 2024 09:56:27.754590988 CET	56814	53	192.168.2.5	1.1.1.1
Nov 13, 2024 09:56:27.764894962 CET	53	56814	1.1.1.1	192.168.2.5
Nov 13, 2024 09:56:27.775708914 CET	51572	53	192.168.2.5	1.1.1.1
Nov 13, 2024 09:56:27.775949955 CET	57874	53	192.168.2.5	8.8.8.8
Nov 13, 2024 09:56:27.783648968 CET	53	51572	1.1.1.1	192.168.2.5
Nov 13, 2024 09:56:27.784127951 CET	53	57874	8.8.8.8	192.168.2.5
Nov 13, 2024 09:56:27.851222992 CET	53	62991	1.1.1.1	192.168.2.5
Nov 13, 2024 09:56:30.897978067 CET	53	63855	1.1.1.1	192.168.2.5

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Nov 13, 2024 09:56:21.323179960 CET	192.168.2.5	1.1.1.1	c220	(Port unreachable)	Destination Unreachable
Nov 13, 2024 09:56:27.851389885 CET	192.168.2.5	1.1.1.1	c220	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 13, 2024 09:56:14.854039907 CET	192.168.2.5	1.1.1.1	0xf0b8	Standard query (0)	www.sgtllcsales.ae	A (IP address)	IN (0x0001)	false
Nov 13, 2024 09:56:14.854231119 CET	192.168.2.5	1.1.1.1	0x54f	Standard query (0)	www.sgtllcsales.ae	65	IN (0x0001)	false
Nov 13, 2024 09:56:14.864751101 CET	192.168.2.5	1.1.1.1	0xacf3	Standard query (0)	www.sgtllcsales.ae	A (IP address)	IN (0x0001)	false
Nov 13, 2024 09:56:15.024866104 CET	192.168.2.5	8.8.8.8	0xe220	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Nov 13, 2024 09:56:15.025182009 CET	192.168.2.5	1.1.1.1	0x9587	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Nov 13, 2024 09:56:16.051985979 CET	192.168.2.5	1.1.1.1	0xe81e	Standard query (0)	www.sgtllcsales.ae	A (IP address)	IN (0x0001)	false
Nov 13, 2024 09:56:16.052468061 CET	192.168.2.5	1.1.1.1	0x9270	Standard query (0)	www.sgtllcsales.ae	65	IN (0x0001)	false
Nov 13, 2024 09:56:18.211131096 CET	192.168.2.5	1.1.1.1	0xd51d	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 13, 2024 09:56:18.211519003 CET	192.168.2.5	1.1.1.1	0xf730	Standard query (0)	www.google.com	65	IN (0x0001)	false
Nov 13, 2024 09:56:21.192234039 CET	192.168.2.5	1.1.1.1	0xda3a	Standard query (0)	www.sgtllcsales.ae	A (IP address)	IN (0x0001)	false
Nov 13, 2024 09:56:21.192809105 CET	192.168.2.5	1.1.1.1	0x6aae	Standard query (0)	www.sgtllcsales.ae	65	IN (0x0001)	false
Nov 13, 2024 09:56:21.226448059 CET	192.168.2.5	1.1.1.1	0x7b0e	Standard query (0)	www.sgtllcsales.ae	A (IP address)	IN (0x0001)	false
Nov 13, 2024 09:56:27.727612972 CET	192.168.2.5	1.1.1.1	0x93c0	Standard query (0)	www.sgtllcsales.ae	A (IP address)	IN (0x0001)	false
Nov 13, 2024 09:56:27.727777004 CET	192.168.2.5	1.1.1.1	0x31e	Standard query (0)	www.sgtllcsales.ae	65	IN (0x0001)	false
Nov 13, 2024 09:56:27.754590988 CET	192.168.2.5	1.1.1.1	0x3c56	Standard query (0)	www.sgtllcsales.ae	A (IP address)	IN (0x0001)	false
Nov 13, 2024 09:56:27.775708914 CET	192.168.2.5	1.1.1.1	0x2a38	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Nov 13, 2024 09:56:27.775949955 CET	192.168.2.5	8.8.8.8	0x6920	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 13, 2024 09:56:14.863600016 CET	1.1.1.1	192.168.2.5	0xf0b8	Name error (3)	www.sgtllcsales.ae	none	none	A (IP address)	IN (0x0001)	false
Nov 13, 2024 09:56:14.863733053 CET	1.1.1.1	192.168.2.5	0x54f	Name error (3)	www.sgtllcsales.ae	none	none	65	IN (0x0001)	false
Nov 13, 2024 09:56:14.986758947 CET	1.1.1.1	192.168.2.5	0xacf3	Name error (3)	www.sgtllcsales.ae	none	none	A (IP address)	IN (0x0001)	false
Nov 13, 2024 09:56:15.031974077 CET	1.1.1.1	192.168.2.5	0x9587	No error (0)	google.com		142.250.184.238	A (IP address)	IN (0x0001)	false
Nov 13, 2024 09:56:15.031989098 CET	8.8.8.8	192.168.2.5	0xe220	No error (0)	google.com		216.58.206.46	A (IP address)	IN (0x0001)	false
Nov 13, 2024 09:56:16.061064959 CET	1.1.1.1	192.168.2.5	0x9270	Name error (3)	www.sgtllcsales.ae	none	none	65	IN (0x0001)	false
Nov 13, 2024 09:56:16.175569057 CET	1.1.1.1	192.168.2.5	0xe81e	Name error (3)	www.sgtllcsales.ae	none	none	A (IP address)	IN (0x0001)	false
Nov 13, 2024 09:56:18.223396063 CET	1.1.1.1	192.168.2.5	0xd51d	No error (0)	www.google.com		172.217.18.4	A (IP address)	IN (0x0001)	false
Nov 13, 2024 09:56:18.223439932 CET	1.1.1.1	192.168.2.5	0xf730	No error (0)	www.google.com			65	IN (0x0001)	false
Nov 13, 2024 09:56:21.204160929 CET	1.1.1.1	192.168.2.5	0xda3a	Name error (3)	www.sgtllcsales.ae	none	none	A (IP address)	IN (0x0001)	false
Nov 13, 2024 09:56:21.323079109 CET	1.1.1.1	192.168.2.5	0x6aae	Name error (3)	www.sgtllcsales.ae	none	none	65	IN (0x0001)	false
Nov 13, 2024 09:56:21.361298084 CET	1.1.1.1	192.168.2.5	0x7b0e	Name error (3)	www.sgtllcsales.ae	none	none	A (IP address)	IN (0x0001)	false
Nov 13, 2024 09:56:27.738647938 CET	1.1.1.1	192.168.2.5	0x93c0	Name error (3)	www.sgtllcsales.ae	none	none	A (IP address)	IN (0x0001)	false
Nov 13, 2024 09:56:27.764894962 CET	1.1.1.1	192.168.2.5	0x3c56	Name error (3)	www.sgtllcsales.ae	none	none	A (IP address)	IN (0x0001)	false
Nov 13, 2024 09:56:27.783648968 CET	1.1.1.1	192.168.2.5	0x2a38	No error (0)	google.com		172.217.18.14	A (IP address)	IN (0x0001)	false
Nov 13, 2024 09:56:27.784127951 CET	8.8.8.8	192.168.2.5	0x6920	No error (0)	google.com		216.58.206.46	A (IP address)	IN (0x0001)	false
Nov 13, 2024 09:56:27.851222992 CET	1.1.1.1	192.168.2.5	0x31e	Name error (3)	www.sgtllcsales.ae	none	none	65	IN (0x0001)	false
Nov 13, 2024 09:56:28.567090034 CET	1.1.1.1	192.168.2.5	0x295a	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 13, 2024 09:56:28.567090034 CET	1.1.1.1	192.168.2.5	0x295a	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Nov 13, 2024 09:56:31.366552114 CET	1.1.1.1	192.168.2.5	0x4fff	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	s-part-0017.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 13, 2024 09:56:31.366552114 CET	1.1.1.1	192.168.2.5	0x4fff	No error (0)	s-part-0017.t-0009.t-msedge.net		13.107.246.45	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

otelrules.azureedge.net

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.5	55348	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 08:56:32 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 08:56:32 UTC	471	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 08:56:32 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Cache-Control: public Last-Modified: Mon, 11 Nov 2024 13:19:38 GMT ETag: "0x8DD02537E74B538" x-ms-request-id: 38692f1b-b01e-0002-0984-341b8f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T085632Z-r178fb8d765tllwdhC1DFWaz8400000000w0000000008aqp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 08:56:32 UTC	15913	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-11-13 08:56:32 UTC	16384	IN	Data Raw: 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 Data Ascii: /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" /> </L> <R> <V V="400" T="I32" />
2024-11-13 08:56:32 UTC	16384	IN	Data Raw: 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 68 75 74 64 6f 77 6e 22 20 2f 3e 0d Data Ascii: .0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryShutdown" />
2024-11-13 08:56:32 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 31 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 46 69 6c 65 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 38 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 Data Ascii: </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32" I="11" O="true" N="File_Count"> <S T="8" F="Count" /> </C>
2024-11-13 08:56:32 UTC	16384	IN	Data Raw: 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 52 65 73 75 6c 74 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 32 22 20 2f 3e 0d 0a 20 Data Ascii: <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Count_CreateResult_ValidPersona_False"> <C> <S T="12" />
2024-11-13 08:56:32 UTC	16384	IN	Data Raw: 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6c 65 61 6e 75 70 4d 73 6f 50 65 72 73 6f 6e 61 5f 49 4d 73 6f 50 65 72 73 6f 6e Data Ascii: Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C> </C> <C T="U32" I="21" O="false" N="CleanupMsoPersona_IMsoPerson
2024-11-13 08:56:33 UTC	16384	IN	Data Raw: 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 Data Ascii: <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="400"
2024-11-13 08:56:33 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 46 61 69 6c 65 64 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 Data Ascii: </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIntegrationFirstCallFailedCount"> <C> <S T="10" /> </C
2024-11-13 08:56:33 UTC	16384	IN	Data Raw: 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 Data Ascii: L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L> <R> <V V="false" T="B" /> </R>
2024-11-13 08:56:33 UTC	16384	IN	Data Raw: 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 Data Ascii: us" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <L> <S T="2" F="HttpStatus" /> </L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.5	55350	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 08:56:34 UTC	192	OUT	GET /rules/rule224902v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 08:56:34 UTC	491	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 08:56:34 GMT Content-Type: text/xml Content-Length: 450 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT ETag: "0x8DC582BD4C869AE" x-ms-request-id: b9f0e195-301e-0033-8068-35fa9c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T085634Z-1749fc9bdbdqhv2phC1DFWvd3000000000sg00000000434s x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-13 08:56:34 UTC	450	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN

Session ID	Source IP	Source Port	Destination IP	Destination Port
2	192.168.2.5	55349	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 08:56:34 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 08:56:34 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 08:56:34 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: 47cde2a8-501e-0047-01a2-34ce6c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T085634Z-1749fc9bdbdpg69chC1DFWhecg00000000n000000000a8k5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 08:56:34 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Session ID	Source IP	Source Port	Destination IP	Destination Port
3	192.168.2.5	55351	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 08:56:34 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 08:56:34 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 08:56:34 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 26663d07-401e-0029-2faf-319b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T085634Z-16547b76f7fr28cchC1DFWnuws0000000h0g000000006p8w x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 08:56:34 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Session ID	Source IP	Source Port	Destination IP	Destination Port
4	192.168.2.5	55352	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 08:56:34 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 08:56:34 UTC	491	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 08:56:34 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: df0930aa-501e-00a3-28a3-34c0f2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T085634Z-r178fb8d765kzgrxhC1DFWrsuc00000000s000000000295z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-13 08:56:34 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.5	55353	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 08:56:34 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 08:56:34 UTC	517	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 08:56:34 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: dcc6854f-e01e-0051-7b03-2d84b2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T085634Z-16547b76f7f2g4rlhC1DFWnx880000000gu0000000007azg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 08:56:34 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.5	55358	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 08:56:35 UTC	192	OUT	GET /rules/rule120614v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 08:56:35 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 08:56:35 GMT Content-Type: text/xml Content-Length: 467 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6C038BC" x-ms-request-id: a2886317-b01e-00ab-6c01-2ddafd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T085635Z-16547b76f7fxdzxghC1DFWmf7n0000000gwg00000000e2sa x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 08:56:35 UTC	467	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.5	55354	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 08:56:35 UTC	192	OUT	GET /rules/rule120610v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 08:56:35 UTC	491	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 08:56:35 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT ETag: "0x8DC582B9964B277" x-ms-request-id: ee786005-101e-0065-140e-2d4088000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T085635Z-16547b76f7fp46ndhC1DFW66zg0000000h1g000000001a8m x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-13 08:56:35 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.5	55355	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 08:56:35 UTC	192	OUT	GET /rules/rule120611v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 08:56:35 UTC	491	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 08:56:35 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT ETag: "0x8DC582B9F6F3512" x-ms-request-id: 1fd8da66-e01e-0052-0e78-35d9df000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T085635Z-1749fc9bdbdjznvchC1DFWx4dc00000000sg00000000109k x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-13 08:56:35 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.5	55357	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 08:56:35 UTC	192	OUT	GET /rules/rule120612v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 08:56:35 UTC	491	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 08:56:35 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT ETag: "0x8DC582BB10C598B" x-ms-request-id: 42046764-d01e-0028-78a2-347896000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T085635Z-r178fb8d765w8fzdhC1DFW8ep400000000u0000000002m3h x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 08:56:35 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.5	55356	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 08:56:35 UTC	192	OUT	GET /rules/rule120613v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 08:56:35 UTC	491	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 08:56:35 GMT Content-Type: text/xml Content-Length: 632 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6E3779E" x-ms-request-id: 23cb21e1-e01e-0052-4e08-2cd9df000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T085635Z-16547b76f7f7scqbhC1DFW0m5w0000000gp000000000eepy x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 08:56:35 UTC	632	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]\|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.5	55361	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 08:56:36 UTC	192	OUT	GET /rules/rule120617v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 08:56:36 UTC	491	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 08:56:36 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT ETag: "0x8DC582BA310DA18" x-ms-request-id: 7c20effc-801e-0015-04a3-34f97f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T085636Z-r178fb8d765d5f82hC1DFWsrm800000000t000000000mhra x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-13 08:56:36 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.5	55359	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 08:56:36 UTC	192	OUT	GET /rules/rule120615v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 08:56:36 UTC	491	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 08:56:36 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBAD04B7B" x-ms-request-id: 2e71ae26-601e-0097-6701-2df33a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T085636Z-16547b76f7fkj7j4hC1DFW0a9g0000000gx0000000005sr5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-13 08:56:36 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.5	55360	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 08:56:36 UTC	192	OUT	GET /rules/rule120616v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 08:56:36 UTC	491	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 08:56:36 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB344914B" x-ms-request-id: 7d8278ac-d01e-00ad-2054-35e942000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T085636Z-1749fc9bdbdlzhmchC1DFWe68s00000000q00000000059dn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-13 08:56:36 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.5	55362	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 08:56:36 UTC	192	OUT	GET /rules/rule120618v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 08:56:36 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 08:56:36 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT ETag: "0x8DC582B9018290B" x-ms-request-id: 2e9646c6-a01e-0098-2aa5-348556000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T085636Z-r178fb8d7656shmjhC1DFWu5kw00000000t000000000a205 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 08:56:36 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.5	55363	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 08:56:36 UTC	192	OUT	GET /rules/rule120619v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 08:56:36 UTC	491	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 08:56:36 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT ETag: "0x8DC582B9698189B" x-ms-request-id: 636fa6f6-501e-0078-3aa7-3406cf000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T085636Z-r178fb8d765dbczshC1DFW33an00000000hg00000000cbfz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-13 08:56:36 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.5	55366	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 08:56:36 UTC	192	OUT	GET /rules/rule120622v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 08:56:37 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 08:56:37 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8CEAC16" x-ms-request-id: c860b0c2-d01e-007a-2fa3-34f38c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T085637Z-r178fb8d7652zbm6hC1DFWqtr400000000f0000000007a5e x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 08:56:37 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.5	55365	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 08:56:36 UTC	192	OUT	GET /rules/rule120620v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 08:56:37 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 08:56:37 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA701121" x-ms-request-id: 88f0aa43-e01e-0033-32a0-344695000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T085637Z-1749fc9bdbdcm45lhC1DFWeab800000000mg00000000akt5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 08:56:37 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.5	55364	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 08:56:36 UTC	192	OUT	GET /rules/rule120621v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 08:56:37 UTC	491	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 08:56:37 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA41997E3" x-ms-request-id: 183719b9-d01e-00a1-43c3-2c35b1000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T085637Z-16547b76f7f7lhvnhC1DFWa2k00000000gug000000005v2p x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 08:56:37 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.5	55367	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 08:56:36 UTC	192	OUT	GET /rules/rule120623v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 08:56:37 UTC	491	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 08:56:37 GMT Content-Type: text/xml Content-Length: 464 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97FB6C3C" x-ms-request-id: 63ea3643-901e-0015-3101-2db284000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T085637Z-16547b76f7fcrtpchC1DFW52e80000000gy0000000008hb7 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 08:56:37 UTC	464	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.5	55368	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 08:56:37 UTC	192	OUT	GET /rules/rule120624v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 08:56:37 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 08:56:37 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB7010D66" x-ms-request-id: 7f7db364-701e-005c-2f05-2dbb94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T085637Z-16547b76f7f7jnp2hC1DFWfc300000000h1g000000001ceb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 08:56:37 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.5	55369	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 08:56:37 UTC	192	OUT	GET /rules/rule120625v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 08:56:37 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 08:56:37 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT ETag: "0x8DC582B9748630E" x-ms-request-id: cc46dee9-d01e-007a-0efd-2cf38c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T085637Z-16547b76f7fxdzxghC1DFWmf7n0000000h1g000000005hnq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 08:56:37 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.5	55371	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 08:56:37 UTC	192	OUT	GET /rules/rule120627v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 08:56:37 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 08:56:37 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT ETag: "0x8DC582B9E8EE0F3" x-ms-request-id: e44b56bd-701e-0053-1778-353a0a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T085637Z-1749fc9bdbdwv5sghC1DFWwp6n00000000rg000000001wq9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 08:56:37 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.5	55370	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 08:56:37 UTC	192	OUT	GET /rules/rule120626v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 08:56:38 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 08:56:37 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DACDF62" x-ms-request-id: 7dbe6cd5-601e-00ab-1ca2-3466f4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T085637Z-r178fb8d765d5f82hC1DFWsrm800000000vg00000000b19w x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 08:56:38 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.5	55372	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 08:56:37 UTC	192	OUT	GET /rules/rule120628v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 08:56:38 UTC	491	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 08:56:37 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C8E04C8" x-ms-request-id: 1e45a1cf-401e-0029-3ef1-2c9b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T085637Z-16547b76f7fr4g8xhC1DFW9cqc0000000g20000000008ya8 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 08:56:38 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.5	55373	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 08:56:37 UTC	192	OUT	GET /rules/rule120629v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 08:56:38 UTC	491	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 08:56:37 GMT Content-Type: text/xml Content-Length: 428 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC4F34CA" x-ms-request-id: 9f11ee7d-201e-0096-73f2-2cace6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T085637Z-16547b76f7fdf69shC1DFWcpd00000000grg00000000da52 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 08:56:38 UTC	428	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.5	55375	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 08:56:38 UTC	192	OUT	GET /rules/rule120631v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 08:56:38 UTC	491	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 08:56:38 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B988EBD12" x-ms-request-id: 6d06536c-d01e-005a-3ca0-347fd9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T085638Z-1749fc9bdbdjgplnhC1DFWhrks00000000ng000000006z5g x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-13 08:56:38 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.5	55374	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 08:56:38 UTC	192	OUT	GET /rules/rule120630v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 08:56:38 UTC	491	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 08:56:38 GMT Content-Type: text/xml Content-Length: 499 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT ETag: "0x8DC582B98CEC9F6" x-ms-request-id: 57085b9e-f01e-005d-1ca2-3413ba000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T085638Z-r178fb8d765x865whC1DFWag6c00000000q000000000b67a x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-13 08:56:38 UTC	499	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.5	55376	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 08:56:38 UTC	192	OUT	GET /rules/rule120632v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 08:56:38 UTC	491	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 08:56:38 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5815C4C" x-ms-request-id: f61e936b-a01e-006f-0ea2-3413cd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T085638Z-r178fb8d765bflfthC1DFWuy9n00000000w00000000073zw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-13 08:56:38 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.5	55377	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 08:56:38 UTC	192	OUT	GET /rules/rule120633v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 08:56:38 UTC	491	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 08:56:38 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB32BB5CB" x-ms-request-id: d33f60ae-f01e-0085-74ec-2b88ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T085638Z-16547b76f7fcjqqhhC1DFWrrrc0000000gxg000000005mwm x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 08:56:38 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.5	55378	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-13 08:56:38 UTC	192	OUT	GET /rules/rule120634v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-13 08:56:38 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 13 Nov 2024 08:56:38 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8972972" x-ms-request-id: 2361c5fe-901e-0064-45f6-2ce8a6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241113T085638Z-16547b76f7fdtmzhhC1DFW6zhc00000005v0000000003spz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-13 08:56:38 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 4720, Parent PID: 5668

General

Target ID:	0
Start time:	03:56:09
Start date:	13/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3536, Parent PID: 4720

General

Target ID:	2
Start time:	03:56:12
Start date:	13/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2000 --field-trial-handle=1980,i,13586612571391427626,8045038456143489032,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 4952, Parent PID: 5668

General

Target ID:	3
Start time:	03:56:14
Start date:	13/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.sgtllcsales.ae"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://www.sgtllcsales.ae

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Private

General Information

Errors

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 4720, Parent PID: 5668

General

Chronological Activities

Analysis Process: chrome.exePID: 3536, Parent PID: 4720

General

Chronological Activities

Analysis Process: chrome.exePID: 4952, Parent PID: 5668

General

Windows Analysis Report
http://www.sgtllcsales.ae