Edit tour

Windows Analysis Report
https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiHjX8DoCw-2F6wUeQ27RvG2-2F-2FyOCUgAe-2BapJJCrwiDoubXwxmIHQZ2do2nzugRpbj8sUIyYzpDanWvq7P7z1EpKTPjZaQ17RfT2I6bffLl1cUmW6IXY8sBm4hS0cPKlWgRuxqGjwy0qdMIj2uo7RKLVPTc5m88FmikypbWSgrztyTuYtBQPwWw3ebheZakxyc7FFr5S44Hw9

Overview

General Information

Sample URL:	https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiHjX8DoCw-2F6wUeQ27RvG2-2F-2FyOCUgAe-2BapJJCrwiDoubXwxmIHQZ2do2nzugRpbj8sUIyYzpDanWvq7P7z1EpKTPjZaQ17RfT2I6bff
Analysis ID:	1541191
Infos:

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Detected non-DNS traffic on DNS port

Detected suspicious crossdomain redirect

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

chrome.exe (PID: 3320 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 5620 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1936,i,17094413292302700489,7076371066922537553,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 4776 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiHjX8DoCw-2F6wUeQ27RvG2-2F-2FyOCUgAe-2BapJJCrwiDoubXwxmIHQZ2do2nzugRpbj8sUIyYzpDanWvq7P7z1EpKTPjZaQ17RfT2I6bffLl1cUmW6IXY8sBm4hS0cPKlWgRuxqGjwy0qdMIj2uo7RKLVPTc5m88FmikypbWSgrztyTuYtBQPwWw3ebheZakxyc7FFr5S44Hw9rLCjHUvOPofo9kbFG_yCuTUfPY6UB7yZ5VxhRUVVgisgV7CtFVrxjgs1Dx8NjmnyzpnSVIv-2F-2B-2B7j2fu-2FYCagNFZJHRH19RPwY10f0pPoVHgwnfCVfMYlFqMrHnUU6GAuAouzjqh20ONbYN2VfftLDjoqAJGBN2kft-2Bv04fAoIy3MzG3kdrru9Yvxu0ygDfWuzlgjcvrxqBlkV4BY2mkCzwA5jBN5rjxz-2F-2BsyMnQfHWkNxjMIZv6IBWkL8j0xWgvEID-2F-2FdgkC79m6T4CLF4Ru4slCqOKEuK45ntF4FGnfu-2BxNk2Yj1VxgsHmsl4jo7NJJbvAyMZAVVI0boEhoqSUrvJbAEVFWFdB3lpZlsfcw-3D-3D" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

OUTLOOK.EXE (PID: 6432 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /ical "C:\Users\user\Downloads\EventCalendarServlet.ics" MD5: 91A5292942864110ED734005B7E005C0)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknown

HTTPS traffic detected: 23.206.229.209:443 -> 192.168.2.9:49720 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.9:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.9:59895 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.9:59898 version: TLS 1.2

Source: global traffic

TCP traffic: 192.168.2.9:59893 -> 162.159.36.2:53

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

HTTP traffic: Redirect from: email.sg.on24event.com to https://event.on24.com/eventregistration/eventcalendarservlet.ics?token=kftt50zsj17t2p9m38%2fn8wkm3iwib%2bqqrdfa4nwk4u3u0lazoob6jrby7waexx8g668bxath15qd32xtlryyow%3d%3d

Source: unknown

HTTPS traffic detected: 23.206.229.209:443 -> 192.168.2.9:49720 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.11
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56

Source: global traffic	HTTP traffic detected: GET /ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiHjX8DoCw-2F6wUeQ27RvG2-2F-2FyOCUgAe-2BapJJCrwiDoubXwxmIHQZ2do2nzugRpbj8sUIyYzpDanWvq7P7z1EpKTPjZaQ17RfT2I6bffLl1cUmW6IXY8sBm4hS0cPKlWgRuxqGjwy0qdMIj2uo7RKLVPTc5m88FmikypbWSgrztyTuYtBQPwWw3ebheZakxyc7FFr5S44Hw9rLCjHUvOPofo9kbFG_yCuTUfPY6UB7yZ5VxhRUVVgisgV7CtFVrxjgs1Dx8NjmnyzpnSVIv-2F-2B-2B7j2fu-2FYCagNFZJHRH19RPwY10f0pPoVHgwnfCVfMYlFqMrHnUU6GAuAouzjqh20ONbYN2VfftLDjoqAJGBN2kft-2Bv04fAoIy3MzG3kdrru9Yvxu0ygDfWuzlgjcvrxqBlkV4BY2mkCzwA5jBN5rjxz-2F-2BsyMnQfHWkNxjMIZv6IBWkL8j0xWgvEID-2F-2FdgkC79m6T4CLF4Ru4slCqOKEuK45ntF4FGnfu-2BxNk2Yj1VxgsHmsl4jo7NJJbvAyMZAVVI0boEhoqSUrvJbAEVFWFdB3lpZlsfcw-3D-3D HTTP/1.1Host: email.sg.on24event.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /eventRegistration/EventCalendarServlet.ics?token=kFTT50zSJ17t2P9m38%2FN8wKm3IwiB%2BqqrDFA4nWK4U3U0lAzoOb6Jrby7waexx8G668BXath15Qd32XtlryYow%3D%3D HTTP/1.1Host: event.on24.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=CPtZpdrxCupbKwW&MD=Rc5Ru4Zk HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=CPtZpdrxCupbKwW&MD=Rc5Ru4Zk HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net

Source: global traffic	DNS traffic detected: DNS query: email.sg.on24event.com
Source: global traffic	DNS traffic detected: DNS query: event.on24.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown

HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHContent-type: text/xmlX-Agent-DeviceId: 01000A4109008071X-BM-CBT: 1696497265X-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 60X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Device-ClientSession: 3967AB70E8E74431908B580AED7E67B3X-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A4109008071X-MSEdge-ExternalExp: bfbwsbghf928t,bfbwsbrs0830tf,d-thshldspcl40,fliptrac6,optfsc,spofglclickserpf2,wsbqfasmsall_t,wsbqfminiserp600,wsbref-cX-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=0; DaylightBias=-60; TimeZoneKeyName=GMT Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comContent-Length: 516Connection: Keep-AliveCache-Control: no-cacheCookie: SRCHUID=V=2&GUID=507B984BF29F418EA13B8912FCE289B0&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231005; SRCHHPGUSR=SRCHLANG=en&LUT=1696497029183&IPMH=5c67ba25&IPMID=1696497265539&HV=1696497179; MUID=531305E83CE64DE088676FE94B9682C4; _SS=SID=3314E043C3866D730FEDF3E2C2436C30&CPID=1696497266478&AC=1&CPH=c11e7441; _EDGE_S=SID=3314E043C3866D730FEDF3E2C2436C30; MUIDB=531305E83CE64DE088676FE94B9682C4

Source: chromecache_61.1.dr, 097ea4c4-1015-45b1-b3db-829d6f27e0bd.tmp.0.dr	String found in binary or memory: http://event.on24.com/utils/test/testYourSystem.html?eventid=4722034&sessionid=1&key=261F9AAF3C393FC
Source: chromecache_61.1.dr, 097ea4c4-1015-45b1-b3db-829d6f27e0bd.tmp.0.dr	String found in binary or memory: https://event.on24.com/wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1

Source: unknown	Network traffic detected: HTTP traffic on port 59949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59942
Source: unknown	Network traffic detected: HTTP traffic on port 59898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59945
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59944
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59950
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59951
Source: unknown	Network traffic detected: HTTP traffic on port 59929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59969 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59958
Source: unknown	Network traffic detected: HTTP traffic on port 59952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59957
Source: unknown	Network traffic detected: HTTP traffic on port 59917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59956
Source: unknown	Network traffic detected: HTTP traffic on port 59895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59960
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59962
Source: unknown	Network traffic detected: HTTP traffic on port 59938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 59947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59969
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59968
Source: unknown	Network traffic detected: HTTP traffic on port 59930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59914 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59972
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59971
Source: unknown	Network traffic detected: HTTP traffic on port 59908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59974
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59973
Source: unknown	Network traffic detected: HTTP traffic on port 59956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59970
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 59927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59925 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59976
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59975
Source: unknown	Network traffic detected: HTTP traffic on port 59936 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 59922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59907
Source: unknown	Network traffic detected: HTTP traffic on port 59968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59906
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59909
Source: unknown	Network traffic detected: HTTP traffic on port 59945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59908
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59903
Source: unknown	Network traffic detected: HTTP traffic on port 59916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59902
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59905
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59904
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59901
Source: unknown	Network traffic detected: HTTP traffic on port 59954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59918
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59917
Source: unknown	Network traffic detected: HTTP traffic on port 59948 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59919
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59914
Source: unknown	Network traffic detected: HTTP traffic on port 59965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59913
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59916
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59915
Source: unknown	Network traffic detected: HTTP traffic on port 59931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59910
Source: unknown	Network traffic detected: HTTP traffic on port 59913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59912
Source: unknown	Network traffic detected: HTTP traffic on port 59934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59959 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59929
Source: unknown	Network traffic detected: HTTP traffic on port 59918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59928
Source: unknown	Network traffic detected: HTTP traffic on port 59943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59925
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59924
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59927
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59926
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59921
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59920
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59923
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59922
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59895
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59930
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59897
Source: unknown	Network traffic detected: HTTP traffic on port 59937 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59939
Source: unknown	Network traffic detected: HTTP traffic on port 59946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59971 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59936
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59935
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59938
Source: unknown	Network traffic detected: HTTP traffic on port 59915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59937
Source: unknown	Network traffic detected: HTTP traffic on port 59897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59932
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59931
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59933
Source: unknown	Network traffic detected: HTTP traffic on port 59909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59960 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59941
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59940
Source: unknown	Network traffic detected: HTTP traffic on port 59932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59901 -> 443

Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.9:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.9:59895 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.9:59898 version: TLS 1.2

Source: classification engine

Classification label: clean2.win@18/12@6/6

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\AppData\Local\Temp\Outlook Logging\

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1936,i,17094413292302700489,7076371066922537553,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiHjX8DoCw-2F6wUeQ27RvG2-2F-2FyOCUgAe-2BapJJCrwiDoubXwxmIHQZ2do2nzugRpbj8sUIyYzpDanWvq7P7z1EpKTPjZaQ17RfT2I6bffLl1cUmW6IXY8sBm4hS0cPKlWgRuxqGjwy0qdMIj2uo7RKLVPTc5m88FmikypbWSgrztyTuYtBQPwWw3ebheZakxyc7FFr5S44Hw9rLCjHUvOPofo9kbFG_yCuTUfPY6UB7yZ5VxhRUVVgisgV7CtFVrxjgs1Dx8NjmnyzpnSVIv-2F-2B-2B7j2fu-2FYCagNFZJHRH19RPwY10f0pPoVHgwnfCVfMYlFqMrHnUU6GAuAouzjqh20ONbYN2VfftLDjoqAJGBN2kft-2Bv04fAoIy3MzG3kdrru9Yvxu0ygDfWuzlgjcvrxqBlkV4BY2mkCzwA5jBN5rjxz-2F-2BsyMnQfHWkNxjMIZv6IBWkL8j0xWgvEID-2F-2FdgkC79m6T4CLF4Ru4slCqOKEuK45ntF4FGnfu-2BxNk2Yj1VxgsHmsl4jo7NJJbvAyMZAVVI0boEhoqSUrvJbAEVFWFdB3lpZlsfcw-3D-3D"
Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /ical "C:\Users\user\Downloads\EventCalendarServlet.ics"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1936,i,17094413292302700489,7076371066922537553,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false	unknown
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true	false	unknown
www.google.com	142.250.185.164	true	false	unknown
r-email.sg.on24event.com	199.83.44.68	true	false	unknown
r-event.on24.com	199.83.44.71	true	false	unknown
event.on24.com	unknown	unknown	false	unknown
email.sg.on24event.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://event.on24.com/eventRegistration/EventCalendarServlet.ics?token=kFTT50zSJ17t2P9m38%2FN8wKm3IwiB%2BqqrDFA4nWK4U3U0lAzoOb6Jrby7waexx8G668BXath15Qd32XtlryYow%3D%3D	false		unknown
https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiHjX8DoCw-2F6wUeQ27RvG2-2F-2FyOCUgAe-2BapJJCrwiDoubXwxmIHQZ2do2nzugRpbj8sUIyYzpDanWvq7P7z1EpKTPjZaQ17RfT2I6bffLl1cUmW6IXY8sBm4hS0cPKlWgRuxqGjwy0qdMIj2uo7RKLVPTc5m88FmikypbWSgrztyTuYtBQPwWw3ebheZakxyc7FFr5S44Hw9rLCjHUvOPofo9kbFG_yCuTUfPY6UB7yZ5VxhRUVVgisgV7CtFVrxjgs1Dx8NjmnyzpnSVIv-2F-2B-2B7j2fu-2FYCagNFZJHRH19RPwY10f0pPoVHgwnfCVfMYlFqMrHnUU6GAuAouzjqh20ONbYN2VfftLDjoqAJGBN2kft-2Bv04fAoIy3MzG3kdrru9Yvxu0ygDfWuzlgjcvrxqBlkV4BY2mkCzwA5jBN5rjxz-2F-2BsyMnQfHWkNxjMIZv6IBWkL8j0xWgvEID-2F-2FdgkC79m6T4CLF4Ru4slCqOKEuK45ntF4FGnfu-2BxNk2Yj1VxgsHmsl4jo7NJJbvAyMZAVVI0boEhoqSUrvJbAEVFWFdB3lpZlsfcw-3D-3D	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://event.on24.com/utils/test/testYourSystem.html?eventid=4722034&sessionid=1&key=261F9AAF3C393FC	chromecache_61.1.dr, 097ea4c4-1015-45b1-b3db-829d6f27e0bd.tmp.0.dr	false		unknown
https://event.on24.com/wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1	chromecache_61.1.dr, 097ea4c4-1015-45b1-b3db-829d6f27e0bd.tmp.0.dr	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
199.83.44.71	r-event.on24.com	United States	18742	ON24-SACUS	false
142.250.185.164	www.google.com	United States	15169	GOOGLEUS	false
199.83.44.68	r-email.sg.on24event.com	United States	18742	ON24-SACUS	false

Private

IP
192.168.2.16
192.168.2.9

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1541191
Start date and time:	2024-10-24 15:05:44 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 25s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiHjX8DoCw-2F6wUeQ27RvG2-2F-2FyOCUgAe-2BapJJCrwiDoubXwxmIHQZ2do2nzugRpbj8sUIyYzpDanWvq7P7z1EpKTPjZaQ17RfT2I6bffLl1cUmW6IXY8sBm4hS0cPKlWgRuxqGjwy0qdMIj2uo7RKLVPTc5m88FmikypbWSgrztyTuYtBQPwWw3ebheZakxyc7FFr5S44Hw9rLCjHUvOPofo9kbFG_yCuTUfPY6UB7yZ5VxhRUVVgisgV7CtFVrxjgs1Dx8NjmnyzpnSVIv-2F-2B-2B7j2fu-2FYCagNFZJHRH19RPwY10f0pPoVHgwnfCVfMYlFqMrHnUU6GAuAouzjqh20ONbYN2VfftLDjoqAJGBN2kft-2Bv04fAoIy3MzG3kdrru9Yvxu0ygDfWuzlgjcvrxqBlkV4BY2mkCzwA5jBN5rjxz-2F-2BsyMnQfHWkNxjMIZv6IBWkL8j0xWgvEID-2F-2FdgkC79m6T4CLF4Ru4slCqOKEuK45ntF4FGnfu-2BxNk2Yj1VxgsHmsl4jo7NJJbvAyMZAVVI0boEhoqSUrvJbAEVFWFdB3lpZlsfcw-3D-3D
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean2.win@18/12@6/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.67, 142.250.185.142, 173.194.76.84, 34.104.35.123, 192.229.221.95, 199.232.210.172, 13.85.23.206, 13.95.31.18, 142.250.181.227, 93.184.221.240
Excluded domains from analysis (whitelisted): accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, otelrules.azureedge.net, 7.4.8.4.4.3.1.4.0.0.0.0.0.0.0.0.0.0.0.a.0.0.1.f.1.1.1.0.1.0.a.2.ip6.arpa, otelrules.afd.azureedge.net, wu.ec.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, glb.cws.prod.dcat.dsp.trafficmanager.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, update.googleapis.com, hlb.apr-52dd2-0.edgecastdns.net, azureedge-t-prod.trafficmanager.net, clients.l.google.com, wu-b-net.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiHjX8DoCw-2F6wUeQ27RvG2-2F-2FyOCUgAe-2BapJJCrwiDoubXwxmIHQZ2do2nzugRpbj8sUIyYzpDanWvq7P7z1EpKTPjZaQ17RfT2I6bffLl1cUmW6IXY8sBm4hS0cPKlWgRuxqGjwy0qdMIj2uo7RKLVPTc5m88FmikypbWSgrztyTuYtBQPwWw3ebheZakxyc7FFr5S44Hw9rLCjHUvOPofo9kbFG_yCuTUfPY6UB7yZ5VxhRUVVgisgV7CtFVrxjgs1Dx8NjmnyzpnSVIv-2F-2B-2B7j2fu-2FYCagNFZJHRH19RPwY10f0pPoVHgwnfCVfMYlFqMrHnUU6GAuAouzjqh20ONbYN2VfftLDjoqAJGBN2kft-2Bv04fAoIy3MzG3kdrru9Yvxu0ygDfWuzlgjcvrxqBlkV4BY2mkCzwA5jBN5rjxz-2F-2BsyMnQfHWkNxjMIZv6IBWkL8j0xWgvEID-2F-2FdgkC79m6T4CLF4Ru4slCqOKEuK45ntF4FGnfu-2BxNk2Yj1VxgsHmsl4jo7NJJbvAyMZAVVI0boEhoqSUrvJbAEVFWFdB3lpZlsfcw-3D-3D

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:	data
Category:	dropped
Size (bytes):	4096
Entropy (8bit):	1.2553565515864111
Encrypted:	false
SSDEEP:	12:nwPqF69Fq5T7NslPlaMsQ11xwpTSAljlaVZ:wP1X9la4Hx8TS2lO
MD5:	3C1CD28788D880E96BA19CE5EB6C2D6F
SHA1:	46FE8D6635508D9A9FD3F12F5BB0B09CF773132C
SHA-256:	90F3E4512757A714472E9B159B3EF9EEC6A7EF629AB4B7E8126334CFC9096E8F
SHA-512:	83721CEC4604504AE51B8ECF38A552EFE22924CE602D6F9473354A30B366CFF25DA636AC49275CF5F97EF548C9B3B9FF1A87BE2AA04777B4BFA15D60A248FE3C
Malicious:	false
Reputation:	low
Preview:	............................................................................`....... ....j...&..................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1...........................................................`..b............j...&..........v.2._.O.U.T.L.O.O.K.:.1.9.2.0.:.2.0.e.c.7.5.9.b.0.4.0.f.4.4.2.7.a.a.6.8.5.3.b.3.6.a.4.1.3.0.0.0...C.:.\.U.s.e.r.s.\.t.i.n.a.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.1.0.2.4.T.0.9.0.8.1.4.0.1.6.5.-.6.4.3.2...e.t.l.......P.P..... ....j...&..........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 12:06:59 2024, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.979197002739469
Encrypted:	false
SSDEEP:	48:8tdQT8JHTidAKZdA1P4ehwiZUklqehqy+3:8wIHOpy
MD5:	2C876B789E4B9760BDA9CFE4E60B1F26
SHA1:	13EB433769F99AC847A8B88C570A8AB43906CB6E
SHA-256:	10F0385467EB57EA558398923DEFEC7C65972586E3AB90A21F6D29AF0BFB5CB8
SHA-512:	31707B2DE4B4A6921D1A63EF0F3B58C0520002A993DAD27337F0BB497E5C91BDF9EF7128C77B8E356624E79EC3955D99E63378CC53CE4C826386CD6C7FFE8FCA
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....0~K..&....v'&... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW.I..PROGRA~1..t......O.IXY.h....B...............J.....\...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VXY.h....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.F..Chrome..>......CW.VXY.h....M......................O..C.h.r.o.m.e.....`.1.....EW.F..APPLIC~1..H......CW.VXY.h.............................A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.L .CHROME~1.EXE..R......CW.VXY.h...........................).c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Z.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 12:06:59 2024, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	3.996574736098408
Encrypted:	false
SSDEEP:	48:8mdQT8JHTidAKZdA1+4eh/iZUkAQkqehZy+2:8pIWF9QQy
MD5:	5C55C5A21D18CCC7AD1E3A41B68667DF
SHA1:	919E4DD7EF8EF9C47F83EDB81F01DF3AF098C9E1
SHA-256:	736F566547726B1A2286D1D22C68F97C57373B5EF927D57D2981551F07FF531C
SHA-512:	C355D1CA36066B6A0D1FAAF54F26CB3E8FB9E1D5748EDE737B0F6717C9CFD65FBEA9A44BEF99699A332732F6BE1113A033FDAD0968E9AFF0CDF03AFCBAED866E
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......3..&....v'&... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW.I..PROGRA~1..t......O.IXY.h....B...............J.....\...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VXY.h....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.F..Chrome..>......CW.VXY.h....M......................O..C.h.r.o.m.e.....`.1.....EW.F..APPLIC~1..H......CW.VXY.h.............................A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.L .CHROME~1.EXE..R......CW.VXY.h...........................).c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Z.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:56:51 2023, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.004840831397033
Encrypted:	false
SSDEEP:	48:8sdQT8VHTidAKZdA1404eh7sFiZUkmgqeh7sny+BX:8TIXIn1y
MD5:	AB21FC7EE8531C393E1165503E19A370
SHA1:	C8684A7540D6C0FCFB28D00AB46A171195AE91E7
SHA-256:	402F2E9F39FD8476EA9969E2B7DE4CF04F574DDC1947D54173D374139AB42356
SHA-512:	48634CAD132BD3D426F78FE9721D1ED7E299F963E4E6BEC94F5016C99F9FA173C23CB2DEA7B4871F9B9171F395D47C87AB8CBA5774639B81CD1AE18671C9C6D4
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....<}.i.....v'&... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW.I..PROGRA~1..t......O.IXY.h....B...............J.....\...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VXY.h....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.F..Chrome..>......CW.VXY.h....M......................O..C.h.r.o.m.e.....`.1.....EW.F..APPLIC~1..H......CW.VXY.h.............................A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.L .CHROME~1.EXE..R......CW.VEW.F...........................).c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Z.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 12:06:59 2024, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9935976351099995
Encrypted:	false
SSDEEP:	48:8XwdQT8JHTidAKZdA1p4ehDiZUkwqehNy+R:8XIh5/y
MD5:	C41039AFEFE9D4F8E1E6955B5D96AA38
SHA1:	5893D025962AABF9C59ACD003456AF02762A9F47
SHA-256:	A473DD05BF30DFD3A6A4F214D2EC5DAE7EE6C2451C21D9F3C5B6691572792471
SHA-512:	69442F55FB1912B3E563F954CCCDBC6404DF9AB790794E35B808A2A467C17597CC3D301FEEF19DE6F8C211EE5072DBDAD562B303C5EEE46E3F46A5FDB9AD53B0
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......,..&....v'&... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW.I..PROGRA~1..t......O.IXY.h....B...............J.....\...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VXY.h....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.F..Chrome..>......CW.VXY.h....M......................O..C.h.r.o.m.e.....`.1.....EW.F..APPLIC~1..H......CW.VXY.h.............................A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.L .CHROME~1.EXE..R......CW.VXY.h...........................).c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Z.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 12:06:59 2024, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9830920789440243
Encrypted:	false
SSDEEP:	48:8GdQT8JHTidAKZdA1X4ehBiZUk1W1qehDy+C:8JIfb9jy
MD5:	DF0F1F0662F607943BBE3E958E97A675
SHA1:	4B562DA612087369D88A53A23BA4A1C407D2C484
SHA-256:	42D926DED9409E8A74B9B51F23A34641756D7749E1073D5913E874A86EA586A9
SHA-512:	1B1C597E1BF22BAAE1587BF06669664D052F0A9B37F45B5A880A95C9FB89EC8852FE48982613BDC22E0DBACC153C7059FC892DB50EEBFDBBCF097E3A2BF0DBF7
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......:..&....v'&... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW.I..PROGRA~1..t......O.IXY.h....B...............J.....\...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VXY.h....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.F..Chrome..>......CW.VXY.h....M......................O..C.h.r.o.m.e.....`.1.....EW.F..APPLIC~1..H......CW.VXY.h.............................A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.L .CHROME~1.EXE..R......CW.VXY.h...........................).c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Z.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 12:06:59 2024, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.991503855729137
Encrypted:	false
SSDEEP:	48:8RPdQT8JHTidAKZdA1duTc4ehOuTbbiZUk5OjqehOuTb1y+yT+:8RGIoTcJTbxWOvTb1y7T
MD5:	0AD9EB407FD35AD9FA58EEB1FE6ADA37
SHA1:	DD85021DF07621D1C5D0970A82ECEA318E9906CC
SHA-256:	8DC014F7AA0A8B8F929BFCF905D39EAAE16F04696C8251281A48FFD9C2E52CB2
SHA-512:	2F5124C5DD6D35A6ACA395621EC140E3ECA81EF1B74C418403DA9A0ACBCCF408E8BEF407F7779CDEB16DD99B98E6828CAD3C73CF085B7F9DEDDD08684326024E
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....2...&....v'&... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW.I..PROGRA~1..t......O.IXY.h....B...............J.....\...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VXY.h....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.F..Chrome..>......CW.VXY.h....M......................O..C.h.r.o.m.e.....`.1.....EW.F..APPLIC~1..H......CW.VXY.h.............................A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.L .CHROME~1.EXE..R......CW.VXY.h...........................).c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Z.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\Downloads\097ea4c4-1015-45b1-b3db-829d6f27e0bd.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	vCalendar calendar file
Category:	dropped
Size (bytes):	1105
Entropy (8bit):	5.601905597557794
Encrypted:	false
SSDEEP:	24:ERV+vV+9f6g2rbMJ1SWj8jZOFEOGv13C6TuSLUJSdESJZLUcojQfNvnjP:ERWUf92rbesc0BOm13C675z7Hos9jP
MD5:	193B21152CC61C6E2475C38B2AFF669A
SHA1:	9E4381C5004704A2DF2A9C689D385D18E750D64D
SHA-256:	4F376E789585D64622AB840395AF141CD295C6C632D5E317BB499885FC44248D
SHA-512:	15E71697C2C2DA67256AA308FBCA0E9D1CA6FCB592D6EAEB6D80EB21587EE54B48460BBA3547D2D64AAD8DACA7231FCFFD067125F088B2CF46C890F30732E7E1
Malicious:	false
Reputation:	low
Preview:	BEGIN:VCALENDAR.PRODID:-//ON24 Corporation//ON24 Corporation//EN.VERSION:2.0.METHOD:PUBLISH.BEGIN:VEVENT.DTSTART:20241107T180000Z.DTEND:20241107T190000Z.LOCATION:Optum Webinar .TRANSP:OPAQUE.UID:39060177420241024T130700Z.DTSTAMP:20241024T130701Z.SUMMARY:Optum Payer Monthly PPS PRS Webinar.DESCRIPTION:Thank you for registering for Optum Payer Monthly PPS PRS Webinar. \n\nLIVE WEBINAR DATE: November 07, 2024 \nLIVE WEBINAR TIME: 01:00 PM EST \n\nUse the link below to enter the webinar up to 15 minutes before the start. \n\nWEBINAR LINK: https://event.on24.com/wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1 \n\n\nSYSTEM TEST: Test your computer to make sure you meet the minimum technical requirements. \nTest Your System: http://event.on24.com/utils/test/testYourSystem.html?eventid=4722034&sessionid=1&key=261F9AAF3C393FCA6149DB1F700CA1E1&checkBrowser=true&checkOS=true&checkBandwidth=true&checkCookie=true&ngwebcast=true&ngwebcast=true \n\n\nThank you and enjoy the webinar!.PRIORITY:5.CLA

C:\Users\user\Downloads\EventCalendarServlet.ics (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	vCalendar calendar file
Category:	dropped
Size (bytes):	1105
Entropy (8bit):	5.601905597557794
Encrypted:	false
SSDEEP:	24:ERV+vV+9f6g2rbMJ1SWj8jZOFEOGv13C6TuSLUJSdESJZLUcojQfNvnjP:ERWUf92rbesc0BOm13C675z7Hos9jP
MD5:	193B21152CC61C6E2475C38B2AFF669A
SHA1:	9E4381C5004704A2DF2A9C689D385D18E750D64D
SHA-256:	4F376E789585D64622AB840395AF141CD295C6C632D5E317BB499885FC44248D
SHA-512:	15E71697C2C2DA67256AA308FBCA0E9D1CA6FCB592D6EAEB6D80EB21587EE54B48460BBA3547D2D64AAD8DACA7231FCFFD067125F088B2CF46C890F30732E7E1
Malicious:	false
Reputation:	low
Preview:	BEGIN:VCALENDAR.PRODID:-//ON24 Corporation//ON24 Corporation//EN.VERSION:2.0.METHOD:PUBLISH.BEGIN:VEVENT.DTSTART:20241107T180000Z.DTEND:20241107T190000Z.LOCATION:Optum Webinar .TRANSP:OPAQUE.UID:39060177420241024T130700Z.DTSTAMP:20241024T130701Z.SUMMARY:Optum Payer Monthly PPS PRS Webinar.DESCRIPTION:Thank you for registering for Optum Payer Monthly PPS PRS Webinar. \n\nLIVE WEBINAR DATE: November 07, 2024 \nLIVE WEBINAR TIME: 01:00 PM EST \n\nUse the link below to enter the webinar up to 15 minutes before the start. \n\nWEBINAR LINK: https://event.on24.com/wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1 \n\n\nSYSTEM TEST: Test your computer to make sure you meet the minimum technical requirements. \nTest Your System: http://event.on24.com/utils/test/testYourSystem.html?eventid=4722034&sessionid=1&key=261F9AAF3C393FCA6149DB1F700CA1E1&checkBrowser=true&checkOS=true&checkBandwidth=true&checkCookie=true&ngwebcast=true&ngwebcast=true \n\n\nThank you and enjoy the webinar!.PRIORITY:5.CLA

C:\Users\user\Downloads\EventCalendarServlet.ics.crdownload (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	vCalendar calendar file
Category:	dropped
Size (bytes):	1105
Entropy (8bit):	5.601905597557794
Encrypted:	false
SSDEEP:	24:ERV+vV+9f6g2rbMJ1SWj8jZOFEOGv13C6TuSLUJSdESJZLUcojQfNvnjP:ERWUf92rbesc0BOm13C675z7Hos9jP
MD5:	193B21152CC61C6E2475C38B2AFF669A
SHA1:	9E4381C5004704A2DF2A9C689D385D18E750D64D
SHA-256:	4F376E789585D64622AB840395AF141CD295C6C632D5E317BB499885FC44248D
SHA-512:	15E71697C2C2DA67256AA308FBCA0E9D1CA6FCB592D6EAEB6D80EB21587EE54B48460BBA3547D2D64AAD8DACA7231FCFFD067125F088B2CF46C890F30732E7E1
Malicious:	false
Reputation:	low
Preview:	BEGIN:VCALENDAR.PRODID:-//ON24 Corporation//ON24 Corporation//EN.VERSION:2.0.METHOD:PUBLISH.BEGIN:VEVENT.DTSTART:20241107T180000Z.DTEND:20241107T190000Z.LOCATION:Optum Webinar .TRANSP:OPAQUE.UID:39060177420241024T130700Z.DTSTAMP:20241024T130701Z.SUMMARY:Optum Payer Monthly PPS PRS Webinar.DESCRIPTION:Thank you for registering for Optum Payer Monthly PPS PRS Webinar. \n\nLIVE WEBINAR DATE: November 07, 2024 \nLIVE WEBINAR TIME: 01:00 PM EST \n\nUse the link below to enter the webinar up to 15 minutes before the start. \n\nWEBINAR LINK: https://event.on24.com/wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1 \n\n\nSYSTEM TEST: Test your computer to make sure you meet the minimum technical requirements. \nTest Your System: http://event.on24.com/utils/test/testYourSystem.html?eventid=4722034&sessionid=1&key=261F9AAF3C393FCA6149DB1F700CA1E1&checkBrowser=true&checkOS=true&checkBandwidth=true&checkCookie=true&ngwebcast=true&ngwebcast=true \n\n\nThank you and enjoy the webinar!.PRIORITY:5.CLA

Chrome Cache Entry: 61

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	vCalendar calendar file
Category:	downloaded
Size (bytes):	1105
Entropy (8bit):	5.601905597557794
Encrypted:	false
SSDEEP:	24:ERV+vV+9f6g2rbMJ1SWj8jZOFEOGv13C6TuSLUJSdESJZLUcojQfNvnjP:ERWUf92rbesc0BOm13C675z7Hos9jP
MD5:	193B21152CC61C6E2475C38B2AFF669A
SHA1:	9E4381C5004704A2DF2A9C689D385D18E750D64D
SHA-256:	4F376E789585D64622AB840395AF141CD295C6C632D5E317BB499885FC44248D
SHA-512:	15E71697C2C2DA67256AA308FBCA0E9D1CA6FCB592D6EAEB6D80EB21587EE54B48460BBA3547D2D64AAD8DACA7231FCFFD067125F088B2CF46C890F30732E7E1
Malicious:	false
Reputation:	low
URL:	https://event.on24.com/eventRegistration/EventCalendarServlet.ics?token=kFTT50zSJ17t2P9m38%2FN8wKm3IwiB%2BqqrDFA4nWK4U3U0lAzoOb6Jrby7waexx8G668BXath15Qd32XtlryYow%3D%3D
Preview:	BEGIN:VCALENDAR.PRODID:-//ON24 Corporation//ON24 Corporation//EN.VERSION:2.0.METHOD:PUBLISH.BEGIN:VEVENT.DTSTART:20241107T180000Z.DTEND:20241107T190000Z.LOCATION:Optum Webinar .TRANSP:OPAQUE.UID:39060177420241024T130700Z.DTSTAMP:20241024T130701Z.SUMMARY:Optum Payer Monthly PPS PRS Webinar.DESCRIPTION:Thank you for registering for Optum Payer Monthly PPS PRS Webinar. \n\nLIVE WEBINAR DATE: November 07, 2024 \nLIVE WEBINAR TIME: 01:00 PM EST \n\nUse the link below to enter the webinar up to 15 minutes before the start. \n\nWEBINAR LINK: https://event.on24.com/wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1 \n\n\nSYSTEM TEST: Test your computer to make sure you meet the minimum technical requirements. \nTest Your System: http://event.on24.com/utils/test/testYourSystem.html?eventid=4722034&sessionid=1&key=261F9AAF3C393FCA6149DB1F700CA1E1&checkBrowser=true&checkOS=true&checkBandwidth=true&checkCookie=true&ngwebcast=true&ngwebcast=true \n\n\nThank you and enjoy the webinar!.PRIORITY:5.CLA

Static File Info

⊘No static file info

File Icon


Icon Hash:	00b29a8e86828200

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 24, 2024 15:06:45.436800957 CEST	49676	443	192.168.2.9	23.206.229.209
Oct 24, 2024 15:06:45.436924934 CEST	49675	443	192.168.2.9	23.206.229.209
Oct 24, 2024 15:06:45.468039036 CEST	49674	443	192.168.2.9	23.206.229.209
Oct 24, 2024 15:06:51.331382990 CEST	49677	443	192.168.2.9	20.189.173.11
Oct 24, 2024 15:06:55.089636087 CEST	49676	443	192.168.2.9	23.206.229.209
Oct 24, 2024 15:06:55.089663982 CEST	49675	443	192.168.2.9	23.206.229.209
Oct 24, 2024 15:06:55.089797974 CEST	49674	443	192.168.2.9	23.206.229.209
Oct 24, 2024 15:06:56.848407984 CEST	443	49704	23.206.229.209	192.168.2.9
Oct 24, 2024 15:06:56.848517895 CEST	49704	443	192.168.2.9	23.206.229.209
Oct 24, 2024 15:06:59.278163910 CEST	49713	443	192.168.2.9	199.83.44.68
Oct 24, 2024 15:06:59.278220892 CEST	443	49713	199.83.44.68	192.168.2.9
Oct 24, 2024 15:06:59.278297901 CEST	49713	443	192.168.2.9	199.83.44.68
Oct 24, 2024 15:06:59.278625011 CEST	49714	443	192.168.2.9	199.83.44.68
Oct 24, 2024 15:06:59.278671980 CEST	443	49714	199.83.44.68	192.168.2.9
Oct 24, 2024 15:06:59.278728962 CEST	49714	443	192.168.2.9	199.83.44.68
Oct 24, 2024 15:06:59.278842926 CEST	49713	443	192.168.2.9	199.83.44.68
Oct 24, 2024 15:06:59.278856039 CEST	443	49713	199.83.44.68	192.168.2.9
Oct 24, 2024 15:06:59.279026985 CEST	49714	443	192.168.2.9	199.83.44.68
Oct 24, 2024 15:06:59.279040098 CEST	443	49714	199.83.44.68	192.168.2.9
Oct 24, 2024 15:07:00.084569931 CEST	443	49714	199.83.44.68	192.168.2.9
Oct 24, 2024 15:07:00.085167885 CEST	49714	443	192.168.2.9	199.83.44.68
Oct 24, 2024 15:07:00.085189104 CEST	443	49714	199.83.44.68	192.168.2.9
Oct 24, 2024 15:07:00.086241007 CEST	443	49714	199.83.44.68	192.168.2.9
Oct 24, 2024 15:07:00.086319923 CEST	49714	443	192.168.2.9	199.83.44.68
Oct 24, 2024 15:07:00.087434053 CEST	49714	443	192.168.2.9	199.83.44.68
Oct 24, 2024 15:07:00.087496042 CEST	443	49714	199.83.44.68	192.168.2.9
Oct 24, 2024 15:07:00.087734938 CEST	49714	443	192.168.2.9	199.83.44.68
Oct 24, 2024 15:07:00.087742090 CEST	443	49714	199.83.44.68	192.168.2.9
Oct 24, 2024 15:07:00.090205908 CEST	443	49713	199.83.44.68	192.168.2.9
Oct 24, 2024 15:07:00.090403080 CEST	49713	443	192.168.2.9	199.83.44.68
Oct 24, 2024 15:07:00.090430975 CEST	443	49713	199.83.44.68	192.168.2.9
Oct 24, 2024 15:07:00.091712952 CEST	443	49713	199.83.44.68	192.168.2.9
Oct 24, 2024 15:07:00.091783047 CEST	49713	443	192.168.2.9	199.83.44.68
Oct 24, 2024 15:07:00.096339941 CEST	49713	443	192.168.2.9	199.83.44.68
Oct 24, 2024 15:07:00.096415043 CEST	443	49713	199.83.44.68	192.168.2.9
Oct 24, 2024 15:07:00.136614084 CEST	49714	443	192.168.2.9	199.83.44.68
Oct 24, 2024 15:07:00.136626005 CEST	49713	443	192.168.2.9	199.83.44.68
Oct 24, 2024 15:07:00.136663914 CEST	443	49713	199.83.44.68	192.168.2.9
Oct 24, 2024 15:07:00.183464050 CEST	49713	443	192.168.2.9	199.83.44.68
Oct 24, 2024 15:07:00.287029028 CEST	443	49714	199.83.44.68	192.168.2.9
Oct 24, 2024 15:07:00.287743092 CEST	49714	443	192.168.2.9	199.83.44.68
Oct 24, 2024 15:07:00.287771940 CEST	443	49714	199.83.44.68	192.168.2.9
Oct 24, 2024 15:07:00.287844896 CEST	49714	443	192.168.2.9	199.83.44.68
Oct 24, 2024 15:07:00.299249887 CEST	49716	443	192.168.2.9	199.83.44.71
Oct 24, 2024 15:07:00.299295902 CEST	443	49716	199.83.44.71	192.168.2.9
Oct 24, 2024 15:07:00.299374104 CEST	49716	443	192.168.2.9	199.83.44.71
Oct 24, 2024 15:07:00.299577951 CEST	49716	443	192.168.2.9	199.83.44.71
Oct 24, 2024 15:07:00.299592972 CEST	443	49716	199.83.44.71	192.168.2.9
Oct 24, 2024 15:07:00.944268942 CEST	443	49716	199.83.44.71	192.168.2.9
Oct 24, 2024 15:07:00.944880962 CEST	49716	443	192.168.2.9	199.83.44.71
Oct 24, 2024 15:07:00.944900036 CEST	443	49716	199.83.44.71	192.168.2.9
Oct 24, 2024 15:07:00.945939064 CEST	443	49716	199.83.44.71	192.168.2.9
Oct 24, 2024 15:07:00.946048975 CEST	49716	443	192.168.2.9	199.83.44.71
Oct 24, 2024 15:07:00.947359085 CEST	49716	443	192.168.2.9	199.83.44.71
Oct 24, 2024 15:07:00.947459936 CEST	443	49716	199.83.44.71	192.168.2.9
Oct 24, 2024 15:07:00.947582960 CEST	49716	443	192.168.2.9	199.83.44.71
Oct 24, 2024 15:07:00.947592020 CEST	443	49716	199.83.44.71	192.168.2.9
Oct 24, 2024 15:07:00.995949984 CEST	49716	443	192.168.2.9	199.83.44.71
Oct 24, 2024 15:07:01.191515923 CEST	443	49716	199.83.44.71	192.168.2.9
Oct 24, 2024 15:07:01.191606998 CEST	443	49716	199.83.44.71	192.168.2.9
Oct 24, 2024 15:07:01.191684008 CEST	49716	443	192.168.2.9	199.83.44.71
Oct 24, 2024 15:07:01.193367958 CEST	49716	443	192.168.2.9	199.83.44.71
Oct 24, 2024 15:07:01.193387985 CEST	443	49716	199.83.44.71	192.168.2.9
Oct 24, 2024 15:07:01.444864988 CEST	49717	443	192.168.2.9	142.250.185.164
Oct 24, 2024 15:07:01.444906950 CEST	443	49717	142.250.185.164	192.168.2.9
Oct 24, 2024 15:07:01.445072889 CEST	49717	443	192.168.2.9	142.250.185.164
Oct 24, 2024 15:07:01.445198059 CEST	49717	443	192.168.2.9	142.250.185.164
Oct 24, 2024 15:07:01.445209026 CEST	443	49717	142.250.185.164	192.168.2.9
Oct 24, 2024 15:07:02.313536882 CEST	443	49717	142.250.185.164	192.168.2.9
Oct 24, 2024 15:07:02.318434000 CEST	49717	443	192.168.2.9	142.250.185.164
Oct 24, 2024 15:07:02.318463087 CEST	443	49717	142.250.185.164	192.168.2.9
Oct 24, 2024 15:07:02.319770098 CEST	443	49717	142.250.185.164	192.168.2.9
Oct 24, 2024 15:07:02.319849014 CEST	49717	443	192.168.2.9	142.250.185.164
Oct 24, 2024 15:07:02.331480026 CEST	49717	443	192.168.2.9	142.250.185.164
Oct 24, 2024 15:07:02.331727028 CEST	443	49717	142.250.185.164	192.168.2.9
Oct 24, 2024 15:07:02.371922970 CEST	49717	443	192.168.2.9	142.250.185.164
Oct 24, 2024 15:07:02.371952057 CEST	443	49717	142.250.185.164	192.168.2.9
Oct 24, 2024 15:07:02.413412094 CEST	49717	443	192.168.2.9	142.250.185.164
Oct 24, 2024 15:07:06.013745070 CEST	49719	443	192.168.2.9	4.245.163.56
Oct 24, 2024 15:07:06.013786077 CEST	443	49719	4.245.163.56	192.168.2.9
Oct 24, 2024 15:07:06.013853073 CEST	49719	443	192.168.2.9	4.245.163.56
Oct 24, 2024 15:07:06.017288923 CEST	49719	443	192.168.2.9	4.245.163.56
Oct 24, 2024 15:07:06.017306089 CEST	443	49719	4.245.163.56	192.168.2.9
Oct 24, 2024 15:07:06.805947065 CEST	49704	443	192.168.2.9	23.206.229.209
Oct 24, 2024 15:07:06.806842089 CEST	49704	443	192.168.2.9	23.206.229.209
Oct 24, 2024 15:07:06.810787916 CEST	49720	443	192.168.2.9	23.206.229.209
Oct 24, 2024 15:07:06.810846090 CEST	443	49720	23.206.229.209	192.168.2.9
Oct 24, 2024 15:07:06.810925961 CEST	49720	443	192.168.2.9	23.206.229.209
Oct 24, 2024 15:07:06.811367035 CEST	443	49704	23.206.229.209	192.168.2.9
Oct 24, 2024 15:07:06.812211037 CEST	443	49704	23.206.229.209	192.168.2.9
Oct 24, 2024 15:07:06.813164949 CEST	49720	443	192.168.2.9	23.206.229.209
Oct 24, 2024 15:07:06.813175917 CEST	443	49720	23.206.229.209	192.168.2.9
Oct 24, 2024 15:07:07.111078978 CEST	443	49719	4.245.163.56	192.168.2.9
Oct 24, 2024 15:07:07.111202002 CEST	49719	443	192.168.2.9	4.245.163.56
Oct 24, 2024 15:07:07.128206015 CEST	49719	443	192.168.2.9	4.245.163.56
Oct 24, 2024 15:07:07.128233910 CEST	443	49719	4.245.163.56	192.168.2.9
Oct 24, 2024 15:07:07.128498077 CEST	443	49719	4.245.163.56	192.168.2.9
Oct 24, 2024 15:07:07.177762985 CEST	49719	443	192.168.2.9	4.245.163.56
Oct 24, 2024 15:07:07.484004974 CEST	443	49720	23.206.229.209	192.168.2.9
Oct 24, 2024 15:07:07.484088898 CEST	49720	443	192.168.2.9	23.206.229.209
Oct 24, 2024 15:07:07.503149986 CEST	49720	443	192.168.2.9	23.206.229.209
Oct 24, 2024 15:07:07.503180981 CEST	443	49720	23.206.229.209	192.168.2.9
Oct 24, 2024 15:07:07.504416943 CEST	443	49720	23.206.229.209	192.168.2.9
Oct 24, 2024 15:07:07.504488945 CEST	49720	443	192.168.2.9	23.206.229.209
Oct 24, 2024 15:07:07.505132914 CEST	49720	443	192.168.2.9	23.206.229.209
Oct 24, 2024 15:07:07.505196095 CEST	443	49720	23.206.229.209	192.168.2.9
Oct 24, 2024 15:07:07.505460024 CEST	49720	443	192.168.2.9	23.206.229.209
Oct 24, 2024 15:07:07.551332951 CEST	443	49720	23.206.229.209	192.168.2.9
Oct 24, 2024 15:07:07.758970022 CEST	443	49720	23.206.229.209	192.168.2.9
Oct 24, 2024 15:07:07.759030104 CEST	49720	443	192.168.2.9	23.206.229.209
Oct 24, 2024 15:07:07.759736061 CEST	443	49720	23.206.229.209	192.168.2.9
Oct 24, 2024 15:07:07.759804010 CEST	49720	443	192.168.2.9	23.206.229.209
Oct 24, 2024 15:07:07.759826899 CEST	443	49720	23.206.229.209	192.168.2.9
Oct 24, 2024 15:07:07.759875059 CEST	49720	443	192.168.2.9	23.206.229.209
Oct 24, 2024 15:07:08.067229986 CEST	49719	443	192.168.2.9	4.245.163.56
Oct 24, 2024 15:07:08.111335993 CEST	443	49719	4.245.163.56	192.168.2.9
Oct 24, 2024 15:07:08.429083109 CEST	443	49719	4.245.163.56	192.168.2.9
Oct 24, 2024 15:07:08.429111004 CEST	443	49719	4.245.163.56	192.168.2.9
Oct 24, 2024 15:07:08.429117918 CEST	443	49719	4.245.163.56	192.168.2.9
Oct 24, 2024 15:07:08.429127932 CEST	443	49719	4.245.163.56	192.168.2.9
Oct 24, 2024 15:07:08.429148912 CEST	443	49719	4.245.163.56	192.168.2.9
Oct 24, 2024 15:07:08.429341078 CEST	49719	443	192.168.2.9	4.245.163.56
Oct 24, 2024 15:07:08.429354906 CEST	443	49719	4.245.163.56	192.168.2.9
Oct 24, 2024 15:07:08.429366112 CEST	443	49719	4.245.163.56	192.168.2.9
Oct 24, 2024 15:07:08.429608107 CEST	49719	443	192.168.2.9	4.245.163.56
Oct 24, 2024 15:07:08.541606903 CEST	443	49719	4.245.163.56	192.168.2.9
Oct 24, 2024 15:07:08.541666985 CEST	443	49719	4.245.163.56	192.168.2.9
Oct 24, 2024 15:07:08.541723967 CEST	49719	443	192.168.2.9	4.245.163.56
Oct 24, 2024 15:07:09.063936949 CEST	49719	443	192.168.2.9	4.245.163.56
Oct 24, 2024 15:07:09.063936949 CEST	49719	443	192.168.2.9	4.245.163.56
Oct 24, 2024 15:07:09.063961983 CEST	443	49719	4.245.163.56	192.168.2.9
Oct 24, 2024 15:07:09.063973904 CEST	443	49719	4.245.163.56	192.168.2.9
Oct 24, 2024 15:07:12.333949089 CEST	443	49717	142.250.185.164	192.168.2.9
Oct 24, 2024 15:07:12.334017992 CEST	443	49717	142.250.185.164	192.168.2.9
Oct 24, 2024 15:07:12.334073067 CEST	49717	443	192.168.2.9	142.250.185.164
Oct 24, 2024 15:07:13.715063095 CEST	49717	443	192.168.2.9	142.250.185.164
Oct 24, 2024 15:07:13.715087891 CEST	443	49717	142.250.185.164	192.168.2.9
Oct 24, 2024 15:07:35.500432968 CEST	59893	53	192.168.2.9	162.159.36.2
Oct 24, 2024 15:07:35.505918980 CEST	53	59893	162.159.36.2	192.168.2.9
Oct 24, 2024 15:07:35.506004095 CEST	59893	53	192.168.2.9	162.159.36.2
Oct 24, 2024 15:07:35.506112099 CEST	59893	53	192.168.2.9	162.159.36.2
Oct 24, 2024 15:07:35.511424065 CEST	53	59893	162.159.36.2	192.168.2.9
Oct 24, 2024 15:07:36.111098051 CEST	53	59893	162.159.36.2	192.168.2.9
Oct 24, 2024 15:07:36.125813961 CEST	59893	53	192.168.2.9	162.159.36.2
Oct 24, 2024 15:07:36.131676912 CEST	53	59893	162.159.36.2	192.168.2.9
Oct 24, 2024 15:07:36.131733894 CEST	59893	53	192.168.2.9	162.159.36.2
Oct 24, 2024 15:07:36.516923904 CEST	59895	443	192.168.2.9	4.245.163.56
Oct 24, 2024 15:07:36.516961098 CEST	443	59895	4.245.163.56	192.168.2.9
Oct 24, 2024 15:07:36.517015934 CEST	59895	443	192.168.2.9	4.245.163.56
Oct 24, 2024 15:07:36.517554998 CEST	59895	443	192.168.2.9	4.245.163.56
Oct 24, 2024 15:07:36.517571926 CEST	443	59895	4.245.163.56	192.168.2.9
Oct 24, 2024 15:07:37.673362017 CEST	443	59895	4.245.163.56	192.168.2.9
Oct 24, 2024 15:07:37.673445940 CEST	59895	443	192.168.2.9	4.245.163.56
Oct 24, 2024 15:07:37.676603079 CEST	59895	443	192.168.2.9	4.245.163.56
Oct 24, 2024 15:07:37.676609993 CEST	443	59895	4.245.163.56	192.168.2.9
Oct 24, 2024 15:07:37.676922083 CEST	443	59895	4.245.163.56	192.168.2.9
Oct 24, 2024 15:07:37.681602001 CEST	59895	443	192.168.2.9	4.245.163.56
Oct 24, 2024 15:07:37.723334074 CEST	443	59895	4.245.163.56	192.168.2.9
Oct 24, 2024 15:07:38.043266058 CEST	443	59895	4.245.163.56	192.168.2.9
Oct 24, 2024 15:07:38.043306112 CEST	443	59895	4.245.163.56	192.168.2.9
Oct 24, 2024 15:07:38.043334007 CEST	443	59895	4.245.163.56	192.168.2.9
Oct 24, 2024 15:07:38.043387890 CEST	59895	443	192.168.2.9	4.245.163.56
Oct 24, 2024 15:07:38.043402910 CEST	443	59895	4.245.163.56	192.168.2.9
Oct 24, 2024 15:07:38.043437958 CEST	59895	443	192.168.2.9	4.245.163.56
Oct 24, 2024 15:07:38.043461084 CEST	59895	443	192.168.2.9	4.245.163.56
Oct 24, 2024 15:07:38.045126915 CEST	443	59895	4.245.163.56	192.168.2.9
Oct 24, 2024 15:07:38.045173883 CEST	443	59895	4.245.163.56	192.168.2.9
Oct 24, 2024 15:07:38.045226097 CEST	59895	443	192.168.2.9	4.245.163.56
Oct 24, 2024 15:07:38.045234919 CEST	443	59895	4.245.163.56	192.168.2.9
Oct 24, 2024 15:07:38.045284986 CEST	59895	443	192.168.2.9	4.245.163.56
Oct 24, 2024 15:07:38.047657967 CEST	59895	443	192.168.2.9	4.245.163.56
Oct 24, 2024 15:07:38.047667980 CEST	443	59895	4.245.163.56	192.168.2.9
Oct 24, 2024 15:07:38.047903061 CEST	443	59895	4.245.163.56	192.168.2.9
Oct 24, 2024 15:07:38.047918081 CEST	59895	443	192.168.2.9	4.245.163.56
Oct 24, 2024 15:07:38.047951937 CEST	443	59895	4.245.163.56	192.168.2.9
Oct 24, 2024 15:07:38.048001051 CEST	59895	443	192.168.2.9	4.245.163.56
Oct 24, 2024 15:07:45.148617029 CEST	49713	443	192.168.2.9	199.83.44.68
Oct 24, 2024 15:07:45.148632050 CEST	443	49713	199.83.44.68	192.168.2.9
Oct 24, 2024 15:08:01.567805052 CEST	49713	443	192.168.2.9	199.83.44.68
Oct 24, 2024 15:08:01.567907095 CEST	443	49713	199.83.44.68	192.168.2.9
Oct 24, 2024 15:08:01.568123102 CEST	59897	443	192.168.2.9	142.250.185.164
Oct 24, 2024 15:08:01.568129063 CEST	443	49713	199.83.44.68	192.168.2.9
Oct 24, 2024 15:08:01.568164110 CEST	443	59897	142.250.185.164	192.168.2.9
Oct 24, 2024 15:08:01.568232059 CEST	59897	443	192.168.2.9	142.250.185.164
Oct 24, 2024 15:08:01.569835901 CEST	49713	443	192.168.2.9	199.83.44.68
Oct 24, 2024 15:08:01.569835901 CEST	49713	443	192.168.2.9	199.83.44.68
Oct 24, 2024 15:08:01.573246956 CEST	59897	443	192.168.2.9	142.250.185.164
Oct 24, 2024 15:08:01.573260069 CEST	443	59897	142.250.185.164	192.168.2.9
Oct 24, 2024 15:08:02.437978983 CEST	443	59897	142.250.185.164	192.168.2.9
Oct 24, 2024 15:08:02.438376904 CEST	59897	443	192.168.2.9	142.250.185.164
Oct 24, 2024 15:08:02.438385963 CEST	443	59897	142.250.185.164	192.168.2.9
Oct 24, 2024 15:08:02.438733101 CEST	443	59897	142.250.185.164	192.168.2.9
Oct 24, 2024 15:08:02.439091921 CEST	59897	443	192.168.2.9	142.250.185.164
Oct 24, 2024 15:08:02.439160109 CEST	443	59897	142.250.185.164	192.168.2.9
Oct 24, 2024 15:08:02.482439041 CEST	59897	443	192.168.2.9	142.250.185.164
Oct 24, 2024 15:08:07.338828087 CEST	59898	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:07.338869095 CEST	443	59898	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:07.338951111 CEST	59898	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:07.339375019 CEST	59898	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:07.339385986 CEST	443	59898	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.076229095 CEST	443	59898	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.076304913 CEST	59898	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:08.078339100 CEST	59898	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:08.078349113 CEST	443	59898	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.078643084 CEST	443	59898	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.090050936 CEST	59898	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:08.131335020 CEST	443	59898	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.314330101 CEST	443	59898	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.314372063 CEST	443	59898	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.314407110 CEST	443	59898	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.314440012 CEST	59898	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:08.314464092 CEST	443	59898	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.314498901 CEST	59898	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:08.314517975 CEST	59898	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:08.336771965 CEST	443	59898	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.336807966 CEST	443	59898	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.336874962 CEST	59898	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:08.336893082 CEST	443	59898	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.337137938 CEST	59898	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:08.431885004 CEST	443	59898	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.431921959 CEST	443	59898	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.432044029 CEST	59898	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:08.432044029 CEST	59898	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:08.432064056 CEST	443	59898	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.432276011 CEST	59898	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:08.453218937 CEST	443	59898	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.453246117 CEST	443	59898	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.453648090 CEST	59898	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:08.453660965 CEST	443	59898	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.453856945 CEST	59898	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:08.454912901 CEST	443	59898	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.454937935 CEST	443	59898	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.455014944 CEST	59898	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:08.455014944 CEST	59898	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:08.455020905 CEST	443	59898	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.455374956 CEST	59898	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:08.456617117 CEST	443	59898	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.456634998 CEST	443	59898	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.456712961 CEST	59898	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:08.456718922 CEST	443	59898	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.456902981 CEST	59898	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:08.549395084 CEST	443	59898	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.549418926 CEST	443	59898	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.549732924 CEST	59898	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:08.549747944 CEST	443	59898	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.552968979 CEST	59898	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:08.570012093 CEST	443	59898	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.570033073 CEST	443	59898	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.570277929 CEST	59898	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:08.570286989 CEST	443	59898	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.570549965 CEST	59898	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:08.571228981 CEST	443	59898	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.571280956 CEST	443	59898	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.571367979 CEST	59898	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:08.571367979 CEST	59898	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:08.571376085 CEST	443	59898	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.572105885 CEST	443	59898	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.572124004 CEST	443	59898	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.572206974 CEST	59898	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:08.572206974 CEST	59898	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:08.572215080 CEST	443	59898	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.572360039 CEST	59898	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:08.573163986 CEST	443	59898	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.573179007 CEST	443	59898	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.573291063 CEST	59898	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:08.573297024 CEST	443	59898	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.573626041 CEST	59898	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:08.574717999 CEST	443	59898	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.574733019 CEST	443	59898	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.574891090 CEST	59898	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:08.574896097 CEST	443	59898	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.575653076 CEST	59898	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:08.575690031 CEST	443	59898	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.575706005 CEST	443	59898	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.575804949 CEST	59898	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:08.575804949 CEST	59898	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:08.575812101 CEST	443	59898	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.576076031 CEST	59898	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:08.665968895 CEST	443	59898	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.666102886 CEST	443	59898	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.666160107 CEST	59898	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:08.666786909 CEST	59898	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:08.667049885 CEST	59898	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:08.667049885 CEST	59898	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:08.667068958 CEST	443	59898	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.667081118 CEST	443	59898	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.720294952 CEST	59901	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:08.720350027 CEST	443	59901	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.720828056 CEST	59901	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:08.720835924 CEST	59902	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:08.720885038 CEST	443	59902	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.721167088 CEST	59902	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:08.723189116 CEST	59903	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:08.723212004 CEST	443	59903	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.723428965 CEST	59903	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:08.725182056 CEST	59905	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:08.725191116 CEST	59904	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:08.725209951 CEST	443	59905	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.725233078 CEST	443	59904	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.725578070 CEST	59905	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:08.725579977 CEST	59904	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:08.725584030 CEST	59901	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:08.725606918 CEST	443	59901	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.726953983 CEST	59905	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:08.726967096 CEST	443	59905	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.727070093 CEST	59904	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:08.727085114 CEST	443	59904	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.727384090 CEST	59902	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:08.727397919 CEST	59903	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:08.727410078 CEST	443	59902	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:08.727413893 CEST	443	59903	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:09.456609011 CEST	443	59901	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:09.457349062 CEST	59901	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:09.457374096 CEST	443	59901	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:09.459713936 CEST	59901	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:09.459729910 CEST	443	59901	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:09.470024109 CEST	443	59902	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:09.470347881 CEST	443	59905	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:09.470787048 CEST	59902	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:09.470789909 CEST	59905	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:09.470809937 CEST	443	59905	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:09.470812082 CEST	443	59902	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:09.471266031 CEST	59902	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:09.471271992 CEST	443	59902	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:09.471621037 CEST	59905	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:09.471626043 CEST	443	59905	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:09.472315073 CEST	443	59904	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:09.472656965 CEST	59904	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:09.472681999 CEST	443	59904	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:09.473316908 CEST	59904	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:09.473321915 CEST	443	59904	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:09.480093956 CEST	443	59903	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:09.480645895 CEST	59903	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:09.480664015 CEST	443	59903	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:09.481070042 CEST	59903	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:09.481076002 CEST	443	59903	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:09.587104082 CEST	443	59901	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:09.587250948 CEST	443	59901	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:09.587342978 CEST	59901	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:09.588713884 CEST	59901	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:09.588732004 CEST	443	59901	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:09.588793039 CEST	59901	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:09.588799953 CEST	443	59901	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:09.595161915 CEST	59906	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:09.595201969 CEST	443	59906	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:09.595274925 CEST	59906	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:09.595781088 CEST	59906	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:09.595793009 CEST	443	59906	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:09.601636887 CEST	443	59905	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:09.601933002 CEST	443	59905	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:09.601984978 CEST	59905	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:09.603352070 CEST	443	59902	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:09.603379011 CEST	443	59902	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:09.603516102 CEST	59902	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:09.603527069 CEST	443	59902	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:09.603583097 CEST	443	59902	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:09.603626966 CEST	59902	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:09.603626966 CEST	59902	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:09.603975058 CEST	59905	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:09.603992939 CEST	443	59905	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:09.604003906 CEST	59905	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:09.604011059 CEST	443	59905	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:09.604545116 CEST	443	59904	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:09.604572058 CEST	443	59904	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:09.604633093 CEST	59904	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:09.604643106 CEST	443	59904	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:09.604706049 CEST	443	59904	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:09.604846954 CEST	59904	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:09.607489109 CEST	59902	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:09.607501030 CEST	443	59902	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:09.608916044 CEST	59902	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:09.608922958 CEST	443	59902	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:09.610347986 CEST	59904	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:09.610362053 CEST	443	59904	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:09.612248898 CEST	443	59903	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:09.612274885 CEST	443	59903	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:09.612329960 CEST	59903	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:09.612353086 CEST	443	59903	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:09.612409115 CEST	59903	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:09.612449884 CEST	443	59903	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:09.612497091 CEST	443	59903	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:09.612700939 CEST	59903	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:09.617908955 CEST	59903	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:09.617908955 CEST	59903	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:09.617921114 CEST	443	59903	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:09.617928028 CEST	443	59903	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:09.628010988 CEST	59907	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:09.628041983 CEST	443	59907	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:09.628109932 CEST	59907	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:09.628909111 CEST	59907	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:09.628918886 CEST	443	59907	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:09.632442951 CEST	59908	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:09.632477999 CEST	443	59908	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:09.632541895 CEST	59908	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:09.632812977 CEST	59908	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:09.632826090 CEST	443	59908	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:09.633636951 CEST	59909	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:09.633661985 CEST	443	59909	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:09.633723021 CEST	59909	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:09.634073019 CEST	59910	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:09.634094954 CEST	443	59910	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:09.634185076 CEST	59910	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:09.634268999 CEST	59909	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:09.634288073 CEST	443	59909	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:09.634331942 CEST	59910	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:09.634342909 CEST	443	59910	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:10.321813107 CEST	443	59906	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:10.322534084 CEST	59906	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:10.322565079 CEST	443	59906	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:10.323121071 CEST	59906	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:10.323128939 CEST	443	59906	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:10.360121012 CEST	443	59907	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:10.360735893 CEST	59907	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:10.360760927 CEST	443	59907	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:10.361316919 CEST	59907	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:10.361323118 CEST	443	59907	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:10.380911112 CEST	443	59910	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:10.382246971 CEST	59910	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:10.382265091 CEST	443	59910	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:10.382551908 CEST	59910	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:10.382550001 CEST	443	59908	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:10.382559061 CEST	443	59910	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:10.383167982 CEST	59908	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:10.383191109 CEST	443	59908	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:10.383733034 CEST	59908	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:10.383738041 CEST	443	59908	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:10.387207031 CEST	443	59909	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:10.392869949 CEST	59909	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:10.392885923 CEST	443	59909	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:10.393426895 CEST	59909	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:10.393430948 CEST	443	59909	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:10.452821970 CEST	443	59906	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:10.452933073 CEST	443	59906	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:10.453165054 CEST	59906	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:10.453203917 CEST	59906	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:10.453221083 CEST	443	59906	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:10.453232050 CEST	59906	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:10.453238010 CEST	443	59906	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:10.456784964 CEST	59912	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:10.456819057 CEST	443	59912	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:10.456962109 CEST	59912	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:10.457123041 CEST	59912	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:10.457134008 CEST	443	59912	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:10.490876913 CEST	443	59907	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:10.490948915 CEST	443	59907	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:10.491126060 CEST	59907	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:10.491532087 CEST	59907	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:10.491552114 CEST	443	59907	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:10.491564989 CEST	59907	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:10.491570950 CEST	443	59907	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:10.495543003 CEST	59913	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:10.495583057 CEST	443	59913	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:10.495652914 CEST	59913	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:10.495822906 CEST	59913	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:10.495840073 CEST	443	59913	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:10.514673948 CEST	443	59908	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:10.514916897 CEST	443	59908	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:10.515064001 CEST	59908	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:10.515221119 CEST	59908	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:10.515221119 CEST	59908	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:10.515240908 CEST	443	59908	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:10.515244961 CEST	443	59908	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:10.518460989 CEST	59914	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:10.518495083 CEST	443	59914	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:10.518666029 CEST	59914	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:10.518821001 CEST	59914	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:10.518830061 CEST	443	59914	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:10.519054890 CEST	443	59909	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:10.519326925 CEST	443	59909	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:10.519399881 CEST	59909	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:10.519431114 CEST	59909	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:10.519448042 CEST	443	59909	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:10.519469023 CEST	59909	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:10.519474030 CEST	443	59909	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:10.522274971 CEST	59915	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:10.522313118 CEST	443	59915	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:10.522401094 CEST	59915	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:10.522569895 CEST	59915	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:10.522584915 CEST	443	59915	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:10.528450966 CEST	443	59910	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:10.528698921 CEST	443	59910	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:10.528817892 CEST	59910	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:10.528844118 CEST	59910	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:10.528844118 CEST	59910	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:10.528865099 CEST	443	59910	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:10.528875113 CEST	443	59910	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:10.532083035 CEST	59916	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:10.532121897 CEST	443	59916	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:10.532193899 CEST	59916	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:10.532360077 CEST	59916	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:10.532372952 CEST	443	59916	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:11.207344055 CEST	443	59912	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:11.207988024 CEST	59912	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:11.208014965 CEST	443	59912	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:11.209825039 CEST	59912	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:11.209835052 CEST	443	59912	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:11.227087975 CEST	443	59913	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:11.227794886 CEST	59913	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:11.227824926 CEST	443	59913	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:11.228359938 CEST	59913	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:11.228363991 CEST	443	59913	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:11.254165888 CEST	443	59915	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:11.255372047 CEST	59915	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:11.255398035 CEST	443	59915	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:11.256058931 CEST	59915	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:11.256066084 CEST	443	59915	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:11.259656906 CEST	443	59914	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:11.260252953 CEST	59914	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:11.260273933 CEST	443	59914	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:11.262818098 CEST	59914	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:11.262830019 CEST	443	59914	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:11.276118994 CEST	443	59916	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:11.291078091 CEST	59916	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:11.291105986 CEST	443	59916	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:11.291790009 CEST	59916	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:11.291795015 CEST	443	59916	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:11.340641022 CEST	443	59912	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:11.340924025 CEST	443	59912	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:11.341058016 CEST	59912	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:11.343216896 CEST	59912	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:11.343239069 CEST	443	59912	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:11.343287945 CEST	59912	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:11.343293905 CEST	443	59912	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:11.347291946 CEST	59917	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:11.347349882 CEST	443	59917	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:11.347527027 CEST	59917	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:11.347875118 CEST	59917	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:11.347887039 CEST	443	59917	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:11.356453896 CEST	443	59913	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:11.356643915 CEST	443	59913	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:11.356729031 CEST	59913	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:11.356853962 CEST	59913	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:11.356868029 CEST	443	59913	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:11.359864950 CEST	59918	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:11.359901905 CEST	443	59918	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:11.359975100 CEST	59918	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:11.360163927 CEST	59918	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:11.360176086 CEST	443	59918	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:11.383871078 CEST	443	59915	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:11.384587049 CEST	443	59915	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:11.384649992 CEST	59915	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:11.384742022 CEST	59915	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:11.384763002 CEST	443	59915	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:11.384776115 CEST	59915	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:11.384782076 CEST	443	59915	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:11.388866901 CEST	59919	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:11.388906002 CEST	443	59919	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:11.389364004 CEST	59919	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:11.389564037 CEST	59919	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:11.389569998 CEST	443	59919	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:11.394946098 CEST	443	59914	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:11.395136118 CEST	443	59914	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:11.395189047 CEST	59914	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:11.401348114 CEST	59914	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:11.401374102 CEST	443	59914	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:11.405534983 CEST	59920	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:11.405576944 CEST	443	59920	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:11.405895948 CEST	59920	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:11.406270027 CEST	59920	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:11.406284094 CEST	443	59920	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:11.419958115 CEST	443	59916	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:11.420022964 CEST	443	59916	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:11.420156956 CEST	59916	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:11.420288086 CEST	59916	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:11.420305967 CEST	443	59916	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:11.420315027 CEST	59916	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:11.420320988 CEST	443	59916	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:11.423494101 CEST	59921	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:11.423527002 CEST	443	59921	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:11.423666000 CEST	59921	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:11.423856974 CEST	59921	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:11.423865080 CEST	443	59921	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:12.076616049 CEST	443	59917	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:12.105818033 CEST	59917	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:12.105849981 CEST	443	59917	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:12.107948065 CEST	59917	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:12.107954979 CEST	443	59917	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:12.108623981 CEST	443	59918	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:12.108952045 CEST	59918	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:12.108967066 CEST	443	59918	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:12.109385967 CEST	59918	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:12.109390020 CEST	443	59918	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:12.123832941 CEST	443	59919	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:12.124758959 CEST	59919	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:12.124778032 CEST	443	59919	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:12.125475883 CEST	59919	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:12.125482082 CEST	443	59919	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:12.153199911 CEST	443	59920	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:12.154019117 CEST	59920	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:12.154052019 CEST	443	59920	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:12.154707909 CEST	59920	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:12.154731989 CEST	443	59920	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:12.170236111 CEST	443	59921	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:12.170897007 CEST	59921	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:12.170922995 CEST	443	59921	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:12.171634912 CEST	59921	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:12.171642065 CEST	443	59921	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:12.232340097 CEST	443	59917	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:12.232471943 CEST	443	59917	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:12.232577085 CEST	59917	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:12.232788086 CEST	59917	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:12.232800007 CEST	443	59917	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:12.238169909 CEST	59922	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:12.238214016 CEST	443	59922	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:12.238544941 CEST	59922	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:12.238838911 CEST	59922	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:12.238850117 CEST	443	59922	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:12.241442919 CEST	443	59918	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:12.241698980 CEST	443	59918	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:12.241758108 CEST	59918	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:12.241836071 CEST	59918	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:12.241847992 CEST	443	59918	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:12.241856098 CEST	59918	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:12.241861105 CEST	443	59918	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:12.246898890 CEST	59923	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:12.246929884 CEST	443	59923	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:12.246994019 CEST	59923	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:12.247231960 CEST	59923	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:12.247241974 CEST	443	59923	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:12.254692078 CEST	443	59919	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:12.254780054 CEST	443	59919	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:12.254873991 CEST	59919	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:12.255604982 CEST	59919	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:12.255614996 CEST	443	59919	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:12.255629063 CEST	59919	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:12.255634069 CEST	443	59919	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:12.261281967 CEST	59924	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:12.261306047 CEST	443	59924	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:12.261368036 CEST	59924	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:12.261584997 CEST	59924	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:12.261593103 CEST	443	59924	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:12.287159920 CEST	443	59920	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:12.287231922 CEST	443	59920	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:12.287328959 CEST	59920	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:12.288454056 CEST	59920	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:12.288469076 CEST	443	59920	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:12.293567896 CEST	59925	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:12.293606997 CEST	443	59925	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:12.293724060 CEST	59925	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:12.293987036 CEST	59925	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:12.293997049 CEST	443	59925	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:12.302553892 CEST	443	59921	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:12.302735090 CEST	443	59921	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:12.302860975 CEST	59921	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:12.302922010 CEST	59921	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:12.302937984 CEST	443	59921	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:12.302954912 CEST	59921	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:12.302961111 CEST	443	59921	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:12.308816910 CEST	59926	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:12.308857918 CEST	443	59926	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:12.308940887 CEST	59926	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:12.309166908 CEST	59926	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:12.309178114 CEST	443	59926	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:12.424314022 CEST	443	59897	142.250.185.164	192.168.2.9
Oct 24, 2024 15:08:12.424386024 CEST	443	59897	142.250.185.164	192.168.2.9
Oct 24, 2024 15:08:12.424489021 CEST	59897	443	192.168.2.9	142.250.185.164
Oct 24, 2024 15:08:12.968472958 CEST	443	59922	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:12.969418049 CEST	59922	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:12.969458103 CEST	443	59922	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:12.969955921 CEST	59922	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:12.969963074 CEST	443	59922	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:12.977798939 CEST	443	59923	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:12.978749990 CEST	59923	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:12.978761911 CEST	443	59923	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:12.979931116 CEST	59923	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:12.979942083 CEST	443	59923	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:12.991622925 CEST	443	59924	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:12.995445013 CEST	59924	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:12.995461941 CEST	443	59924	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:12.996391058 CEST	59924	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:12.996398926 CEST	443	59924	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:13.028141022 CEST	443	59925	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:13.044434071 CEST	59925	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:13.044487953 CEST	443	59925	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:13.045631886 CEST	59925	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:13.045653105 CEST	443	59925	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:13.049010992 CEST	443	59926	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:13.049707890 CEST	59926	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:13.049735069 CEST	443	59926	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:13.050563097 CEST	59926	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:13.050569057 CEST	443	59926	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:13.099611044 CEST	443	59922	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:13.099852085 CEST	443	59922	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:13.099905968 CEST	59922	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:13.107189894 CEST	443	59923	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:13.107265949 CEST	443	59923	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:13.107336998 CEST	59923	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:13.124075890 CEST	59922	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:13.124120951 CEST	443	59922	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:13.124139071 CEST	59922	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:13.124147892 CEST	443	59922	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:13.126072884 CEST	59923	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:13.126072884 CEST	59923	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:13.126092911 CEST	443	59923	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:13.126102924 CEST	443	59923	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:13.127695084 CEST	443	59924	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:13.127922058 CEST	443	59924	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:13.127968073 CEST	59924	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:13.132894039 CEST	59924	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:13.132906914 CEST	443	59924	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:13.132920027 CEST	59924	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:13.132925987 CEST	443	59924	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:13.140420914 CEST	59927	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:13.140467882 CEST	443	59927	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:13.140532017 CEST	59927	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:13.142510891 CEST	59928	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:13.142544985 CEST	443	59928	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:13.142601013 CEST	59928	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:13.143507004 CEST	59929	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:13.143558025 CEST	443	59929	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:13.143626928 CEST	59929	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:13.144521952 CEST	59927	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:13.144552946 CEST	443	59927	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:13.144618034 CEST	59928	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:13.144635916 CEST	443	59928	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:13.144893885 CEST	59929	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:13.144912004 CEST	443	59929	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:13.174726009 CEST	443	59925	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:13.175442934 CEST	443	59925	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:13.175507069 CEST	59925	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:13.187915087 CEST	59925	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:13.187915087 CEST	59925	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:13.187951088 CEST	443	59925	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:13.187962055 CEST	443	59925	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:13.193408012 CEST	443	59926	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:13.193860054 CEST	443	59926	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:13.193911076 CEST	59926	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:13.198065042 CEST	59926	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:13.198076010 CEST	443	59926	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:13.198156118 CEST	59926	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:13.198160887 CEST	443	59926	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:13.203142881 CEST	59930	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:13.203181982 CEST	443	59930	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:13.203270912 CEST	59930	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:13.205688000 CEST	59931	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:13.205723047 CEST	443	59931	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:13.205792904 CEST	59931	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:13.206104994 CEST	59930	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:13.206125021 CEST	443	59930	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:13.206306934 CEST	59931	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:13.206325054 CEST	443	59931	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:13.715331078 CEST	59897	443	192.168.2.9	142.250.185.164
Oct 24, 2024 15:08:13.715361118 CEST	443	59897	142.250.185.164	192.168.2.9
Oct 24, 2024 15:08:13.898046017 CEST	443	59927	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:13.898314953 CEST	443	59928	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:13.898509026 CEST	443	59929	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:13.900333881 CEST	59927	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:13.900365114 CEST	443	59927	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:13.900827885 CEST	59927	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:13.900834084 CEST	443	59927	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:13.901256084 CEST	59928	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:13.901277065 CEST	443	59928	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:13.901772022 CEST	59928	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:13.901777029 CEST	443	59928	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:13.902657032 CEST	59929	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:13.902657032 CEST	59929	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:13.902678967 CEST	443	59929	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:13.902698040 CEST	443	59929	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:13.937813044 CEST	443	59931	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:13.938060999 CEST	443	59930	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:13.938507080 CEST	59930	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:13.938515902 CEST	59931	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:13.938529015 CEST	443	59930	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:13.938539028 CEST	443	59931	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:13.939017057 CEST	59931	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:13.939026117 CEST	443	59931	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:13.939407110 CEST	59930	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:13.939414978 CEST	443	59930	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.029161930 CEST	443	59927	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.029330015 CEST	443	59927	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.029380083 CEST	59927	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.029622078 CEST	59927	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.029642105 CEST	443	59927	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.029663086 CEST	59927	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.029669046 CEST	443	59927	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.030541897 CEST	443	59928	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.031327009 CEST	443	59928	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.031402111 CEST	59928	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.031637907 CEST	59928	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.031653881 CEST	443	59928	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.031666040 CEST	59928	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.031672001 CEST	443	59928	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.032392979 CEST	443	59929	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.032686949 CEST	443	59929	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.032854080 CEST	59929	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.032854080 CEST	59929	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.032937050 CEST	59929	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.032953024 CEST	443	59929	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.033593893 CEST	59932	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.033632994 CEST	443	59932	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.033817053 CEST	59932	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.033937931 CEST	59932	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.033951044 CEST	443	59932	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.035173893 CEST	59933	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.035219908 CEST	443	59933	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.035334110 CEST	59933	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.035410881 CEST	59933	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.035425901 CEST	443	59933	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.035837889 CEST	59934	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.035856962 CEST	443	59934	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.035943985 CEST	59934	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.036230087 CEST	59934	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.036242962 CEST	443	59934	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.067595959 CEST	443	59931	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.067821026 CEST	443	59931	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.068109035 CEST	59931	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.068109035 CEST	59931	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.068344116 CEST	59931	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.068371058 CEST	443	59931	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.068600893 CEST	443	59930	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.069247961 CEST	443	59930	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.069325924 CEST	59930	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.069742918 CEST	59930	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.069761038 CEST	443	59930	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.069771051 CEST	59930	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.069777012 CEST	443	59930	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.072607040 CEST	59935	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.072650909 CEST	443	59935	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.072794914 CEST	59935	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.075193882 CEST	59935	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.075206995 CEST	443	59935	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.076105118 CEST	59936	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.076141119 CEST	443	59936	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.076224089 CEST	59936	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.076365948 CEST	59936	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.076375961 CEST	443	59936	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.763916016 CEST	443	59932	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.764740944 CEST	59932	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.764758110 CEST	443	59932	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.765502930 CEST	59932	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.765506983 CEST	443	59932	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.778363943 CEST	443	59933	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.778388977 CEST	443	59934	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.779043913 CEST	59933	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.779072046 CEST	443	59933	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.779933929 CEST	59933	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.779939890 CEST	443	59933	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.780750990 CEST	59934	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.780775070 CEST	443	59934	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.784578085 CEST	59934	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.784586906 CEST	443	59934	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.808387995 CEST	443	59936	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.808393955 CEST	443	59935	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.809161901 CEST	59935	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.809185982 CEST	443	59935	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.809263945 CEST	59936	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.809295893 CEST	443	59936	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.809501886 CEST	59935	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.809506893 CEST	443	59935	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.809824944 CEST	59936	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.809834003 CEST	443	59936	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.895132065 CEST	443	59932	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.895203114 CEST	443	59932	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.895322084 CEST	59932	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.896023989 CEST	59932	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.896023989 CEST	59932	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.896044970 CEST	443	59932	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.896054029 CEST	443	59932	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.902734995 CEST	59937	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.902777910 CEST	443	59937	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.902847052 CEST	59937	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.903059006 CEST	59937	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.903070927 CEST	443	59937	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.911057949 CEST	443	59934	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.911284924 CEST	443	59934	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.911335945 CEST	59934	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.911693096 CEST	59934	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.911693096 CEST	59934	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.911700964 CEST	443	59934	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.911710024 CEST	443	59934	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.913707018 CEST	443	59933	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.913764954 CEST	443	59933	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.913930893 CEST	59933	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.914207935 CEST	59933	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.914228916 CEST	443	59933	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.914331913 CEST	59933	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.914340019 CEST	443	59933	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.918227911 CEST	59938	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.918279886 CEST	443	59938	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.918356895 CEST	59938	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.918495893 CEST	59938	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.918510914 CEST	443	59938	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.919204950 CEST	59939	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.919226885 CEST	443	59939	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.919368982 CEST	59939	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.919512987 CEST	59939	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.919522047 CEST	443	59939	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.939198017 CEST	443	59936	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.939457893 CEST	443	59936	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.939557076 CEST	59936	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.939606905 CEST	59936	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.939621925 CEST	443	59936	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.939656019 CEST	59936	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.939662933 CEST	443	59936	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.942364931 CEST	443	59935	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.942523956 CEST	443	59935	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.942771912 CEST	59935	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.942771912 CEST	59935	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.942832947 CEST	59935	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.942843914 CEST	443	59935	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.943001032 CEST	59940	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.943032026 CEST	443	59940	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.943118095 CEST	59940	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.943273067 CEST	59940	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.943288088 CEST	443	59940	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.945429087 CEST	59941	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.945476055 CEST	443	59941	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:14.945628881 CEST	59941	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.947043896 CEST	59941	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:14.947056055 CEST	443	59941	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:15.634736061 CEST	443	59937	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:15.635579109 CEST	59937	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:15.635606050 CEST	443	59937	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:15.636109114 CEST	59937	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:15.636115074 CEST	443	59937	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:15.661926985 CEST	443	59938	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:15.662628889 CEST	59938	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:15.662656069 CEST	443	59938	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:15.663557053 CEST	59938	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:15.663566113 CEST	443	59938	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:15.673605919 CEST	443	59940	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:15.674294949 CEST	59940	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:15.674319029 CEST	443	59940	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:15.674958944 CEST	59940	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:15.674964905 CEST	443	59940	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:15.677331924 CEST	443	59941	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:15.677808046 CEST	59941	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:15.677845955 CEST	443	59941	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:15.678262949 CEST	59941	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:15.678272963 CEST	443	59941	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:15.699632883 CEST	443	59939	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:15.700831890 CEST	59939	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:15.700831890 CEST	59939	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:15.700851917 CEST	443	59939	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:15.700864077 CEST	443	59939	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:15.771054983 CEST	443	59937	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:15.771132946 CEST	443	59937	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:15.771217108 CEST	59937	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:15.771471977 CEST	59937	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:15.771471977 CEST	59937	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:15.771491051 CEST	443	59937	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:15.771501064 CEST	443	59937	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:15.776016951 CEST	59942	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:15.776057005 CEST	443	59942	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:15.776123047 CEST	59942	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:15.776315928 CEST	59942	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:15.776329994 CEST	443	59942	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:15.801830053 CEST	443	59940	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:15.802059889 CEST	443	59940	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:15.802124977 CEST	59940	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:15.802211046 CEST	59940	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:15.802222967 CEST	443	59940	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:15.802237988 CEST	59940	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:15.802244902 CEST	443	59940	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:15.804327011 CEST	443	59938	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:15.804550886 CEST	443	59938	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:15.804594994 CEST	59938	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:15.806278944 CEST	59938	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:15.806299925 CEST	443	59938	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:15.806313992 CEST	59938	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:15.806319952 CEST	443	59938	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:15.806961060 CEST	59943	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:15.807001114 CEST	443	59943	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:15.807096004 CEST	59943	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:15.807363033 CEST	59943	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:15.807373047 CEST	443	59943	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:15.808624029 CEST	59944	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:15.808659077 CEST	443	59944	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:15.808762074 CEST	59944	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:15.808881998 CEST	59944	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:15.808896065 CEST	443	59944	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:15.809453011 CEST	443	59941	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:15.809536934 CEST	443	59941	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:15.809643984 CEST	59941	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:15.809669971 CEST	59941	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:15.809678078 CEST	443	59941	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:15.809690952 CEST	59941	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:15.809695005 CEST	443	59941	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:15.811904907 CEST	59945	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:15.811934948 CEST	443	59945	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:15.812184095 CEST	59945	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:15.812330008 CEST	59945	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:15.812340021 CEST	443	59945	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:15.938586950 CEST	443	59939	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:15.938736916 CEST	443	59939	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:15.938860893 CEST	59939	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:15.939054966 CEST	59939	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:15.939070940 CEST	443	59939	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:15.939089060 CEST	59939	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:15.939099073 CEST	443	59939	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:15.942822933 CEST	59946	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:15.942853928 CEST	443	59946	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:15.942931890 CEST	59946	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:15.943140984 CEST	59946	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:15.943150997 CEST	443	59946	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:16.519958019 CEST	443	59942	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:16.520555019 CEST	59942	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:16.520591974 CEST	443	59942	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:16.521158934 CEST	59942	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:16.521171093 CEST	443	59942	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:16.530762911 CEST	443	59943	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:16.531286001 CEST	59943	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:16.531326056 CEST	443	59943	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:16.531810045 CEST	59943	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:16.531817913 CEST	443	59943	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:16.552460909 CEST	443	59945	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:16.555692911 CEST	59945	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:16.555721998 CEST	443	59945	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:16.555840969 CEST	443	59944	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:16.556416988 CEST	59945	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:16.556423903 CEST	443	59945	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:16.556751966 CEST	59944	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:16.556765079 CEST	443	59944	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:16.557192087 CEST	59944	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:16.557195902 CEST	443	59944	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:16.656256914 CEST	443	59942	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:16.656327009 CEST	443	59942	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:16.656404018 CEST	59942	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:16.656878948 CEST	59942	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:16.656914949 CEST	443	59942	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:16.656927109 CEST	59942	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:16.656934977 CEST	443	59942	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:16.660644054 CEST	59947	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:16.660676003 CEST	443	59947	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:16.660788059 CEST	59947	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:16.660991907 CEST	59947	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:16.661001921 CEST	443	59947	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:16.661209106 CEST	443	59943	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:16.661272049 CEST	443	59943	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:16.661453962 CEST	59943	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:16.661494970 CEST	59943	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:16.661494970 CEST	59943	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:16.661514044 CEST	443	59943	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:16.661524057 CEST	443	59943	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:16.664316893 CEST	59948	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:16.664346933 CEST	443	59948	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:16.664496899 CEST	59948	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:16.664671898 CEST	59948	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:16.664679050 CEST	443	59948	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:16.667960882 CEST	443	59946	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:16.668586969 CEST	59946	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:16.668606997 CEST	443	59946	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:16.669084072 CEST	59946	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:16.669090033 CEST	443	59946	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:16.683598042 CEST	443	59945	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:16.683650970 CEST	443	59945	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:16.683806896 CEST	59945	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:16.684052944 CEST	59945	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:16.684067965 CEST	443	59945	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:16.687557936 CEST	443	59944	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:16.687618971 CEST	443	59944	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:16.687860012 CEST	59944	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:16.688309908 CEST	59944	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:16.688324928 CEST	443	59944	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:16.688334942 CEST	59944	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:16.688339949 CEST	443	59944	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:16.690104008 CEST	59949	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:16.690152884 CEST	443	59949	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:16.690213919 CEST	59949	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:16.691065073 CEST	59949	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:16.691080093 CEST	443	59949	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:16.691961050 CEST	59950	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:16.691982031 CEST	443	59950	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:16.692353964 CEST	59950	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:16.692498922 CEST	59950	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:16.692511082 CEST	443	59950	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:16.796808958 CEST	443	59946	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:16.796895027 CEST	443	59946	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:16.797022104 CEST	59946	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:16.797250986 CEST	59946	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:16.797267914 CEST	443	59946	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:16.797283888 CEST	59946	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:16.797291040 CEST	443	59946	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:16.801134109 CEST	59951	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:16.801175117 CEST	443	59951	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:16.801541090 CEST	59951	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:16.801695108 CEST	59951	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:16.801703930 CEST	443	59951	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:17.399820089 CEST	443	59947	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:17.400677919 CEST	59947	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:17.400723934 CEST	443	59947	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:17.401135921 CEST	59947	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:17.401148081 CEST	443	59947	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:17.422641039 CEST	443	59949	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:17.423278093 CEST	59949	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:17.423300028 CEST	443	59949	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:17.423832893 CEST	59949	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:17.423839092 CEST	443	59949	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:17.431379080 CEST	443	59948	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:17.431907892 CEST	59948	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:17.431925058 CEST	443	59948	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:17.432455063 CEST	59948	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:17.432466030 CEST	443	59948	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:17.438546896 CEST	443	59950	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:17.439070940 CEST	59950	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:17.439102888 CEST	443	59950	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:17.439780951 CEST	59950	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:17.439788103 CEST	443	59950	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:17.534173012 CEST	443	59947	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:17.534868956 CEST	443	59947	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:17.534995079 CEST	443	59951	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:17.534997940 CEST	59947	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:17.534997940 CEST	59947	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:17.534997940 CEST	59947	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:17.535677910 CEST	59951	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:17.535707951 CEST	443	59951	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:17.536937952 CEST	59951	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:17.536952019 CEST	443	59951	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:17.539161921 CEST	59952	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:17.539194107 CEST	443	59952	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:17.539464951 CEST	59952	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:17.540097952 CEST	59952	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:17.540110111 CEST	443	59952	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:17.555341005 CEST	443	59949	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:17.555670023 CEST	443	59949	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:17.555762053 CEST	59949	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:17.556091070 CEST	59949	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:17.556091070 CEST	59949	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:17.556116104 CEST	443	59949	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:17.556124926 CEST	443	59949	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:17.559756041 CEST	59953	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:17.559793949 CEST	443	59953	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:17.560005903 CEST	59953	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:17.560197115 CEST	59953	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:17.560209036 CEST	443	59953	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:17.564515114 CEST	443	59948	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:17.564579964 CEST	443	59948	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:17.564716101 CEST	59948	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:17.564740896 CEST	59948	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:17.564754009 CEST	443	59948	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:17.564764023 CEST	59948	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:17.564769983 CEST	443	59948	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:17.567913055 CEST	59954	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:17.567938089 CEST	443	59954	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:17.567994118 CEST	59954	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:17.568236113 CEST	59954	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:17.568244934 CEST	443	59954	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:17.574493885 CEST	443	59950	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:17.574876070 CEST	443	59950	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:17.574956894 CEST	59950	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:17.574990988 CEST	59950	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:17.574990988 CEST	59950	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:17.575004101 CEST	443	59950	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:17.575015068 CEST	443	59950	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:17.577646971 CEST	59955	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:17.577667952 CEST	443	59955	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:17.577773094 CEST	59955	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:17.577920914 CEST	59955	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:17.577934027 CEST	443	59955	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:17.665581942 CEST	443	59951	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:17.665652990 CEST	443	59951	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:17.665971994 CEST	59951	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:17.666163921 CEST	59951	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:17.666179895 CEST	443	59951	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:17.669735909 CEST	59956	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:17.669764042 CEST	443	59956	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:17.670031071 CEST	59956	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:17.670192957 CEST	59956	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:17.670201063 CEST	443	59956	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:17.835685015 CEST	59947	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:17.835707903 CEST	443	59947	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:18.279445887 CEST	443	59952	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:18.280100107 CEST	59952	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:18.280134916 CEST	443	59952	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:18.280618906 CEST	59952	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:18.280625105 CEST	443	59952	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:18.291266918 CEST	443	59953	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:18.291732073 CEST	59953	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:18.291754961 CEST	443	59953	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:18.292196035 CEST	59953	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:18.292201042 CEST	443	59953	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:18.319973946 CEST	443	59955	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:18.321238995 CEST	59955	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:18.321258068 CEST	443	59955	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:18.321753025 CEST	59955	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:18.321757078 CEST	443	59955	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:18.329539061 CEST	443	59954	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:18.329998970 CEST	59954	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:18.330025911 CEST	443	59954	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:18.330457926 CEST	59954	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:18.330463886 CEST	443	59954	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:18.398150921 CEST	443	59956	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:18.399441004 CEST	59956	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:18.399460077 CEST	443	59956	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:18.400103092 CEST	59956	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:18.400109053 CEST	443	59956	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:18.411187887 CEST	443	59952	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:18.411257982 CEST	443	59952	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:18.411303043 CEST	59952	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:18.411766052 CEST	59952	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:18.411791086 CEST	443	59952	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:18.411803007 CEST	59952	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:18.411809921 CEST	443	59952	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:18.416299105 CEST	59957	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:18.416346073 CEST	443	59957	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:18.416465998 CEST	59957	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:18.416663885 CEST	59957	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:18.416678905 CEST	443	59957	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:18.421466112 CEST	443	59953	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:18.421716928 CEST	443	59953	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:18.421765089 CEST	59953	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:18.421849012 CEST	59953	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:18.421860933 CEST	443	59953	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:18.421870947 CEST	59953	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:18.421878099 CEST	443	59953	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:18.426414967 CEST	59958	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:18.426459074 CEST	443	59958	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:18.426575899 CEST	59958	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:18.426800966 CEST	59958	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:18.426815033 CEST	443	59958	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:18.451463938 CEST	443	59955	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:18.451519966 CEST	443	59955	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:18.451824903 CEST	59955	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:18.451869011 CEST	59955	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:18.451883078 CEST	443	59955	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:18.451905012 CEST	59955	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:18.451911926 CEST	443	59955	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:18.456052065 CEST	59959	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:18.456085920 CEST	443	59959	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:18.456170082 CEST	59959	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:18.456363916 CEST	59959	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:18.456378937 CEST	443	59959	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:18.461333990 CEST	443	59954	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:18.461755037 CEST	443	59954	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:18.461868048 CEST	59954	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:18.461904049 CEST	59954	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:18.461921930 CEST	443	59954	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:18.465867043 CEST	59960	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:18.465897083 CEST	443	59960	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:18.466078997 CEST	59960	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:18.466336966 CEST	59960	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:18.466346025 CEST	443	59960	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:18.537767887 CEST	443	59956	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:18.537866116 CEST	443	59956	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:18.538404942 CEST	59956	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:18.539330959 CEST	59956	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:18.539330959 CEST	59956	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:18.539350033 CEST	443	59956	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:18.539378881 CEST	443	59956	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:18.543215036 CEST	59961	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:18.543252945 CEST	443	59961	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:18.543427944 CEST	59961	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:18.543577909 CEST	59961	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:18.543591976 CEST	443	59961	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:19.161590099 CEST	443	59958	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:19.162282944 CEST	59958	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:19.162300110 CEST	443	59958	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:19.163041115 CEST	59958	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:19.163044930 CEST	443	59958	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:19.167448997 CEST	443	59957	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:19.167820930 CEST	59957	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:19.167849064 CEST	443	59957	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:19.168291092 CEST	59957	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:19.168297052 CEST	443	59957	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:19.199174881 CEST	443	59959	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:19.199651957 CEST	59959	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:19.199676037 CEST	443	59959	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:19.200460911 CEST	59959	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:19.200465918 CEST	443	59959	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:19.204896927 CEST	443	59960	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:19.213995934 CEST	59960	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:19.214025974 CEST	443	59960	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:19.214436054 CEST	59960	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:19.214445114 CEST	443	59960	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:19.270905018 CEST	443	59961	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:19.271617889 CEST	59961	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:19.271636963 CEST	443	59961	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:19.272223949 CEST	59961	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:19.272228956 CEST	443	59961	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:19.291843891 CEST	443	59958	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:19.292701006 CEST	443	59958	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:19.292773008 CEST	59958	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:19.292836905 CEST	59958	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:19.292836905 CEST	59958	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:19.292851925 CEST	443	59958	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:19.292855978 CEST	443	59958	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:19.296963930 CEST	59962	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:19.297004938 CEST	443	59962	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:19.297136068 CEST	59962	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:19.297449112 CEST	59962	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:19.297458887 CEST	443	59962	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:19.300915003 CEST	443	59957	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:19.301018953 CEST	443	59957	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:19.301074982 CEST	59957	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:19.301142931 CEST	59957	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:19.301167011 CEST	443	59957	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:19.301178932 CEST	59957	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:19.301186085 CEST	443	59957	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:19.303550959 CEST	59963	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:19.303589106 CEST	443	59963	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:19.303940058 CEST	59963	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:19.304218054 CEST	59963	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:19.304231882 CEST	443	59963	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:19.331120968 CEST	443	59959	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:19.331305027 CEST	443	59959	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:19.331383944 CEST	59959	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:19.334296942 CEST	59959	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:19.334311008 CEST	443	59959	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:19.334326029 CEST	59959	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:19.334332943 CEST	443	59959	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:19.340291977 CEST	59964	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:19.340346098 CEST	443	59960	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:19.340396881 CEST	443	59964	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:19.340450048 CEST	443	59960	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:19.340488911 CEST	59964	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:19.340532064 CEST	59960	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:19.340671062 CEST	59964	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:19.340708971 CEST	443	59964	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:19.340775013 CEST	59960	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:19.340795040 CEST	443	59960	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:19.340806007 CEST	59960	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:19.340811014 CEST	443	59960	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:19.343130112 CEST	59965	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:19.343166113 CEST	443	59965	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:19.343348980 CEST	59965	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:19.343651056 CEST	59965	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:19.343662977 CEST	443	59965	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:19.400331974 CEST	443	59961	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:19.400593996 CEST	443	59961	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:19.400660992 CEST	59961	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:19.401230097 CEST	59961	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:19.401258945 CEST	443	59961	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:19.401276112 CEST	59961	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:19.401283026 CEST	443	59961	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:19.404553890 CEST	59966	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:19.404601097 CEST	443	59966	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:19.404680014 CEST	59966	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:19.404827118 CEST	59966	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:19.404841900 CEST	443	59966	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:20.051738024 CEST	443	59963	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:20.052362919 CEST	59963	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:20.052381039 CEST	443	59963	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:20.053075075 CEST	59963	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:20.053081036 CEST	443	59963	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:20.083221912 CEST	443	59962	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:20.083822012 CEST	59962	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:20.083853006 CEST	443	59962	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:20.084348917 CEST	59962	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:20.084358931 CEST	443	59962	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:20.117616892 CEST	443	59964	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:20.118180037 CEST	59964	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:20.118221045 CEST	443	59964	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:20.118449926 CEST	443	59965	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:20.118863106 CEST	59965	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:20.118879080 CEST	443	59965	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:20.119136095 CEST	59964	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:20.119143009 CEST	443	59964	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:20.119307995 CEST	59965	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:20.119321108 CEST	443	59965	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:20.166776896 CEST	443	59966	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:20.167531967 CEST	59966	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:20.167577028 CEST	443	59966	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:20.168421984 CEST	59966	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:20.168440104 CEST	443	59966	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:20.187057018 CEST	443	59963	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:20.187254906 CEST	443	59963	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:20.187321901 CEST	59963	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:20.187604904 CEST	59963	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:20.187623024 CEST	443	59963	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:20.187632084 CEST	59963	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:20.187637091 CEST	443	59963	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:20.191049099 CEST	59967	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:20.191087961 CEST	443	59967	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:20.191262007 CEST	59967	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:20.191464901 CEST	59967	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:20.191479921 CEST	443	59967	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:20.244278908 CEST	443	59962	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:20.244925022 CEST	443	59962	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:20.244995117 CEST	59962	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:20.245309114 CEST	59962	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:20.245338917 CEST	443	59962	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:20.245352030 CEST	59962	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:20.245361090 CEST	443	59962	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:20.249542952 CEST	59968	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:20.249561071 CEST	443	59968	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:20.249666929 CEST	59968	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:20.250015020 CEST	59968	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:20.250026941 CEST	443	59968	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:20.257262945 CEST	443	59964	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:20.257384062 CEST	443	59965	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:20.257440090 CEST	443	59965	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:20.257487059 CEST	59965	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:20.257591009 CEST	443	59964	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:20.257667065 CEST	59965	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:20.257675886 CEST	443	59965	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:20.257704973 CEST	59964	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:20.257711887 CEST	59965	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:20.257716894 CEST	443	59965	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:20.257742882 CEST	59964	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:20.257762909 CEST	443	59964	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:20.257777929 CEST	59964	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:20.257782936 CEST	443	59964	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:20.261513948 CEST	59969	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:20.261553049 CEST	443	59969	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:20.261607885 CEST	59969	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:20.261626005 CEST	59970	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:20.261637926 CEST	443	59970	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:20.261704922 CEST	59970	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:20.261871099 CEST	59970	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:20.261881113 CEST	443	59970	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:20.261974096 CEST	59969	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:20.261989117 CEST	443	59969	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:20.308648109 CEST	443	59966	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:20.309133053 CEST	443	59966	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:20.309201002 CEST	59966	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:20.309274912 CEST	59966	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:20.309299946 CEST	443	59966	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:20.309310913 CEST	59966	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:20.309317112 CEST	443	59966	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:20.313060045 CEST	59971	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:20.313091040 CEST	443	59971	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:20.313167095 CEST	59971	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:20.314076900 CEST	59971	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:20.314089060 CEST	443	59971	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:21.093525887 CEST	443	59967	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:21.094118118 CEST	59967	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:21.094137907 CEST	443	59967	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:21.094727993 CEST	59967	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:21.094733000 CEST	443	59967	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:21.462810993 CEST	443	59970	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:21.463382006 CEST	443	59967	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:21.463458061 CEST	443	59967	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:21.463468075 CEST	59970	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:21.463486910 CEST	443	59970	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:21.463546038 CEST	59967	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:21.463855028 CEST	59967	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:21.463870049 CEST	443	59967	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:21.463881969 CEST	59967	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:21.463887930 CEST	443	59967	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:21.464153051 CEST	59970	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:21.464158058 CEST	443	59970	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:21.466965914 CEST	443	59969	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:21.467494965 CEST	59972	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:21.467540026 CEST	443	59972	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:21.467746973 CEST	59972	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:21.467850924 CEST	59969	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:21.467880964 CEST	59972	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:21.467886925 CEST	443	59972	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:21.467890978 CEST	443	59969	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:21.468120098 CEST	443	59968	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:21.468377113 CEST	59969	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:21.468386889 CEST	443	59969	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:21.468858957 CEST	59968	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:21.468874931 CEST	443	59968	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:21.469290972 CEST	59968	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:21.469295979 CEST	443	59968	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:21.469769001 CEST	443	59971	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:21.470138073 CEST	59971	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:21.470172882 CEST	443	59971	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:21.470742941 CEST	59971	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:21.470755100 CEST	443	59971	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:21.596674919 CEST	443	59971	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:21.596981049 CEST	443	59971	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:21.597058058 CEST	59971	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:21.597110033 CEST	59971	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:21.597110033 CEST	59971	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:21.597143888 CEST	443	59971	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:21.597158909 CEST	443	59971	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:21.597518921 CEST	443	59970	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:21.598243952 CEST	443	59970	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:21.598562002 CEST	59970	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:21.598743916 CEST	59970	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:21.598757029 CEST	443	59970	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:21.598767042 CEST	59970	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:21.598773003 CEST	443	59970	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:21.601605892 CEST	59973	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:21.601660013 CEST	443	59973	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:21.601720095 CEST	59973	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:21.601941109 CEST	59973	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:21.601954937 CEST	443	59973	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:21.601974964 CEST	59974	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:21.602010965 CEST	443	59974	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:21.602062941 CEST	59974	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:21.602183104 CEST	59974	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:21.602200985 CEST	443	59974	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:21.603655100 CEST	443	59969	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:21.603868961 CEST	443	59969	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:21.604099989 CEST	59969	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:21.604136944 CEST	59969	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:21.604144096 CEST	443	59969	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:21.604156017 CEST	59969	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:21.604161024 CEST	443	59969	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:21.607482910 CEST	59975	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:21.607513905 CEST	443	59975	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:21.607597113 CEST	59975	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:21.607851028 CEST	59975	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:21.607865095 CEST	443	59975	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:21.744025946 CEST	443	59968	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:21.744101048 CEST	443	59968	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:21.744354010 CEST	59968	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:21.744463921 CEST	59968	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:21.744463921 CEST	59968	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:21.744482040 CEST	443	59968	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:21.744494915 CEST	443	59968	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:21.748599052 CEST	59976	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:21.748641968 CEST	443	59976	13.107.246.45	192.168.2.9
Oct 24, 2024 15:08:21.748944044 CEST	59976	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:21.749353886 CEST	59976	443	192.168.2.9	13.107.246.45
Oct 24, 2024 15:08:21.749366045 CEST	443	59976	13.107.246.45	192.168.2.9

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 24, 2024 15:06:57.193260908 CEST	53	52115	1.1.1.1	192.168.2.9
Oct 24, 2024 15:06:57.290447950 CEST	53	52699	1.1.1.1	192.168.2.9
Oct 24, 2024 15:06:58.656512976 CEST	53	63651	1.1.1.1	192.168.2.9
Oct 24, 2024 15:06:59.259557009 CEST	49175	53	192.168.2.9	1.1.1.1
Oct 24, 2024 15:06:59.259704113 CEST	57421	53	192.168.2.9	1.1.1.1
Oct 24, 2024 15:06:59.269120932 CEST	53	49175	1.1.1.1	192.168.2.9
Oct 24, 2024 15:06:59.283171892 CEST	53	57421	1.1.1.1	192.168.2.9
Oct 24, 2024 15:07:00.290191889 CEST	55003	53	192.168.2.9	1.1.1.1
Oct 24, 2024 15:07:00.290349960 CEST	62020	53	192.168.2.9	1.1.1.1
Oct 24, 2024 15:07:00.297960997 CEST	53	55003	1.1.1.1	192.168.2.9
Oct 24, 2024 15:07:00.298857927 CEST	53	62020	1.1.1.1	192.168.2.9
Oct 24, 2024 15:07:01.434998989 CEST	57917	53	192.168.2.9	1.1.1.1
Oct 24, 2024 15:07:01.435062885 CEST	61249	53	192.168.2.9	1.1.1.1
Oct 24, 2024 15:07:01.443500996 CEST	53	61249	1.1.1.1	192.168.2.9
Oct 24, 2024 15:07:01.444067001 CEST	53	57917	1.1.1.1	192.168.2.9
Oct 24, 2024 15:07:15.687889099 CEST	53	54922	1.1.1.1	192.168.2.9
Oct 24, 2024 15:07:31.819196939 CEST	138	138	192.168.2.9	192.168.2.255
Oct 24, 2024 15:07:34.603410959 CEST	53	61808	1.1.1.1	192.168.2.9
Oct 24, 2024 15:07:35.499663115 CEST	53	50159	162.159.36.2	192.168.2.9
Oct 24, 2024 15:07:36.454241991 CEST	53	64535	1.1.1.1	192.168.2.9
Oct 24, 2024 15:07:56.814656973 CEST	53	62891	1.1.1.1	192.168.2.9
Oct 24, 2024 15:07:57.206697941 CEST	53	63380	1.1.1.1	192.168.2.9

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Oct 24, 2024 15:06:59.283283949 CEST	192.168.2.9	1.1.1.1	c23c	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 24, 2024 15:06:59.259557009 CEST	192.168.2.9	1.1.1.1	0x108c	Standard query (0)	email.sg.on24event.com	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:06:59.259704113 CEST	192.168.2.9	1.1.1.1	0x1ff4	Standard query (0)	email.sg.on24event.com	65	IN (0x0001)	false
Oct 24, 2024 15:07:00.290191889 CEST	192.168.2.9	1.1.1.1	0x477a	Standard query (0)	event.on24.com	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:07:00.290349960 CEST	192.168.2.9	1.1.1.1	0x9680	Standard query (0)	event.on24.com	65	IN (0x0001)	false
Oct 24, 2024 15:07:01.434998989 CEST	192.168.2.9	1.1.1.1	0x2104	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:07:01.435062885 CEST	192.168.2.9	1.1.1.1	0x9d8a	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 24, 2024 15:06:59.269120932 CEST	1.1.1.1	192.168.2.9	0x108c	No error (0)	email.sg.on24event.com	r-email.sg.on24event.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 24, 2024 15:06:59.269120932 CEST	1.1.1.1	192.168.2.9	0x108c	No error (0)	r-email.sg.on24event.com		199.83.44.68	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:06:59.283171892 CEST	1.1.1.1	192.168.2.9	0x1ff4	No error (0)	email.sg.on24event.com	r-email.sg.on24event.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 24, 2024 15:07:00.297960997 CEST	1.1.1.1	192.168.2.9	0x477a	No error (0)	event.on24.com	r-event.on24.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 24, 2024 15:07:00.297960997 CEST	1.1.1.1	192.168.2.9	0x477a	No error (0)	r-event.on24.com		199.83.44.71	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:07:00.298857927 CEST	1.1.1.1	192.168.2.9	0x9680	No error (0)	event.on24.com	r-event.on24.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 24, 2024 15:07:01.443500996 CEST	1.1.1.1	192.168.2.9	0x9d8a	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 24, 2024 15:07:01.444067001 CEST	1.1.1.1	192.168.2.9	0x2104	No error (0)	www.google.com		142.250.185.164	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:07:07.438889027 CEST	1.1.1.1	192.168.2.9	0x2e41	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:07:07.438889027 CEST	1.1.1.1	192.168.2.9	0x2e41	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:07:21.407119036 CEST	1.1.1.1	192.168.2.9	0xc6cf	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:07:21.407119036 CEST	1.1.1.1	192.168.2.9	0xc6cf	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:07:49.533175945 CEST	1.1.1.1	192.168.2.9	0xea41	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:07:49.533175945 CEST	1.1.1.1	192.168.2.9	0xea41	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:08:07.338054895 CEST	1.1.1.1	192.168.2.9	0x7774	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	s-part-0017.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 24, 2024 15:08:07.338054895 CEST	1.1.1.1	192.168.2.9	0x7774	No error (0)	s-part-0017.t-0009.t-msedge.net		13.107.246.45	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

email.sg.on24event.com

event.on24.com

https:

www.bing.com

slscr.update.microsoft.com

otelrules.azureedge.net

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.9	49714	199.83.44.68	443	5620	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:07:00 UTC	1320	OUT	GET /ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiHjX8DoCw-2F6wUeQ27RvG2-2F-2FyOCUgAe-2BapJJCrwiDoubXwxmIHQZ2do2nzugRpbj8sUIyYzpDanWvq7P7z1EpKTPjZaQ17RfT2I6bffLl1cUmW6IXY8sBm4hS0cPKlWgRuxqGjwy0qdMIj2uo7RKLVPTc5m88FmikypbWSgrztyTuYtBQPwWw3ebheZakxyc7FFr5S44Hw9rLCjHUvOPofo9kbFG_yCuTUfPY6UB7yZ5VxhRUVVgisgV7CtFVrxjgs1Dx8NjmnyzpnSVIv-2F-2B-2B7j2fu-2FYCagNFZJHRH19RPwY10f0pPoVHgwnfCVfMYlFqMrHnUU6GAuAouzjqh20ONbYN2VfftLDjoqAJGBN2kft-2Bv04fAoIy3MzG3kdrru9Yvxu0ygDfWuzlgjcvrxqBlkV4BY2mkCzwA5jBN5rjxz-2F-2BsyMnQfHWkNxjMIZv6IBWkL8j0xWgvEID-2F-2FdgkC79m6T4CLF4Ru4slCqOKEuK45ntF4FGnfu-2BxNk2Yj1VxgsHmsl4jo7NJJbvAyMZAVVI0boEhoqSUrvJbAEVFWFdB3lpZlsfcw-3D-3D HTTP/1.1 Host: email.sg.on24event.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-24 13:07:00 UTC	367	IN	HTTP/1.1 302 Found Server: nginx Date: Thu, 24 Oct 2024 13:07:00 GMT Content-Type: text/html; charset=utf-8 Content-Length: 191 Connection: close Location: https://event.on24.com/eventRegistration/EventCalendarServlet.ics?token=kFTT50zSJ17t2P9m38%2FN8wKm3IwiB%2BqqrDFA4nWK4U3U0lAzoOb6Jrby7waexx8G668BXath15Qd32XtlryYow%3D%3D X-Robots-Tag: noindex, nofollow
2024-10-24 13:07:00 UTC	191	IN	Data Raw: 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 65 76 65 6e 74 2e 6f 6e 32 34 2e 63 6f 6d 2f 65 76 65 6e 74 52 65 67 69 73 74 72 61 74 69 6f 6e 2f 45 76 65 6e 74 43 61 6c 65 6e 64 61 72 53 65 72 76 6c 65 74 2e 69 63 73 3f 74 6f 6b 65 6e 3d 6b 46 54 54 35 30 7a 53 4a 31 37 74 32 50 39 6d 33 38 25 32 46 4e 38 77 4b 6d 33 49 77 69 42 25 32 42 71 71 72 44 46 41 34 6e 57 4b 34 55 33 55 30 6c 41 7a 6f 4f 62 36 4a 72 62 79 37 77 61 65 78 78 38 47 36 36 38 42 58 61 74 68 31 35 51 64 33 32 58 74 6c 72 79 59 6f 77 25 33 44 25 33 44 22 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a Data Ascii: <a href="https://event.on24.com/eventRegistration/EventCalendarServlet.ics?token=kFTT50zSJ17t2P9m38%2FN8wKm3IwiB%2BqqrDFA4nWK4U3U0lAzoOb6Jrby7waexx8G668BXath15Qd32XtlryYow%3D%3D">Found</a>.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.9	49716	199.83.44.71	443	5620	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:07:00 UTC	802	OUT	GET /eventRegistration/EventCalendarServlet.ics?token=kFTT50zSJ17t2P9m38%2FN8wKm3IwiB%2BqqrDFA4nWK4U3U0lAzoOb6Jrby7waexx8G668BXath15Qd32XtlryYow%3D%3D HTTP/1.1 Host: event.on24.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-24 13:07:01 UTC	772	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:07:01 GMT Content-Length: 1105 Content-Type: text/calendar; charset=utf-8 X-ORACLE-DMS-ECID: a9854498-688c-49a0-9e66-c71286dffc9d-0015e820 X-ORACLE-DMS-RID: 0 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN Content-Security-Policy: frame-ancestors *.on24.com Set-Cookie: ON24_Pool=cons5_prd_wl_LNX; Path=/; Secure; Httponly; SameSite=None Set-Cookie: TS0af49cbe027=082972b052ab2000ef9004ebdf88511f43cb42ff0fb46d8daaaecf563e2831b1548fd8e81e13011b086e7c963d1130001672c553e337d1786f05aebf602ecbbeb88bdacebe56a6a53b541c5b12aa8bfbb23c7aeb3cb6ff8664dc2bf36c735ebd; Path=/; SameSite=None; Secure
2024-10-24 13:07:01 UTC	1105	IN	Data Raw: 42 45 47 49 4e 3a 56 43 41 4c 45 4e 44 41 52 0a 50 52 4f 44 49 44 3a 2d 2f 2f 4f 4e 32 34 20 43 6f 72 70 6f 72 61 74 69 6f 6e 2f 2f 4f 4e 32 34 20 43 6f 72 70 6f 72 61 74 69 6f 6e 2f 2f 45 4e 0a 56 45 52 53 49 4f 4e 3a 32 2e 30 0a 4d 45 54 48 4f 44 3a 50 55 42 4c 49 53 48 0a 42 45 47 49 4e 3a 56 45 56 45 4e 54 0a 44 54 53 54 41 52 54 3a 32 30 32 34 31 31 30 37 54 31 38 30 30 30 30 5a 0a 44 54 45 4e 44 3a 32 30 32 34 31 31 30 37 54 31 39 30 30 30 30 5a 0a 4c 4f 43 41 54 49 4f 4e 3a 4f 70 74 75 6d 20 57 65 62 69 6e 61 72 20 0a 54 52 41 4e 53 50 3a 4f 50 41 51 55 45 0a 55 49 44 3a 33 39 30 36 30 31 37 37 34 32 30 32 34 31 30 32 34 54 31 33 30 37 30 30 5a 0a 44 54 53 54 41 4d 50 3a 32 30 32 34 31 30 32 34 54 31 33 30 37 30 31 5a 0a 53 55 4d 4d 41 52 59 3a 4f Data Ascii: BEGIN:VCALENDARPRODID:-//ON24 Corporation//ON24 Corporation//ENVERSION:2.0METHOD:PUBLISHBEGIN:VEVENTDTSTART:20241107T180000ZDTEND:20241107T190000ZLOCATION:Optum Webinar TRANSP:OPAQUEUID:39060177420241024T130700ZDTSTAMP:20241024T130701ZSUMMARY:O

Session ID	Source IP	Source Port	Destination IP	Destination Port
2	192.168.2.9	49720	23.206.229.209	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:07:07 UTC	2175	OUT	POST /threshold/xls.aspx HTTP/1.1 Origin: https://www.bing.com Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept: / Accept-Language: en-CH Content-type: text/xml X-Agent-DeviceId: 01000A4109008071 X-BM-CBT: 1696497265 X-BM-DateFormat: dd/MM/yyyy X-BM-DeviceDimensions: 784x984 X-BM-DeviceDimensionsLogical: 784x984 X-BM-DeviceScale: 100 X-BM-DTZ: 60 X-BM-Market: CH X-BM-Theme: 000000;0078d7 X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E X-Device-ClientSession: 3967AB70E8E74431908B580AED7E67B3 X-Device-isOptin: false X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A} X-Device-OSSKU: 48 X-Device-Touch: false X-DeviceID: 01000A4109008071 X-MSEdge-ExternalExp: bfbwsbghf928t,bfbwsbrs0830tf,d-thshldspcl40,fliptrac6,optfsc,spofglclickserpf2,wsbqfasmsall_t,wsbqfminiserp600,wsbref-c X-MSEdge-ExternalExpType: JointCoord X-PositionerType: Desktop X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI X-Search-CortanaAvailableCapabilities: None X-Search-SafeSearch: Moderate X-Search-TimeZone: Bias=0; DaylightBias=-60; TimeZoneKeyName=GMT Standard Time X-UserAgeClass: Unknown Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: www.bing.com Content-Length: 516 Connection: Keep-Alive Cache-Control: no-cache Cookie: SRCHUID=V=2&GUID=507B984BF29F418EA13B8912FCE289B0&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231005; SRCHHPGUSR=SRCHLANG=en&LUT=1696497029183&IPMH=5c67ba25&IPMID=1696497265539&HV=1696497179; MUID=531305E83CE64DE088676FE94B9682C4; _SS=SID=3314E043C3866D730FEDF3E2C2436C30&CPID=1696497266478&AC=1&CPH=c11e7441; _EDGE_S=SID=3314E043C3866D730FEDF3E2C2436C30; MUIDB=531305E83CE64DE088676FE94B9682C4
2024-10-24 13:07:07 UTC	1	OUT	Data Raw: 3c Data Ascii: <
2024-10-24 13:07:07 UTC	515	OUT	Data Raw: 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 35 33 31 33 30 35 45 38 33 43 45 36 34 44 45 30 38 38 36 37 36 46 45 39 34 42 39 36 38 32 43 34 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 38 32 39 46 43 45 45 38 38 41 35 32 34 46 34 31 39 34 33 46 33 33 35 42 38 33 32 44 31 41 34 37 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 54 22 3a 22 43 49 2e 42 6f 78 4d 6f 64 65 6c 22 2c 22 46 49 44 22 3a 22 43 49 Data Ascii: ClientInstRequest><CID>531305E83CE64DE088676FE94B9682C4</CID><Events><E><T>Event.ClientInst</T><IG>829FCEE88A524F41943F335B832D1A47</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","T":"CI.BoxModel","FID":"CI
2024-10-24 13:07:07 UTC	480	IN	HTTP/1.1 204 No Content Access-Control-Allow-Origin: * Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: A0B6865CC8C84C75902C350BE39F4AE7 Ref B: LAX311000113023 Ref C: 2024-10-24T13:07:07Z Date: Thu, 24 Oct 2024 13:07:07 GMT Connection: close Alt-Svc: h3=":443"; ma=93600 X-CDN-TraceID: 0.dcd7ce17.1729775227.6dceda34

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.9	49719	4.245.163.56	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:07:08 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=CPtZpdrxCupbKwW&MD=Rc5Ru4Zk HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-24 13:07:08 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 6ac89ffc-4fbd-4902-ad72-c0ed98d91a5c MS-RequestId: 6dff59e8-da2c-45b4-992b-5c4b5fc99a24 MS-CV: jLn2UqSPdUCYt2jV.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 24 Oct 2024 13:07:07 GMT Connection: close Content-Length: 24490
2024-10-24 13:07:08 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-10-24 13:07:08 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.9	59895	4.245.163.56	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:07:37 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=CPtZpdrxCupbKwW&MD=Rc5Ru4Zk HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-24 13:07:38 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: 8a99c0c2-7a0e-420c-b6d9-47630ccffd7b MS-RequestId: 38608bcc-ec06-49cd-b840-43b62786cec0 MS-CV: iLEbv41O5Eeu+1qt.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 24 Oct 2024 13:07:37 GMT Connection: close Content-Length: 30005
2024-10-24 13:07:38 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-10-24 13:07:38 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.9	59898	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:08 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:08 UTC	561	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:08 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public Last-Modified: Wed, 23 Oct 2024 06:30:03 GMT ETag: "0x8DCF32C20D7262E" x-ms-request-id: 39f98116-901e-0015-0fb5-25b284000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130808Z-16849878b78dsttbr1qw36rxs800000007w0000000000ed9 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:08 UTC	15823	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-10-24 13:08:08 UTC	16384	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 Data Ascii: <S T="1" F="0" /> </L> <R> <V V="400" T="I32" /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L>
2024-10-24 13:08:08 UTC	16384	IN	Data Raw: 3c 53 20 54 3d 22 33 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 20 20 3c 53 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 53 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 38 32 30 76 33 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d Data Ascii: <S T="3" /> </T> <ST> <S T="1" /> </ST></R><$!#>10820v3+<?xml version="1.0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-
2024-10-24 13:08:08 UTC	16384	IN	Data Raw: 6e 74 73 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 36 34 22 20 49 3d 22 38 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 45 76 65 6e 74 73 5f 41 76 67 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 41 76 65 72 61 67 65 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a Data Ascii: nts" /> </C> <C T="U64" I="8" O="false" N="Events_Avg"> <S T="2" F="Average" /> </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" />
2024-10-24 13:08:08 UTC	16384	IN	Data Raw: 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 Data Ascii: </S> <C T="U32" I="0" O="false" N="Count_CreateCard_ValidPersona_False"> <C> <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32"
2024-10-24 13:08:08 UTC	16384	IN	Data Raw: 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 39 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 Data Ascii: _Count"> <C> <S T="31" /> </C> </C> <C T="U32" I="19" O="false" N="Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S
2024-10-24 13:08:08 UTC	16384	IN	Data Raw: 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 Data Ascii: <L> <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3"
2024-10-24 13:08:08 UTC	16384	IN	Data Raw: 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 Data Ascii: </L> <R> <V V="0" T="I32" /> </R> </O> </F> </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false
2024-10-24 13:08:08 UTC	16384	IN	Data Raw: 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 Data Ascii: T="B" /> </R> </O> </F> <F T="6"> <O T="AND"> <L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" />
2024-10-24 13:08:08 UTC	16384	IN	Data Raw: 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 Data Ascii: O> </F> <F T="6"> <O T="EQ"> <L> <S T="2" F="HttpStatus" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.9	59901	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:09 UTC	192	OUT	GET /rules/rule224902v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:09 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:09 GMT Content-Type: text/xml Content-Length: 450 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT ETag: "0x8DC582BD4C869AE" x-ms-request-id: 084b2ff6-801e-0067-68fd-24fe30000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130809Z-r197bdfb6b466qclztvgs64z1000000000f0000000002wrc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-24 13:08:09 UTC	450	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.9	59902	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:09 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:09 UTC	584	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:09 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: 331d1c77-401e-0029-354e-229b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130809Z-16849878b78k46f8kzwxznephs00000007k000000000ebtp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-24 13:08:09 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.9	59905	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:09 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:09 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:09 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: 712ec88a-d01e-0065-26f2-24b77a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130809Z-r197bdfb6b4lkrtc7na2dkay28000000033g00000000adxt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:09 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.9	59904	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:09 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:09 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:09 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: e173b85d-401e-0035-56f2-2482d8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130809Z-15b8d89586frzkk2umu6w8qnt80000000e700000000094p6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:09 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.9	59903	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:09 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:09 UTC	584	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:09 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 1a9c8bfd-301e-0000-1fee-25eecc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130809Z-16849878b787psctgubawhx7k800000007e000000000mp6r x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-24 13:08:09 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.9	59906	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:10 UTC	192	OUT	GET /rules/rule120610v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:10 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:10 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT ETag: "0x8DC582B9964B277" x-ms-request-id: 734838af-101e-0065-4be5-214088000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130810Z-16849878b7862vlcc7m66axrs000000007w00000000006nm x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:10 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.9	59907	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:10 UTC	192	OUT	GET /rules/rule120611v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:10 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:10 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT ETag: "0x8DC582B9F6F3512" x-ms-request-id: e1deb6d3-201e-006e-700b-22bbe3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130810Z-16849878b786vsxz21496wc2qn00000007wg000000005t38 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:10 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.9	59910	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:10 UTC	192	OUT	GET /rules/rule120614v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:10 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:10 GMT Content-Type: text/xml Content-Length: 467 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6C038BC" x-ms-request-id: f5652952-501e-00a3-1ef2-24c0f2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130810Z-r197bdfb6b4r9fwfbdwymmgex800000001h0000000004nvv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-24 13:08:10 UTC	467	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.9	59908	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:10 UTC	192	OUT	GET /rules/rule120612v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:10 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:10 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT ETag: "0x8DC582BB10C598B" x-ms-request-id: e5972945-801e-007b-45f3-24e7ab000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130810Z-15b8d89586fnsf5zm1ryrxu0bc000000038g000000007heu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-24 13:08:10 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.9	59909	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:10 UTC	192	OUT	GET /rules/rule120613v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:10 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:10 GMT Content-Type: text/xml Content-Length: 632 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6E3779E" x-ms-request-id: f2ab8105-101e-0065-6df4-244088000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130810Z-r197bdfb6b429k2s6br3k49qn400000004v000000000k84v x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:10 UTC	632	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]\|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.9	59912	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:11 UTC	192	OUT	GET /rules/rule120615v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:11 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:11 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBAD04B7B" x-ms-request-id: 3c9c0adf-d01e-0028-0c96-257896000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130811Z-16849878b78mhkkf6kbvry07q000000007rg000000001sax x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:11 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.9	59913	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:11 UTC	192	OUT	GET /rules/rule120616v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:11 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:11 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB344914B" x-ms-request-id: 8c2da7e0-f01e-003c-2116-258cf0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130811Z-r197bdfb6b4r9fwfbdwymmgex800000001c000000000m73h x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:11 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.9	59915	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:11 UTC	192	OUT	GET /rules/rule120618v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:11 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:11 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT ETag: "0x8DC582B9018290B" x-ms-request-id: 6ca7d158-d01e-0014-15ac-21ed58000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130811Z-16849878b78lhh9t0fb3392enw00000007m000000000chs5 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:11 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.9	59914	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:11 UTC	192	OUT	GET /rules/rule120617v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:11 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:11 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT ETag: "0x8DC582BA310DA18" x-ms-request-id: 1b2fb3ba-201e-0033-65ce-20b167000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130811Z-16849878b789m94j7902zfvfr000000007m000000000e6cw x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:11 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.9	59916	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:11 UTC	192	OUT	GET /rules/rule120619v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:11 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:11 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT ETag: "0x8DC582B9698189B" x-ms-request-id: 7c0b2bc5-f01e-00aa-35ef-248521000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130811Z-15b8d89586fbt6nf34bm5uw08n00000002ug00000000cwnp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:11 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.9	59917	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:12 UTC	192	OUT	GET /rules/rule120620v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:12 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:12 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA701121" x-ms-request-id: 89a40fd7-b01e-00ab-1aad-24dafd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130812Z-15b8d89586fhl2qtatrz3vfkf000000004tg00000000chrn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:12 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.9	59918	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:12 UTC	192	OUT	GET /rules/rule120621v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:12 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:12 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA41997E3" x-ms-request-id: 3edebaab-e01e-0033-21c8-214695000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130812Z-16849878b78k8q5pxkgux3mbgg00000007s0000000006g0f x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:12 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.9	59919	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:12 UTC	192	OUT	GET /rules/rule120622v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:12 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:12 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8CEAC16" x-ms-request-id: 4cd68789-d01e-0017-448e-21b035000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130812Z-16849878b78mhkkf6kbvry07q000000007h000000000hfgp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:12 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.9	59920	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:12 UTC	192	OUT	GET /rules/rule120623v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:12 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:12 GMT Content-Type: text/xml Content-Length: 464 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97FB6C3C" x-ms-request-id: ec40f21c-901e-0067-494d-22b5cb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130812Z-16849878b785jsrm4477mv3ezn00000007rg0000000078d5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:12 UTC	464	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.9	59921	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:12 UTC	192	OUT	GET /rules/rule120624v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:12 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:12 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB7010D66" x-ms-request-id: e7bd3bd0-f01e-003c-42e3-258cf0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130812Z-16849878b786wvrz321uz1cknn00000007p000000000hk13 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:12 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.9	59922	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:12 UTC	192	OUT	GET /rules/rule120625v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:13 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:13 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT ETag: "0x8DC582B9748630E" x-ms-request-id: ab91094f-501e-008f-72f7-219054000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130813Z-16849878b78fmrkt2ukpvh9wh400000007sg000000004gvq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:13 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.9	59923	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:12 UTC	192	OUT	GET /rules/rule120626v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:13 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:13 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DACDF62" x-ms-request-id: 2ab53e8b-001e-0066-7ef2-24561e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130813Z-r197bdfb6b4gx6v9pg74w9f47s00000000vg000000009gsp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:13 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.9	59924	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:12 UTC	192	OUT	GET /rules/rule120627v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:13 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:13 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT ETag: "0x8DC582B9E8EE0F3" x-ms-request-id: bbff353d-b01e-005c-270e-264c66000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130813Z-16849878b786wvrz321uz1cknn00000007u00000000072du x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-24 13:08:13 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.9	59925	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:13 UTC	192	OUT	GET /rules/rule120628v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:13 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:13 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C8E04C8" x-ms-request-id: 00f7314e-e01e-0052-48ac-21d9df000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130813Z-16849878b785jsrm4477mv3ezn00000007pg00000000c23c x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:13 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.9	59926	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:13 UTC	192	OUT	GET /rules/rule120629v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:13 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:13 GMT Content-Type: text/xml Content-Length: 428 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC4F34CA" x-ms-request-id: b11d926e-c01e-00a2-50f4-242327000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130813Z-r197bdfb6b4k6h5j1g5mvtmsmn0000000c2000000000f71u x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-24 13:08:13 UTC	428	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.9	59927	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:13 UTC	192	OUT	GET /rules/rule120630v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:14 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:13 GMT Content-Type: text/xml Content-Length: 499 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT ETag: "0x8DC582B98CEC9F6" x-ms-request-id: 33373380-a01e-003d-4cf5-2498d7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130813Z-15b8d89586f4zwgbz365q03b0c0000000ek00000000060xa x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:14 UTC	499	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.9	59928	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:13 UTC	192	OUT	GET /rules/rule120631v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:14 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:13 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B988EBD12" x-ms-request-id: 3cf1b782-701e-0001-32e5-21b110000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130813Z-16849878b787sbpl0sv29sm89s00000007u000000000c32n x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:14 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.9	59929	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:13 UTC	192	OUT	GET /rules/rule120632v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:14 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:13 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5815C4C" x-ms-request-id: 1290ce53-d01e-002b-7905-2225fb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130813Z-16849878b78gvgmlcfru6nuc5400000007kg00000000mcvr x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:14 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.9	59931	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:13 UTC	192	OUT	GET /rules/rule120634v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:14 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:14 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8972972" x-ms-request-id: a89f9527-e01e-0033-5af4-244695000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130814Z-15b8d89586fdmfsg1u7xrpfws0000000036000000000eyf1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:14 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.9	59930	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:13 UTC	192	OUT	GET /rules/rule120633v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:14 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:13 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB32BB5CB" x-ms-request-id: 26284338-e01e-0052-664d-22d9df000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130813Z-16849878b78plcdqu15wsb886400000007q000000000ad76 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:14 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.9	59932	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:14 UTC	192	OUT	GET /rules/rule120635v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:14 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:14 GMT Content-Type: text/xml Content-Length: 420 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DAE3EC0" x-ms-request-id: e79f0600-d01e-00ad-4ef2-24e942000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130814Z-15b8d89586f6nn8zquf2vw6t5400000004ug00000000cauu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:14 UTC	420	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.9	59933	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:14 UTC	192	OUT	GET /rules/rule120636v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:14 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:14 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D43097E" x-ms-request-id: 759c8b5d-301e-003f-27f2-24266f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130814Z-15b8d89586fsx9lfqmgrbzpgmg0000000eh0000000003pwc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:14 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.9	59934	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:14 UTC	192	OUT	GET /rules/rule120637v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:14 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:14 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT ETag: "0x8DC582BA909FA21" x-ms-request-id: c90bfe97-101e-008d-42ad-2492e5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130814Z-15b8d89586fnsf5zm1ryrxu0bc000000038g000000007hq7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:14 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.9	59935	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:14 UTC	192	OUT	GET /rules/rule120638v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:14 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:14 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT ETag: "0x8DC582B92FCB436" x-ms-request-id: 27632888-301e-0096-61d8-21e71d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130814Z-16849878b78lhh9t0fb3392enw00000007rg0000000012a4 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:14 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
40	192.168.2.9	59936	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:14 UTC	192	OUT	GET /rules/rule120639v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:14 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:14 GMT Content-Type: text/xml Content-Length: 423 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT ETag: "0x8DC582BB7564CE8" x-ms-request-id: efc778c0-f01e-0052-4de5-219224000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130814Z-16849878b78k46f8kzwxznephs00000007hg00000000ge2z x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:14 UTC	423	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0

Session ID	Source IP	Source Port	Destination IP	Destination Port
41	192.168.2.9	59937	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:15 UTC	192	OUT	GET /rules/rule120640v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:15 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:15 GMT Content-Type: text/xml Content-Length: 478 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT ETag: "0x8DC582B9B233827" x-ms-request-id: 2044f02f-601e-0001-42eb-25faeb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130815Z-16849878b788tnsxzb2smucwdc00000007p000000000ha93 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-24 13:08:15 UTC	478	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
42	192.168.2.9	59938	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:15 UTC	192	OUT	GET /rules/rule120641v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:15 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:15 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B95C61A3C" x-ms-request-id: 3f3879b0-501e-0035-0b40-22c923000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130815Z-16849878b78fmrkt2ukpvh9wh400000007qg00000000a220 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:15 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
43	192.168.2.9	59940	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:15 UTC	192	OUT	GET /rules/rule120643v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:15 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:15 GMT Content-Type: text/xml Content-Length: 400 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2D62837" x-ms-request-id: 07f9ef03-d01e-0014-614d-22ed58000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130815Z-16849878b78p6ttkmyustyrk8s00000007n000000000ac87 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:15 UTC	400	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
44	192.168.2.9	59941	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:15 UTC	192	OUT	GET /rules/rule120644v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:15 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:15 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7D702D0" x-ms-request-id: 44f017bc-601e-000d-6df3-242618000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130815Z-15b8d89586ff5l62quxsfe8ugg0000000dy000000000bhq8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:15 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.9	59939	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:15 UTC	192	OUT	GET /rules/rule120642v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:15 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:15 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT ETag: "0x8DC582BB046B576" x-ms-request-id: 6177d94c-d01e-0028-6bfc-247896000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130815Z-r197bdfb6b42sc4ddemybqpm140000000pk0000000002yd6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:15 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.9	59942	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:16 UTC	192	OUT	GET /rules/rule120645v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:16 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:16 GMT Content-Type: text/xml Content-Length: 425 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BBA25094F" x-ms-request-id: b59cacea-101e-000b-76f2-245e5c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130816Z-15b8d89586fx2hlt035xdehq580000000ef000000000b9zh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:16 UTC	425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.9	59943	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:16 UTC	192	OUT	GET /rules/rule120646v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:16 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:16 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2BE84FD" x-ms-request-id: 99f07890-301e-0051-29d2-2538bb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130816Z-16849878b78lhh9t0fb3392enw00000007m000000000chzt x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:16 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.9	59945	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:16 UTC	192	OUT	GET /rules/rule120648v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:16 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:16 GMT Content-Type: text/xml Content-Length: 491 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B98B88612" x-ms-request-id: 2d77a7fe-501e-0064-68ef-241f54000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130816Z-15b8d89586fnsf5zm1ryrxu0bc00000003b0000000001sye x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:16 UTC	491	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.9	59944	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:16 UTC	192	OUT	GET /rules/rule120647v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:16 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:16 GMT Content-Type: text/xml Content-Length: 448 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB389F49B" x-ms-request-id: a706a42d-501e-008c-4ef2-24cd39000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130816Z-r197bdfb6b4h2vctng0a0nubg80000000at000000000hbfc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:16 UTC	448	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>

Session ID	Source IP	Source Port	Destination IP	Destination Port
50	192.168.2.9	59946	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:16 UTC	192	OUT	GET /rules/rule120649v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:16 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:16 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT ETag: "0x8DC582BAEA4B445" x-ms-request-id: 95c67357-201e-0051-60f5-247340000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130816Z-16849878b78lhh9t0fb3392enw00000007hg00000000f93n x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:16 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.9	59947	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:17 UTC	192	OUT	GET /rules/rule120650v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:17 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:17 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989EE75B" x-ms-request-id: f6bed088-301e-0000-1a9a-24eecc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130817Z-15b8d89586fzhrwgk23ex2bvhw00000001r000000000ctg1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:17 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.2.9	59949	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:17 UTC	192	OUT	GET /rules/rule120652v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:17 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:17 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97E6FCDD" x-ms-request-id: 34cbbb6f-001e-0046-0fdf-25da4b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130817Z-16849878b789m94j7902zfvfr000000007q0000000005wv9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-24 13:08:17 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
53	192.168.2.9	59948	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:17 UTC	192	OUT	GET /rules/rule120651v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:17 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:17 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 250cc9c1-301e-000c-4ec3-20323f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130817Z-16849878b78bcpfn2qf7sm6hsn00000000hg00000000gnb9 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:17 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
54	192.168.2.9	59950	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:17 UTC	192	OUT	GET /rules/rule120653v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:17 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:17 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C710B28" x-ms-request-id: 2653a72e-001e-005a-26e6-21c3d0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130817Z-16849878b78mhkkf6kbvry07q000000007q0000000006kk2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:17 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
55	192.168.2.9	59951	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:17 UTC	192	OUT	GET /rules/rule120654v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:17 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:17 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT ETag: "0x8DC582BA54DCC28" x-ms-request-id: e692d532-001e-00a2-3ae7-20d4d5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130817Z-16849878b786wvrz321uz1cknn00000007pg00000000gad9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:17 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
56	192.168.2.9	59952	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:18 UTC	192	OUT	GET /rules/rule120655v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:18 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:18 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7F164C3" x-ms-request-id: 03f0aa2d-d01e-007a-29f2-24f38c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130818Z-15b8d89586fzhrwgk23ex2bvhw00000001sg00000000a8fp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:18 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 49 69 5d 5b 4d 6d 5d 5b 42 62 5d 5b 4f 6f 5d 5b 58 78 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120655" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <SR T="2" R="([Nn][Ii][Mm][Bb][Oo][Xx][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
57	192.168.2.9	59953	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:18 UTC	192	OUT	GET /rules/rule120656v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:18 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:18 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT ETag: "0x8DC582BA48B5BDD" x-ms-request-id: 7fcc546d-701e-001e-80a3-21f5e6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130818Z-16849878b78fmrkt2ukpvh9wh400000007u0000000000380 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:18 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120656" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
58	192.168.2.9	59955	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:18 UTC	192	OUT	GET /rules/rule120658v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:18 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:18 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:34 GMT ETag: "0x8DC582BB650C2EC" x-ms-request-id: 100b0a78-f01e-0003-754e-224453000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130818Z-16849878b789m94j7902zfvfr000000007n000000000a0d7 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:18 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120658" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
59	192.168.2.9	59954	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:18 UTC	192	OUT	GET /rules/rule120657v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:18 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:18 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:57 GMT ETag: "0x8DC582B9FF95F80" x-ms-request-id: 1d9ab00d-a01e-0002-3af4-245074000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130818Z-r197bdfb6b429k2s6br3k49qn400000004z0000000008ar6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:18 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 55 75 5d 5b 54 74 5d 5b 41 61 5d 5b 4e 6e 5d 5b 49 69 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120657" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <SR T="2" R="([Nn][Uu][Tt][Aa][Nn][Ii][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
60	192.168.2.9	59956	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:18 UTC	192	OUT	GET /rules/rule120659v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:18 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:18 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3EAF226" x-ms-request-id: 6a252cba-901e-0029-59f2-24274a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130818Z-r197bdfb6b4sn8wg20e97vn7ps0000000p9000000000bn7p x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:18 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 50 70 5d 5b 45 65 5d 5b 4e 6e 5d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 43 63 5d 5b 4b 6b 5d 20 5b 46 66 5d 5b 4f 6f 5d 5b 55 75 5d 5b 4e 6e 5d 5b 44 64 5d 5b 41 61 5d 5b 54 74 5d 5b 49 69 5d 5b 4f 6f 5d 5b 4e 6e 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120659" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <SR T="2" R="([Oo][Pp][Ee][Nn][Ss][Tt][Aa][Cc][Kk] [Ff][Oo][Uu][Nn][Dd][Aa][Tt][Ii][Oo][Nn])"> <S T="1" F="1" M="I

Session ID	Source IP	Source Port	Destination IP	Destination Port
61	192.168.2.9	59958	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:19 UTC	192	OUT	GET /rules/rule120661v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:19 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:19 GMT Content-Type: text/xml Content-Length: 411 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989AF051" x-ms-request-id: e3ffbf99-001e-0014-2c05-255151000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130819Z-r197bdfb6b4vlqfn9hfre6k1s80000000cmg000000005t9a x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:19 UTC	411	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 56 76 5d 5b 49 69 5d 5b 52 72 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120661" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <SR T="2" R="([Oo][Vv][Ii][Rr][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
62	192.168.2.9	59957	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:19 UTC	192	OUT	GET /rules/rule120660v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:19 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:19 GMT Content-Type: text/xml Content-Length: 485 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:39 GMT ETag: "0x8DC582BB9769355" x-ms-request-id: e574f622-301e-0052-4beb-2565d6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130819Z-16849878b786wvrz321uz1cknn00000007p000000000hkc9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-24 13:08:19 UTC	485	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120660" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
63	192.168.2.9	59959	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:19 UTC	192	OUT	GET /rules/rule120662v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:19 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:19 GMT Content-Type: text/xml Content-Length: 470 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBB181F65" x-ms-request-id: 217788b5-401e-0016-11a2-2153e0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130819Z-16849878b784cpcc2dr9ch74ng00000007t000000000dqeb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:19 UTC	470	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120662" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
64	192.168.2.9	59960	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:19 UTC	192	OUT	GET /rules/rule120663v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:19 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:19 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB556A907" x-ms-request-id: ee7a308c-c01e-00a1-620b-227e4a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130819Z-16849878b78hz7zj8u0h2zng1400000007v00000000090yp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:19 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 52 72 5d 5b 41 61 5d 5b 4c 6c 5d 5b 4c 6c 5d 5b 45 65 5d 5b 4c 6c 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120663" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <SR T="2" R="([Pp][Aa][Rr][Aa][Ll][Ll][Ee][Ll][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
65	192.168.2.9	59961	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:19 UTC	192	OUT	GET /rules/rule120664v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:19 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:19 GMT Content-Type: text/xml Content-Length: 502 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6A0D312" x-ms-request-id: fc13fe58-401e-000a-0af3-244a7b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130819Z-15b8d89586f989rks44whx5v7s0000000e7g0000000036m5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:19 UTC	502	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120664" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
66	192.168.2.9	59963	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:20 UTC	192	OUT	GET /rules/rule120666v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:20 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:20 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3F48DAE" x-ms-request-id: 25ee231e-901e-0083-60ac-24bb55000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130820Z-15b8d89586ff5l62quxsfe8ugg0000000dxg00000000dcgy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:20 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120666" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
67	192.168.2.9	59962	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:20 UTC	192	OUT	GET /rules/rule120665v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:20 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:20 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D30478D" x-ms-request-id: b1315031-501e-000a-22f5-240180000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130820Z-r197bdfb6b4t7wszdvrfk02ah400000009c0000000001rac x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:20 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 53 73 5d 5b 53 73 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120665" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <SR T="2" R="([Pp][Ss][Ss][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
68	192.168.2.9	59964	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:20 UTC	192	OUT	GET /rules/rule120667v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:20 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:20 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BB9B6040B" x-ms-request-id: c0884099-101e-0046-3a40-2291b0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130820Z-16849878b7842t5ke0k7mzbt3c00000007g000000000e8gz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:20 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 51 71 5d 5b 45 65 5d 5b 4d 6d 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120667" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <SR T="2" R="^([Qq][Ee][Mm][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
69	192.168.2.9	59965	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:20 UTC	192	OUT	GET /rules/rule120668v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:20 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:20 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3CAEBB8" x-ms-request-id: ac69ef67-e01e-001f-7714-221633000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130820Z-16849878b78p6ttkmyustyrk8s00000007r00000000038ku x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:20 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120668" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
70	192.168.2.9	59966	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:20 UTC	192	OUT	GET /rules/rule120669v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:20 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:20 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB5284CCE" x-ms-request-id: d9732123-901e-007b-1098-25ac50000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130820Z-15b8d89586fbt6nf34bm5uw08n00000002tg00000000dz56 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-24 13:08:20 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 52 72 5d 5b 45 65 5d 5b 44 64 5d 20 5b 48 68 5d 5b 41 61 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120669" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <SR T="2" R="([Rr][Ee][Dd] [Hh][Aa][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
71	192.168.2.9	59967	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:21 UTC	192	OUT	GET /rules/rule120670v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:21 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:21 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91EAD002" x-ms-request-id: efcdf68a-a01e-0084-49f2-249ccd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130821Z-15b8d89586fs9clcgrr6f2d6vg00000001m000000000gb5s x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:21 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120670" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
72	192.168.2.9	59970	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:21 UTC	192	OUT	GET /rules/rule120672v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:21 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:21 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA740822" x-ms-request-id: 096df01f-c01e-0066-45fd-24a1ec000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130821Z-r197bdfb6b4vlqfn9hfre6k1s80000000ckg000000009253 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-24 13:08:21 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120672" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
73	192.168.2.9	59969	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:21 UTC	192	OUT	GET /rules/rule120673v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:21 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:21 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:31 GMT ETag: "0x8DC582BB464F255" x-ms-request-id: a2e914b6-401e-0029-5fce-219b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130821Z-16849878b78bkvbz1ry47zvsas00000007qg00000000ex5a x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:21 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 54 74 5d 5b 48 68 5d 5b 49 69 5d 5b 4e 6e 5d 5b 50 70 5d 5b 55 75 5d 5b 54 74 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120673" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <SR T="2" R="([Tt][Hh][Ii][Nn][Pp][Uu][Tt][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
74	192.168.2.9	59968	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:21 UTC	192	OUT	GET /rules/rule120671v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:21 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:21 GMT Content-Type: text/xml Content-Length: 432 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:15 GMT ETag: "0x8DC582BAABA2A10" x-ms-request-id: fa910cef-e01e-003c-72dd-21c70b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130821Z-16849878b78j5kdg3dndgqw0vg00000000qg00000000exx7 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:21 UTC	432	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 53 73 5d 5b 55 75 5d 5b 50 70 5d 5b 45 65 5d 5b 52 72 5d 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120671" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <SR T="2" R="^([Ss][Uu][Pp][Ee][Rr][Mm][Ii][Cc][Rr][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T

Session ID	Source IP	Source Port	Destination IP	Destination Port
75	192.168.2.9	59971	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:21 UTC	192	OUT	GET /rules/rule120674v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:21 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:21 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA4037B0D" x-ms-request-id: 952379c8-801e-0083-0604-25f0ae000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130821Z-15b8d89586fdmfsg1u7xrpfws000000003dg0000000014t4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:21 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120674" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
76	192.168.2.9	59972	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:22 UTC	192	OUT	GET /rules/rule120675v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:22 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:22 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6CF78C8" x-ms-request-id: d2bab0c5-801e-0078-24f3-24bac6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130822Z-r197bdfb6b4r9fwfbdwymmgex800000001hg0000000032r3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:22 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 55 75 5d 5b 50 70 5d 5b 43 63 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 55 75 5d 5b 44 64 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120675" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <SR T="2" R="([Uu][Pp][Cc][Ll][Oo][Uu][Dd])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
77	192.168.2.9	59975	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:22 UTC	192	OUT	GET /rules/rule120678v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:22 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:22 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA642BF4" x-ms-request-id: 4f86bdfb-c01e-00ad-5e84-25a2b9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130822Z-15b8d89586fnsf5zm1ryrxu0bc000000038000000000813t x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:22 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120678" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
78	192.168.2.9	59974	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:22 UTC	192	OUT	GET /rules/rule120676v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:22 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:22 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B984BF177" x-ms-request-id: 497f5b85-801e-00a3-28f2-247cfb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130822Z-r197bdfb6b4lkrtc7na2dkay28000000036000000000497n x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:22 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120676" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
79	192.168.2.9	59976	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:22 UTC	192	OUT	GET /rules/rule120679v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:22 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:22 GMT Content-Type: text/xml Content-Length: 174 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91D80E15" x-ms-request-id: 2df5d45d-601e-003e-40f7-213248000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130822Z-16849878b785g992cz2s9gk35c00000007tg000000007xkh x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:22 UTC	174	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120679" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> </S> <T> <S T="1" /> </T></R>

Session ID	Source IP	Source Port	Destination IP	Destination Port
80	192.168.2.9	59973	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:22 UTC	192	OUT	GET /rules/rule120677v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:22 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:22 GMT Content-Type: text/xml Content-Length: 405 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:37 GMT ETag: "0x8DC582B942B6AFF" x-ms-request-id: c52d6895-f01e-001f-0bd3-205dc8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130822Z-16849878b78dsttbr1qw36rxs800000007pg00000000k8fe x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:22 UTC	405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5e 5b 58 78 5d 5b 45 65 5d 5b 4e 6e 5d 24 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120677" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <SR T="2" R="(^[Xx][Ee][Nn]$)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <

Session ID	Source IP	Source Port	Destination IP	Destination Port
81	192.168.2.9	59977	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:23 UTC	192	OUT	GET /rules/rule120680v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:23 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:23 GMT Content-Type: text/xml Content-Length: 1952 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B956B0F3D" x-ms-request-id: 8c481607-b01e-0053-3f2b-21cdf8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130823Z-16849878b786vsxz21496wc2qn00000007v0000000009npn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:23 UTC	1952	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 31 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120680" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <SS T="1" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> <R T="2" R="120682" /> <F T="3"> <O T="LT"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
82	192.168.2.9	59978	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:23 UTC	192	OUT	GET /rules/rule120681v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-24 13:08:23 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:23 GMT Content-Type: text/xml Content-Length: 958 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:58 GMT ETag: "0x8DC582BA0A31B3B" x-ms-request-id: 3e8b3e47-701e-006f-544e-22afc4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241024T130823Z-16849878b785g992cz2s9gk35c00000007ng00000000kz35 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-24 13:08:23 UTC	958	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120681" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120608" /> <R T="2" R="120680" /> <TH T="3"> <O T="AND"> <L> <O T="EQ"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
83	192.168.2.9	59980	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:23 UTC	193	OUT	GET /rules/rule120602v10s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net

Session ID	Source IP	Source Port	Destination IP	Destination Port
84	192.168.2.9	59979	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:23 UTC	192	OUT	GET /rules/rule120682v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net

Target ID:	0
Start time:	09:06:47
Start date:	24/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff6b2cb0000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	1
Start time:	09:06:55
Start date:	24/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1936,i,17094413292302700489,7076371066922537553,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff6b2cb0000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	09:06:57
Start date:	24/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiHjX8DoCw-2F6wUeQ27RvG2-2F-2FyOCUgAe-2BapJJCrwiDoubXwxmIHQZ2do2nzugRpbj8sUIyYzpDanWvq7P7z1EpKTPjZaQ17RfT2I6bffLl1cUmW6IXY8sBm4hS0cPKlWgRuxqGjwy0qdMIj2uo7RKLVPTc5m88FmikypbWSgrztyTuYtBQPwWw3ebheZakxyc7FFr5S44Hw9rLCjHUvOPofo9kbFG_yCuTUfPY6UB7yZ5VxhRUVVgisgV7CtFVrxjgs1Dx8NjmnyzpnSVIv-2F-2B-2B7j2fu-2FYCagNFZJHRH19RPwY10f0pPoVHgwnfCVfMYlFqMrHnUU6GAuAouzjqh20ONbYN2VfftLDjoqAJGBN2kft-2Bv04fAoIy3MzG3kdrru9Yvxu0ygDfWuzlgjcvrxqBlkV4BY2mkCzwA5jBN5rjxz-2F-2BsyMnQfHWkNxjMIZv6IBWkL8j0xWgvEID-2F-2FdgkC79m6T4CLF4Ru4slCqOKEuK45ntF4FGnfu-2BxNk2Yj1VxgsHmsl4jo7NJJbvAyMZAVVI0boEhoqSUrvJbAEVFWFdB3lpZlsfcw-3D-3D"
Imagebase:	0x7ff6b2cb0000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	09:08:11
Start date:	24/10/2024
Path:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /ical "C:\Users\user\Downloads\EventCalendarServlet.ics"
Imagebase:	0x3e0000
File size:	34'446'744 bytes
MD5 hash:	91A5292942864110ED734005B7E005C0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Boot Survival

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241024T0908140165-6432.etl

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

C:\Users\user\Downloads\097ea4c4-1015-45b1-b3db-829d6f27e0bd.tmp

C:\Users\user\Downloads\EventCalendarServlet.ics (copy)

C:\Users\user\Downloads\EventCalendarServlet.ics.crdownload (copy)

Chrome Cache Entry: 61

Static File Info

File Icon

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

Behavior

System Behavior