Edit tour

Windows Analysis Report
https://dcdemocraticparty.org/

Overview

General Information

Sample URL:	https://dcdemocraticparty.org/
Analysis ID:	1538307
Tags:	urlscan
Infos:

Errors URL not reachable

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2724 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3172 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1968,i,3363833138248607142,12035694525606281563,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5292 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://dcdemocraticparty.org/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:49721 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: dcdemocraticparty.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: dcdemocraticparty.orgConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: dcdemocraticparty.orgConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: dcdemocraticparty.orgConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net

Source: global traffic	DNS traffic detected: DNS query: dcdemocraticparty.org
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:49721 version: TLS 1.2

Source: classification engine

Classification label: unknown0.win@18/6@4/4

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1968,i,3363833138248607142,12035694525606281563,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://dcdemocraticparty.org/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1968,i,3363833138248607142,12035694525606281563,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.214.172	true	false	unknown
dcdemocraticparty.org	23.236.62.147	true	false	unknown
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true	false	unknown
www.google.com	142.250.186.132	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://dcdemocraticparty.org/	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.186.132	www.google.com	United States	15169	GOOGLEUS	false
23.236.62.147	dcdemocraticparty.org	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.5

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1538307
Start date and time:	2024-10-21 00:13:20 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 6s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://dcdemocraticparty.org/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	UNKNOWN
Classification:	unknown0.win@18/6@4/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	URL browsing timeout or error

Errors

URL not reachable

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.99, 172.217.16.206, 64.233.167.84, 52.149.20.212, 199.232.214.172, 192.229.221.95
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, otelrules.afd.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, clients2.google.com, ocsp.digicert.com, ocsp.edge.digicert.com, sls.update.microsoft.com, azureedge-t-prod.trafficmanager.net, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://dcdemocraticparty.org/

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Oct 20 21:14:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.979627063892543
Encrypted:	false
SSDEEP:	48:8ONdjTL7HHJidAKZdA19ehwiZUklqehXy+3:8uL7oy
MD5:	F45D2784032AA0C046DD58B1225D9B87
SHA1:	2AF8D841BBEA14A39D9F9B37DEBB37B7B9C70A07
SHA-256:	0F8D94659C9D4273DEA4806468DE63E6493246EE59A79EF6E4A2A7F4599D14CA
SHA-512:	4881CEB4EA3DAF48CDE79DD465C51D144AED5ABF9E629ED4D7A8405EE833F3D06AB4B84A73AF3247CAFB4A81FEC54DEF871BC16E29911E7997306C743FD31CA3
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.......h=#..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.ITY.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VTY.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VTY.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VTY............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VTY............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............`......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Oct 20 21:14:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.993995930196456
Encrypted:	false
SSDEEP:	48:8hNdjTL7HHJidAKZdA1weh/iZUkAQkqehYy+2:85LJ9QNy
MD5:	5711508399A00F8858CACD195E8AC3DD
SHA1:	880E377A8ADB45F1456F77704F2EFDC4E4B37378
SHA-256:	C0224B871EDA9E395459D30E286806FEB5222C80BACE27E0AEAB9DBF33122E90
SHA-512:	BF63BF3D8D597524E870F0F0B396DFB40EC5B21678026C378C32736A86B55FE247BFBE92FAF1960002E51C4E89BD46238F05FAF209B5F8B02331C38EE4D1113A
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....J'.g=#..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.ITY.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VTY.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VTY.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VTY............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VTY............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............`......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.005833851143258
Encrypted:	false
SSDEEP:	48:8xEdjTL7sHJidAKZdA14tseh7sFiZUkmgqeh7sWy+BX:8xsL4n8y
MD5:	12490F4B97887A5303EFC95FF01A63C9
SHA1:	8A1FC2147D5E59B5DA1125DC03B15EA5D133604A
SHA-256:	30148DC633D5CEFFE2F1C724C68B77F1B3CF1E48776F52A25B9424DA74120872
SHA-512:	D119A1A81B1A7EFFC1667A140C1349FD7C4C9FCB9DF55BEA19F2A78E72BE0C6C46F0F5B668C5F6BFD3884F915862B41BFB01955989A4728F0224B3241FF000F4
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.ITY.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VTY.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VTY.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VTY............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............`......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Oct 20 21:14:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9930553427236366
Encrypted:	false
SSDEEP:	48:8xNdjTL7HHJidAKZdA1vehDiZUkwqehky+R:8pLKey
MD5:	06E28841FC493030A281FF586C1B2671
SHA1:	FDDA721C546CA888C230958AB04AB4C1C6FF5B3F
SHA-256:	B6240FAE5269AA43DEED2CE5390C19F1C5B4EF6AC0B618F9A819A2DA0BA87629
SHA-512:	47C1E3937D607293E6B2E1F5BE8CA3F951470D1FFD7B9FC6B9C6EA29267B4D970112B3010B7039E1F9EC7A3066ABB5A3037149A80B014DE845EBD57E3AC161F2
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....q..g=#..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.ITY.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VTY.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VTY.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VTY............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VTY............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............`......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Oct 20 21:14:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9799519301938266
Encrypted:	false
SSDEEP:	48:8ONdjTL7HHJidAKZdA1hehBiZUk1W1qeh6y+C:8uLq9ay
MD5:	924A35D49849936505D1C886191C57DF
SHA1:	ACB20D616BD07FDC717BE2C778B6AB8BD82EEA17
SHA-256:	C70CDB1FEB5F239048DE8DFF638B0D76E4F842E70CA899C248A52071F956E7C6
SHA-512:	FA3B1786A8ED1C8AA827CCD86DCE561F31BA0D2C70C786CDCB871424FED0079717FCC12567C1C4728AA91D337DB4090DA7B4BAFC24651409FE2719B2E42C66A2
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....o.h=#..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.ITY.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VTY.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VTY.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VTY............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VTY............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............`......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Oct 20 21:14:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.989440367146126
Encrypted:	false
SSDEEP:	48:8kNdjTL7HHJidAKZdA1duT+ehOuTbbiZUk5OjqehOuTb8y+yT+:84L0T/TbxWOvTb8y7T
MD5:	22E8A61A162564037E9507624C0FD255
SHA1:	AAE0063C55D1E927763D8CB6CD9E4B5DE38EADA2
SHA-256:	D67F04148DAC764DFF1FE483D5D3B41979D6A753FE5895CCEF33C0B86D537D4A
SHA-512:	63DCC4ADDCF5A8D6A69E6267AC53A9F1F26120681CF07DF10C7983D3634BB96CE1D550EA9D8BFC2C110E7F83051076739CA0790B1B69A9804B8E42B0C7DC19F4
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.......g=#..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.ITY.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VTY.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VTY.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VTY............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VTY............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............`......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 21, 2024 00:14:09.682013988 CEST	49673	443	192.168.2.5	23.1.237.91
Oct 21, 2024 00:14:17.870474100 CEST	49709	443	192.168.2.5	23.236.62.147
Oct 21, 2024 00:14:17.870517015 CEST	443	49709	23.236.62.147	192.168.2.5
Oct 21, 2024 00:14:17.870645046 CEST	49709	443	192.168.2.5	23.236.62.147
Oct 21, 2024 00:14:17.871041059 CEST	49710	443	192.168.2.5	23.236.62.147
Oct 21, 2024 00:14:17.871048927 CEST	443	49710	23.236.62.147	192.168.2.5
Oct 21, 2024 00:14:17.871160030 CEST	49710	443	192.168.2.5	23.236.62.147
Oct 21, 2024 00:14:17.871270895 CEST	49709	443	192.168.2.5	23.236.62.147
Oct 21, 2024 00:14:17.871283054 CEST	443	49709	23.236.62.147	192.168.2.5
Oct 21, 2024 00:14:17.871515036 CEST	49710	443	192.168.2.5	23.236.62.147
Oct 21, 2024 00:14:17.871521950 CEST	443	49710	23.236.62.147	192.168.2.5
Oct 21, 2024 00:14:18.790543079 CEST	443	49710	23.236.62.147	192.168.2.5
Oct 21, 2024 00:14:18.790863991 CEST	49710	443	192.168.2.5	23.236.62.147
Oct 21, 2024 00:14:18.790875912 CEST	443	49710	23.236.62.147	192.168.2.5
Oct 21, 2024 00:14:18.791953087 CEST	443	49710	23.236.62.147	192.168.2.5
Oct 21, 2024 00:14:18.792048931 CEST	49710	443	192.168.2.5	23.236.62.147
Oct 21, 2024 00:14:18.792068958 CEST	443	49709	23.236.62.147	192.168.2.5
Oct 21, 2024 00:14:18.792954922 CEST	49709	443	192.168.2.5	23.236.62.147
Oct 21, 2024 00:14:18.792964935 CEST	443	49709	23.236.62.147	192.168.2.5
Oct 21, 2024 00:14:18.793133020 CEST	49710	443	192.168.2.5	23.236.62.147
Oct 21, 2024 00:14:18.793237925 CEST	443	49710	23.236.62.147	192.168.2.5
Oct 21, 2024 00:14:18.793409109 CEST	49710	443	192.168.2.5	23.236.62.147
Oct 21, 2024 00:14:18.793416977 CEST	443	49710	23.236.62.147	192.168.2.5
Oct 21, 2024 00:14:18.794166088 CEST	443	49709	23.236.62.147	192.168.2.5
Oct 21, 2024 00:14:18.794223070 CEST	49709	443	192.168.2.5	23.236.62.147
Oct 21, 2024 00:14:18.794660091 CEST	49709	443	192.168.2.5	23.236.62.147
Oct 21, 2024 00:14:18.794725895 CEST	443	49709	23.236.62.147	192.168.2.5
Oct 21, 2024 00:14:18.843321085 CEST	49710	443	192.168.2.5	23.236.62.147
Oct 21, 2024 00:14:18.843321085 CEST	49709	443	192.168.2.5	23.236.62.147
Oct 21, 2024 00:14:18.843343019 CEST	443	49709	23.236.62.147	192.168.2.5
Oct 21, 2024 00:14:18.892544031 CEST	49709	443	192.168.2.5	23.236.62.147
Oct 21, 2024 00:14:19.077366114 CEST	443	49710	23.236.62.147	192.168.2.5
Oct 21, 2024 00:14:19.077452898 CEST	443	49710	23.236.62.147	192.168.2.5
Oct 21, 2024 00:14:19.077505112 CEST	49710	443	192.168.2.5	23.236.62.147
Oct 21, 2024 00:14:19.079231024 CEST	49710	443	192.168.2.5	23.236.62.147
Oct 21, 2024 00:14:19.079258919 CEST	443	49710	23.236.62.147	192.168.2.5
Oct 21, 2024 00:14:19.282586098 CEST	49673	443	192.168.2.5	23.1.237.91
Oct 21, 2024 00:14:20.122996092 CEST	49709	443	192.168.2.5	23.236.62.147
Oct 21, 2024 00:14:20.155116081 CEST	49714	443	192.168.2.5	23.236.62.147
Oct 21, 2024 00:14:20.155169010 CEST	443	49714	23.236.62.147	192.168.2.5
Oct 21, 2024 00:14:20.155483007 CEST	49714	443	192.168.2.5	23.236.62.147
Oct 21, 2024 00:14:20.155744076 CEST	49714	443	192.168.2.5	23.236.62.147
Oct 21, 2024 00:14:20.155752897 CEST	443	49714	23.236.62.147	192.168.2.5
Oct 21, 2024 00:14:20.163410902 CEST	443	49709	23.236.62.147	192.168.2.5
Oct 21, 2024 00:14:20.285151958 CEST	49715	443	192.168.2.5	142.250.186.132
Oct 21, 2024 00:14:20.285195112 CEST	443	49715	142.250.186.132	192.168.2.5
Oct 21, 2024 00:14:20.285296917 CEST	49715	443	192.168.2.5	142.250.186.132
Oct 21, 2024 00:14:20.285525084 CEST	49715	443	192.168.2.5	142.250.186.132
Oct 21, 2024 00:14:20.285536051 CEST	443	49715	142.250.186.132	192.168.2.5
Oct 21, 2024 00:14:20.401701927 CEST	443	49709	23.236.62.147	192.168.2.5
Oct 21, 2024 00:14:20.401765108 CEST	443	49709	23.236.62.147	192.168.2.5
Oct 21, 2024 00:14:20.401818991 CEST	49709	443	192.168.2.5	23.236.62.147
Oct 21, 2024 00:14:20.401969910 CEST	49709	443	192.168.2.5	23.236.62.147
Oct 21, 2024 00:14:20.401992083 CEST	443	49709	23.236.62.147	192.168.2.5
Oct 21, 2024 00:14:21.084184885 CEST	443	49714	23.236.62.147	192.168.2.5
Oct 21, 2024 00:14:21.141592979 CEST	49714	443	192.168.2.5	23.236.62.147
Oct 21, 2024 00:14:21.147712946 CEST	49714	443	192.168.2.5	23.236.62.147
Oct 21, 2024 00:14:21.147725105 CEST	443	49714	23.236.62.147	192.168.2.5
Oct 21, 2024 00:14:21.148503065 CEST	443	49714	23.236.62.147	192.168.2.5
Oct 21, 2024 00:14:21.150917053 CEST	49714	443	192.168.2.5	23.236.62.147
Oct 21, 2024 00:14:21.151053905 CEST	443	49714	23.236.62.147	192.168.2.5
Oct 21, 2024 00:14:21.153255939 CEST	49714	443	192.168.2.5	23.236.62.147
Oct 21, 2024 00:14:21.199418068 CEST	443	49714	23.236.62.147	192.168.2.5
Oct 21, 2024 00:14:21.233685970 CEST	443	49703	23.1.237.91	192.168.2.5
Oct 21, 2024 00:14:21.233799934 CEST	49703	443	192.168.2.5	23.1.237.91
Oct 21, 2024 00:14:21.364594936 CEST	443	49715	142.250.186.132	192.168.2.5
Oct 21, 2024 00:14:21.364901066 CEST	49715	443	192.168.2.5	142.250.186.132
Oct 21, 2024 00:14:21.364934921 CEST	443	49715	142.250.186.132	192.168.2.5
Oct 21, 2024 00:14:21.366431952 CEST	443	49715	142.250.186.132	192.168.2.5
Oct 21, 2024 00:14:21.366508961 CEST	49715	443	192.168.2.5	142.250.186.132
Oct 21, 2024 00:14:21.368721962 CEST	49715	443	192.168.2.5	142.250.186.132
Oct 21, 2024 00:14:21.368875027 CEST	443	49715	142.250.186.132	192.168.2.5
Oct 21, 2024 00:14:21.420700073 CEST	49715	443	192.168.2.5	142.250.186.132
Oct 21, 2024 00:14:21.420748949 CEST	443	49715	142.250.186.132	192.168.2.5
Oct 21, 2024 00:14:21.430483103 CEST	443	49714	23.236.62.147	192.168.2.5
Oct 21, 2024 00:14:21.430552959 CEST	443	49714	23.236.62.147	192.168.2.5
Oct 21, 2024 00:14:21.430701971 CEST	49714	443	192.168.2.5	23.236.62.147
Oct 21, 2024 00:14:21.431170940 CEST	49714	443	192.168.2.5	23.236.62.147
Oct 21, 2024 00:14:21.431190968 CEST	443	49714	23.236.62.147	192.168.2.5
Oct 21, 2024 00:14:21.463610888 CEST	49716	443	192.168.2.5	184.28.90.27
Oct 21, 2024 00:14:21.463666916 CEST	443	49716	184.28.90.27	192.168.2.5
Oct 21, 2024 00:14:21.463743925 CEST	49716	443	192.168.2.5	184.28.90.27
Oct 21, 2024 00:14:21.468941927 CEST	49715	443	192.168.2.5	142.250.186.132
Oct 21, 2024 00:14:21.473148108 CEST	49716	443	192.168.2.5	184.28.90.27
Oct 21, 2024 00:14:21.473180056 CEST	443	49716	184.28.90.27	192.168.2.5
Oct 21, 2024 00:14:22.534017086 CEST	443	49716	184.28.90.27	192.168.2.5
Oct 21, 2024 00:14:22.534113884 CEST	49716	443	192.168.2.5	184.28.90.27
Oct 21, 2024 00:14:22.543140888 CEST	49716	443	192.168.2.5	184.28.90.27
Oct 21, 2024 00:14:22.543160915 CEST	443	49716	184.28.90.27	192.168.2.5
Oct 21, 2024 00:14:22.543406963 CEST	443	49716	184.28.90.27	192.168.2.5
Oct 21, 2024 00:14:22.585177898 CEST	49716	443	192.168.2.5	184.28.90.27
Oct 21, 2024 00:14:22.631403923 CEST	443	49716	184.28.90.27	192.168.2.5
Oct 21, 2024 00:14:22.896203041 CEST	443	49716	184.28.90.27	192.168.2.5
Oct 21, 2024 00:14:22.896262884 CEST	443	49716	184.28.90.27	192.168.2.5
Oct 21, 2024 00:14:22.896332979 CEST	49716	443	192.168.2.5	184.28.90.27
Oct 21, 2024 00:14:22.899148941 CEST	49716	443	192.168.2.5	184.28.90.27
Oct 21, 2024 00:14:22.899179935 CEST	443	49716	184.28.90.27	192.168.2.5
Oct 21, 2024 00:14:26.445051908 CEST	49718	443	192.168.2.5	23.236.62.147
Oct 21, 2024 00:14:26.445110083 CEST	443	49718	23.236.62.147	192.168.2.5
Oct 21, 2024 00:14:26.445352077 CEST	49718	443	192.168.2.5	23.236.62.147
Oct 21, 2024 00:14:26.447738886 CEST	49719	443	192.168.2.5	23.236.62.147
Oct 21, 2024 00:14:26.447834969 CEST	443	49719	23.236.62.147	192.168.2.5
Oct 21, 2024 00:14:26.447915077 CEST	49719	443	192.168.2.5	23.236.62.147
Oct 21, 2024 00:14:26.448054075 CEST	49718	443	192.168.2.5	23.236.62.147
Oct 21, 2024 00:14:26.448081017 CEST	443	49718	23.236.62.147	192.168.2.5
Oct 21, 2024 00:14:26.448597908 CEST	49719	443	192.168.2.5	23.236.62.147
Oct 21, 2024 00:14:26.448632956 CEST	443	49719	23.236.62.147	192.168.2.5
Oct 21, 2024 00:14:27.364717007 CEST	443	49718	23.236.62.147	192.168.2.5
Oct 21, 2024 00:14:27.365986109 CEST	49718	443	192.168.2.5	23.236.62.147
Oct 21, 2024 00:14:27.366009951 CEST	443	49718	23.236.62.147	192.168.2.5
Oct 21, 2024 00:14:27.366379023 CEST	443	49718	23.236.62.147	192.168.2.5
Oct 21, 2024 00:14:27.368231058 CEST	49718	443	192.168.2.5	23.236.62.147
Oct 21, 2024 00:14:27.368295908 CEST	443	49718	23.236.62.147	192.168.2.5
Oct 21, 2024 00:14:27.369669914 CEST	49718	443	192.168.2.5	23.236.62.147
Oct 21, 2024 00:14:27.371562958 CEST	443	49719	23.236.62.147	192.168.2.5
Oct 21, 2024 00:14:27.372160912 CEST	49719	443	192.168.2.5	23.236.62.147
Oct 21, 2024 00:14:27.372186899 CEST	443	49719	23.236.62.147	192.168.2.5
Oct 21, 2024 00:14:27.372539997 CEST	443	49719	23.236.62.147	192.168.2.5
Oct 21, 2024 00:14:27.374161959 CEST	49719	443	192.168.2.5	23.236.62.147
Oct 21, 2024 00:14:27.374228954 CEST	443	49719	23.236.62.147	192.168.2.5
Oct 21, 2024 00:14:27.411407948 CEST	443	49718	23.236.62.147	192.168.2.5
Oct 21, 2024 00:14:27.428015947 CEST	49719	443	192.168.2.5	23.236.62.147
Oct 21, 2024 00:14:27.649219036 CEST	443	49718	23.236.62.147	192.168.2.5
Oct 21, 2024 00:14:27.649296999 CEST	443	49718	23.236.62.147	192.168.2.5
Oct 21, 2024 00:14:27.649930954 CEST	49718	443	192.168.2.5	23.236.62.147
Oct 21, 2024 00:14:27.650181055 CEST	49718	443	192.168.2.5	23.236.62.147
Oct 21, 2024 00:14:27.650202036 CEST	443	49718	23.236.62.147	192.168.2.5
Oct 21, 2024 00:14:29.418625116 CEST	49721	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:29.418665886 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:29.418740988 CEST	49721	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:29.419008970 CEST	49721	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:29.419024944 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:30.371676922 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:30.371757030 CEST	49721	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:30.373402119 CEST	49721	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:30.373419046 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:30.373822927 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:30.382421017 CEST	49721	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:30.427408934 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:30.703212023 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:30.703243971 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:30.703326941 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:30.703346968 CEST	49721	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:30.703381062 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:30.703402042 CEST	49721	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:30.703434944 CEST	49721	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:30.765826941 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:30.765851974 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:30.765968084 CEST	49721	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:30.765994072 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:30.766041040 CEST	49721	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:30.852768898 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:30.852792025 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:30.852860928 CEST	49721	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:30.852891922 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:30.852936029 CEST	49721	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:30.915132046 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:30.915157080 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:30.915241957 CEST	49721	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:30.915266037 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:30.915302038 CEST	49721	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:30.917856932 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:30.917871952 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:30.917929888 CEST	49721	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:30.917944908 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:30.917988062 CEST	49721	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:30.921245098 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:30.921264887 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:30.921312094 CEST	49721	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:30.921324015 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:30.921360970 CEST	49721	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:30.921379089 CEST	49721	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:31.003346920 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:31.003371000 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:31.003443003 CEST	49721	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:31.003465891 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:31.003510952 CEST	49721	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:31.062930107 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:31.062947035 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:31.063107014 CEST	49721	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:31.063133955 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:31.063179970 CEST	49721	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:31.067456007 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:31.067471981 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:31.067539930 CEST	49721	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:31.067554951 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:31.067595005 CEST	49721	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:31.070244074 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:31.070259094 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:31.070307970 CEST	49721	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:31.070319891 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:31.070358992 CEST	49721	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:31.073904037 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:31.073919058 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:31.073966980 CEST	49721	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:31.073981047 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:31.074018955 CEST	49721	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:31.077572107 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:31.077594995 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:31.077667952 CEST	49721	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:31.077680111 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:31.077747107 CEST	49721	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:31.103189945 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:31.103213072 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:31.103262901 CEST	49721	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:31.103279114 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:31.103317976 CEST	49721	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:31.103343964 CEST	49721	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:31.149811029 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:31.149888039 CEST	49721	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:31.149892092 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:31.149940968 CEST	49721	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:31.150027037 CEST	49721	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:31.150041103 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:31.150053024 CEST	49721	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:31.150058985 CEST	443	49721	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:31.193888903 CEST	49727	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:31.193923950 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:31.194066048 CEST	49727	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:31.194906950 CEST	49728	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:31.194951057 CEST	443	49728	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:31.195086956 CEST	49728	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:31.195758104 CEST	49727	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:31.195771933 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:31.196001053 CEST	49728	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:31.196017981 CEST	443	49728	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:31.197555065 CEST	49729	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:31.197587967 CEST	443	49729	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:31.197738886 CEST	49729	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:31.197933912 CEST	49729	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:31.197945118 CEST	443	49729	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:31.199275970 CEST	49730	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:31.199290991 CEST	443	49730	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:31.199652910 CEST	49730	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:31.200033903 CEST	49731	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:31.200066090 CEST	443	49731	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:31.200167894 CEST	49731	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:31.200275898 CEST	49731	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:31.200289965 CEST	443	49731	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:31.200333118 CEST	49730	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:31.200341940 CEST	443	49730	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:31.383215904 CEST	443	49715	142.250.186.132	192.168.2.5
Oct 21, 2024 00:14:31.383287907 CEST	443	49715	142.250.186.132	192.168.2.5
Oct 21, 2024 00:14:31.383409977 CEST	49715	443	192.168.2.5	142.250.186.132
Oct 21, 2024 00:14:32.107817888 CEST	443	49728	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:32.108287096 CEST	49728	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:32.108311892 CEST	443	49728	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:32.108740091 CEST	49728	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:32.108746052 CEST	443	49728	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:32.109736919 CEST	443	49729	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:32.110196114 CEST	49729	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:32.110222101 CEST	443	49729	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:32.110578060 CEST	49729	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:32.110585928 CEST	443	49729	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:32.121208906 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:32.121561050 CEST	49727	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:32.121581078 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:32.121948957 CEST	49727	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:32.121954918 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:32.126115084 CEST	443	49730	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:32.126434088 CEST	49730	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:32.126449108 CEST	443	49730	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:32.126817942 CEST	49730	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:32.126823902 CEST	443	49730	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:32.140058994 CEST	443	49731	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:32.140495062 CEST	49731	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:32.140512943 CEST	443	49731	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:32.140935898 CEST	49731	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:32.140940905 CEST	443	49731	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:32.264620066 CEST	443	49728	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:32.264703035 CEST	443	49728	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:32.264928102 CEST	49728	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:32.264967918 CEST	49728	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:32.264985085 CEST	443	49728	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:32.265022993 CEST	49728	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:32.265028954 CEST	443	49728	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:32.268187046 CEST	49734	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:32.268281937 CEST	443	49734	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:32.268382072 CEST	49734	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:32.268553972 CEST	49734	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:32.268588066 CEST	443	49734	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:32.268841982 CEST	443	49729	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:32.268862963 CEST	443	49729	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:32.268903971 CEST	49729	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:32.268928051 CEST	443	49729	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:32.268951893 CEST	443	49729	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:32.268965960 CEST	49729	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:32.269002914 CEST	49729	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:32.269088984 CEST	49729	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:32.269102097 CEST	443	49729	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:32.269124031 CEST	49729	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:32.269129038 CEST	443	49729	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:32.271483898 CEST	49735	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:32.271517992 CEST	443	49735	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:32.271584034 CEST	49735	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:32.271692991 CEST	49735	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:32.271706104 CEST	443	49735	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:32.286217928 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:32.286241055 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:32.286298037 CEST	49727	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:32.286308050 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:32.286345005 CEST	49727	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:32.286458969 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:32.286506891 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:32.286523104 CEST	49727	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:32.286535025 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:32.286570072 CEST	49727	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:32.286570072 CEST	49727	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:32.286576986 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:32.286583900 CEST	443	49727	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:32.288603067 CEST	49736	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:32.288640022 CEST	443	49736	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:32.288913965 CEST	49736	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:32.289052010 CEST	49736	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:32.289069891 CEST	443	49736	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:32.300965071 CEST	443	49731	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:32.301018000 CEST	443	49731	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:32.301129103 CEST	49731	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:32.301141977 CEST	443	49731	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:32.301215887 CEST	443	49731	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:32.301259995 CEST	49731	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:32.301295996 CEST	49731	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:32.301300049 CEST	443	49731	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:32.301310062 CEST	49731	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:32.301314116 CEST	443	49731	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:32.302716970 CEST	443	49730	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:32.302771091 CEST	443	49730	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:32.302927971 CEST	49730	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:32.303124905 CEST	49730	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:32.303137064 CEST	443	49730	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:32.303152084 CEST	49730	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:32.303157091 CEST	443	49730	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:32.303507090 CEST	49737	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:32.303544044 CEST	443	49737	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:32.303622007 CEST	49737	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:32.303726912 CEST	49737	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:32.303742886 CEST	443	49737	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:32.305354118 CEST	49738	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:32.305361986 CEST	443	49738	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:32.305418015 CEST	49738	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:32.305548906 CEST	49738	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:32.305557966 CEST	443	49738	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:32.579711914 CEST	49715	443	192.168.2.5	142.250.186.132
Oct 21, 2024 00:14:32.579747915 CEST	443	49715	142.250.186.132	192.168.2.5
Oct 21, 2024 00:14:33.201628923 CEST	443	49735	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:33.210886002 CEST	49735	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:33.210902929 CEST	443	49735	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:33.213818073 CEST	49735	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:33.213824987 CEST	443	49735	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:33.214469910 CEST	443	49736	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:33.215147972 CEST	49736	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:33.215148926 CEST	49736	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:33.215219975 CEST	443	49736	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:33.215251923 CEST	443	49736	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:33.226474047 CEST	443	49738	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:33.227339029 CEST	49738	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:33.227339029 CEST	49738	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:33.227421999 CEST	443	49738	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:33.227459908 CEST	443	49738	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:33.228189945 CEST	443	49737	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:33.228859901 CEST	49737	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:33.228859901 CEST	49737	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:33.228878021 CEST	443	49737	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:33.228909969 CEST	443	49737	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:33.376308918 CEST	443	49735	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:33.376545906 CEST	443	49735	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:33.376760006 CEST	49735	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:33.376760006 CEST	49735	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:33.376821041 CEST	49735	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:33.376842976 CEST	443	49735	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:33.377729893 CEST	443	49736	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:33.378221989 CEST	443	49736	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:33.378401995 CEST	49736	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:33.385514021 CEST	49736	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:33.385514975 CEST	49736	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:33.385544062 CEST	443	49736	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:33.385555983 CEST	443	49736	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:33.385896921 CEST	443	49738	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:33.386373997 CEST	443	49738	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:33.386415005 CEST	49738	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:33.386714935 CEST	49738	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:33.386714935 CEST	49738	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:33.386735916 CEST	443	49738	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:33.386740923 CEST	443	49738	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:33.388652086 CEST	443	49737	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:33.388873100 CEST	443	49737	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:33.389344931 CEST	49737	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:33.391494036 CEST	49739	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:33.391532898 CEST	443	49739	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:33.392601967 CEST	49740	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:33.392625093 CEST	443	49740	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:33.392638922 CEST	49739	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:33.392695904 CEST	49740	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:33.393208981 CEST	49737	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:33.393208981 CEST	49737	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:33.393217087 CEST	443	49737	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:33.393227100 CEST	443	49737	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:33.395214081 CEST	49739	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:33.395234108 CEST	443	49739	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:33.395493984 CEST	49740	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:33.395507097 CEST	443	49740	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:33.397106886 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:33.397106886 CEST	49741	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:33.397203922 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:33.397252083 CEST	443	49741	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:33.397440910 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:33.397497892 CEST	49741	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:33.397582054 CEST	49741	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:33.397604942 CEST	443	49741	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:33.397623062 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:33.397639990 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:33.404527903 CEST	443	49734	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:33.404936075 CEST	49734	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:33.404968023 CEST	443	49734	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:33.406465054 CEST	49734	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:33.406481028 CEST	443	49734	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:33.563260078 CEST	443	49734	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:33.563467979 CEST	443	49734	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:33.563657999 CEST	49734	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:33.563657999 CEST	49734	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:33.563735962 CEST	49734	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:33.563755989 CEST	443	49734	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:33.575501919 CEST	49743	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:33.575536013 CEST	443	49743	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:33.575735092 CEST	49743	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:33.575754881 CEST	49743	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:33.575759888 CEST	443	49743	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:34.305715084 CEST	443	49741	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:34.306170940 CEST	49741	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:34.306197882 CEST	443	49741	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:34.306685925 CEST	49741	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:34.306704044 CEST	443	49741	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:34.312784910 CEST	443	49740	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:34.313149929 CEST	49740	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:34.313167095 CEST	443	49740	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:34.313520908 CEST	49740	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:34.313525915 CEST	443	49740	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:34.314114094 CEST	443	49739	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:34.314385891 CEST	49739	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:34.314412117 CEST	443	49739	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:34.314769030 CEST	49739	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:34.314779043 CEST	443	49739	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:34.321254015 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:34.321549892 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:34.321559906 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:34.322024107 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:34.322029114 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:34.464240074 CEST	443	49741	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:34.464432955 CEST	443	49741	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:34.464485884 CEST	49741	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:34.464646101 CEST	49741	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:34.464665890 CEST	443	49741	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:34.464675903 CEST	49741	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:34.464682102 CEST	443	49741	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:34.469135046 CEST	49745	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:34.469167948 CEST	443	49745	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:34.469232082 CEST	49745	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:34.469402075 CEST	49745	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:34.469418049 CEST	443	49745	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:34.474433899 CEST	443	49739	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:34.474497080 CEST	443	49739	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:34.474545956 CEST	49739	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:34.474749088 CEST	49739	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:34.474765062 CEST	443	49739	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:34.474775076 CEST	49739	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:34.474780083 CEST	443	49739	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:34.477545977 CEST	49746	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:34.477555990 CEST	443	49746	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:34.477616072 CEST	49746	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:34.477756977 CEST	49746	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:34.477766991 CEST	443	49746	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:34.478475094 CEST	443	49740	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:34.478575945 CEST	443	49740	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:34.478621006 CEST	49740	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:34.478683949 CEST	49740	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:34.478703976 CEST	443	49740	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:34.478715897 CEST	49740	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:34.478722095 CEST	443	49740	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:34.481498003 CEST	49747	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:34.481549025 CEST	443	49747	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:34.481606007 CEST	49747	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:34.481606007 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:34.481697083 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:34.481743097 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:34.481828928 CEST	49747	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:34.481848001 CEST	443	49747	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:34.481949091 CEST	49742	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:34.481955051 CEST	443	49742	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:34.484420061 CEST	49748	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:34.484493017 CEST	443	49748	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:34.484550953 CEST	49748	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:34.484942913 CEST	49748	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:34.484978914 CEST	443	49748	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:34.500909090 CEST	443	49743	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:34.501276970 CEST	49743	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:34.501285076 CEST	443	49743	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:34.501888037 CEST	49743	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:34.501893044 CEST	443	49743	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:34.662209034 CEST	443	49743	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:34.662311077 CEST	443	49743	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:34.662364006 CEST	49743	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:34.662802935 CEST	49743	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:34.662827969 CEST	443	49743	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:34.662847042 CEST	49743	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:34.662853956 CEST	443	49743	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:34.666630030 CEST	49749	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:34.666682005 CEST	443	49749	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:34.666754007 CEST	49749	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:34.666872978 CEST	49749	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:34.666883945 CEST	443	49749	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:35.390675068 CEST	443	49745	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:35.391422033 CEST	49745	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:35.391437054 CEST	443	49745	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:35.391757965 CEST	49745	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:35.391769886 CEST	443	49745	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:35.394810915 CEST	443	49746	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:35.395143032 CEST	49746	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:35.395149946 CEST	443	49746	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:35.395499945 CEST	49746	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:35.395504951 CEST	443	49746	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:35.396846056 CEST	443	49748	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:35.397102118 CEST	49748	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:35.397144079 CEST	443	49747	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:35.397196054 CEST	443	49748	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:35.397491932 CEST	49748	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:35.397506952 CEST	443	49748	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:35.397742033 CEST	49747	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:35.397789955 CEST	443	49747	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:35.398123026 CEST	49747	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:35.398129940 CEST	443	49747	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:35.550524950 CEST	443	49745	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:35.550792933 CEST	443	49745	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:35.551125050 CEST	49745	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:35.551125050 CEST	49745	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:35.551529884 CEST	49745	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:35.551548004 CEST	443	49745	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:35.553880930 CEST	443	49746	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:35.553934097 CEST	49750	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:35.554020882 CEST	443	49750	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:35.554176092 CEST	443	49747	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:35.554243088 CEST	443	49746	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:35.554295063 CEST	49750	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:35.554402113 CEST	443	49747	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:35.554450035 CEST	49750	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:35.554481983 CEST	443	49750	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:35.554497957 CEST	49746	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:35.554497957 CEST	49747	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:35.554516077 CEST	49746	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:35.554516077 CEST	49746	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:35.554522038 CEST	443	49746	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:35.554528952 CEST	443	49746	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:35.555300951 CEST	49747	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:35.555300951 CEST	49747	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:35.555347919 CEST	443	49747	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:35.555376053 CEST	443	49747	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:35.555787086 CEST	443	49748	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:35.555841923 CEST	443	49748	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:35.558166981 CEST	49751	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:35.558178902 CEST	49752	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:35.558207989 CEST	443	49751	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:35.558243036 CEST	49748	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:35.558269978 CEST	443	49752	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:35.558300972 CEST	49751	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:35.558448076 CEST	49751	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:35.558448076 CEST	49748	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:35.558463097 CEST	443	49751	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:35.558480024 CEST	443	49748	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:35.558490038 CEST	49748	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:35.558494091 CEST	443	49748	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:35.558500051 CEST	49752	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:35.559530020 CEST	49752	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:35.559571028 CEST	443	49752	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:35.562274933 CEST	49753	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:35.562319994 CEST	443	49753	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:35.562443018 CEST	49753	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:35.562490940 CEST	49753	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:35.562500954 CEST	443	49753	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:35.606110096 CEST	443	49749	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:35.607611895 CEST	49749	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:35.607655048 CEST	443	49749	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:35.607999086 CEST	49749	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:35.608012915 CEST	443	49749	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:35.773580074 CEST	443	49749	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:35.775139093 CEST	443	49749	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:35.775257111 CEST	49749	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:35.775377035 CEST	49749	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:35.775377035 CEST	49749	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:35.775432110 CEST	443	49749	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:35.775454044 CEST	443	49749	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:35.779531002 CEST	49754	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:35.779587030 CEST	443	49754	13.107.246.45	192.168.2.5
Oct 21, 2024 00:14:35.779779911 CEST	49754	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:35.779989958 CEST	49754	443	192.168.2.5	13.107.246.45
Oct 21, 2024 00:14:35.780008078 CEST	443	49754	13.107.246.45	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 21, 2024 00:14:16.280688047 CEST	53	51330	1.1.1.1	192.168.2.5
Oct 21, 2024 00:14:16.333486080 CEST	53	65417	1.1.1.1	192.168.2.5
Oct 21, 2024 00:14:17.745163918 CEST	54643	53	192.168.2.5	1.1.1.1
Oct 21, 2024 00:14:17.745991945 CEST	58676	53	192.168.2.5	1.1.1.1
Oct 21, 2024 00:14:17.763111115 CEST	53	58676	1.1.1.1	192.168.2.5
Oct 21, 2024 00:14:17.869565010 CEST	53	54643	1.1.1.1	192.168.2.5
Oct 21, 2024 00:14:20.276772022 CEST	54630	53	192.168.2.5	1.1.1.1
Oct 21, 2024 00:14:20.277214050 CEST	61093	53	192.168.2.5	1.1.1.1
Oct 21, 2024 00:14:20.283919096 CEST	53	54630	1.1.1.1	192.168.2.5
Oct 21, 2024 00:14:20.284146070 CEST	53	61093	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 21, 2024 00:14:17.745163918 CEST	192.168.2.5	1.1.1.1	0xcade	Standard query (0)	dcdemocraticparty.org	A (IP address)	IN (0x0001)	false
Oct 21, 2024 00:14:17.745991945 CEST	192.168.2.5	1.1.1.1	0x3a54	Standard query (0)	dcdemocraticparty.org	65	IN (0x0001)	false
Oct 21, 2024 00:14:20.276772022 CEST	192.168.2.5	1.1.1.1	0xfc98	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 21, 2024 00:14:20.277214050 CEST	192.168.2.5	1.1.1.1	0xefbc	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 21, 2024 00:14:17.869565010 CEST	1.1.1.1	192.168.2.5	0xcade	No error (0)	dcdemocraticparty.org		23.236.62.147	A (IP address)	IN (0x0001)	false
Oct 21, 2024 00:14:20.283919096 CEST	1.1.1.1	192.168.2.5	0xfc98	No error (0)	www.google.com		142.250.186.132	A (IP address)	IN (0x0001)	false
Oct 21, 2024 00:14:20.284146070 CEST	1.1.1.1	192.168.2.5	0xefbc	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 21, 2024 00:14:29.417821884 CEST	1.1.1.1	192.168.2.5	0x2779	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	s-part-0017.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 21, 2024 00:14:29.417821884 CEST	1.1.1.1	192.168.2.5	0x2779	No error (0)	s-part-0017.t-0009.t-msedge.net		13.107.246.45	A (IP address)	IN (0x0001)	false
Oct 21, 2024 00:14:29.456960917 CEST	1.1.1.1	192.168.2.5	0x5b02	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Oct 21, 2024 00:14:29.456960917 CEST	1.1.1.1	192.168.2.5	0x5b02	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Oct 21, 2024 00:14:30.288130045 CEST	1.1.1.1	192.168.2.5	0x6c2a	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 21, 2024 00:14:30.288130045 CEST	1.1.1.1	192.168.2.5	0x6c2a	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

dcdemocraticparty.org

otelrules.azureedge.net

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49710	23.236.62.147	443	3172	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-20 22:14:18 UTC	664	OUT	GET / HTTP/1.1 Host: dcdemocraticparty.org Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49709	23.236.62.147	443	3172	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-20 22:14:20 UTC	690	OUT	GET / HTTP/1.1 Host: dcdemocraticparty.org Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49714	23.236.62.147	443	3172	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-20 22:14:21 UTC	690	OUT	GET / HTTP/1.1 Host: dcdemocraticparty.org Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49716	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-20 22:14:22 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49718	23.236.62.147	443	3172	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-20 22:14:27 UTC	690	OUT	GET / HTTP/1.1 Host: dcdemocraticparty.org Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.5	49721	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-20 22:14:30 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-20 22:14:30 UTC	540	IN	HTTP/1.1 200 OK Date: Sun, 20 Oct 2024 22:14:30 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public Last-Modified: Fri, 18 Oct 2024 15:17:17 GMT ETag: "0x8DCEF87F3DDAA58" x-ms-request-id: afcefc7b-b01e-001e-6024-220214000000 x-ms-version: 2018-03-28 x-azure-ref: 20241020T221430Z-16c4998b89bgzqvgnnyu3npcdn00000001t0000000011uag x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-20 22:14:30 UTC	15844	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-10-20 22:14:30 UTC	16384	IN	Data Raw: 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e Data Ascii: "0" /> </L> <R> <V V="400" T="I32" /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" />
2024-10-20 22:14:30 UTC	16384	IN	Data Raw: 20 20 3c 53 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 53 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 38 32 30 76 33 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 Data Ascii: <ST> <S T="1" /> </ST></R><$!#>10820v3+<?xml version="1.0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-781
2024-10-20 22:14:30 UTC	16384	IN	Data Raw: 20 54 3d 22 55 36 34 22 20 49 3d 22 38 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 45 76 65 6e 74 73 5f 41 76 67 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 41 76 65 72 61 67 65 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 Data Ascii: T="U64" I="8" O="false" N="Events_Avg"> <S T="2" F="Average" /> </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32"
2024-10-20 22:14:30 UTC	16384	IN	Data Raw: 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f Data Ascii: "0" O="false" N="Count_CreateCard_ValidPersona_False"> <C> <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Co
2024-10-20 22:14:30 UTC	16384	IN	Data Raw: 20 20 20 20 3c 53 20 54 3d 22 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 39 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a Data Ascii: <S T="31" /> </C> </C> <C T="U32" I="19" O="false" N="Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C>
2024-10-20 22:14:30 UTC	16384	IN	Data Raw: 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 Data Ascii: <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMillisec
2024-10-20 22:14:31 UTC	16384	IN	Data Raw: 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e Data Ascii: R> <V V="0" T="I32" /> </R> </O> </F> </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIn
2024-10-20 22:14:31 UTC	16384	IN	Data Raw: 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: R> </O> </F> <F T="6"> <O T="AND"> <L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L>
2024-10-20 22:14:31 UTC	16384	IN	Data Raw: 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c Data Ascii: T="6"> <O T="EQ"> <L> <S T="2" F="HttpStatus" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.5	49728	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-20 22:14:32 UTC	192	OUT	GET /rules/rule224902v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-20 22:14:32 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 20 Oct 2024 22:14:32 GMT Content-Type: text/xml Content-Length: 450 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT ETag: "0x8DC582BD4C869AE" x-ms-request-id: 52fc638d-b01e-0070-36c5-201cc0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241020T221432Z-16c4998b89bgwq87xczx5msh6c000000024g00000000bx46 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-20 22:14:32 UTC	450	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.5	49729	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-20 22:14:32 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-20 22:14:32 UTC	563	IN	HTTP/1.1 200 OK Date: Sun, 20 Oct 2024 22:14:32 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 394abe64-001e-0028-050b-22c49f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241020T221432Z-16c4998b89bpjcmqcydug5crk80000000200000000013vv8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-20 22:14:32 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.5	49727	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-20 22:14:32 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-20 22:14:32 UTC	563	IN	HTTP/1.1 200 OK Date: Sun, 20 Oct 2024 22:14:32 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: 331d1c77-401e-0029-354e-229b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241020T221432Z-16c4998b89bmjc55ufxy735f24000000020000000000nkqv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-20 22:14:32 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.5	49730	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-20 22:14:32 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-20 22:14:32 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 20 Oct 2024 22:14:32 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: 31a53d7e-801e-00a3-74f7-217cfb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241020T221432Z-16c4998b89bgg6wv1u6pvknne0000000021g000000003spf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-20 22:14:32 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.5	49731	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-20 22:14:32 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-20 22:14:32 UTC	563	IN	HTTP/1.1 200 OK Date: Sun, 20 Oct 2024 22:14:32 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: fdb61705-b01e-0001-2f09-2246e2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241020T221432Z-16c4998b89bgs72bwd9m1pn9ec000000022000000000cn93 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-20 22:14:32 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.5	49735	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-20 22:14:33 UTC	192	OUT	GET /rules/rule120611v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-20 22:14:33 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 20 Oct 2024 22:14:33 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT ETag: "0x8DC582B9F6F3512" x-ms-request-id: e1deb6d3-201e-006e-700b-22bbe3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241020T221433Z-16c4998b89bxnvn4z8bkannvtn0000000270000000001k7y x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-20 22:14:33 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.5	49736	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-20 22:14:33 UTC	192	OUT	GET /rules/rule120612v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-20 22:14:33 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 20 Oct 2024 22:14:33 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT ETag: "0x8DC582BB10C598B" x-ms-request-id: 8d314a1c-701e-0097-3ae5-21b8c1000000 x-ms-version: 2018-03-28 x-azure-ref: 20241020T221433Z-16c4998b89bjhclnycnwufct2g000000026000000000h4sa x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-20 22:14:33 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.5	49738	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-20 22:14:33 UTC	192	OUT	GET /rules/rule120614v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-20 22:14:33 UTC	491	IN	HTTP/1.1 200 OK Date: Sun, 20 Oct 2024 22:14:33 GMT Content-Type: text/xml Content-Length: 467 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6C038BC" x-ms-request-id: bcb88dd7-c01e-0079-47cd-21e51a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241020T221433Z-16c4998b89bgzr9ryr1qrwpe1w00000001yg00000000kpp6 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-20 22:14:33 UTC	467	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.5	49737	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-20 22:14:33 UTC	192	OUT	GET /rules/rule120613v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-20 22:14:33 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 20 Oct 2024 22:14:33 GMT Content-Type: text/xml Content-Length: 632 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6E3779E" x-ms-request-id: 0a92035d-201e-00aa-57da-213928000000 x-ms-version: 2018-03-28 x-azure-ref: 20241020T221433Z-16c4998b89bsd955kt41610a8000000001t000000001271z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-20 22:14:33 UTC	632	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]\|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.5	49734	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-20 22:14:33 UTC	192	OUT	GET /rules/rule120610v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-20 22:14:33 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 20 Oct 2024 22:14:33 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT ETag: "0x8DC582B9964B277" x-ms-request-id: 734838af-101e-0065-4be5-214088000000 x-ms-version: 2018-03-28 x-azure-ref: 20241020T221433Z-16c4998b89bgzqvgnnyu3npcdn00000001ug00000000tsbn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-20 22:14:33 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.5	49741	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-20 22:14:34 UTC	192	OUT	GET /rules/rule120617v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-20 22:14:34 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 20 Oct 2024 22:14:34 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT ETag: "0x8DC582BA310DA18" x-ms-request-id: 1b2fb3ba-201e-0033-65ce-20b167000000 x-ms-version: 2018-03-28 x-azure-ref: 20241020T221434Z-16c4998b89bgzqvgnnyu3npcdn00000001v000000000sv9q x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-20 22:14:34 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.5	49740	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-20 22:14:34 UTC	192	OUT	GET /rules/rule120616v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-20 22:14:34 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 20 Oct 2024 22:14:34 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB344914B" x-ms-request-id: 13862abc-a01e-0053-5aa2-218603000000 x-ms-version: 2018-03-28 x-azure-ref: 20241020T221434Z-16c4998b89bgg6wv1u6pvknne000000001yg00000000hf8r x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-20 22:14:34 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.5	49739	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-20 22:14:34 UTC	192	OUT	GET /rules/rule120615v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-20 22:14:34 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 20 Oct 2024 22:14:34 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBAD04B7B" x-ms-request-id: 0d728fc6-301e-0000-17e3-21eecc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241020T221434Z-16c4998b89bgwq87xczx5msh6c000000020g00000000x0wf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-20 22:14:34 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.5	49742	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-20 22:14:34 UTC	192	OUT	GET /rules/rule120618v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-20 22:14:34 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 20 Oct 2024 22:14:34 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT ETag: "0x8DC582B9018290B" x-ms-request-id: 6ca7d158-d01e-0014-15ac-21ed58000000 x-ms-version: 2018-03-28 x-azure-ref: 20241020T221434Z-16c4998b89bpjcmqcydug5crk80000000200000000013w0m x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-20 22:14:34 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.5	49743	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-20 22:14:34 UTC	192	OUT	GET /rules/rule120619v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-20 22:14:34 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 20 Oct 2024 22:14:34 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT ETag: "0x8DC582B9698189B" x-ms-request-id: 7de7ed35-901e-005b-7c14-222005000000 x-ms-version: 2018-03-28 x-azure-ref: 20241020T221434Z-16c4998b89bxnvn4z8bkannvtn0000000260000000006a1g x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-20 22:14:34 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.5	49745	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-20 22:14:35 UTC	192	OUT	GET /rules/rule120620v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-20 22:14:35 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 20 Oct 2024 22:14:35 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA701121" x-ms-request-id: 847e2871-001e-0079-66e3-2112e8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241020T221435Z-16c4998b89bddwz8qtftvr08un00000002900000000034q7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-20 22:14:35 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.5	49746	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-20 22:14:35 UTC	192	OUT	GET /rules/rule120621v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-20 22:14:35 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 20 Oct 2024 22:14:35 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA41997E3" x-ms-request-id: 3edebaab-e01e-0033-21c8-214695000000 x-ms-version: 2018-03-28 x-azure-ref: 20241020T221435Z-16c4998b89b7jpjl4rem96730s00000001y000000000myb7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-20 22:14:35 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.5	49748	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-20 22:14:35 UTC	192	OUT	GET /rules/rule120623v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-20 22:14:35 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 20 Oct 2024 22:14:35 GMT Content-Type: text/xml Content-Length: 464 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97FB6C3C" x-ms-request-id: ec40f21c-901e-0067-494d-22b5cb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241020T221435Z-16c4998b89bxnvn4z8bkannvtn000000022g00000000sk3y x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-20 22:14:35 UTC	464	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.5	49747	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-20 22:14:35 UTC	192	OUT	GET /rules/rule120622v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-20 22:14:35 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 20 Oct 2024 22:14:35 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8CEAC16" x-ms-request-id: 4cd68789-d01e-0017-448e-21b035000000 x-ms-version: 2018-03-28 x-azure-ref: 20241020T221435Z-16c4998b89bddwz8qtftvr08un000000022g0000000174fg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-20 22:14:35 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.5	49749	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-20 22:14:35 UTC	192	OUT	GET /rules/rule120624v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-20 22:14:35 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 20 Oct 2024 22:14:35 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB7010D66" x-ms-request-id: 968807c2-e01e-0052-0805-22d9df000000 x-ms-version: 2018-03-28 x-azure-ref: 20241020T221435Z-16c4998b89bwzp5s8232wk5p1g000000021g00000000h480 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-20 22:14:35 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.5	49752	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-20 22:14:36 UTC	192	OUT	GET /rules/rule120627v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-20 22:14:36 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 20 Oct 2024 22:14:36 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT ETag: "0x8DC582B9E8EE0F3" x-ms-request-id: bb725c57-501e-005b-0eab-21d7f7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241020T221436Z-16c4998b89bdss8hhmumwy6p400000000230000000008abf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-20 22:14:36 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.5	49750	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-20 22:14:36 UTC	192	OUT	GET /rules/rule120625v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-20 22:14:36 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 20 Oct 2024 22:14:36 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT ETag: "0x8DC582B9748630E" x-ms-request-id: ab91094f-501e-008f-72f7-219054000000 x-ms-version: 2018-03-28 x-azure-ref: 20241020T221436Z-16c4998b89b2rv6lm167hd6wr8000000024000000000y5cb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-20 22:14:36 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.5	49753	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-20 22:14:36 UTC	192	OUT	GET /rules/rule120628v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-20 22:14:36 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 20 Oct 2024 22:14:36 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C8E04C8" x-ms-request-id: 00f7314e-e01e-0052-48ac-21d9df000000 x-ms-version: 2018-03-28 x-azure-ref: 20241020T221436Z-16c4998b89b9t5hpmps51cqdcs00000001z000000000ex3k x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-20 22:14:36 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.5	49751	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-20 22:14:36 UTC	192	OUT	GET /rules/rule120626v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-20 22:14:36 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 20 Oct 2024 22:14:36 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DACDF62" x-ms-request-id: fc96bee5-501e-00a3-3f0b-22c0f2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241020T221436Z-16c4998b89bxnvn4z8bkannvtn00000001zg000000015v6n x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-20 22:14:36 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.5	49754	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-20 22:14:36 UTC	192	OUT	GET /rules/rule120629v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-20 22:14:36 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 20 Oct 2024 22:14:36 GMT Content-Type: text/xml Content-Length: 428 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC4F34CA" x-ms-request-id: 393bb9bf-001e-0028-2805-22c49f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241020T221436Z-16c4998b89bgwq87xczx5msh6c000000024g00000000bxh8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-20 22:14:36 UTC	428	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.5	49755	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-20 22:14:37 UTC	192	OUT	GET /rules/rule120630v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-20 22:14:37 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 20 Oct 2024 22:14:37 GMT Content-Type: text/xml Content-Length: 499 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT ETag: "0x8DC582B98CEC9F6" x-ms-request-id: 6ff76e76-001e-002b-21c5-2099f2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241020T221437Z-16c4998b89b528g2b5wgcgb9yn0000000220000000001144 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-20 22:14:37 UTC	499	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.5	49757	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-20 22:14:37 UTC	192	OUT	GET /rules/rule120632v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-20 22:14:37 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 20 Oct 2024 22:14:37 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5815C4C" x-ms-request-id: 1290ce53-d01e-002b-7905-2225fb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241020T221437Z-16c4998b89bndv2cxzkwx191ww000000022g000000014f84 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-20 22:14:37 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.5	49756	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-20 22:14:37 UTC	192	OUT	GET /rules/rule120631v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-20 22:14:37 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 20 Oct 2024 22:14:37 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B988EBD12" x-ms-request-id: 3cf1b782-701e-0001-32e5-21b110000000 x-ms-version: 2018-03-28 x-azure-ref: 20241020T221437Z-16c4998b89bsd955kt41610a8000000001z0000000005x8h x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-20 22:14:37 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.5	49758	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-20 22:14:37 UTC	192	OUT	GET /rules/rule120633v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-20 22:14:37 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 20 Oct 2024 22:14:37 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB32BB5CB" x-ms-request-id: 26284338-e01e-0052-664d-22d9df000000 x-ms-version: 2018-03-28 x-azure-ref: 20241020T221437Z-16c4998b89bgwq87xczx5msh6c0000000260000000006gf9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-20 22:14:37 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.5	49759	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-20 22:14:37 UTC	192	OUT	GET /rules/rule120634v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 2724, Parent PID: 5552

General

Target ID:	0
Start time:	18:14:10
Start date:	20/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3172, Parent PID: 2724

General

Target ID:	2
Start time:	18:14:14
Start date:	20/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1968,i,3363833138248607142,12035694525606281563,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 5292, Parent PID: 5552

General

Target ID:	3
Start time:	18:14:17
Start date:	20/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://dcdemocraticparty.org/"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://dcdemocraticparty.org/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Errors

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 2724, Parent PID: 5552

General

Chronological Activities

Analysis Process: chrome.exePID: 3172, Parent PID: 2724

General

Chronological Activities

Analysis Process: chrome.exePID: 5292, Parent PID: 5552

General

Chronological Activities

Windows Analysis Report
https://dcdemocraticparty.org/