Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://getwiplash.com

Overview

General Information

Sample URL:http://getwiplash.com
Analysis ID:1559723
Infos:
Errors
  • URL not reachable

Detection

Score:20
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

AI detected suspicious URL
Stores files to the Windows start menu directory

Classification

  • System is w10x64
  • chrome.exe (PID: 6184 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 3992 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 --field-trial-handle=2216,i,4537548803986399945,4978338218772262629,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 2228 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://getwiplash.com" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

Phishing

barindex
Source: EmailJoe Sandbox AI: AI detected Brand spoofing attempt in URL: http://getwiplash.com
Source: EmailJoe Sandbox AI: AI detected Typosquatting in URL: http://getwiplash.com
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.5:49714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.5:49715 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=erLWfCVYvKRg4bU&MD=SrxzAbAH HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficDNS traffic detected: DNS query: getwiplash.com
Source: global trafficDNS traffic detected: DNS query: google.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.5:49714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.5:49715 version: TLS 1.2
Source: classification engineClassification label: sus20.win@20/6@17/3
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 --field-trial-handle=2216,i,4537548803986399945,4978338218772262629,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://getwiplash.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 --field-trial-handle=2216,i,4537548803986399945,4978338218772262629,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Google Drive.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Browser Extensions
1
Process Injection
1
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder
1
Registry Run Keys / Startup Folder
1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer
Traffic DuplicationData Destruction
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1559723 URL: http://getwiplash.com Startdate: 20/11/2024 Architecture: WINDOWS Score: 20 15 getwiplash.com 2->15 27 AI detected suspicious URL 2->27 7 chrome.exe 8 2->7         started        10 chrome.exe 2->10         started        signatures3 process4 dnsIp5 17 192.168.2.5, 443, 49332, 49703 unknown unknown 7->17 19 239.255.255.250 unknown Reserved 7->19 12 chrome.exe 7->12         started        process6 dnsIp7 21 getwiplash.com 12->21 23 www.google.com 172.217.21.36, 443, 49711 GOOGLEUS United States 12->23 25 google.com 12->25

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
http://getwiplash.com0%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
google.com
142.250.181.142
truefalse
    high
    www.google.com
    172.217.21.36
    truefalse
      high
      getwiplash.com
      unknown
      unknowntrue
        unknown
        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs
        IPDomainCountryFlagASNASN NameMalicious
        239.255.255.250
        unknownReserved
        unknownunknownfalse
        172.217.21.36
        www.google.comUnited States
        15169GOOGLEUSfalse
        IP
        192.168.2.5
        Joe Sandbox version:41.0.0 Charoite
        Analysis ID:1559723
        Start date and time:2024-11-20 21:19:15 +01:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:0h 1m 57s
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:browseurl.jbs
        Sample URL:http://getwiplash.com
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Number of analysed new started processes analysed:6
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • HCA enabled
        • EGA enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Detection:SUS
        Classification:sus20.win@20/6@17/3
        EGA Information:Failed
        HCA Information:
        • Successful, ratio: 100%
        • Number of executed functions: 0
        • Number of non-executed functions: 0
        Cookbook Comments:
        • URL browsing timeout or error
        • URL not reachable
        • Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, svchost.exe
        • Excluded IPs from analysis (whitelisted): 172.217.21.35, 172.217.17.46, 64.233.165.84, 34.104.35.123, 199.232.210.172, 192.229.221.95
        • Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, ocsp.digicert.com, accounts.google.com, edgedl.me.gvt1.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com
        • Not all processes where analyzed, report is missing behavior information
        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
        • VT rate limit hit for: http://getwiplash.com
        No simulations
        No context
        No context
        No context
        No context
        No context
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 19:20:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
        Category:dropped
        Size (bytes):2677
        Entropy (8bit):3.981570041789526
        Encrypted:false
        SSDEEP:48:8L2dWOT2KFR6HIidAKZdA19ehwiZUklqeh1y+3:8erVmy
        MD5:DA6C9CBC2934A98618E600CC1CEC8BC2
        SHA1:52D9FFED2AA872644A793C9219F62F4D9B594FC7
        SHA-256:FBD6BAB4264741E88471D5764C6F53292C9497392477C044A142FBE17A548DDD
        SHA-512:C6752959FB2410B09C797831C0C7116BD1EC0FBDC0C2E757F3F178A7DA88C244AACDE17A95A44EB4DE67BA53ED5E38C5E1EBDB4DCF8C6FE5148B8EAC3F38E200
        Malicious:false
        Reputation:low
        Preview:L..................F.@.. ...$+.,.....6...;..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.ItY......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VtY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VtY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VtY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............q......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 19:20:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
        Category:dropped
        Size (bytes):2679
        Entropy (8bit):3.997645236000616
        Encrypted:false
        SSDEEP:48:8g2dWOT2KFR6HIidAKZdA1weh/iZUkAQkqehWy+2:81rP9QLy
        MD5:3950D538A7FE402F2A36AFF367B24539
        SHA1:3102E032CD2DC89F4D071C414F05406134CE8D15
        SHA-256:CCEB410DBB167AC57C3467898397171BB4036C273F5B28183305E51B11F3184B
        SHA-512:D2295FBCCDE745BB1815962F904A552DD005F3AA41A95D5043B58187417262F5048B16B290191EC44F2AF15053594CFD0BC10008E07AC6215090F073BBD0EC61
        Malicious:false
        Reputation:low
        Preview:L..................F.@.. ...$+.,.....J...;..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.ItY......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VtY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VtY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VtY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............q......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
        Category:dropped
        Size (bytes):2693
        Entropy (8bit):4.006880195579717
        Encrypted:false
        SSDEEP:48:8x52dWOT2KFRsHIidAKZdA14tseh7sFiZUkmgqeh7sEy+BX:8x8rZnqy
        MD5:F0D68872D490C083D3F3AAF6F1223D7F
        SHA1:601EBBFC750C81C8465AF9FEBD7C08ADC23A93CE
        SHA-256:940EBF0DF7DEEE237C02C3ECF6F7B7784F48A004A942D393EEAF83BF703C1311
        SHA-512:0B5510029F8F0A4DDA049CEA17B66C76DA6E8B39AC6EAF7C439C6E3EF9FB07E27D751D611E60CAF9ADFAF1FD36C49407628A4593BD80303E5D5E0CCE7B6A7499
        Malicious:false
        Reputation:low
        Preview:L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.ItY......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VtY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VtY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............q......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 19:20:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
        Category:dropped
        Size (bytes):2681
        Entropy (8bit):3.996829105140882
        Encrypted:false
        SSDEEP:48:8o2dWOT2KFR6HIidAKZdA1vehDiZUkwqehCy+R:89rs8y
        MD5:A6CF21B1ACAA0A4F034C14531BAB002C
        SHA1:0F47B99D6E5D46D9692CE84820C8A7BADCFB3910
        SHA-256:C0A323B58AB827628524AFE464F57C042FFE24E5A2C3847CB65B053E304549BA
        SHA-512:89CC72E19EA788C15D7D8F5A2660109DB2CEED497DAAC394E4697B8AB914994C487CB693AA25C06FC8C997500729E0F7FDE93C2365CF2A77FA8268099CF954B1
        Malicious:false
        Reputation:low
        Preview:L..................F.@.. ...$+.,.........;..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.ItY......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VtY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VtY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VtY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............q......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 19:20:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
        Category:dropped
        Size (bytes):2681
        Entropy (8bit):3.9860706900817
        Encrypted:false
        SSDEEP:48:8T2dWOT2KFR6HIidAKZdA1hehBiZUk1W1qehIy+C:8Grc9oy
        MD5:333C17091C15C0B70364F2A4F371EB63
        SHA1:6469A7158D93611ADE0E913CE447F8E8335C15ED
        SHA-256:FE660EFAB4C443291E87F8A32213161D9EAEC29472848ED0386B3A2F36431C2C
        SHA-512:62835D35E671348DC5A706B6C5693337171256C637E245687E5BD7B4EB850DA454231B098CBE79F7C4374C7506950538DDC082AB8982727254319812912D2E28
        Malicious:false
        Reputation:low
        Preview:L..................F.@.. ...$+.,.........;..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.ItY......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VtY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VtY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VtY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............q......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 19:20:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
        Category:dropped
        Size (bytes):2683
        Entropy (8bit):3.9957264138874837
        Encrypted:false
        SSDEEP:48:8L2dWOT2KFR6HIidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbqy+yT+:8eryT/TbxWOvTbqy7T
        MD5:71AA1FC5D9235F4187D149F60C2B4140
        SHA1:3CB25E509DAF9F0F47613A4FF5F17B7E38D824B5
        SHA-256:F3DB68B676E8F2971B33C5DACB49E03DB58C1A58D00EDF01C725D9D2C6E3F195
        SHA-512:AEE9B84F2D5C1C57B9D55C8EC3B69F400C935451584E7388D8A33A21CF319F94DD4783AB22A32C95A291AC91B6EBC1FA70ADF236688337435A3DE4B4CE768886
        Malicious:false
        Reputation:low
        Preview:L..................F.@.. ...$+.,.....B...;..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.ItY......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VtY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VtY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VtY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............q......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
        No static file info
        TimestampSource PortDest PortSource IPDest IP
        Nov 20, 2024 21:20:06.001351118 CET49673443192.168.2.523.1.237.91
        Nov 20, 2024 21:20:15.614214897 CET49673443192.168.2.523.1.237.91
        Nov 20, 2024 21:20:16.958491087 CET49711443192.168.2.5172.217.21.36
        Nov 20, 2024 21:20:16.958597898 CET44349711172.217.21.36192.168.2.5
        Nov 20, 2024 21:20:16.958688974 CET49711443192.168.2.5172.217.21.36
        Nov 20, 2024 21:20:16.959084988 CET49711443192.168.2.5172.217.21.36
        Nov 20, 2024 21:20:16.959121943 CET44349711172.217.21.36192.168.2.5
        Nov 20, 2024 21:20:17.618722916 CET49712443192.168.2.5184.28.90.27
        Nov 20, 2024 21:20:17.618776083 CET44349712184.28.90.27192.168.2.5
        Nov 20, 2024 21:20:17.618854046 CET49712443192.168.2.5184.28.90.27
        Nov 20, 2024 21:20:17.621412039 CET49712443192.168.2.5184.28.90.27
        Nov 20, 2024 21:20:17.621433020 CET44349712184.28.90.27192.168.2.5
        Nov 20, 2024 21:20:18.108233929 CET4434970323.1.237.91192.168.2.5
        Nov 20, 2024 21:20:18.108421087 CET49703443192.168.2.523.1.237.91
        Nov 20, 2024 21:20:18.748467922 CET44349711172.217.21.36192.168.2.5
        Nov 20, 2024 21:20:18.760149956 CET49711443192.168.2.5172.217.21.36
        Nov 20, 2024 21:20:18.760170937 CET44349711172.217.21.36192.168.2.5
        Nov 20, 2024 21:20:18.761454105 CET44349711172.217.21.36192.168.2.5
        Nov 20, 2024 21:20:18.761513948 CET49711443192.168.2.5172.217.21.36
        Nov 20, 2024 21:20:18.762928009 CET49711443192.168.2.5172.217.21.36
        Nov 20, 2024 21:20:18.763027906 CET44349711172.217.21.36192.168.2.5
        Nov 20, 2024 21:20:18.803669930 CET49711443192.168.2.5172.217.21.36
        Nov 20, 2024 21:20:18.803689003 CET44349711172.217.21.36192.168.2.5
        Nov 20, 2024 21:20:18.847101927 CET49711443192.168.2.5172.217.21.36
        Nov 20, 2024 21:20:19.126840115 CET44349712184.28.90.27192.168.2.5
        Nov 20, 2024 21:20:19.126920938 CET49712443192.168.2.5184.28.90.27
        Nov 20, 2024 21:20:19.130381107 CET49712443192.168.2.5184.28.90.27
        Nov 20, 2024 21:20:19.130392075 CET44349712184.28.90.27192.168.2.5
        Nov 20, 2024 21:20:19.130848885 CET44349712184.28.90.27192.168.2.5
        Nov 20, 2024 21:20:19.174321890 CET49712443192.168.2.5184.28.90.27
        Nov 20, 2024 21:20:19.219340086 CET44349712184.28.90.27192.168.2.5
        Nov 20, 2024 21:20:19.704719067 CET44349712184.28.90.27192.168.2.5
        Nov 20, 2024 21:20:19.704860926 CET44349712184.28.90.27192.168.2.5
        Nov 20, 2024 21:20:19.704989910 CET49712443192.168.2.5184.28.90.27
        Nov 20, 2024 21:20:19.705043077 CET44349712184.28.90.27192.168.2.5
        Nov 20, 2024 21:20:19.705064058 CET49712443192.168.2.5184.28.90.27
        Nov 20, 2024 21:20:19.705064058 CET49712443192.168.2.5184.28.90.27
        Nov 20, 2024 21:20:19.705071926 CET44349712184.28.90.27192.168.2.5
        Nov 20, 2024 21:20:19.705077887 CET44349712184.28.90.27192.168.2.5
        Nov 20, 2024 21:20:19.749916077 CET49713443192.168.2.5184.28.90.27
        Nov 20, 2024 21:20:19.750006914 CET44349713184.28.90.27192.168.2.5
        Nov 20, 2024 21:20:19.750106096 CET49713443192.168.2.5184.28.90.27
        Nov 20, 2024 21:20:19.750507116 CET49713443192.168.2.5184.28.90.27
        Nov 20, 2024 21:20:19.750545979 CET44349713184.28.90.27192.168.2.5
        Nov 20, 2024 21:20:21.334475994 CET44349713184.28.90.27192.168.2.5
        Nov 20, 2024 21:20:21.334573030 CET49713443192.168.2.5184.28.90.27
        Nov 20, 2024 21:20:21.336332083 CET49713443192.168.2.5184.28.90.27
        Nov 20, 2024 21:20:21.336349964 CET44349713184.28.90.27192.168.2.5
        Nov 20, 2024 21:20:21.336678028 CET44349713184.28.90.27192.168.2.5
        Nov 20, 2024 21:20:21.337946892 CET49713443192.168.2.5184.28.90.27
        Nov 20, 2024 21:20:21.379342079 CET44349713184.28.90.27192.168.2.5
        Nov 20, 2024 21:20:21.907646894 CET44349713184.28.90.27192.168.2.5
        Nov 20, 2024 21:20:21.907810926 CET44349713184.28.90.27192.168.2.5
        Nov 20, 2024 21:20:21.907883883 CET49713443192.168.2.5184.28.90.27
        Nov 20, 2024 21:20:21.908787012 CET49713443192.168.2.5184.28.90.27
        Nov 20, 2024 21:20:21.908813000 CET44349713184.28.90.27192.168.2.5
        Nov 20, 2024 21:20:21.908828020 CET49713443192.168.2.5184.28.90.27
        Nov 20, 2024 21:20:21.908835888 CET44349713184.28.90.27192.168.2.5
        Nov 20, 2024 21:20:24.724710941 CET49714443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:24.724786997 CET4434971413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:24.724900961 CET49714443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:24.725254059 CET49714443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:24.725286961 CET4434971413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:26.393754959 CET49715443192.168.2.54.245.163.56
        Nov 20, 2024 21:20:26.393798113 CET443497154.245.163.56192.168.2.5
        Nov 20, 2024 21:20:26.393876076 CET49715443192.168.2.54.245.163.56
        Nov 20, 2024 21:20:26.395031929 CET49715443192.168.2.54.245.163.56
        Nov 20, 2024 21:20:26.395042896 CET443497154.245.163.56192.168.2.5
        Nov 20, 2024 21:20:26.544509888 CET4434971413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:26.544590950 CET49714443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:26.547656059 CET49714443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:26.547669888 CET4434971413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:26.548074961 CET4434971413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:26.558423996 CET49714443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:26.603338003 CET4434971413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:27.037425041 CET4434971413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:27.037456036 CET4434971413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:27.037475109 CET4434971413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:27.037525892 CET49714443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:27.037549973 CET4434971413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:27.037579060 CET49714443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:27.037607908 CET49714443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:27.229687929 CET4434971413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:27.229724884 CET4434971413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:27.229866028 CET49714443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:27.229916096 CET4434971413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:27.229971886 CET49714443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:27.277137041 CET4434971413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:27.277156115 CET4434971413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:27.277302027 CET49714443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:27.277380943 CET4434971413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:27.277453899 CET49714443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:27.411600113 CET4434971413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:27.411631107 CET4434971413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:27.411859035 CET49714443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:27.411948919 CET4434971413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:27.412024975 CET49714443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:27.444945097 CET4434971413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:27.444981098 CET4434971413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:27.445094109 CET49714443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:27.445117950 CET4434971413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:27.445189953 CET49714443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:27.464139938 CET4434971413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:27.464167118 CET4434971413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:27.464232922 CET49714443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:27.464248896 CET4434971413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:27.464287043 CET49714443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:27.464309931 CET49714443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:27.481731892 CET4434971413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:27.481767893 CET4434971413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:27.481829882 CET49714443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:27.481919050 CET4434971413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:27.481961012 CET49714443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:27.481986046 CET49714443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:27.605715036 CET4434971413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:27.605762005 CET4434971413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:27.605803013 CET49714443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:27.605835915 CET4434971413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:27.605865002 CET49714443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:27.605882883 CET49714443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:27.622924089 CET4434971413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:27.622998953 CET4434971413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:27.623006105 CET49714443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:27.623039961 CET4434971413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:27.623061895 CET49714443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:27.623083115 CET49714443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:27.636667013 CET4434971413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:27.636692047 CET4434971413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:27.636749029 CET49714443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:27.636782885 CET4434971413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:27.636828899 CET49714443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:27.650371075 CET4434971413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:27.650420904 CET4434971413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:27.650453091 CET49714443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:27.650480032 CET4434971413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:27.650497913 CET49714443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:27.650521040 CET49714443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:27.661189079 CET4434971413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:27.661215067 CET4434971413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:27.661261082 CET49714443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:27.661308050 CET4434971413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:27.661326885 CET49714443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:27.661353111 CET49714443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:27.672063112 CET4434971413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:27.672087908 CET4434971413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:27.672132015 CET49714443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:27.672162056 CET4434971413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:27.672177076 CET49714443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:27.672219038 CET49714443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:27.674611092 CET4434971413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:27.674695969 CET4434971413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:27.674707890 CET49714443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:27.674752951 CET49714443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:27.674928904 CET49714443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:27.674947977 CET4434971413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:27.763683081 CET49718443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:27.763758898 CET4434971813.107.246.63192.168.2.5
        Nov 20, 2024 21:20:27.763886929 CET49717443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:27.763936996 CET4434971713.107.246.63192.168.2.5
        Nov 20, 2024 21:20:27.763941050 CET49718443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:27.764007092 CET49717443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:27.764548063 CET49718443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:27.764575958 CET4434971813.107.246.63192.168.2.5
        Nov 20, 2024 21:20:27.764980078 CET49717443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:27.764997005 CET4434971713.107.246.63192.168.2.5
        Nov 20, 2024 21:20:27.772442102 CET49719443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:27.772458076 CET4434971913.107.246.63192.168.2.5
        Nov 20, 2024 21:20:27.772553921 CET49719443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:27.772712946 CET49719443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:27.772726059 CET4434971913.107.246.63192.168.2.5
        Nov 20, 2024 21:20:27.774144888 CET49720443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:27.774205923 CET4434972013.107.246.63192.168.2.5
        Nov 20, 2024 21:20:27.774264097 CET49721443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:27.774276972 CET49720443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:27.774343014 CET4434972113.107.246.63192.168.2.5
        Nov 20, 2024 21:20:27.774424076 CET49720443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:27.774442911 CET4434972013.107.246.63192.168.2.5
        Nov 20, 2024 21:20:27.774456024 CET49721443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:27.774677038 CET49721443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:27.774709940 CET4434972113.107.246.63192.168.2.5
        Nov 20, 2024 21:20:28.193955898 CET443497154.245.163.56192.168.2.5
        Nov 20, 2024 21:20:28.194026947 CET49715443192.168.2.54.245.163.56
        Nov 20, 2024 21:20:28.195580006 CET49715443192.168.2.54.245.163.56
        Nov 20, 2024 21:20:28.195585966 CET443497154.245.163.56192.168.2.5
        Nov 20, 2024 21:20:28.195920944 CET443497154.245.163.56192.168.2.5
        Nov 20, 2024 21:20:28.238457918 CET49715443192.168.2.54.245.163.56
        Nov 20, 2024 21:20:28.431647062 CET44349711172.217.21.36192.168.2.5
        Nov 20, 2024 21:20:28.431710958 CET44349711172.217.21.36192.168.2.5
        Nov 20, 2024 21:20:28.431804895 CET49711443192.168.2.5172.217.21.36
        Nov 20, 2024 21:20:29.146491051 CET49711443192.168.2.5172.217.21.36
        Nov 20, 2024 21:20:29.146541119 CET44349711172.217.21.36192.168.2.5
        Nov 20, 2024 21:20:29.521270037 CET49715443192.168.2.54.245.163.56
        Nov 20, 2024 21:20:29.552014112 CET4434971713.107.246.63192.168.2.5
        Nov 20, 2024 21:20:29.552544117 CET49717443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:29.552561998 CET4434971713.107.246.63192.168.2.5
        Nov 20, 2024 21:20:29.553172112 CET49717443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:29.553177118 CET4434971713.107.246.63192.168.2.5
        Nov 20, 2024 21:20:29.556185007 CET4434972013.107.246.63192.168.2.5
        Nov 20, 2024 21:20:29.556237936 CET4434972113.107.246.63192.168.2.5
        Nov 20, 2024 21:20:29.556678057 CET49720443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:29.556729078 CET4434972013.107.246.63192.168.2.5
        Nov 20, 2024 21:20:29.556772947 CET49721443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:29.556837082 CET4434972113.107.246.63192.168.2.5
        Nov 20, 2024 21:20:29.557184935 CET49721443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:29.557218075 CET4434972113.107.246.63192.168.2.5
        Nov 20, 2024 21:20:29.557349920 CET49720443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:29.557363987 CET4434972013.107.246.63192.168.2.5
        Nov 20, 2024 21:20:29.563333035 CET443497154.245.163.56192.168.2.5
        Nov 20, 2024 21:20:29.615262032 CET4434971813.107.246.63192.168.2.5
        Nov 20, 2024 21:20:29.615832090 CET49718443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:29.615876913 CET4434971813.107.246.63192.168.2.5
        Nov 20, 2024 21:20:29.616288900 CET49718443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:29.616302967 CET4434971813.107.246.63192.168.2.5
        Nov 20, 2024 21:20:29.675784111 CET4434971913.107.246.63192.168.2.5
        Nov 20, 2024 21:20:29.676350117 CET49719443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:29.676362991 CET4434971913.107.246.63192.168.2.5
        Nov 20, 2024 21:20:29.676889896 CET49719443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:29.676901102 CET4434971913.107.246.63192.168.2.5
        Nov 20, 2024 21:20:29.995014906 CET4434971713.107.246.63192.168.2.5
        Nov 20, 2024 21:20:29.995043039 CET4434971713.107.246.63192.168.2.5
        Nov 20, 2024 21:20:29.995119095 CET49717443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:29.995131016 CET4434971713.107.246.63192.168.2.5
        Nov 20, 2024 21:20:29.995172977 CET49717443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:29.995440960 CET49717443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:29.995440960 CET49717443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:29.995448112 CET4434971713.107.246.63192.168.2.5
        Nov 20, 2024 21:20:29.995637894 CET4434971713.107.246.63192.168.2.5
        Nov 20, 2024 21:20:29.995672941 CET4434971713.107.246.63192.168.2.5
        Nov 20, 2024 21:20:29.995752096 CET49717443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:29.998481989 CET49724443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:29.998585939 CET4434972413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:29.998667955 CET49724443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:29.998964071 CET49724443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:29.999000072 CET4434972413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:30.000237942 CET4434972113.107.246.63192.168.2.5
        Nov 20, 2024 21:20:30.000387907 CET4434972113.107.246.63192.168.2.5
        Nov 20, 2024 21:20:30.000443935 CET49721443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:30.000474930 CET49721443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:30.000492096 CET4434972113.107.246.63192.168.2.5
        Nov 20, 2024 21:20:30.000502110 CET49721443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:30.000508070 CET4434972113.107.246.63192.168.2.5
        Nov 20, 2024 21:20:30.002572060 CET49725443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:30.002625942 CET4434972513.107.246.63192.168.2.5
        Nov 20, 2024 21:20:30.002708912 CET49725443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:30.002912998 CET4434972013.107.246.63192.168.2.5
        Nov 20, 2024 21:20:30.002938032 CET4434972013.107.246.63192.168.2.5
        Nov 20, 2024 21:20:30.002996922 CET49720443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:30.003029108 CET4434972013.107.246.63192.168.2.5
        Nov 20, 2024 21:20:30.003164053 CET49720443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:30.003186941 CET4434972013.107.246.63192.168.2.5
        Nov 20, 2024 21:20:30.003197908 CET49720443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:30.003295898 CET49725443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:30.003319025 CET4434972513.107.246.63192.168.2.5
        Nov 20, 2024 21:20:30.003345966 CET4434972013.107.246.63192.168.2.5
        Nov 20, 2024 21:20:30.003379107 CET4434972013.107.246.63192.168.2.5
        Nov 20, 2024 21:20:30.003438950 CET49720443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:30.005568981 CET49726443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:30.005593061 CET4434972613.107.246.63192.168.2.5
        Nov 20, 2024 21:20:30.005739927 CET49726443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:30.005914927 CET49726443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:30.005940914 CET4434972613.107.246.63192.168.2.5
        Nov 20, 2024 21:20:30.069839954 CET4434971813.107.246.63192.168.2.5
        Nov 20, 2024 21:20:30.069909096 CET4434971813.107.246.63192.168.2.5
        Nov 20, 2024 21:20:30.070092916 CET49718443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:30.070163965 CET49718443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:30.070202112 CET4434971813.107.246.63192.168.2.5
        Nov 20, 2024 21:20:30.070225954 CET49718443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:30.070239067 CET4434971813.107.246.63192.168.2.5
        Nov 20, 2024 21:20:30.073020935 CET49727443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:30.073080063 CET4434972713.107.246.63192.168.2.5
        Nov 20, 2024 21:20:30.073190928 CET49727443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:30.073384047 CET49727443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:30.073401928 CET4434972713.107.246.63192.168.2.5
        Nov 20, 2024 21:20:30.138350964 CET443497154.245.163.56192.168.2.5
        Nov 20, 2024 21:20:30.138391018 CET443497154.245.163.56192.168.2.5
        Nov 20, 2024 21:20:30.138402939 CET443497154.245.163.56192.168.2.5
        Nov 20, 2024 21:20:30.138418913 CET443497154.245.163.56192.168.2.5
        Nov 20, 2024 21:20:30.138442039 CET443497154.245.163.56192.168.2.5
        Nov 20, 2024 21:20:30.138452053 CET49715443192.168.2.54.245.163.56
        Nov 20, 2024 21:20:30.138461113 CET443497154.245.163.56192.168.2.5
        Nov 20, 2024 21:20:30.138529062 CET49715443192.168.2.54.245.163.56
        Nov 20, 2024 21:20:30.142191887 CET4434971913.107.246.63192.168.2.5
        Nov 20, 2024 21:20:30.142211914 CET4434971913.107.246.63192.168.2.5
        Nov 20, 2024 21:20:30.142362118 CET49719443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:30.142376900 CET4434971913.107.246.63192.168.2.5
        Nov 20, 2024 21:20:30.142487049 CET49719443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:30.145580053 CET49719443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:30.145580053 CET49719443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:30.145587921 CET4434971913.107.246.63192.168.2.5
        Nov 20, 2024 21:20:30.145766020 CET4434971913.107.246.63192.168.2.5
        Nov 20, 2024 21:20:30.145802021 CET4434971913.107.246.63192.168.2.5
        Nov 20, 2024 21:20:30.145859957 CET49719443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:30.149175882 CET49728443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:30.149285078 CET4434972813.107.246.63192.168.2.5
        Nov 20, 2024 21:20:30.149430037 CET49728443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:30.149640083 CET49728443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:30.149669886 CET4434972813.107.246.63192.168.2.5
        Nov 20, 2024 21:20:30.163870096 CET443497154.245.163.56192.168.2.5
        Nov 20, 2024 21:20:30.163974047 CET49715443192.168.2.54.245.163.56
        Nov 20, 2024 21:20:30.163974047 CET443497154.245.163.56192.168.2.5
        Nov 20, 2024 21:20:30.164031029 CET49715443192.168.2.54.245.163.56
        Nov 20, 2024 21:20:31.612411976 CET4434972613.107.246.63192.168.2.5
        Nov 20, 2024 21:20:31.612915039 CET49726443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:31.612941980 CET4434972613.107.246.63192.168.2.5
        Nov 20, 2024 21:20:31.614690065 CET49726443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:31.614697933 CET4434972613.107.246.63192.168.2.5
        Nov 20, 2024 21:20:31.794008017 CET4434972513.107.246.63192.168.2.5
        Nov 20, 2024 21:20:31.804826975 CET49725443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:31.804826975 CET49725443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:31.804861069 CET4434972513.107.246.63192.168.2.5
        Nov 20, 2024 21:20:31.804877996 CET4434972513.107.246.63192.168.2.5
        Nov 20, 2024 21:20:31.849337101 CET4434972413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:31.859157085 CET49724443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:31.859157085 CET49724443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:31.859195948 CET4434972413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:31.859209061 CET4434972413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:31.869524002 CET4434972813.107.246.63192.168.2.5
        Nov 20, 2024 21:20:31.869942904 CET49728443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:31.869982958 CET4434972813.107.246.63192.168.2.5
        Nov 20, 2024 21:20:31.870429993 CET49728443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:31.870436907 CET4434972813.107.246.63192.168.2.5
        Nov 20, 2024 21:20:31.921540022 CET4434972713.107.246.63192.168.2.5
        Nov 20, 2024 21:20:31.922410965 CET49727443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:31.922446012 CET4434972713.107.246.63192.168.2.5
        Nov 20, 2024 21:20:31.922506094 CET49727443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:31.922513962 CET4434972713.107.246.63192.168.2.5
        Nov 20, 2024 21:20:32.057991982 CET4434972613.107.246.63192.168.2.5
        Nov 20, 2024 21:20:32.058053970 CET4434972613.107.246.63192.168.2.5
        Nov 20, 2024 21:20:32.058128119 CET49726443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:32.058334112 CET49726443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:32.058334112 CET49726443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:32.058351040 CET4434972613.107.246.63192.168.2.5
        Nov 20, 2024 21:20:32.058360100 CET4434972613.107.246.63192.168.2.5
        Nov 20, 2024 21:20:32.070164919 CET49731443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:32.070183992 CET4434973113.107.246.63192.168.2.5
        Nov 20, 2024 21:20:32.070246935 CET49731443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:32.070414066 CET49731443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:32.070424080 CET4434973113.107.246.63192.168.2.5
        Nov 20, 2024 21:20:32.237559080 CET4434972513.107.246.63192.168.2.5
        Nov 20, 2024 21:20:32.237617970 CET4434972513.107.246.63192.168.2.5
        Nov 20, 2024 21:20:32.238523006 CET49725443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:32.245656967 CET49725443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:32.245656967 CET49725443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:32.245681047 CET4434972513.107.246.63192.168.2.5
        Nov 20, 2024 21:20:32.245697021 CET4434972513.107.246.63192.168.2.5
        Nov 20, 2024 21:20:32.250406027 CET49732443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:32.250446081 CET4434973213.107.246.63192.168.2.5
        Nov 20, 2024 21:20:32.250622034 CET49732443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:32.250737906 CET49732443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:32.250746965 CET4434973213.107.246.63192.168.2.5
        Nov 20, 2024 21:20:32.302156925 CET4434972413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:32.302221060 CET4434972413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:32.302304983 CET49724443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:32.302496910 CET49724443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:32.302496910 CET49724443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:32.302519083 CET4434972413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:32.302527905 CET4434972413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:32.306310892 CET4434972813.107.246.63192.168.2.5
        Nov 20, 2024 21:20:32.306492090 CET4434972813.107.246.63192.168.2.5
        Nov 20, 2024 21:20:32.310564995 CET49728443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:32.312697887 CET49728443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:32.312697887 CET49728443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:32.312721968 CET4434972813.107.246.63192.168.2.5
        Nov 20, 2024 21:20:32.312736988 CET4434972813.107.246.63192.168.2.5
        Nov 20, 2024 21:20:32.316087961 CET49733443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:32.316092014 CET49734443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:32.316132069 CET4434973313.107.246.63192.168.2.5
        Nov 20, 2024 21:20:32.316138983 CET4434973413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:32.316380978 CET49733443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:32.316382885 CET49734443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:32.316690922 CET49734443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:32.316710949 CET4434973413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:32.316740990 CET49733443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:32.316756964 CET4434973313.107.246.63192.168.2.5
        Nov 20, 2024 21:20:32.377999067 CET4434972713.107.246.63192.168.2.5
        Nov 20, 2024 21:20:32.378068924 CET4434972713.107.246.63192.168.2.5
        Nov 20, 2024 21:20:32.378153086 CET49727443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:32.378376007 CET49727443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:32.378376007 CET49727443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:32.378401041 CET4434972713.107.246.63192.168.2.5
        Nov 20, 2024 21:20:32.378415108 CET4434972713.107.246.63192.168.2.5
        Nov 20, 2024 21:20:32.387192011 CET49735443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:32.387285948 CET4434973513.107.246.63192.168.2.5
        Nov 20, 2024 21:20:32.387567997 CET49735443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:32.387682915 CET49735443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:32.387712955 CET4434973513.107.246.63192.168.2.5
        Nov 20, 2024 21:20:33.793407917 CET4434973113.107.246.63192.168.2.5
        Nov 20, 2024 21:20:33.793960094 CET49731443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:33.794060946 CET4434973113.107.246.63192.168.2.5
        Nov 20, 2024 21:20:33.795556068 CET49731443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:33.795572996 CET4434973113.107.246.63192.168.2.5
        Nov 20, 2024 21:20:33.983232975 CET4434973213.107.246.63192.168.2.5
        Nov 20, 2024 21:20:33.984919071 CET49732443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:33.984944105 CET4434973213.107.246.63192.168.2.5
        Nov 20, 2024 21:20:33.986440897 CET49732443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:33.986445904 CET4434973213.107.246.63192.168.2.5
        Nov 20, 2024 21:20:34.163400888 CET4434973413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:34.163841009 CET49734443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:34.163870096 CET4434973413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:34.164307117 CET49734443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:34.164311886 CET4434973413.107.246.63192.168.2.5
        Nov 20, 2024 21:20:34.174175978 CET4434973513.107.246.63192.168.2.5
        Nov 20, 2024 21:20:34.174524069 CET49735443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:34.174577951 CET4434973513.107.246.63192.168.2.5
        Nov 20, 2024 21:20:34.174926043 CET49735443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:34.174935102 CET4434973513.107.246.63192.168.2.5
        Nov 20, 2024 21:20:34.221143007 CET4434973313.107.246.63192.168.2.5
        Nov 20, 2024 21:20:34.221530914 CET49733443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:34.221565008 CET4434973313.107.246.63192.168.2.5
        Nov 20, 2024 21:20:34.222145081 CET49733443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:34.222156048 CET4434973313.107.246.63192.168.2.5
        Nov 20, 2024 21:20:34.230516911 CET4434973113.107.246.63192.168.2.5
        Nov 20, 2024 21:20:34.230587006 CET4434973113.107.246.63192.168.2.5
        Nov 20, 2024 21:20:34.230659008 CET49731443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:34.230792999 CET49731443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:34.230819941 CET4434973113.107.246.63192.168.2.5
        Nov 20, 2024 21:20:34.230834007 CET49731443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:34.230843067 CET4434973113.107.246.63192.168.2.5
        Nov 20, 2024 21:20:34.233699083 CET49736443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:34.233736992 CET4434973613.107.246.63192.168.2.5
        Nov 20, 2024 21:20:34.234282970 CET49736443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:34.234282970 CET49736443192.168.2.513.107.246.63
        Nov 20, 2024 21:20:34.234318018 CET4434973613.107.246.63192.168.2.5
        TimestampSource PortDest PortSource IPDest IP
        Nov 20, 2024 21:20:12.953691959 CET53592801.1.1.1192.168.2.5
        Nov 20, 2024 21:20:12.972862005 CET53620761.1.1.1192.168.2.5
        Nov 20, 2024 21:20:13.978076935 CET6142853192.168.2.51.1.1.1
        Nov 20, 2024 21:20:13.980572939 CET4933253192.168.2.51.1.1.1
        Nov 20, 2024 21:20:14.162925005 CET53614281.1.1.1192.168.2.5
        Nov 20, 2024 21:20:14.208409071 CET5344753192.168.2.51.1.1.1
        Nov 20, 2024 21:20:14.225925922 CET53493321.1.1.1192.168.2.5
        Nov 20, 2024 21:20:14.349618912 CET53534471.1.1.1192.168.2.5
        Nov 20, 2024 21:20:14.373692989 CET5642953192.168.2.58.8.8.8
        Nov 20, 2024 21:20:14.374084949 CET6082153192.168.2.51.1.1.1
        Nov 20, 2024 21:20:14.509020090 CET53564298.8.8.8192.168.2.5
        Nov 20, 2024 21:20:14.517966986 CET53608211.1.1.1192.168.2.5
        Nov 20, 2024 21:20:15.385173082 CET5167753192.168.2.51.1.1.1
        Nov 20, 2024 21:20:15.385516882 CET6382253192.168.2.51.1.1.1
        Nov 20, 2024 21:20:15.530558109 CET53516771.1.1.1192.168.2.5
        Nov 20, 2024 21:20:15.531563044 CET53638221.1.1.1192.168.2.5
        Nov 20, 2024 21:20:15.696840048 CET53583871.1.1.1192.168.2.5
        Nov 20, 2024 21:20:16.817852974 CET5502253192.168.2.51.1.1.1
        Nov 20, 2024 21:20:16.817998886 CET6376053192.168.2.51.1.1.1
        Nov 20, 2024 21:20:16.957505941 CET53637601.1.1.1192.168.2.5
        Nov 20, 2024 21:20:16.957566977 CET53550221.1.1.1192.168.2.5
        Nov 20, 2024 21:20:20.548048973 CET5163253192.168.2.51.1.1.1
        Nov 20, 2024 21:20:20.548162937 CET6162353192.168.2.51.1.1.1
        Nov 20, 2024 21:20:20.694958925 CET53616231.1.1.1192.168.2.5
        Nov 20, 2024 21:20:21.565164089 CET5167353192.168.2.51.1.1.1
        Nov 20, 2024 21:20:21.706314087 CET53516731.1.1.1192.168.2.5
        Nov 20, 2024 21:20:21.709266901 CET5890953192.168.2.51.1.1.1
        Nov 20, 2024 21:20:21.847135067 CET53589091.1.1.1192.168.2.5
        Nov 20, 2024 21:20:22.642724037 CET5081153192.168.2.51.1.1.1
        Nov 20, 2024 21:20:22.642936945 CET6133253192.168.2.51.1.1.1
        Nov 20, 2024 21:20:22.786294937 CET53508111.1.1.1192.168.2.5
        Nov 20, 2024 21:20:22.786501884 CET53613321.1.1.1192.168.2.5
        Nov 20, 2024 21:20:22.810123920 CET6240953192.168.2.51.1.1.1
        Nov 20, 2024 21:20:22.810499907 CET6309453192.168.2.58.8.8.8
        Nov 20, 2024 21:20:22.946901083 CET53630948.8.8.8192.168.2.5
        Nov 20, 2024 21:20:22.948812962 CET53624091.1.1.1192.168.2.5
        Nov 20, 2024 21:20:32.776487112 CET53612161.1.1.1192.168.2.5
        TimestampSource IPDest IPChecksumCodeType
        Nov 20, 2024 21:20:14.226041079 CET192.168.2.51.1.1.1c22e(Port unreachable)Destination Unreachable
        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
        Nov 20, 2024 21:20:13.978076935 CET192.168.2.51.1.1.10x205eStandard query (0)getwiplash.comA (IP address)IN (0x0001)false
        Nov 20, 2024 21:20:13.980572939 CET192.168.2.51.1.1.10x8e2fStandard query (0)getwiplash.com65IN (0x0001)false
        Nov 20, 2024 21:20:14.208409071 CET192.168.2.51.1.1.10x8766Standard query (0)getwiplash.comA (IP address)IN (0x0001)false
        Nov 20, 2024 21:20:14.373692989 CET192.168.2.58.8.8.80xa3a4Standard query (0)google.comA (IP address)IN (0x0001)false
        Nov 20, 2024 21:20:14.374084949 CET192.168.2.51.1.1.10x33ffStandard query (0)google.comA (IP address)IN (0x0001)false
        Nov 20, 2024 21:20:15.385173082 CET192.168.2.51.1.1.10x5a7aStandard query (0)getwiplash.comA (IP address)IN (0x0001)false
        Nov 20, 2024 21:20:15.385516882 CET192.168.2.51.1.1.10x89a1Standard query (0)getwiplash.com65IN (0x0001)false
        Nov 20, 2024 21:20:16.817852974 CET192.168.2.51.1.1.10xb51Standard query (0)www.google.comA (IP address)IN (0x0001)false
        Nov 20, 2024 21:20:16.817998886 CET192.168.2.51.1.1.10x71d8Standard query (0)www.google.com65IN (0x0001)false
        Nov 20, 2024 21:20:20.548048973 CET192.168.2.51.1.1.10x225eStandard query (0)getwiplash.comA (IP address)IN (0x0001)false
        Nov 20, 2024 21:20:20.548162937 CET192.168.2.51.1.1.10x80e3Standard query (0)getwiplash.com65IN (0x0001)false
        Nov 20, 2024 21:20:21.565164089 CET192.168.2.51.1.1.10x8a9eStandard query (0)getwiplash.comA (IP address)IN (0x0001)false
        Nov 20, 2024 21:20:21.709266901 CET192.168.2.51.1.1.10xf1b6Standard query (0)getwiplash.comA (IP address)IN (0x0001)false
        Nov 20, 2024 21:20:22.642724037 CET192.168.2.51.1.1.10x8e55Standard query (0)getwiplash.comA (IP address)IN (0x0001)false
        Nov 20, 2024 21:20:22.642936945 CET192.168.2.51.1.1.10xf6d3Standard query (0)getwiplash.com65IN (0x0001)false
        Nov 20, 2024 21:20:22.810123920 CET192.168.2.51.1.1.10xe93dStandard query (0)google.comA (IP address)IN (0x0001)false
        Nov 20, 2024 21:20:22.810499907 CET192.168.2.58.8.8.80x77efStandard query (0)google.comA (IP address)IN (0x0001)false
        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
        Nov 20, 2024 21:20:14.162925005 CET1.1.1.1192.168.2.50x205eName error (3)getwiplash.comnonenoneA (IP address)IN (0x0001)false
        Nov 20, 2024 21:20:14.225925922 CET1.1.1.1192.168.2.50x8e2fName error (3)getwiplash.comnonenone65IN (0x0001)false
        Nov 20, 2024 21:20:14.349618912 CET1.1.1.1192.168.2.50x8766Name error (3)getwiplash.comnonenoneA (IP address)IN (0x0001)false
        Nov 20, 2024 21:20:14.509020090 CET8.8.8.8192.168.2.50xa3a4No error (0)google.com142.250.181.142A (IP address)IN (0x0001)false
        Nov 20, 2024 21:20:14.517966986 CET1.1.1.1192.168.2.50x33ffNo error (0)google.com172.217.17.78A (IP address)IN (0x0001)false
        Nov 20, 2024 21:20:15.530558109 CET1.1.1.1192.168.2.50x5a7aName error (3)getwiplash.comnonenoneA (IP address)IN (0x0001)false
        Nov 20, 2024 21:20:15.531563044 CET1.1.1.1192.168.2.50x89a1Name error (3)getwiplash.comnonenone65IN (0x0001)false
        Nov 20, 2024 21:20:16.957505941 CET1.1.1.1192.168.2.50x71d8No error (0)www.google.com65IN (0x0001)false
        Nov 20, 2024 21:20:16.957566977 CET1.1.1.1192.168.2.50xb51No error (0)www.google.com172.217.21.36A (IP address)IN (0x0001)false
        Nov 20, 2024 21:20:20.694958925 CET1.1.1.1192.168.2.50x80e3Name error (3)getwiplash.comnonenone65IN (0x0001)false
        Nov 20, 2024 21:20:21.706314087 CET1.1.1.1192.168.2.50x8a9eName error (3)getwiplash.comnonenoneA (IP address)IN (0x0001)false
        Nov 20, 2024 21:20:21.847135067 CET1.1.1.1192.168.2.50xf1b6Name error (3)getwiplash.comnonenoneA (IP address)IN (0x0001)false
        Nov 20, 2024 21:20:22.786294937 CET1.1.1.1192.168.2.50x8e55Name error (3)getwiplash.comnonenoneA (IP address)IN (0x0001)false
        Nov 20, 2024 21:20:22.786501884 CET1.1.1.1192.168.2.50xf6d3Name error (3)getwiplash.comnonenone65IN (0x0001)false
        Nov 20, 2024 21:20:22.946901083 CET8.8.8.8192.168.2.50x77efNo error (0)google.com142.250.181.142A (IP address)IN (0x0001)false
        Nov 20, 2024 21:20:22.948812962 CET1.1.1.1192.168.2.50xe93dNo error (0)google.com172.217.17.78A (IP address)IN (0x0001)false
        • fs.microsoft.com
        • otelrules.azureedge.net
        • slscr.update.microsoft.com
        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
        0192.168.2.549712184.28.90.27443
        TimestampBytes transferredDirectionData
        2024-11-20 20:20:19 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
        Connection: Keep-Alive
        Accept: */*
        Accept-Encoding: identity
        User-Agent: Microsoft BITS/7.8
        Host: fs.microsoft.com
        2024-11-20 20:20:19 UTC467INHTTP/1.1 200 OK
        Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
        Content-Type: application/octet-stream
        ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
        Last-Modified: Tue, 16 May 2017 22:58:00 GMT
        Server: ECAcc (lpl/EF70)
        X-CID: 11
        X-Ms-ApiVersion: Distribute 1.2
        X-Ms-Region: prod-neu-z1
        Cache-Control: public, max-age=246312
        Date: Wed, 20 Nov 2024 20:20:19 GMT
        Connection: close
        X-CID: 2


        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
        1192.168.2.549713184.28.90.27443
        TimestampBytes transferredDirectionData
        2024-11-20 20:20:21 UTC239OUTGET /fs/windows/config.json HTTP/1.1
        Connection: Keep-Alive
        Accept: */*
        Accept-Encoding: identity
        If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
        Range: bytes=0-2147483646
        User-Agent: Microsoft BITS/7.8
        Host: fs.microsoft.com
        2024-11-20 20:20:21 UTC515INHTTP/1.1 200 OK
        ApiVersion: Distribute 1.1
        Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
        Content-Type: application/octet-stream
        ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
        Last-Modified: Tue, 16 May 2017 22:58:00 GMT
        Server: ECAcc (lpl/EF06)
        X-CID: 11
        X-Ms-ApiVersion: Distribute 1.2
        X-Ms-Region: prod-weu-z1
        Cache-Control: public, max-age=246269
        Date: Wed, 20 Nov 2024 20:20:21 GMT
        Content-Length: 55
        Connection: close
        X-CID: 2
        2024-11-20 20:20:21 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
        Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


        Session IDSource IPSource PortDestination IPDestination Port
        2192.168.2.54971413.107.246.63443
        TimestampBytes transferredDirectionData
        2024-11-20 20:20:26 UTC195OUTGET /rules/other-Win32-v19.bundle HTTP/1.1
        Connection: Keep-Alive
        Accept-Encoding: gzip
        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
        Host: otelrules.azureedge.net
        2024-11-20 20:20:27 UTC492INHTTP/1.1 200 OK
        Date: Wed, 20 Nov 2024 20:20:26 GMT
        Content-Type: text/plain
        Content-Length: 218853
        Connection: close
        Vary: Accept-Encoding
        Cache-Control: public
        Last-Modified: Tue, 19 Nov 2024 16:37:24 GMT
        ETag: "0x8DD08B87243495C"
        x-ms-request-id: b5254561-a01e-0070-0158-3b573b000000
        x-ms-version: 2018-03-28
        x-azure-ref: 20241120T202026Z-1777c6cb754dqf99hC1TEB5nps00000009xg00000000ff8w
        x-fd-int-roxy-purgeid: 0
        X-Cache: TCP_HIT
        X-Cache-Info: L1_T2
        Accept-Ranges: bytes
        2024-11-20 20:20:27 UTC15892INData Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20
        Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
        2024-11-20 20:20:27 UTC16384INData Raw: 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20
        Data Ascii: <V V="400" T="I32" /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" /> </L> <R> <V
        2024-11-20 20:20:27 UTC16384INData Raw: 32 30 76 33 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54
        Data Ascii: 20v3+<?xml version="1.0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" DCa="PSU" xmlns=""> <S> <A T="1" E="T
        2024-11-20 20:20:27 UTC16384INData Raw: 20 54 3d 22 32 22 20 46 3d 22 41 76 65 72 61 67 65 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 31 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 46 69 6c 65 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 38 22 20 46 3d
        Data Ascii: T="2" F="Average" /> </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32" I="11" O="true" N="File_Count"> <S T="8" F=
        2024-11-20 20:20:27 UTC16384INData Raw: 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 52 65 73 75 6c 74 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a
        Data Ascii: alse"> <C> <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Count_CreateResult_ValidPersona_False"> <C>
        2024-11-20 20:20:27 UTC16384INData Raw: 20 49 3d 22 31 39 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6c 65 61 6e 75 70
        Data Ascii: I="19" O="false" N="Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C> </C> <C T="U32" I="21" O="false" N="Cleanup
        2024-11-20 20:20:27 UTC16384INData Raw: 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20
        Data Ascii: </L> <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMilliseconds" /> </L> <R>
        2024-11-20 20:20:27 UTC16384INData Raw: 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 46 61 69 6c 65 64 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20
        Data Ascii: </O> </F> </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIntegrationFirstCallFailedCount"> <C>
        2024-11-20 20:20:27 UTC16384INData Raw: 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20
        Data Ascii: O T="AND"> <L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L> <R> <V V="false" T="B" />
        2024-11-20 20:20:27 UTC16384INData Raw: 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20
        Data Ascii: <S T="2" F="HttpStatus" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <L> <S T="2" F="HttpStatus" />


        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
        3192.168.2.5497154.245.163.56443
        TimestampBytes transferredDirectionData
        2024-11-20 20:20:29 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=erLWfCVYvKRg4bU&MD=SrxzAbAH HTTP/1.1
        Connection: Keep-Alive
        Accept: */*
        User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
        Host: slscr.update.microsoft.com
        2024-11-20 20:20:30 UTC560INHTTP/1.1 200 OK
        Cache-Control: no-cache
        Pragma: no-cache
        Content-Type: application/octet-stream
        Expires: -1
        Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
        ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
        MS-CorrelationId: 6f49a065-84b4-493e-8410-d07ceac6c2cb
        MS-RequestId: b5c9945c-b4f4-4761-9df9-4eef7572e7c6
        MS-CV: rmh0jO82KEqLqRFJ.0
        X-Microsoft-SLSClientCache: 2880
        Content-Disposition: attachment; filename=environment.cab
        X-Content-Type-Options: nosniff
        Date: Wed, 20 Nov 2024 20:20:28 GMT
        Connection: close
        Content-Length: 24490
        2024-11-20 20:20:30 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
        Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
        2024-11-20 20:20:30 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
        Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


        Session IDSource IPSource PortDestination IPDestination Port
        4192.168.2.54971713.107.246.63443
        TimestampBytes transferredDirectionData
        2024-11-20 20:20:29 UTC193OUTGET /rules/rule120402v21s19.xml HTTP/1.1
        Connection: Keep-Alive
        Accept-Encoding: gzip
        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
        Host: otelrules.azureedge.net
        2024-11-20 20:20:29 UTC494INHTTP/1.1 200 OK
        Date: Wed, 20 Nov 2024 20:20:29 GMT
        Content-Type: text/xml
        Content-Length: 3788
        Connection: close
        Vary: Accept-Encoding
        Cache-Control: public, max-age=604800, immutable
        Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT
        ETag: "0x8DC582BAC2126A6"
        x-ms-request-id: 9aa0d2c2-401e-00ac-4ce9-3a0a97000000
        x-ms-version: 2018-03-28
        x-azure-ref: 20241120T202029Z-r1d97b99577n4dznhC1TEBc1qw00000009c000000000eykn
        x-fd-int-roxy-purgeid: 0
        X-Cache: TCP_HIT
        Accept-Ranges: bytes
        2024-11-20 20:20:29 UTC3788INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22
        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""


        Session IDSource IPSource PortDestination IPDestination Port
        5192.168.2.54972113.107.246.63443
        TimestampBytes transferredDirectionData
        2024-11-20 20:20:29 UTC192OUTGET /rules/rule120609v0s19.xml HTTP/1.1
        Connection: Keep-Alive
        Accept-Encoding: gzip
        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
        Host: otelrules.azureedge.net
        2024-11-20 20:20:29 UTC470INHTTP/1.1 200 OK
        Date: Wed, 20 Nov 2024 20:20:29 GMT
        Content-Type: text/xml
        Content-Length: 408
        Connection: close
        Cache-Control: public, max-age=604800, immutable
        Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT
        ETag: "0x8DC582BB56D3AFB"
        x-ms-request-id: e579fe48-a01e-001e-648c-3a49ef000000
        x-ms-version: 2018-03-28
        x-azure-ref: 20241120T202029Z-r1d97b995778dpcthC1TEB4b54000000094000000000sxem
        x-fd-int-roxy-purgeid: 0
        X-Cache: TCP_HIT
        Accept-Ranges: bytes
        2024-11-20 20:20:29 UTC408INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20
        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


        Session IDSource IPSource PortDestination IPDestination Port
        6192.168.2.54972013.107.246.63443
        TimestampBytes transferredDirectionData
        2024-11-20 20:20:29 UTC192OUTGET /rules/rule120608v0s19.xml HTTP/1.1
        Connection: Keep-Alive
        Accept-Encoding: gzip
        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
        Host: otelrules.azureedge.net
        2024-11-20 20:20:29 UTC494INHTTP/1.1 200 OK
        Date: Wed, 20 Nov 2024 20:20:29 GMT
        Content-Type: text/xml
        Content-Length: 2160
        Connection: close
        Vary: Accept-Encoding
        Cache-Control: public, max-age=604800, immutable
        Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT
        ETag: "0x8DC582BA3B95D81"
        x-ms-request-id: 8753231e-501e-008f-038c-3a9054000000
        x-ms-version: 2018-03-28
        x-azure-ref: 20241120T202029Z-1777c6cb754rz2pghC1TEBghen00000009x000000000nyw6
        x-fd-int-roxy-purgeid: 0
        X-Cache: TCP_HIT
        Accept-Ranges: bytes
        2024-11-20 20:20:29 UTC2160INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20
        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />


        Session IDSource IPSource PortDestination IPDestination Port
        7192.168.2.54971813.107.246.63443
        TimestampBytes transferredDirectionData
        2024-11-20 20:20:29 UTC192OUTGET /rules/rule224902v2s19.xml HTTP/1.1
        Connection: Keep-Alive
        Accept-Encoding: gzip
        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
        Host: otelrules.azureedge.net
        2024-11-20 20:20:30 UTC470INHTTP/1.1 200 OK
        Date: Wed, 20 Nov 2024 20:20:29 GMT
        Content-Type: text/xml
        Content-Length: 450
        Connection: close
        Cache-Control: public, max-age=604800, immutable
        Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT
        ETag: "0x8DC582BD4C869AE"
        x-ms-request-id: ac6669be-e01e-003c-668c-3ac70b000000
        x-ms-version: 2018-03-28
        x-azure-ref: 20241120T202029Z-185f5d8b95c4vwv8hC1NYCy4v40000000awg00000000ec7n
        x-fd-int-roxy-purgeid: 0
        X-Cache: TCP_HIT
        Accept-Ranges: bytes
        2024-11-20 20:20:30 UTC450INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e
        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN


        Session IDSource IPSource PortDestination IPDestination Port
        8192.168.2.54971913.107.246.63443
        TimestampBytes transferredDirectionData
        2024-11-20 20:20:29 UTC192OUTGET /rules/rule120600v4s19.xml HTTP/1.1
        Connection: Keep-Alive
        Accept-Encoding: gzip
        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
        Host: otelrules.azureedge.net
        2024-11-20 20:20:30 UTC515INHTTP/1.1 200 OK
        Date: Wed, 20 Nov 2024 20:20:29 GMT
        Content-Type: text/xml
        Content-Length: 2980
        Connection: close
        Vary: Accept-Encoding
        Cache-Control: public, max-age=604800, immutable
        Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT
        ETag: "0x8DC582BA80D96A1"
        x-ms-request-id: 1aa7a34d-201e-0096-3676-3bace6000000
        x-ms-version: 2018-03-28
        x-azure-ref: 20241120T202029Z-178bfbc474bkvpdnhC1NYCuu2w00000000dg000000006qpa
        x-fd-int-roxy-purgeid: 0
        X-Cache: TCP_HIT
        X-Cache-Info: L1_T2
        Accept-Ranges: bytes
        2024-11-20 20:20:30 UTC2980INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20
        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"


        Session IDSource IPSource PortDestination IPDestination Port
        9192.168.2.54972613.107.246.63443
        TimestampBytes transferredDirectionData
        2024-11-20 20:20:31 UTC192OUTGET /rules/rule120612v0s19.xml HTTP/1.1
        Connection: Keep-Alive
        Accept-Encoding: gzip
        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
        Host: otelrules.azureedge.net
        2024-11-20 20:20:32 UTC470INHTTP/1.1 200 OK
        Date: Wed, 20 Nov 2024 20:20:31 GMT
        Content-Type: text/xml
        Content-Length: 471
        Connection: close
        Cache-Control: public, max-age=604800, immutable
        Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT
        ETag: "0x8DC582BB10C598B"
        x-ms-request-id: 1e988f1d-b01e-0070-1b8c-3a1cc0000000
        x-ms-version: 2018-03-28
        x-azure-ref: 20241120T202031Z-1777c6cb754xjpthhC1TEBexs800000009yg00000000aysh
        x-fd-int-roxy-purgeid: 0
        X-Cache: TCP_HIT
        Accept-Ranges: bytes
        2024-11-20 20:20:32 UTC471INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


        Session IDSource IPSource PortDestination IPDestination Port
        10192.168.2.54972513.107.246.63443
        TimestampBytes transferredDirectionData
        2024-11-20 20:20:31 UTC192OUTGET /rules/rule120611v0s19.xml HTTP/1.1
        Connection: Keep-Alive
        Accept-Encoding: gzip
        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
        Host: otelrules.azureedge.net
        2024-11-20 20:20:32 UTC470INHTTP/1.1 200 OK
        Date: Wed, 20 Nov 2024 20:20:32 GMT
        Content-Type: text/xml
        Content-Length: 415
        Connection: close
        Cache-Control: public, max-age=604800, immutable
        Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT
        ETag: "0x8DC582B9F6F3512"
        x-ms-request-id: bfe6cc7a-201e-006e-7e8c-3abbe3000000
        x-ms-version: 2018-03-28
        x-azure-ref: 20241120T202032Z-1777c6cb754xlpjshC1TEBv8cc0000000a8000000000a5zm
        x-fd-int-roxy-purgeid: 0
        X-Cache: TCP_HIT
        Accept-Ranges: bytes
        2024-11-20 20:20:32 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


        Session IDSource IPSource PortDestination IPDestination Port
        11192.168.2.54972413.107.246.63443
        TimestampBytes transferredDirectionData
        2024-11-20 20:20:31 UTC192OUTGET /rules/rule120610v0s19.xml HTTP/1.1
        Connection: Keep-Alive
        Accept-Encoding: gzip
        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
        Host: otelrules.azureedge.net
        2024-11-20 20:20:32 UTC470INHTTP/1.1 200 OK
        Date: Wed, 20 Nov 2024 20:20:32 GMT
        Content-Type: text/xml
        Content-Length: 474
        Connection: close
        Cache-Control: public, max-age=604800, immutable
        Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT
        ETag: "0x8DC582B9964B277"
        x-ms-request-id: 3126d9de-f01e-0099-4d8c-3a9171000000
        x-ms-version: 2018-03-28
        x-azure-ref: 20241120T202032Z-1777c6cb754dqf99hC1TEB5nps00000009u000000000vf54
        x-fd-int-roxy-purgeid: 0
        X-Cache: TCP_HIT
        Accept-Ranges: bytes
        2024-11-20 20:20:32 UTC474INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


        Session IDSource IPSource PortDestination IPDestination Port
        12192.168.2.54972813.107.246.63443
        TimestampBytes transferredDirectionData
        2024-11-20 20:20:31 UTC192OUTGET /rules/rule120614v0s19.xml HTTP/1.1
        Connection: Keep-Alive
        Accept-Encoding: gzip
        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
        Host: otelrules.azureedge.net
        2024-11-20 20:20:32 UTC470INHTTP/1.1 200 OK
        Date: Wed, 20 Nov 2024 20:20:32 GMT
        Content-Type: text/xml
        Content-Length: 467
        Connection: close
        Cache-Control: public, max-age=604800, immutable
        Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT
        ETag: "0x8DC582BA6C038BC"
        x-ms-request-id: 7f65a9a1-801e-0067-788c-3afe30000000
        x-ms-version: 2018-03-28
        x-azure-ref: 20241120T202032Z-r1d97b99577sdxndhC1TEBec5n00000009e000000000fq46
        x-fd-int-roxy-purgeid: 0
        X-Cache: TCP_HIT
        Accept-Ranges: bytes
        2024-11-20 20:20:32 UTC467INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


        Session IDSource IPSource PortDestination IPDestination Port
        13192.168.2.54972713.107.246.63443
        TimestampBytes transferredDirectionData
        2024-11-20 20:20:31 UTC192OUTGET /rules/rule120613v0s19.xml HTTP/1.1
        Connection: Keep-Alive
        Accept-Encoding: gzip
        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
        Host: otelrules.azureedge.net
        2024-11-20 20:20:32 UTC470INHTTP/1.1 200 OK
        Date: Wed, 20 Nov 2024 20:20:32 GMT
        Content-Type: text/xml
        Content-Length: 632
        Connection: close
        Cache-Control: public, max-age=604800, immutable
        Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
        ETag: "0x8DC582BB6E3779E"
        x-ms-request-id: 70a275ef-201e-0051-048c-3a7340000000
        x-ms-version: 2018-03-28
        x-azure-ref: 20241120T202032Z-r1d97b995774zjnrhC1TEBv1ww000000095g00000000u5xh
        x-fd-int-roxy-purgeid: 0
        X-Cache: TCP_HIT
        Accept-Ranges: bytes
        2024-11-20 20:20:32 UTC632INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d
        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]


        Session IDSource IPSource PortDestination IPDestination Port
        14192.168.2.54973113.107.246.63443
        TimestampBytes transferredDirectionData
        2024-11-20 20:20:33 UTC192OUTGET /rules/rule120615v0s19.xml HTTP/1.1
        Connection: Keep-Alive
        Accept-Encoding: gzip
        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
        Host: otelrules.azureedge.net
        2024-11-20 20:20:34 UTC470INHTTP/1.1 200 OK
        Date: Wed, 20 Nov 2024 20:20:34 GMT
        Content-Type: text/xml
        Content-Length: 407
        Connection: close
        Cache-Control: public, max-age=604800, immutable
        Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT
        ETag: "0x8DC582BBAD04B7B"
        x-ms-request-id: 79148a84-101e-0017-578c-3a47c7000000
        x-ms-version: 2018-03-28
        x-azure-ref: 20241120T202034Z-185f5d8b95csd4bwhC1NYCq7dc0000000ang00000000rf21
        x-fd-int-roxy-purgeid: 0
        X-Cache: TCP_HIT
        Accept-Ranges: bytes
        2024-11-20 20:20:34 UTC407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20
        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


        Session IDSource IPSource PortDestination IPDestination Port
        15192.168.2.54973213.107.246.63443
        TimestampBytes transferredDirectionData
        2024-11-20 20:20:33 UTC192OUTGET /rules/rule120616v0s19.xml HTTP/1.1
        Connection: Keep-Alive
        Accept-Encoding: gzip
        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
        Host: otelrules.azureedge.net
        2024-11-20 20:20:34 UTC470INHTTP/1.1 200 OK
        Date: Wed, 20 Nov 2024 20:20:34 GMT
        Content-Type: text/xml
        Content-Length: 486
        Connection: close
        Cache-Control: public, max-age=604800, immutable
        Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT
        ETag: "0x8DC582BB344914B"
        x-ms-request-id: 4e7b5ce8-701e-0098-117a-3b395f000000
        x-ms-version: 2018-03-28
        x-azure-ref: 20241120T202034Z-178bfbc474bscnbchC1NYCe7eg00000000g000000000pvdb
        x-fd-int-roxy-purgeid: 0
        X-Cache: TCP_HIT
        Accept-Ranges: bytes
        2024-11-20 20:20:34 UTC486INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


        Session IDSource IPSource PortDestination IPDestination Port
        16192.168.2.54973413.107.246.63443
        TimestampBytes transferredDirectionData
        2024-11-20 20:20:34 UTC192OUTGET /rules/rule120617v0s19.xml HTTP/1.1
        Connection: Keep-Alive
        Accept-Encoding: gzip
        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
        Host: otelrules.azureedge.net
        2024-11-20 20:20:34 UTC470INHTTP/1.1 200 OK
        Date: Wed, 20 Nov 2024 20:20:34 GMT
        Content-Type: text/xml
        Content-Length: 427
        Connection: close
        Cache-Control: public, max-age=604800, immutable
        Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT
        ETag: "0x8DC582BA310DA18"
        x-ms-request-id: bdf962e5-c01e-0066-1b8c-3aa1ec000000
        x-ms-version: 2018-03-28
        x-azure-ref: 20241120T202034Z-1777c6cb754ww792hC1TEBzqu400000009xg00000000e259
        x-fd-int-roxy-purgeid: 0
        X-Cache: TCP_HIT
        Accept-Ranges: bytes
        2024-11-20 20:20:34 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


        Session IDSource IPSource PortDestination IPDestination Port
        17192.168.2.54973513.107.246.63443
        TimestampBytes transferredDirectionData
        2024-11-20 20:20:34 UTC192OUTGET /rules/rule120619v0s19.xml HTTP/1.1
        Connection: Keep-Alive
        Accept-Encoding: gzip
        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
        Host: otelrules.azureedge.net
        2024-11-20 20:20:34 UTC491INHTTP/1.1 200 OK
        Date: Wed, 20 Nov 2024 20:20:34 GMT
        Content-Type: text/xml
        Content-Length: 407
        Connection: close
        Cache-Control: public, max-age=604800, immutable
        Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT
        ETag: "0x8DC582B9698189B"
        x-ms-request-id: b82db720-b01e-0053-528c-3acdf8000000
        x-ms-version: 2018-03-28
        x-azure-ref: 20241120T202034Z-1777c6cb7544nvmshC1TEBf7qc00000009w000000000ghvs
        x-fd-int-roxy-purgeid: 0
        X-Cache-Info: L1_T2
        X-Cache: TCP_HIT
        Accept-Ranges: bytes
        2024-11-20 20:20:34 UTC407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20
        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


        Session IDSource IPSource PortDestination IPDestination Port
        18192.168.2.54973313.107.246.63443
        TimestampBytes transferredDirectionData
        2024-11-20 20:20:34 UTC192OUTGET /rules/rule120618v0s19.xml HTTP/1.1
        Connection: Keep-Alive
        Accept-Encoding: gzip
        User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
        Host: otelrules.azureedge.net
        2024-11-20 20:20:34 UTC470INHTTP/1.1 200 OK
        Date: Wed, 20 Nov 2024 20:20:34 GMT
        Content-Type: text/xml
        Content-Length: 486
        Connection: close
        Cache-Control: public, max-age=604800, immutable
        Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT
        ETag: "0x8DC582B9018290B"
        x-ms-request-id: a1d80e42-301e-0096-338c-3ae71d000000
        x-ms-version: 2018-03-28
        x-azure-ref: 20241120T202034Z-1777c6cb754ww792hC1TEBzqu400000009z0000000008xfm
        x-fd-int-roxy-purgeid: 0
        X-Cache: TCP_HIT
        Accept-Ranges: bytes
        2024-11-20 20:20:34 UTC486INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
        Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


        Click to jump to process

        Click to jump to process

        Click to jump to process

        Target ID:0
        Start time:15:20:08
        Start date:20/11/2024
        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
        Imagebase:0x7ff715980000
        File size:3'242'272 bytes
        MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Has exited:false

        Target ID:2
        Start time:15:20:11
        Start date:20/11/2024
        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 --field-trial-handle=2216,i,4537548803986399945,4978338218772262629,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
        Imagebase:0x7ff715980000
        File size:3'242'272 bytes
        MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Has exited:false

        Target ID:3
        Start time:15:20:13
        Start date:20/11/2024
        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://getwiplash.com"
        Imagebase:0x7ff715980000
        File size:3'242'272 bytes
        MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Has exited:true

        No disassembly