Edit tour

Windows Analysis Report
http://trackero.osend.in

Overview

General Information

Sample URL:	http://trackero.osend.in
Analysis ID:	1562438
Infos:

Errors URL not reachable

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2328 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 6236 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=2032,i,18384705071633077732,17718915155899923315,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 3064 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://trackero.osend.in" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.6:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.6:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.6:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49736 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63

Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=cSCR1uueDae2f1k&MD=bpLtt3nt HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net

Source: global traffic	DNS traffic detected: DNS query: trackero.osend.in
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: google.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.6:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.6:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.6:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49736 version: TLS 1.2

Source: classification engine

Classification label: unknown0.win@18/0@21/3

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=2032,i,18384705071633077732,17718915155899923315,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://trackero.osend.in"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=2032,i,18384705071633077732,17718915155899923315,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://trackero.osend.in	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
google.com	142.250.181.142	true	false	high
www.google.com	142.250.181.68	true	false	high
trackero.osend.in	unknown	unknown	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved		unknown	unknown	false
142.250.181.68	www.google.com	United States		15169	GOOGLEUS	false

Private

IP
192.168.2.6

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1562438
Start date and time:	2024-11-25 15:31:01 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 1m 52s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://trackero.osend.in
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	UNKNOWN
Classification:	unknown0.win@18/0@21/3
Cookbook Comments:	URL browsing timeout or error

Errors

URL not reachable

Warnings

Exclude process from analysis (whitelisted): SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 216.58.208.227, 172.217.19.238, 74.125.205.84, 34.104.35.123, 192.229.221.95, 199.232.210.172
Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, clients2.google.com, ocsp.digicert.com, accounts.google.com, edgedl.me.gvt1.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://trackero.osend.in

Simulations

Behavior and APIs

⊘No simulations

Input	Output
URL: http://trackero.osend.in Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": true, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": true, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": true }
URL: http://trackero.osend.in

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 25, 2024 15:31:45.152468920 CET	443	49706	20.198.118.190	192.168.2.6
Nov 25, 2024 15:31:45.154228926 CET	49706	443	192.168.2.6	20.198.118.190
Nov 25, 2024 15:31:45.154228926 CET	49706	443	192.168.2.6	20.198.118.190
Nov 25, 2024 15:31:45.154397964 CET	49706	443	192.168.2.6	20.198.118.190
Nov 25, 2024 15:31:45.276300907 CET	443	49706	20.198.118.190	192.168.2.6
Nov 25, 2024 15:31:45.276319981 CET	443	49706	20.198.118.190	192.168.2.6
Nov 25, 2024 15:31:45.276331902 CET	443	49706	20.198.118.190	192.168.2.6
Nov 25, 2024 15:31:45.713588953 CET	443	49706	20.198.118.190	192.168.2.6
Nov 25, 2024 15:31:45.755609035 CET	49706	443	192.168.2.6	20.198.118.190
Nov 25, 2024 15:31:45.914807081 CET	443	49706	20.198.118.190	192.168.2.6
Nov 25, 2024 15:31:45.916105032 CET	49706	443	192.168.2.6	20.198.118.190
Nov 25, 2024 15:31:46.043170929 CET	443	49706	20.198.118.190	192.168.2.6
Nov 25, 2024 15:31:46.477317095 CET	443	49706	20.198.118.190	192.168.2.6
Nov 25, 2024 15:31:46.521219015 CET	49706	443	192.168.2.6	20.198.118.190
Nov 25, 2024 15:31:46.849373102 CET	49674	443	192.168.2.6	173.222.162.64
Nov 25, 2024 15:31:46.849395990 CET	49673	443	192.168.2.6	173.222.162.64
Nov 25, 2024 15:31:47.161936998 CET	49672	443	192.168.2.6	173.222.162.64
Nov 25, 2024 15:31:56.015609980 CET	49710	443	192.168.2.6	20.198.118.190
Nov 25, 2024 15:31:56.015660048 CET	443	49710	20.198.118.190	192.168.2.6
Nov 25, 2024 15:31:56.015746117 CET	49710	443	192.168.2.6	20.198.118.190
Nov 25, 2024 15:31:56.016808987 CET	49710	443	192.168.2.6	20.198.118.190
Nov 25, 2024 15:31:56.016819954 CET	443	49710	20.198.118.190	192.168.2.6
Nov 25, 2024 15:31:56.614501953 CET	49674	443	192.168.2.6	173.222.162.64
Nov 25, 2024 15:31:56.646128893 CET	49673	443	192.168.2.6	173.222.162.64
Nov 25, 2024 15:31:56.817625999 CET	49672	443	192.168.2.6	173.222.162.64
Nov 25, 2024 15:31:58.348947048 CET	443	49710	20.198.118.190	192.168.2.6
Nov 25, 2024 15:31:58.349029064 CET	49710	443	192.168.2.6	20.198.118.190
Nov 25, 2024 15:31:58.369004011 CET	49710	443	192.168.2.6	20.198.118.190
Nov 25, 2024 15:31:58.369043112 CET	443	49710	20.198.118.190	192.168.2.6
Nov 25, 2024 15:31:58.369427919 CET	443	49710	20.198.118.190	192.168.2.6
Nov 25, 2024 15:31:58.371498108 CET	49710	443	192.168.2.6	20.198.118.190
Nov 25, 2024 15:31:58.371562958 CET	49710	443	192.168.2.6	20.198.118.190
Nov 25, 2024 15:31:58.371567965 CET	443	49710	20.198.118.190	192.168.2.6
Nov 25, 2024 15:31:58.371804953 CET	49710	443	192.168.2.6	20.198.118.190
Nov 25, 2024 15:31:58.415334940 CET	443	49710	20.198.118.190	192.168.2.6
Nov 25, 2024 15:31:58.931880951 CET	443	49710	20.198.118.190	192.168.2.6
Nov 25, 2024 15:31:58.932045937 CET	443	49710	20.198.118.190	192.168.2.6
Nov 25, 2024 15:31:58.932343960 CET	49710	443	192.168.2.6	20.198.118.190
Nov 25, 2024 15:31:58.936450005 CET	49710	443	192.168.2.6	20.198.118.190
Nov 25, 2024 15:31:58.936466932 CET	443	49710	20.198.118.190	192.168.2.6
Nov 25, 2024 15:31:58.936480999 CET	49710	443	192.168.2.6	20.198.118.190
Nov 25, 2024 15:31:59.343585014 CET	443	49702	173.222.162.64	192.168.2.6
Nov 25, 2024 15:31:59.344852924 CET	49702	443	192.168.2.6	173.222.162.64
Nov 25, 2024 15:32:00.154576063 CET	49715	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:00.154623032 CET	443	49715	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:00.154689074 CET	49715	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:00.155247927 CET	49715	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:00.155267000 CET	443	49715	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:00.237919092 CET	49716	443	192.168.2.6	142.250.181.68
Nov 25, 2024 15:32:00.237977982 CET	443	49716	142.250.181.68	192.168.2.6
Nov 25, 2024 15:32:00.238065004 CET	49716	443	192.168.2.6	142.250.181.68
Nov 25, 2024 15:32:00.240000010 CET	49716	443	192.168.2.6	142.250.181.68
Nov 25, 2024 15:32:00.240026951 CET	443	49716	142.250.181.68	192.168.2.6
Nov 25, 2024 15:32:00.964454889 CET	49717	443	192.168.2.6	23.218.208.109
Nov 25, 2024 15:32:00.964505911 CET	443	49717	23.218.208.109	192.168.2.6
Nov 25, 2024 15:32:00.964798927 CET	49717	443	192.168.2.6	23.218.208.109
Nov 25, 2024 15:32:00.975306034 CET	49717	443	192.168.2.6	23.218.208.109
Nov 25, 2024 15:32:00.975346088 CET	443	49717	23.218.208.109	192.168.2.6
Nov 25, 2024 15:32:01.982800961 CET	443	49716	142.250.181.68	192.168.2.6
Nov 25, 2024 15:32:01.983215094 CET	49716	443	192.168.2.6	142.250.181.68
Nov 25, 2024 15:32:01.983274937 CET	443	49716	142.250.181.68	192.168.2.6
Nov 25, 2024 15:32:01.984385967 CET	443	49716	142.250.181.68	192.168.2.6
Nov 25, 2024 15:32:01.984455109 CET	49716	443	192.168.2.6	142.250.181.68
Nov 25, 2024 15:32:01.990935087 CET	49716	443	192.168.2.6	142.250.181.68
Nov 25, 2024 15:32:01.991060019 CET	443	49716	142.250.181.68	192.168.2.6
Nov 25, 2024 15:32:02.022665977 CET	443	49715	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:02.022751093 CET	49715	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:02.026312113 CET	49715	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:02.026324987 CET	443	49715	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:02.026597977 CET	443	49715	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:02.038595915 CET	49716	443	192.168.2.6	142.250.181.68
Nov 25, 2024 15:32:02.038647890 CET	443	49716	142.250.181.68	192.168.2.6
Nov 25, 2024 15:32:02.039143085 CET	49715	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:02.083334923 CET	443	49715	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:02.083460093 CET	49716	443	192.168.2.6	142.250.181.68
Nov 25, 2024 15:32:02.453406096 CET	443	49717	23.218.208.109	192.168.2.6
Nov 25, 2024 15:32:02.453484058 CET	49717	443	192.168.2.6	23.218.208.109
Nov 25, 2024 15:32:02.455379963 CET	49717	443	192.168.2.6	23.218.208.109
Nov 25, 2024 15:32:02.455394030 CET	443	49717	23.218.208.109	192.168.2.6
Nov 25, 2024 15:32:02.455657005 CET	443	49717	23.218.208.109	192.168.2.6
Nov 25, 2024 15:32:02.501141071 CET	49717	443	192.168.2.6	23.218.208.109
Nov 25, 2024 15:32:02.517748117 CET	443	49715	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:02.517781973 CET	443	49715	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:02.517797947 CET	443	49715	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:02.517853975 CET	49715	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:02.517874002 CET	443	49715	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:02.517936945 CET	49715	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:02.547327995 CET	443	49717	23.218.208.109	192.168.2.6
Nov 25, 2024 15:32:02.711663961 CET	443	49715	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:02.711699963 CET	443	49715	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:02.711754084 CET	49715	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:02.711783886 CET	443	49715	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:02.711798906 CET	49715	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:02.711992025 CET	49715	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:02.839579105 CET	443	49715	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:02.839615107 CET	443	49715	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:02.839667082 CET	49715	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:02.839690924 CET	443	49715	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:02.839719057 CET	49715	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:02.839742899 CET	49715	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:02.903047085 CET	443	49715	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:02.903069019 CET	443	49715	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:02.903132915 CET	49715	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:02.903156042 CET	443	49715	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:02.903172970 CET	49715	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:02.903202057 CET	49715	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:02.943229914 CET	443	49715	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:02.943255901 CET	443	49715	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:02.943317890 CET	49715	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:02.943331003 CET	443	49715	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:02.943365097 CET	49715	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:02.943380117 CET	49715	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:02.975090981 CET	443	49715	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:02.975110054 CET	443	49715	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:02.975184917 CET	49715	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:02.975212097 CET	443	49715	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:02.975270987 CET	49715	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:03.002696037 CET	443	49715	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:03.002718925 CET	443	49715	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:03.002770901 CET	49715	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:03.002793074 CET	443	49715	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:03.002814054 CET	49715	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:03.002834082 CET	49715	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:03.040254116 CET	443	49717	23.218.208.109	192.168.2.6
Nov 25, 2024 15:32:03.040329933 CET	443	49717	23.218.208.109	192.168.2.6
Nov 25, 2024 15:32:03.040415049 CET	49717	443	192.168.2.6	23.218.208.109
Nov 25, 2024 15:32:03.040827990 CET	49717	443	192.168.2.6	23.218.208.109
Nov 25, 2024 15:32:03.040848017 CET	443	49717	23.218.208.109	192.168.2.6
Nov 25, 2024 15:32:03.040858984 CET	49717	443	192.168.2.6	23.218.208.109
Nov 25, 2024 15:32:03.040864944 CET	443	49717	23.218.208.109	192.168.2.6
Nov 25, 2024 15:32:03.079978943 CET	49718	443	192.168.2.6	23.218.208.109
Nov 25, 2024 15:32:03.080040932 CET	443	49718	23.218.208.109	192.168.2.6
Nov 25, 2024 15:32:03.080276012 CET	49718	443	192.168.2.6	23.218.208.109
Nov 25, 2024 15:32:03.080573082 CET	49718	443	192.168.2.6	23.218.208.109
Nov 25, 2024 15:32:03.080585003 CET	443	49718	23.218.208.109	192.168.2.6
Nov 25, 2024 15:32:03.106751919 CET	443	49715	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:03.106782913 CET	443	49715	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:03.106865883 CET	49715	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:03.106892109 CET	443	49715	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:03.107007027 CET	49715	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:03.122473955 CET	443	49715	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:03.122505903 CET	443	49715	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:03.122558117 CET	49715	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:03.122579098 CET	443	49715	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:03.122612000 CET	49715	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:03.122653961 CET	49715	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:03.137917042 CET	443	49715	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:03.137943983 CET	443	49715	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:03.138003111 CET	49715	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:03.138021946 CET	443	49715	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:03.138046980 CET	49715	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:03.138067961 CET	49715	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:03.150180101 CET	443	49715	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:03.150198936 CET	443	49715	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:03.150262117 CET	49715	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:03.150286913 CET	443	49715	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:03.150330067 CET	49715	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:03.164325953 CET	443	49715	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:03.164360046 CET	443	49715	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:03.164402962 CET	49715	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:03.164429903 CET	443	49715	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:03.164458990 CET	49715	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:03.164477110 CET	49715	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:03.177542925 CET	443	49715	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:03.177573919 CET	443	49715	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:03.177629948 CET	49715	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:03.177665949 CET	443	49715	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:03.177680969 CET	49715	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:03.177701950 CET	49715	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:03.183540106 CET	443	49715	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:03.183621883 CET	49715	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:03.183628082 CET	443	49715	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:03.183676958 CET	49715	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:03.183738947 CET	49715	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:03.183764935 CET	443	49715	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:03.183775902 CET	49715	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:03.183782101 CET	443	49715	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:03.245870113 CET	49719	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:03.245927095 CET	443	49719	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:03.246014118 CET	49719	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:03.246824980 CET	49720	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:03.246869087 CET	443	49720	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:03.246926069 CET	49720	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:03.248917103 CET	49721	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:03.248956919 CET	443	49721	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:03.249058008 CET	49721	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:03.249494076 CET	49722	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:03.249502897 CET	443	49722	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:03.249650002 CET	49723	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:03.249659061 CET	443	49723	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:03.249676943 CET	49722	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:03.250104904 CET	49720	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:03.250104904 CET	49722	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:03.250107050 CET	49723	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:03.250107050 CET	49723	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:03.250107050 CET	49721	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:03.250122070 CET	443	49720	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:03.250125885 CET	49719	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:03.250134945 CET	443	49723	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:03.250135899 CET	443	49722	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:03.250138998 CET	443	49719	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:03.250150919 CET	443	49721	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:04.476469040 CET	443	49718	23.218.208.109	192.168.2.6
Nov 25, 2024 15:32:04.476596117 CET	49718	443	192.168.2.6	23.218.208.109
Nov 25, 2024 15:32:04.479182005 CET	49718	443	192.168.2.6	23.218.208.109
Nov 25, 2024 15:32:04.479196072 CET	443	49718	23.218.208.109	192.168.2.6
Nov 25, 2024 15:32:04.479454994 CET	443	49718	23.218.208.109	192.168.2.6
Nov 25, 2024 15:32:04.480616093 CET	49718	443	192.168.2.6	23.218.208.109
Nov 25, 2024 15:32:04.523349047 CET	443	49718	23.218.208.109	192.168.2.6
Nov 25, 2024 15:32:04.968430042 CET	443	49721	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:04.969054937 CET	49721	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:04.969098091 CET	443	49721	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:04.969603062 CET	49721	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:04.969609976 CET	443	49721	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:05.000474930 CET	443	49718	23.218.208.109	192.168.2.6
Nov 25, 2024 15:32:05.000570059 CET	443	49718	23.218.208.109	192.168.2.6
Nov 25, 2024 15:32:05.000650883 CET	49718	443	192.168.2.6	23.218.208.109
Nov 25, 2024 15:32:05.001454115 CET	49718	443	192.168.2.6	23.218.208.109
Nov 25, 2024 15:32:05.001472950 CET	443	49718	23.218.208.109	192.168.2.6
Nov 25, 2024 15:32:05.001486063 CET	49718	443	192.168.2.6	23.218.208.109
Nov 25, 2024 15:32:05.001492023 CET	443	49718	23.218.208.109	192.168.2.6
Nov 25, 2024 15:32:05.034565926 CET	443	49722	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:05.035161972 CET	49722	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:05.035197973 CET	443	49722	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:05.035676956 CET	49722	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:05.035681963 CET	443	49722	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:05.057667017 CET	443	49720	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:05.058267117 CET	49720	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:05.058281898 CET	443	49720	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:05.058998108 CET	49720	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:05.059001923 CET	443	49720	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:05.120444059 CET	443	49719	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:05.121011019 CET	49719	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:05.121049881 CET	443	49719	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:05.121131897 CET	443	49723	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:05.121623039 CET	49723	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:05.121634007 CET	49719	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:05.121639967 CET	443	49719	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:05.121649981 CET	443	49723	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:05.122124910 CET	49723	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:05.122128963 CET	443	49723	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:05.415467024 CET	443	49721	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:05.415489912 CET	443	49721	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:05.415590048 CET	49721	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:05.415618896 CET	443	49721	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:05.415888071 CET	49721	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:05.415976048 CET	49721	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:05.415982008 CET	443	49721	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:05.415997982 CET	49721	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:05.416168928 CET	443	49721	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:05.416198015 CET	443	49721	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:05.416258097 CET	49721	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:05.419725895 CET	49724	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:05.419773102 CET	443	49724	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:05.419990063 CET	49724	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:05.420214891 CET	49724	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:05.420224905 CET	443	49724	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:05.486236095 CET	443	49722	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:05.486259937 CET	443	49722	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:05.486335039 CET	49722	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:05.486365080 CET	443	49722	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:05.486619949 CET	49722	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:05.486633062 CET	443	49722	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:05.486640930 CET	49722	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:05.486844063 CET	443	49722	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:05.486879110 CET	443	49722	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:05.487334013 CET	49722	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:05.496274948 CET	49725	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:05.496330976 CET	443	49725	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:05.496417046 CET	49725	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:05.496546984 CET	49725	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:05.496556997 CET	443	49725	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:05.554125071 CET	443	49720	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:05.554152012 CET	443	49720	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:05.554228067 CET	49720	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:05.554240942 CET	443	49720	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:05.554402113 CET	49720	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:05.554881096 CET	49720	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:05.554888010 CET	443	49720	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:05.554960966 CET	49720	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:05.555023909 CET	443	49720	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:05.555051088 CET	443	49720	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:05.555110931 CET	49720	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:05.558757067 CET	49726	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:05.558815002 CET	443	49726	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:05.559097052 CET	49726	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:05.559326887 CET	49726	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:05.559340000 CET	443	49726	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:05.579137087 CET	443	49719	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:05.579197884 CET	443	49719	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:05.579268932 CET	49719	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:05.579480886 CET	443	49723	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:05.579545975 CET	443	49723	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:05.579597950 CET	49723	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:05.579602957 CET	49719	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:05.579622030 CET	443	49719	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:05.579653978 CET	49719	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:05.579658031 CET	443	49719	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:05.579741001 CET	49723	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:05.579761982 CET	443	49723	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:05.579775095 CET	49723	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:05.579780102 CET	443	49723	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:05.585179090 CET	49727	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:05.585215092 CET	443	49727	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:05.585318089 CET	49727	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:05.585880041 CET	49728	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:05.585889101 CET	443	49728	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:05.585952044 CET	49728	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:05.586935043 CET	49727	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:05.586951017 CET	443	49727	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:05.587330103 CET	49728	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:05.587338924 CET	443	49728	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:06.948718071 CET	49729	443	192.168.2.6	52.149.20.212
Nov 25, 2024 15:32:06.948812962 CET	443	49729	52.149.20.212	192.168.2.6
Nov 25, 2024 15:32:06.949034929 CET	49729	443	192.168.2.6	52.149.20.212
Nov 25, 2024 15:32:06.950364113 CET	49729	443	192.168.2.6	52.149.20.212
Nov 25, 2024 15:32:06.950400114 CET	443	49729	52.149.20.212	192.168.2.6
Nov 25, 2024 15:32:07.150022984 CET	443	49724	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:07.150907040 CET	49724	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:07.150952101 CET	443	49724	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:07.151386976 CET	49724	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:07.151393890 CET	443	49724	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:07.277704000 CET	443	49726	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:07.278582096 CET	49726	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:07.278613091 CET	443	49726	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:07.279345989 CET	49726	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:07.279376030 CET	443	49726	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:07.284825087 CET	443	49725	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:07.285674095 CET	49725	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:07.285706997 CET	443	49725	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:07.286451101 CET	49725	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:07.286458015 CET	443	49725	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:07.396045923 CET	443	49727	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:07.396687984 CET	49727	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:07.396717072 CET	443	49727	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:07.397144079 CET	49727	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:07.397149086 CET	443	49727	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:07.456887007 CET	443	49728	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:07.457806110 CET	49728	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:07.457843065 CET	443	49728	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:07.458278894 CET	49728	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:07.458285093 CET	443	49728	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:07.588156939 CET	443	49724	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:07.588226080 CET	443	49724	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:07.588391066 CET	49724	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:07.588582993 CET	49724	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:07.588608027 CET	443	49724	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:07.588638067 CET	49724	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:07.588644028 CET	443	49724	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:07.591134071 CET	49730	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:07.591192007 CET	443	49730	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:07.591269016 CET	49730	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:07.591511965 CET	49730	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:07.591528893 CET	443	49730	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:07.722980022 CET	443	49726	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:07.723048925 CET	443	49726	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:07.723114014 CET	49726	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:07.723756075 CET	49726	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:07.723778963 CET	443	49726	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:07.728890896 CET	49732	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:07.728930950 CET	443	49732	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:07.729001045 CET	49732	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:07.729361057 CET	49732	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:07.729372978 CET	443	49732	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:07.742151022 CET	443	49725	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:07.742223978 CET	443	49725	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:07.742275953 CET	49725	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:07.742535114 CET	49725	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:07.742563009 CET	443	49725	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:07.742583990 CET	49725	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:07.742589951 CET	443	49725	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:07.746305943 CET	49733	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:07.746355057 CET	443	49733	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:07.746407986 CET	49733	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:07.746536970 CET	49733	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:07.746547937 CET	443	49733	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:07.859766960 CET	443	49727	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:07.859884977 CET	443	49727	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:07.859982967 CET	49727	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:07.860090971 CET	49727	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:07.860114098 CET	443	49727	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:07.860126019 CET	49727	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:07.860131979 CET	443	49727	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:07.862677097 CET	49734	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:07.862730026 CET	443	49734	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:07.862793922 CET	49734	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:07.862993956 CET	49734	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:07.863007069 CET	443	49734	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:07.921891928 CET	443	49728	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:07.921976089 CET	443	49728	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:07.922070026 CET	49728	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:07.922446966 CET	49728	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:07.922470093 CET	443	49728	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:07.922481060 CET	49728	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:07.922487020 CET	443	49728	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:07.927915096 CET	49735	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:07.927967072 CET	443	49735	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:07.928059101 CET	49735	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:07.928355932 CET	49735	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:07.928373098 CET	443	49735	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:07.934010029 CET	49736	443	192.168.2.6	20.198.118.190
Nov 25, 2024 15:32:07.934051037 CET	443	49736	20.198.118.190	192.168.2.6
Nov 25, 2024 15:32:07.934118032 CET	49736	443	192.168.2.6	20.198.118.190
Nov 25, 2024 15:32:07.934688091 CET	49736	443	192.168.2.6	20.198.118.190
Nov 25, 2024 15:32:07.934704065 CET	443	49736	20.198.118.190	192.168.2.6
Nov 25, 2024 15:32:08.767115116 CET	443	49729	52.149.20.212	192.168.2.6
Nov 25, 2024 15:32:08.767194986 CET	49729	443	192.168.2.6	52.149.20.212
Nov 25, 2024 15:32:08.769241095 CET	49729	443	192.168.2.6	52.149.20.212
Nov 25, 2024 15:32:08.769254923 CET	443	49729	52.149.20.212	192.168.2.6
Nov 25, 2024 15:32:08.769500971 CET	443	49729	52.149.20.212	192.168.2.6
Nov 25, 2024 15:32:08.817250013 CET	49729	443	192.168.2.6	52.149.20.212
Nov 25, 2024 15:32:08.886934996 CET	49729	443	192.168.2.6	52.149.20.212
Nov 25, 2024 15:32:08.931330919 CET	443	49729	52.149.20.212	192.168.2.6
Nov 25, 2024 15:32:09.416589975 CET	443	49730	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:09.417294025 CET	49730	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:09.417330027 CET	443	49730	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:09.417840958 CET	49730	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:09.417846918 CET	443	49730	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:09.470436096 CET	443	49732	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:09.471318960 CET	49732	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:09.471349955 CET	443	49732	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:09.471765041 CET	49732	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:09.471771002 CET	443	49732	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:09.492877007 CET	443	49729	52.149.20.212	192.168.2.6
Nov 25, 2024 15:32:09.492902040 CET	443	49729	52.149.20.212	192.168.2.6
Nov 25, 2024 15:32:09.492911100 CET	443	49729	52.149.20.212	192.168.2.6
Nov 25, 2024 15:32:09.492921114 CET	443	49729	52.149.20.212	192.168.2.6
Nov 25, 2024 15:32:09.492945910 CET	443	49729	52.149.20.212	192.168.2.6
Nov 25, 2024 15:32:09.492985010 CET	49729	443	192.168.2.6	52.149.20.212
Nov 25, 2024 15:32:09.492996931 CET	443	49729	52.149.20.212	192.168.2.6
Nov 25, 2024 15:32:09.493026018 CET	49729	443	192.168.2.6	52.149.20.212
Nov 25, 2024 15:32:09.493046045 CET	49729	443	192.168.2.6	52.149.20.212
Nov 25, 2024 15:32:09.515527010 CET	443	49729	52.149.20.212	192.168.2.6
Nov 25, 2024 15:32:09.515608072 CET	49729	443	192.168.2.6	52.149.20.212
Nov 25, 2024 15:32:09.515616894 CET	443	49729	52.149.20.212	192.168.2.6
Nov 25, 2024 15:32:09.515629053 CET	443	49729	52.149.20.212	192.168.2.6
Nov 25, 2024 15:32:09.515700102 CET	49729	443	192.168.2.6	52.149.20.212
Nov 25, 2024 15:32:09.516712904 CET	49729	443	192.168.2.6	52.149.20.212
Nov 25, 2024 15:32:09.516731977 CET	443	49729	52.149.20.212	192.168.2.6
Nov 25, 2024 15:32:09.516760111 CET	49729	443	192.168.2.6	52.149.20.212
Nov 25, 2024 15:32:09.516766071 CET	443	49729	52.149.20.212	192.168.2.6
Nov 25, 2024 15:32:09.551388979 CET	443	49733	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:09.551889896 CET	49733	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:09.551928997 CET	443	49733	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:09.552731991 CET	49733	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:09.552738905 CET	443	49733	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:09.767270088 CET	443	49735	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:09.767786980 CET	49735	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:09.767827034 CET	443	49735	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:09.767873049 CET	443	49734	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:09.768244028 CET	49734	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:09.768268108 CET	443	49734	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:09.768296957 CET	49735	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:09.768302917 CET	443	49735	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:09.768661022 CET	49734	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:09.768666983 CET	443	49734	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:09.861675978 CET	443	49730	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:09.861749887 CET	443	49730	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:09.861947060 CET	49730	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:09.862001896 CET	49730	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:09.862001896 CET	49730	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:09.862031937 CET	443	49730	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:09.862044096 CET	443	49730	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:09.865056992 CET	49738	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:09.865119934 CET	443	49738	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:09.865222931 CET	49738	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:09.865402937 CET	49738	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:09.865417004 CET	443	49738	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:09.905724049 CET	443	49732	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:09.905797958 CET	443	49732	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:09.905860901 CET	49732	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:09.906079054 CET	49732	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:09.906102896 CET	443	49732	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:09.906116009 CET	49732	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:09.906121016 CET	443	49732	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:09.908905983 CET	49739	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:09.908953905 CET	443	49739	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:09.909020901 CET	49739	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:09.909204006 CET	49739	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:09.909221888 CET	443	49739	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:10.055722952 CET	443	49733	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:10.055912018 CET	443	49733	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:10.055985928 CET	49733	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:10.056586027 CET	49733	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:10.056606054 CET	443	49733	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:10.056677103 CET	49733	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:10.056683064 CET	443	49733	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:10.060923100 CET	49740	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:10.060981035 CET	443	49740	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:10.061155081 CET	49740	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:10.061356068 CET	49740	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:10.061368942 CET	443	49740	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:10.176414013 CET	443	49736	20.198.118.190	192.168.2.6
Nov 25, 2024 15:32:10.176492929 CET	49736	443	192.168.2.6	20.198.118.190
Nov 25, 2024 15:32:10.178572893 CET	49736	443	192.168.2.6	20.198.118.190
Nov 25, 2024 15:32:10.178585052 CET	443	49736	20.198.118.190	192.168.2.6
Nov 25, 2024 15:32:10.178831100 CET	443	49736	20.198.118.190	192.168.2.6
Nov 25, 2024 15:32:10.180779934 CET	49736	443	192.168.2.6	20.198.118.190
Nov 25, 2024 15:32:10.180847883 CET	49736	443	192.168.2.6	20.198.118.190
Nov 25, 2024 15:32:10.180852890 CET	443	49736	20.198.118.190	192.168.2.6
Nov 25, 2024 15:32:10.180989027 CET	49736	443	192.168.2.6	20.198.118.190
Nov 25, 2024 15:32:10.213511944 CET	443	49734	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:10.213587999 CET	443	49734	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:10.213651896 CET	49734	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:10.213814974 CET	49734	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:10.213841915 CET	443	49734	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:10.213859081 CET	49734	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:10.213865042 CET	443	49734	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:10.214317083 CET	443	49735	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:10.214385986 CET	443	49735	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:10.214437008 CET	49735	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:10.214648008 CET	49735	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:10.214663029 CET	443	49735	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:10.214680910 CET	49735	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:10.214685917 CET	443	49735	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:10.217153072 CET	49741	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:10.217186928 CET	443	49741	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:10.217370033 CET	49741	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:10.217466116 CET	49741	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:10.217477083 CET	443	49741	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:10.217709064 CET	49742	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:10.217742920 CET	443	49742	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:10.217798948 CET	49742	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:10.217931032 CET	49742	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:10.217942953 CET	443	49742	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:10.227329969 CET	443	49736	20.198.118.190	192.168.2.6
Nov 25, 2024 15:32:10.728188992 CET	443	49736	20.198.118.190	192.168.2.6
Nov 25, 2024 15:32:10.728287935 CET	443	49736	20.198.118.190	192.168.2.6
Nov 25, 2024 15:32:10.728355885 CET	49736	443	192.168.2.6	20.198.118.190
Nov 25, 2024 15:32:10.728522062 CET	49736	443	192.168.2.6	20.198.118.190
Nov 25, 2024 15:32:10.728539944 CET	443	49736	20.198.118.190	192.168.2.6
Nov 25, 2024 15:32:11.658397913 CET	443	49738	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:11.659331083 CET	49738	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:11.659379959 CET	443	49738	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:11.659910917 CET	49738	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:11.659921885 CET	443	49738	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:11.672293901 CET	443	49716	142.250.181.68	192.168.2.6
Nov 25, 2024 15:32:11.672363043 CET	443	49716	142.250.181.68	192.168.2.6
Nov 25, 2024 15:32:11.672441959 CET	49716	443	192.168.2.6	142.250.181.68
Nov 25, 2024 15:32:11.706662893 CET	443	49739	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:11.708151102 CET	49739	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:11.708194971 CET	443	49739	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:11.708724022 CET	49739	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:11.708736897 CET	443	49739	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:11.850151062 CET	443	49740	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:11.850781918 CET	49740	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:11.850811958 CET	443	49740	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:11.851308107 CET	49740	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:11.851320028 CET	443	49740	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:11.946130991 CET	443	49742	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:11.946743011 CET	49742	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:11.946768045 CET	443	49742	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:11.947340012 CET	49742	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:11.947345972 CET	443	49742	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:12.024554968 CET	49716	443	192.168.2.6	142.250.181.68
Nov 25, 2024 15:32:12.024600029 CET	443	49716	142.250.181.68	192.168.2.6
Nov 25, 2024 15:32:12.068295956 CET	443	49741	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:12.070743084 CET	49741	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:12.070776939 CET	443	49741	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:12.071268082 CET	49741	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:12.071278095 CET	443	49741	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:12.113558054 CET	443	49738	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:12.113641977 CET	443	49738	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:12.113894939 CET	49738	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:12.114147902 CET	49738	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:12.114175081 CET	443	49738	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:12.114186049 CET	49738	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:12.114192963 CET	443	49738	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:12.117706060 CET	49744	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:12.117750883 CET	443	49744	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:12.117855072 CET	49744	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:12.118031025 CET	49744	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:12.118045092 CET	443	49744	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:12.151698112 CET	443	49739	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:12.151767969 CET	443	49739	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:12.151987076 CET	49739	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:12.152024984 CET	49739	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:12.152038097 CET	443	49739	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:12.152046919 CET	49739	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:12.152051926 CET	443	49739	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:12.155039072 CET	49745	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:12.155071020 CET	443	49745	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:12.155148983 CET	49745	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:12.155297041 CET	49745	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:12.155309916 CET	443	49745	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:12.299747944 CET	443	49740	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:12.299820900 CET	443	49740	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:12.299956083 CET	49740	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:12.300168991 CET	49740	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:12.300168991 CET	49740	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:12.300194025 CET	443	49740	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:12.300204992 CET	443	49740	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:12.304177999 CET	49746	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:12.304224968 CET	443	49746	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:12.305923939 CET	49746	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:12.306129932 CET	49746	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:12.306150913 CET	443	49746	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:12.386395931 CET	443	49742	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:12.386477947 CET	443	49742	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:12.386746883 CET	49742	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:12.386807919 CET	49742	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:12.386807919 CET	49742	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:12.386831045 CET	443	49742	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:12.386841059 CET	443	49742	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:12.390145063 CET	49747	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:12.390183926 CET	443	49747	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:12.390263081 CET	49747	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:12.390455961 CET	49747	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:12.390465021 CET	443	49747	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:12.525044918 CET	443	49741	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:12.525125980 CET	443	49741	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:12.525410891 CET	49741	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:12.525490999 CET	49741	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:12.525490999 CET	49741	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:12.525511026 CET	443	49741	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:12.525522947 CET	443	49741	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:12.528780937 CET	49748	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:12.528832912 CET	443	49748	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:12.528917074 CET	49748	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:12.529084921 CET	49748	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:12.529104948 CET	443	49748	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:13.902175903 CET	443	49744	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:13.902749062 CET	49744	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:13.902779102 CET	443	49744	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:13.904561996 CET	49744	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:13.904568911 CET	443	49744	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:13.947329998 CET	443	49745	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:13.948004961 CET	49745	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:13.948054075 CET	443	49745	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:13.949631929 CET	49745	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:13.949640036 CET	443	49745	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:14.091325045 CET	443	49746	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:14.091818094 CET	49746	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:14.091846943 CET	443	49746	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:14.092348099 CET	49746	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:14.092353106 CET	443	49746	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:14.176640034 CET	443	49747	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:14.177956104 CET	49747	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:14.177995920 CET	443	49747	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:14.178414106 CET	49747	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:14.178420067 CET	443	49747	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:14.246584892 CET	443	49748	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:14.250329018 CET	49748	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:14.250346899 CET	443	49748	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:14.250866890 CET	49748	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:14.250871897 CET	443	49748	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:14.351006985 CET	443	49744	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:14.351083994 CET	443	49744	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:14.351182938 CET	49744	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:14.393352985 CET	443	49745	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:14.393405914 CET	443	49745	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:14.393527031 CET	49745	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:14.411564112 CET	49744	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:14.411592007 CET	443	49744	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:14.411604881 CET	49744	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:14.411611080 CET	443	49744	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:14.413124084 CET	49745	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:14.413146973 CET	443	49745	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:14.413172007 CET	49745	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:14.413178921 CET	443	49745	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:14.429467916 CET	49749	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:14.429512978 CET	443	49749	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:14.429734945 CET	49749	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:14.435937881 CET	49750	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:14.435978889 CET	443	49750	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:14.436045885 CET	49750	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:14.436317921 CET	49749	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:14.436343908 CET	443	49749	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:14.437252045 CET	49750	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:14.437263012 CET	443	49750	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:14.540702105 CET	443	49746	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:14.540786982 CET	443	49746	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:14.540841103 CET	49746	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:14.541120052 CET	49746	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:14.541136026 CET	443	49746	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:14.541152000 CET	49746	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:14.541158915 CET	443	49746	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:14.545202017 CET	49751	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:14.545245886 CET	443	49751	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:14.545337915 CET	49751	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:14.545577049 CET	49751	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:14.545587063 CET	443	49751	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:14.713300943 CET	443	49747	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:14.713383913 CET	443	49747	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:14.713442087 CET	49747	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:14.713706017 CET	49747	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:14.713736057 CET	443	49747	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:14.713752031 CET	49747	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:14.713758945 CET	443	49747	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:14.717262983 CET	49752	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:14.717319012 CET	443	49752	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:14.717387915 CET	49752	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:14.717570066 CET	49752	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:14.717583895 CET	443	49752	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:14.801307917 CET	443	49748	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:14.801460028 CET	443	49748	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:14.801522970 CET	49748	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:14.802340984 CET	49748	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:14.802362919 CET	443	49748	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:14.802373886 CET	49748	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:14.802383900 CET	443	49748	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:14.809726000 CET	49753	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:14.809798956 CET	443	49753	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:14.809874058 CET	49753	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:14.810245037 CET	49753	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:14.810269117 CET	443	49753	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:16.225538015 CET	443	49749	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:16.226352930 CET	49749	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:16.226382017 CET	443	49749	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:16.226777077 CET	49749	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:16.226783991 CET	443	49749	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:16.235491991 CET	443	49750	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:16.235894918 CET	49750	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:16.235922098 CET	443	49750	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:16.236251116 CET	49750	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:16.236258030 CET	443	49750	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:16.331700087 CET	443	49751	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:16.332360983 CET	49751	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:16.332382917 CET	443	49751	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:16.333064079 CET	49751	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:16.333070040 CET	443	49751	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:16.513566017 CET	443	49752	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:16.514367104 CET	49752	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:16.514415026 CET	443	49752	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:16.514853954 CET	49752	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:16.514858961 CET	443	49752	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:16.592376947 CET	443	49753	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:16.592993975 CET	49753	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:16.593043089 CET	443	49753	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:16.593449116 CET	49753	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:16.593456030 CET	443	49753	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:16.684160948 CET	443	49750	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:16.684247017 CET	443	49750	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:16.684341908 CET	49750	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:16.684557915 CET	49750	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:16.684582949 CET	443	49750	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:16.684597969 CET	49750	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:16.684603930 CET	443	49750	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:16.686523914 CET	443	49749	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:16.686585903 CET	443	49749	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:16.686702967 CET	49749	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:16.686815977 CET	49749	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:16.686815977 CET	49749	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:16.686840057 CET	443	49749	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:16.686850071 CET	443	49749	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:16.687805891 CET	49754	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:16.687850952 CET	443	49754	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:16.687927961 CET	49754	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:16.688093901 CET	49754	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:16.688108921 CET	443	49754	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:16.688968897 CET	49755	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:16.689006090 CET	443	49755	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:16.689080000 CET	49755	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:16.689220905 CET	49755	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:16.689234972 CET	443	49755	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:16.821681023 CET	443	49751	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:16.821753979 CET	443	49751	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:16.821892977 CET	49751	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:16.822102070 CET	49751	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:16.822119951 CET	443	49751	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:16.822139025 CET	49751	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:16.822148085 CET	443	49751	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:16.825300932 CET	49756	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:16.825360060 CET	443	49756	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:16.825479984 CET	49756	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:16.825732946 CET	49756	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:16.825748920 CET	443	49756	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:16.959613085 CET	443	49752	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:16.959693909 CET	443	49752	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:16.959762096 CET	49752	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:16.959976912 CET	49752	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:16.960002899 CET	443	49752	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:16.960016966 CET	49752	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:16.960022926 CET	443	49752	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:16.963078976 CET	49757	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:16.963124990 CET	443	49757	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:16.963239908 CET	49757	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:16.963423014 CET	49757	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:16.963434935 CET	443	49757	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:17.038022995 CET	443	49753	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:17.038103104 CET	443	49753	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:17.038233995 CET	49753	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:17.038429022 CET	49753	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:17.038455009 CET	443	49753	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:17.038470030 CET	49753	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:17.038476944 CET	443	49753	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:17.041610003 CET	49758	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:17.041662931 CET	443	49758	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:17.041754961 CET	49758	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:17.041946888 CET	49758	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:17.041961908 CET	443	49758	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:18.433568001 CET	443	49755	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:18.434253931 CET	49755	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:18.434341908 CET	443	49755	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:18.434729099 CET	49755	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:18.434745073 CET	443	49755	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:18.483454943 CET	443	49754	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:18.484092951 CET	49754	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:18.484121084 CET	443	49754	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:18.484568119 CET	49754	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:18.484571934 CET	443	49754	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:18.626940966 CET	443	49756	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:18.628042936 CET	49756	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:18.628078938 CET	443	49756	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:18.628484011 CET	49756	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:18.628495932 CET	443	49756	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:18.752139091 CET	443	49757	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:18.752798080 CET	49757	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:18.752856970 CET	443	49757	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:18.753421068 CET	49757	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:18.753427029 CET	443	49757	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:18.783574104 CET	443	49758	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:18.784286976 CET	49758	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:18.784332037 CET	443	49758	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:18.784718990 CET	49758	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:18.784723997 CET	443	49758	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:18.883183002 CET	443	49755	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:18.883261919 CET	443	49755	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:18.883328915 CET	49755	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:18.883543015 CET	49755	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:18.883564949 CET	443	49755	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:18.883579969 CET	49755	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:18.883585930 CET	443	49755	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:18.886472940 CET	49759	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:18.886523008 CET	443	49759	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:18.886615038 CET	49759	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:18.886800051 CET	49759	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:18.886816978 CET	443	49759	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:18.929160118 CET	443	49754	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:18.929240942 CET	443	49754	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:18.929342031 CET	49754	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:18.929533958 CET	49754	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:18.929554939 CET	443	49754	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:18.929567099 CET	49754	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:18.929572105 CET	443	49754	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:18.932508945 CET	49760	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:18.932557106 CET	443	49760	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:18.932645082 CET	49760	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:18.932837963 CET	49760	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:18.932849884 CET	443	49760	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:19.075136900 CET	443	49756	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:19.075206041 CET	443	49756	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:19.075325966 CET	49756	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:19.075514078 CET	49756	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:19.075536013 CET	443	49756	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:19.075555086 CET	49756	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:19.075561047 CET	443	49756	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:19.079345942 CET	49761	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:19.079396009 CET	443	49761	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:19.079482079 CET	49761	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:19.079632044 CET	49761	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:19.079644918 CET	443	49761	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:19.197056055 CET	443	49757	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:19.197118998 CET	443	49757	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:19.197176933 CET	49757	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:19.200819016 CET	49757	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:19.200855017 CET	443	49757	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:19.200870991 CET	49757	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:19.200880051 CET	443	49757	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:19.205387115 CET	49762	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:19.205429077 CET	443	49762	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:19.205502987 CET	49762	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:19.205679893 CET	49762	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:19.205697060 CET	443	49762	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:19.220067024 CET	443	49758	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:19.220148087 CET	443	49758	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:19.220221996 CET	49758	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:19.220648050 CET	49758	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:19.220669985 CET	443	49758	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:19.220680952 CET	49758	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:19.220686913 CET	443	49758	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:19.227591038 CET	49763	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:19.227634907 CET	443	49763	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:19.227689028 CET	49763	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:19.227890015 CET	49763	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:19.227900982 CET	443	49763	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:19.969890118 CET	49764	443	192.168.2.6	20.198.118.190
Nov 25, 2024 15:32:19.969949961 CET	443	49764	20.198.118.190	192.168.2.6
Nov 25, 2024 15:32:19.970052004 CET	49764	443	192.168.2.6	20.198.118.190
Nov 25, 2024 15:32:19.970642090 CET	49764	443	192.168.2.6	20.198.118.190
Nov 25, 2024 15:32:19.970655918 CET	443	49764	20.198.118.190	192.168.2.6
Nov 25, 2024 15:32:20.671696901 CET	443	49759	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:20.672472000 CET	49759	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:20.672502995 CET	443	49759	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:20.673043013 CET	49759	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:20.673049927 CET	443	49759	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:20.714812040 CET	443	49760	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:20.715420008 CET	49760	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:20.715456009 CET	443	49760	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:20.715993881 CET	49760	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:20.716000080 CET	443	49760	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:20.799473047 CET	443	49761	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:20.800009966 CET	49761	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:20.800045967 CET	443	49761	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:20.800584078 CET	49761	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:20.800587893 CET	443	49761	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:20.992674112 CET	443	49762	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:20.993350029 CET	49762	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:20.993391991 CET	443	49762	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:20.994074106 CET	49762	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:20.994082928 CET	443	49762	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:21.016777992 CET	443	49763	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:21.017474890 CET	49763	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:21.017504930 CET	443	49763	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:21.018141031 CET	49763	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:21.018147945 CET	443	49763	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:21.117881060 CET	443	49759	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:21.117958069 CET	443	49759	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:21.118009090 CET	49759	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:21.118241072 CET	49759	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:21.118263006 CET	443	49759	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:21.118279934 CET	49759	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:21.118285894 CET	443	49759	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:21.121515989 CET	49765	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:21.121567965 CET	443	49765	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:21.121637106 CET	49765	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:21.121778011 CET	49765	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:21.121792078 CET	443	49765	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:21.161588907 CET	443	49760	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:21.161669016 CET	443	49760	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:21.161739111 CET	49760	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:21.161909103 CET	49760	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:21.161957026 CET	443	49760	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:21.161988020 CET	49760	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:21.162005901 CET	443	49760	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:21.165277958 CET	49766	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:21.165313005 CET	443	49766	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:21.165482998 CET	49766	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:21.165646076 CET	49766	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:21.165657043 CET	443	49766	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:21.238873005 CET	443	49761	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:21.238948107 CET	443	49761	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:21.239005089 CET	49761	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:21.239253998 CET	49761	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:21.239274979 CET	443	49761	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:21.239284992 CET	49761	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:21.239289999 CET	443	49761	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:21.242572069 CET	49767	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:21.242610931 CET	443	49767	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:21.242670059 CET	49767	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:21.242816925 CET	49767	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:21.242829084 CET	443	49767	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:21.442533970 CET	443	49762	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:21.442706108 CET	443	49762	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:21.442769051 CET	49762	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:21.442881107 CET	49762	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:21.442903042 CET	443	49762	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:21.442913055 CET	49762	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:21.442918062 CET	443	49762	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:21.446777105 CET	49768	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:21.446827888 CET	443	49768	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:21.447011948 CET	49768	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:21.447206974 CET	49768	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:21.447221994 CET	443	49768	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:21.541289091 CET	443	49763	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:21.541378021 CET	443	49763	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:21.541486025 CET	49763	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:21.541836977 CET	49763	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:21.541836977 CET	49763	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:21.541857004 CET	443	49763	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:21.541867018 CET	443	49763	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:21.545700073 CET	49769	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:21.545748949 CET	443	49769	13.107.246.63	192.168.2.6
Nov 25, 2024 15:32:21.545824051 CET	49769	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:21.545967102 CET	49769	443	192.168.2.6	13.107.246.63
Nov 25, 2024 15:32:21.545981884 CET	443	49769	13.107.246.63	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 25, 2024 15:31:55.819786072 CET	53	57875	1.1.1.1	192.168.2.6
Nov 25, 2024 15:31:55.878298998 CET	53	57961	1.1.1.1	192.168.2.6
Nov 25, 2024 15:31:57.920948029 CET	61055	53	192.168.2.6	1.1.1.1
Nov 25, 2024 15:31:57.921216011 CET	64937	53	192.168.2.6	1.1.1.1
Nov 25, 2024 15:31:58.615571022 CET	53	58797	1.1.1.1	192.168.2.6
Nov 25, 2024 15:31:58.931852102 CET	55300	53	192.168.2.6	1.1.1.1
Nov 25, 2024 15:31:58.932030916 CET	56859	53	192.168.2.6	1.1.1.1
Nov 25, 2024 15:32:00.098839998 CET	61352	53	192.168.2.6	1.1.1.1
Nov 25, 2024 15:32:00.098997116 CET	60914	53	192.168.2.6	1.1.1.1
Nov 25, 2024 15:32:00.236617088 CET	53	61352	1.1.1.1	192.168.2.6
Nov 25, 2024 15:32:00.236680984 CET	53	60914	1.1.1.1	192.168.2.6
Nov 25, 2024 15:32:00.964454889 CET	54306	53	192.168.2.6	1.1.1.1
Nov 25, 2024 15:32:01.976366997 CET	54306	53	192.168.2.6	1.1.1.1
Nov 25, 2024 15:32:02.990643978 CET	54306	53	192.168.2.6	1.1.1.1
Nov 25, 2024 15:32:04.994242907 CET	54306	53	192.168.2.6	1.1.1.1
Nov 25, 2024 15:32:08.998720884 CET	54306	53	192.168.2.6	1.1.1.1
Nov 25, 2024 15:32:13.052270889 CET	55681	53	192.168.2.6	8.8.8.8
Nov 25, 2024 15:32:13.053189993 CET	64317	53	192.168.2.6	1.1.1.1
Nov 25, 2024 15:32:13.187690020 CET	53	55681	8.8.8.8	192.168.2.6
Nov 25, 2024 15:32:13.190401077 CET	53	64317	1.1.1.1	192.168.2.6
Nov 25, 2024 15:32:14.058329105 CET	65266	53	192.168.2.6	1.1.1.1
Nov 25, 2024 15:32:14.058481932 CET	49314	53	192.168.2.6	1.1.1.1
Nov 25, 2024 15:32:15.082140923 CET	50106	53	192.168.2.6	1.1.1.1
Nov 25, 2024 15:32:15.082309961 CET	60393	53	192.168.2.6	1.1.1.1
Nov 25, 2024 15:32:15.533369064 CET	53	54338	1.1.1.1	192.168.2.6
Nov 25, 2024 15:32:17.106445074 CET	61897	53	192.168.2.6	1.1.1.1
Nov 25, 2024 15:32:18.114821911 CET	61897	53	192.168.2.6	1.1.1.1
Nov 25, 2024 15:32:19.129196882 CET	61897	53	192.168.2.6	1.1.1.1
Nov 25, 2024 15:32:21.137387991 CET	61897	53	192.168.2.6	1.1.1.1

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 25, 2024 15:31:57.920948029 CET	192.168.2.6	1.1.1.1	0xb514	Standard query (0)	trackero.osend.in	A (IP address)	IN (0x0001)	false
Nov 25, 2024 15:31:57.921216011 CET	192.168.2.6	1.1.1.1	0xf833	Standard query (0)	trackero.osend.in	65	IN (0x0001)	false
Nov 25, 2024 15:31:58.931852102 CET	192.168.2.6	1.1.1.1	0xe0c5	Standard query (0)	trackero.osend.in	A (IP address)	IN (0x0001)	false
Nov 25, 2024 15:31:58.932030916 CET	192.168.2.6	1.1.1.1	0xe6	Standard query (0)	trackero.osend.in	65	IN (0x0001)	false
Nov 25, 2024 15:32:00.098839998 CET	192.168.2.6	1.1.1.1	0x2ea	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 25, 2024 15:32:00.098997116 CET	192.168.2.6	1.1.1.1	0xfecb	Standard query (0)	www.google.com	65	IN (0x0001)	false
Nov 25, 2024 15:32:00.964454889 CET	192.168.2.6	1.1.1.1	0xf2b5	Standard query (0)	trackero.osend.in	A (IP address)	IN (0x0001)	false
Nov 25, 2024 15:32:01.976366997 CET	192.168.2.6	1.1.1.1	0xf2b5	Standard query (0)	trackero.osend.in	A (IP address)	IN (0x0001)	false
Nov 25, 2024 15:32:02.990643978 CET	192.168.2.6	1.1.1.1	0xf2b5	Standard query (0)	trackero.osend.in	A (IP address)	IN (0x0001)	false
Nov 25, 2024 15:32:04.994242907 CET	192.168.2.6	1.1.1.1	0xf2b5	Standard query (0)	trackero.osend.in	A (IP address)	IN (0x0001)	false
Nov 25, 2024 15:32:08.998720884 CET	192.168.2.6	1.1.1.1	0xf2b5	Standard query (0)	trackero.osend.in	A (IP address)	IN (0x0001)	false
Nov 25, 2024 15:32:13.052270889 CET	192.168.2.6	8.8.8.8	0xefa9	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Nov 25, 2024 15:32:13.053189993 CET	192.168.2.6	1.1.1.1	0x7f48	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Nov 25, 2024 15:32:14.058329105 CET	192.168.2.6	1.1.1.1	0xa118	Standard query (0)	trackero.osend.in	A (IP address)	IN (0x0001)	false
Nov 25, 2024 15:32:14.058481932 CET	192.168.2.6	1.1.1.1	0x43c8	Standard query (0)	trackero.osend.in	65	IN (0x0001)	false
Nov 25, 2024 15:32:15.082140923 CET	192.168.2.6	1.1.1.1	0x3764	Standard query (0)	trackero.osend.in	A (IP address)	IN (0x0001)	false
Nov 25, 2024 15:32:15.082309961 CET	192.168.2.6	1.1.1.1	0x80ce	Standard query (0)	trackero.osend.in	65	IN (0x0001)	false
Nov 25, 2024 15:32:17.106445074 CET	192.168.2.6	1.1.1.1	0xbfea	Standard query (0)	trackero.osend.in	A (IP address)	IN (0x0001)	false
Nov 25, 2024 15:32:18.114821911 CET	192.168.2.6	1.1.1.1	0xbfea	Standard query (0)	trackero.osend.in	A (IP address)	IN (0x0001)	false
Nov 25, 2024 15:32:19.129196882 CET	192.168.2.6	1.1.1.1	0xbfea	Standard query (0)	trackero.osend.in	A (IP address)	IN (0x0001)	false
Nov 25, 2024 15:32:21.137387991 CET	192.168.2.6	1.1.1.1	0xbfea	Standard query (0)	trackero.osend.in	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Nov 25, 2024 15:32:00.236617088 CET	1.1.1.1	192.168.2.6	0x2ea	No error (0)	www.google.com	142.250.181.68	A (IP address)	IN (0x0001)	false
Nov 25, 2024 15:32:00.236680984 CET	1.1.1.1	192.168.2.6	0xfecb	No error (0)	www.google.com		65	IN (0x0001)	false
Nov 25, 2024 15:32:13.187690020 CET	8.8.8.8	192.168.2.6	0xefa9	No error (0)	google.com	142.250.181.142	A (IP address)	IN (0x0001)	false
Nov 25, 2024 15:32:13.190401077 CET	1.1.1.1	192.168.2.6	0x7f48	No error (0)	google.com	172.217.17.78	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

otelrules.azureedge.net

fs.microsoft.com

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.6	49710	20.198.118.190	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 14:31:58 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 2b 33 41 52 38 30 72 56 68 6b 36 75 57 71 36 6b 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 61 30 64 39 66 63 35 34 38 63 63 65 65 62 66 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: +3AR80rVhk6uWq6k.1Context: 4a0d9fc548cceebf
2024-11-25 14:31:58 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-11-25 14:31:58 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 2b 33 41 52 38 30 72 56 68 6b 36 75 57 71 36 6b 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 61 30 64 39 66 63 35 34 38 63 63 65 65 62 66 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 66 6d 51 6c 47 64 56 47 6b 50 30 42 57 4a 74 6f 63 35 47 50 30 72 54 65 44 42 4d 59 61 76 51 51 47 66 42 5a 49 39 43 6b 72 7a 70 70 73 69 68 6c 48 66 51 70 59 57 71 78 4d 73 6d 76 6d 65 32 43 70 39 54 6a 56 70 54 30 59 47 73 79 51 69 46 52 61 72 56 44 46 56 58 68 6c 30 64 71 6f 31 6f 4a 57 2f 55 54 50 76 4f 37 6b 38 30 44 38 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: +3AR80rVhk6uWq6k.2Context: 4a0d9fc548cceebf<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAfmQlGdVGkP0BWJtoc5GP0rTeDBMYavQQGfBZI9CkrzppsihlHfQpYWqxMsmvme2Cp9TjVpT0YGsyQiFRarVDFVXhl0dqo1oJW/UTPvO7k80D8
2024-11-25 14:31:58 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 2b 33 41 52 38 30 72 56 68 6b 36 75 57 71 36 6b 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 61 30 64 39 66 63 35 34 38 63 63 65 65 62 66 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: +3AR80rVhk6uWq6k.3Context: 4a0d9fc548cceebf<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-11-25 14:31:58 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-11-25 14:31:58 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 62 63 6b 7a 6a 41 62 6b 73 55 6d 2b 6f 48 71 56 77 44 4d 62 49 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: bckzjAbksUm+oHqVwDMbIw.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.6	49715	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 14:32:02 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 14:32:02 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 14:32:02 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Cache-Control: public Last-Modified: Sat, 23 Nov 2024 12:15:37 GMT ETag: "0x8DD0BB889D4282C" x-ms-request-id: c3062018-b01e-003e-79df-3d8e41000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T143202Z-178bfbc474bwlrhlhC1NYCy3kg00000007h000000000h4yx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 14:32:02 UTC	15913	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-11-25 14:32:02 UTC	16384	IN	Data Raw: 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 Data Ascii: /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" /> </L> <R> <V V="400" T="I32" />
2024-11-25 14:32:02 UTC	16384	IN	Data Raw: 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 68 75 74 64 6f 77 6e 22 20 2f 3e 0d Data Ascii: .0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryShutdown" />
2024-11-25 14:32:02 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 31 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 46 69 6c 65 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 38 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 Data Ascii: </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32" I="11" O="true" N="File_Count"> <S T="8" F="Count" /> </C>
2024-11-25 14:32:02 UTC	16384	IN	Data Raw: 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 52 65 73 75 6c 74 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 32 22 20 2f 3e 0d 0a 20 Data Ascii: <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Count_CreateResult_ValidPersona_False"> <C> <S T="12" />
2024-11-25 14:32:02 UTC	16384	IN	Data Raw: 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6c 65 61 6e 75 70 4d 73 6f 50 65 72 73 6f 6e 61 5f 49 4d 73 6f 50 65 72 73 6f 6e Data Ascii: Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C> </C> <C T="U32" I="21" O="false" N="CleanupMsoPersona_IMsoPerson
2024-11-25 14:32:02 UTC	16384	IN	Data Raw: 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 Data Ascii: <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="400"
2024-11-25 14:32:03 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 46 61 69 6c 65 64 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 Data Ascii: </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIntegrationFirstCallFailedCount"> <C> <S T="10" /> </C
2024-11-25 14:32:03 UTC	16384	IN	Data Raw: 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 Data Ascii: L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L> <R> <V V="false" T="B" /> </R>
2024-11-25 14:32:03 UTC	16384	IN	Data Raw: 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 Data Ascii: us" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <L> <S T="2" F="HttpStatus" /> </L>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49717	23.218.208.109	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 14:32:02 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-25 14:32:03 UTC	478	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Server: Kestrel ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-OSID: 2 X-CID: 2 X-CCC: GB Cache-Control: public, max-age=68489 Date: Mon, 25 Nov 2024 14:32:02 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49718	23.218.208.109	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 14:32:04 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-25 14:32:04 UTC	534	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0WwMRYwAAAABe7whxSEuqSJRuLqzPsqCaTE9OMjFFREdFMTcxNQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y= Cache-Control: public, max-age=68465 Date: Mon, 25 Nov 2024 14:32:04 GMT Content-Length: 55 Connection: close X-CID: 2
2024-11-25 14:32:04 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
4	192.168.2.6	49721	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 14:32:04 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 14:32:05 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 14:32:05 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 685d8613-b01e-0001-50f7-3e46e2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T143205Z-15b8b599d88tr2flhC1TEB5gk4000000069g000000000tgb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 14:32:05 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.6	49722	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 14:32:05 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 14:32:05 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 14:32:05 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: c9502ca5-e01e-0033-0fb4-3e4695000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T143205Z-178bfbc474bbbqrhhC1NYCvw7400000007ug000000003abk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 14:32:05 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.6	49720	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 14:32:05 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 14:32:05 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 14:32:05 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: f08fc492-601e-0002-7931-3da786000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T143205Z-178bfbc474bmqmgjhC1NYCy16c00000007kg00000000h3nt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 14:32:05 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.6	49719	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 14:32:05 UTC	192	OUT	GET /rules/rule224902v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 14:32:05 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 14:32:05 GMT Content-Type: text/xml Content-Length: 450 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT ETag: "0x8DC582BD4C869AE" x-ms-request-id: 97edb58e-001e-00a2-13a4-3ed4d5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T143205Z-178bfbc474bbbqrhhC1NYCvw7400000007rg00000000cpr8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 14:32:05 UTC	450	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.6	49723	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 14:32:05 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 14:32:05 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 14:32:05 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: 2eed8dc4-701e-0098-0dc6-3e395f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T143205Z-178bfbc474bgvl54hC1NYCsfuw00000007gg00000000gcm5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 14:32:05 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.6	49724	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 14:32:07 UTC	192	OUT	GET /rules/rule120610v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 14:32:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 14:32:07 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT ETag: "0x8DC582B9964B277" x-ms-request-id: 73bf7d7c-c01e-000b-6bd1-3ee255000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T143207Z-174c587ffdfldtt2hC1TEBwv9c00000005wg00000000emuf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 14:32:07 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.6	49726	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 14:32:07 UTC	192	OUT	GET /rules/rule120612v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 14:32:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 14:32:07 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT ETag: "0x8DC582BB10C598B" x-ms-request-id: ce5ebd39-a01e-0053-183c-3c8603000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T143207Z-15b8b599d8885prmhC1TEBsnkw000000064000000000g954 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 14:32:07 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.6	49725	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 14:32:07 UTC	192	OUT	GET /rules/rule120611v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 14:32:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 14:32:07 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT ETag: "0x8DC582B9F6F3512" x-ms-request-id: 3cf7f359-901e-005b-4f39-3d2005000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T143207Z-178bfbc474bw8bwphC1NYC38b400000007a000000000mxwp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 14:32:07 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.6	49727	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 14:32:07 UTC	192	OUT	GET /rules/rule120613v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 14:32:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 14:32:07 GMT Content-Type: text/xml Content-Length: 632 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6E3779E" x-ms-request-id: 3257c6a6-201e-005d-32b4-3eafb3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T143207Z-178bfbc474bpnd5vhC1NYC4vr400000007k000000000e0ub x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 14:32:07 UTC	632	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]\|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.6	49728	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 14:32:07 UTC	192	OUT	GET /rules/rule120614v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 14:32:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 14:32:07 GMT Content-Type: text/xml Content-Length: 467 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6C038BC" x-ms-request-id: ba9b913e-601e-0001-2f1a-3dfaeb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T143207Z-178bfbc474b9xljthC1NYCtw9400000007hg0000000083v6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 14:32:07 UTC	467	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.6	49729	52.149.20.212	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 14:32:08 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=cSCR1uueDae2f1k&MD=bpLtt3nt HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-25 14:32:09 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 8d1acfcb-efb4-4e6a-b6d4-6f282acd59ef MS-RequestId: a76176ba-a7f0-4458-9bed-87cb25aa082d MS-CV: i6pKRhlzeEKPBDw2.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 25 Nov 2024 14:32:08 GMT Connection: close Content-Length: 24490
2024-11-25 14:32:09 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-11-25 14:32:09 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.6	49730	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 14:32:09 UTC	192	OUT	GET /rules/rule120615v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 14:32:09 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 14:32:09 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBAD04B7B" x-ms-request-id: 2f8155c7-701e-0098-4401-3f395f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T143209Z-174c587ffdfcb7qhhC1TEB3x70000000064000000000fa7u x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 14:32:09 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.6	49732	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 14:32:09 UTC	192	OUT	GET /rules/rule120616v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 14:32:09 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 14:32:09 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB344914B" x-ms-request-id: 9bcae678-901e-007b-2946-3cac50000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T143209Z-15b8b599d88m7pn7hC1TEB4axw000000061g00000000hp1t x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 14:32:09 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.6	49733	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 14:32:09 UTC	192	OUT	GET /rules/rule120617v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 14:32:10 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 14:32:09 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT ETag: "0x8DC582BA310DA18" x-ms-request-id: b101f067-f01e-0020-26b7-3e956b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T143209Z-178bfbc474bfw4gbhC1NYCunf400000007gg00000000m60m x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 14:32:10 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.6	49735	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 14:32:09 UTC	192	OUT	GET /rules/rule120619v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 14:32:10 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 14:32:10 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT ETag: "0x8DC582B9698189B" x-ms-request-id: b82db720-b01e-0053-528c-3acdf8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T143210Z-174c587ffdf8fcgwhC1TEBnn70000000065000000000p65a x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 14:32:10 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.6	49734	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 14:32:09 UTC	192	OUT	GET /rules/rule120618v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 14:32:10 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 14:32:10 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT ETag: "0x8DC582B9018290B" x-ms-request-id: aff2abcc-f01e-0003-4547-3c4453000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T143210Z-178bfbc474bscnbchC1NYCe7eg00000007tg0000000072b9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 14:32:10 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.6	49736	20.198.118.190	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 14:32:10 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 77 51 32 67 62 59 63 37 31 45 61 74 6b 2b 61 59 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 34 30 37 32 33 65 37 37 36 34 35 30 62 33 31 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: wQ2gbYc71Eatk+aY.1Context: 440723e776450b31
2024-11-25 14:32:10 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-11-25 14:32:10 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 77 51 32 67 62 59 63 37 31 45 61 74 6b 2b 61 59 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 34 30 37 32 33 65 37 37 36 34 35 30 62 33 31 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 66 6d 51 6c 47 64 56 47 6b 50 30 42 57 4a 74 6f 63 35 47 50 30 72 54 65 44 42 4d 59 61 76 51 51 47 66 42 5a 49 39 43 6b 72 7a 70 70 73 69 68 6c 48 66 51 70 59 57 71 78 4d 73 6d 76 6d 65 32 43 70 39 54 6a 56 70 54 30 59 47 73 79 51 69 46 52 61 72 56 44 46 56 58 68 6c 30 64 71 6f 31 6f 4a 57 2f 55 54 50 76 4f 37 6b 38 30 44 38 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: wQ2gbYc71Eatk+aY.2Context: 440723e776450b31<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAfmQlGdVGkP0BWJtoc5GP0rTeDBMYavQQGfBZI9CkrzppsihlHfQpYWqxMsmvme2Cp9TjVpT0YGsyQiFRarVDFVXhl0dqo1oJW/UTPvO7k80D8
2024-11-25 14:32:10 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 77 51 32 67 62 59 63 37 31 45 61 74 6b 2b 61 59 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 34 30 37 32 33 65 37 37 36 34 35 30 62 33 31 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: wQ2gbYc71Eatk+aY.3Context: 440723e776450b31<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-11-25 14:32:10 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-11-25 14:32:10 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 62 4f 46 4b 52 6f 44 4c 6d 55 71 64 38 72 39 71 58 77 71 57 38 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: bOFKRoDLmUqd8r9qXwqW8A.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.6	49738	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 14:32:11 UTC	192	OUT	GET /rules/rule120620v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 14:32:12 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 14:32:11 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA701121" x-ms-request-id: 000c37a0-d01e-002b-0920-3d25fb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T143211Z-15b8b599d88wn9hhhC1TEBry0g0000000650000000008zfk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 14:32:12 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.6	49739	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 14:32:11 UTC	192	OUT	GET /rules/rule120621v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 14:32:12 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 14:32:11 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA41997E3" x-ms-request-id: ba5d631a-801e-0047-14d1-3e7265000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T143211Z-178bfbc474bpscmfhC1NYCfc2c00000006900000000014xq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 14:32:12 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.6	49740	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 14:32:11 UTC	192	OUT	GET /rules/rule120622v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 14:32:12 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 14:32:12 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8CEAC16" x-ms-request-id: 4834b854-301e-005d-3ab8-3ee448000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T143212Z-178bfbc474bv587zhC1NYCny5w00000007h000000000553b x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 14:32:12 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.6	49742	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 14:32:11 UTC	192	OUT	GET /rules/rule120623v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 14:32:12 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 14:32:12 GMT Content-Type: text/xml Content-Length: 464 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97FB6C3C" x-ms-request-id: 8189730a-201e-0003-216a-3bf85a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T143212Z-178bfbc474bw8bwphC1NYC38b400000007fg0000000068h9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 14:32:12 UTC	464	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.6	49741	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 14:32:12 UTC	192	OUT	GET /rules/rule120624v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 14:32:12 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 14:32:12 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB7010D66" x-ms-request-id: e328efd5-c01e-00a2-56bf-3e2327000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T143212Z-178bfbc474bxkclvhC1NYC69g400000007fg00000000f2bz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 14:32:12 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.6	49744	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 14:32:13 UTC	192	OUT	GET /rules/rule120625v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 14:32:14 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 14:32:14 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT ETag: "0x8DC582B9748630E" x-ms-request-id: 5931471e-001e-0046-7a23-3dda4b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T143214Z-178bfbc474bbbqrhhC1NYCvw7400000007n000000000pmx6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 14:32:14 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.6	49745	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 14:32:13 UTC	192	OUT	GET /rules/rule120626v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 14:32:14 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 14:32:14 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DACDF62" x-ms-request-id: 2b92647c-c01e-00a2-646f-3b2327000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T143214Z-174c587ffdf4zw2thC1TEBu340000000063g00000000hcb3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 14:32:14 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.6	49746	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 14:32:14 UTC	192	OUT	GET /rules/rule120627v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 14:32:14 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 14:32:14 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT ETag: "0x8DC582B9E8EE0F3" x-ms-request-id: f19b5380-801e-0015-2749-3cf97f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T143214Z-15b8b599d88g5tp8hC1TEByx6w000000060g00000000dsuf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 14:32:14 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.6	49747	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 14:32:14 UTC	192	OUT	GET /rules/rule120628v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 14:32:14 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 14:32:14 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C8E04C8" x-ms-request-id: babf4520-701e-005c-6e46-3cbb94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T143214Z-15b8b599d88l2dpthC1TEBmzr000000005x000000000p62g x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 14:32:14 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.6	49748	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 14:32:14 UTC	192	OUT	GET /rules/rule120629v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 14:32:14 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 14:32:14 GMT Content-Type: text/xml Content-Length: 428 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC4F34CA" x-ms-request-id: 876ff6fa-901e-00a0-47eb-3d6a6d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T143214Z-178bfbc474bxkclvhC1NYC69g400000007fg00000000f2ff x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 14:32:14 UTC	428	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.6	49749	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 14:32:16 UTC	192	OUT	GET /rules/rule120631v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 14:32:16 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 14:32:16 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B988EBD12" x-ms-request-id: 8017546c-101e-000b-4720-3d5e5c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T143216Z-178bfbc474b9fdhphC1NYCac0n00000007kg000000006h5y x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 14:32:16 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.6	49750	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 14:32:16 UTC	192	OUT	GET /rules/rule120630v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 14:32:16 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 14:32:16 GMT Content-Type: text/xml Content-Length: 499 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT ETag: "0x8DC582B98CEC9F6" x-ms-request-id: aaf2b452-f01e-0071-621c-3e431c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T143216Z-178bfbc474bpnd5vhC1NYC4vr400000007h000000000gg4m x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 14:32:16 UTC	499	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.6	49751	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 14:32:16 UTC	192	OUT	GET /rules/rule120632v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 14:32:16 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 14:32:16 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5815C4C" x-ms-request-id: 9906faf6-f01e-0052-624b-3c9224000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T143216Z-15b8b599d88phfhnhC1TEBr51n000000069g000000000u87 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 14:32:16 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.6	49752	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 14:32:16 UTC	192	OUT	GET /rules/rule120633v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 14:32:16 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 14:32:16 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB32BB5CB" x-ms-request-id: a8d62205-901e-0083-0c0e-3bbb55000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T143216Z-174c587ffdfn4nhwhC1TEB2nbc000000066g000000005xk6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 14:32:16 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.6	49753	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 14:32:16 UTC	192	OUT	GET /rules/rule120634v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 14:32:17 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 14:32:16 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8972972" x-ms-request-id: 81bf26fc-f01e-0099-6bb6-3e9171000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T143216Z-15b8b599d88n8stkhC1TEBb78n000000010g000000001t0n x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 14:32:17 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.6	49755	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 14:32:18 UTC	192	OUT	GET /rules/rule120636v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 14:32:18 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 14:32:18 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D43097E" x-ms-request-id: 235e6caf-401e-000a-7018-3f4a7b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T143218Z-15b8b599d88m7pn7hC1TEB4axw000000064g000000009557 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-25 14:32:18 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.6	49754	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 14:32:18 UTC	192	OUT	GET /rules/rule120635v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 14:32:18 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 14:32:18 GMT Content-Type: text/xml Content-Length: 420 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DAE3EC0" x-ms-request-id: 279fb768-d01e-00ad-04d6-3ee942000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T143218Z-174c587ffdfn4nhwhC1TEB2nbc000000060000000000vay8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 14:32:18 UTC	420	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.6	49756	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 14:32:18 UTC	192	OUT	GET /rules/rule120637v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 14:32:19 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 14:32:18 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT ETag: "0x8DC582BA909FA21" x-ms-request-id: 5532245b-c01e-00ad-0e6f-3da2b9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T143218Z-174c587ffdfldtt2hC1TEBwv9c00000005wg00000000enhu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 14:32:19 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.6	49757	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 14:32:18 UTC	192	OUT	GET /rules/rule120638v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 14:32:19 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 14:32:19 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT ETag: "0x8DC582B92FCB436" x-ms-request-id: d6db62af-701e-0097-3243-3db8c1000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T143219Z-174c587ffdfmlsmvhC1TEBvyks00000006900000000057b7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 14:32:19 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
40	192.168.2.6	49758	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 14:32:18 UTC	192	OUT	GET /rules/rule120639v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 14:32:19 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 14:32:19 GMT Content-Type: text/xml Content-Length: 423 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT ETag: "0x8DC582BB7564CE8" x-ms-request-id: f14fa7ac-201e-000c-4a8c-3a79c4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T143219Z-174c587ffdfdwxdvhC1TEB1c4n000000062g000000002u0m x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 14:32:19 UTC	423	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0

Session ID	Source IP	Source Port	Destination IP	Destination Port
41	192.168.2.6	49759	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 14:32:20 UTC	192	OUT	GET /rules/rule120640v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 14:32:21 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 14:32:20 GMT Content-Type: text/xml Content-Length: 478 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT ETag: "0x8DC582B9B233827" x-ms-request-id: 9f194ed4-601e-0070-357c-3ba0c9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T143220Z-174c587ffdfcj798hC1TEB9bq4000000064000000000shtd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 14:32:21 UTC	478	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
42	192.168.2.6	49760	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 14:32:20 UTC	192	OUT	GET /rules/rule120641v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 14:32:21 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 14:32:20 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B95C61A3C" x-ms-request-id: ae8c6dce-101e-008d-4280-3b92e5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T143220Z-174c587ffdf9xbcchC1TEBxkz400000005ug00000000q098 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 14:32:21 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
43	192.168.2.6	49761	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 14:32:20 UTC	192	OUT	GET /rules/rule120642v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 14:32:21 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 14:32:21 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT ETag: "0x8DC582BB046B576" x-ms-request-id: 414c800a-401e-0035-7cbf-3e82d8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T143221Z-178bfbc474bq2pr7hC1NYCkfgg00000007rg00000000btzq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 14:32:21 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
44	192.168.2.6	49762	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 14:32:20 UTC	192	OUT	GET /rules/rule120643v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 14:32:21 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 14:32:21 GMT Content-Type: text/xml Content-Length: 400 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2D62837" x-ms-request-id: bfe6d614-201e-006e-7a8c-3abbe3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T143221Z-174c587ffdf9xbcchC1TEBxkz400000005yg0000000097dy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 14:32:21 UTC	400	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.6	49763	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 14:32:21 UTC	192	OUT	GET /rules/rule120644v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 14:32:21 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 14:32:21 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7D702D0" x-ms-request-id: c8ea1250-d01e-005a-5af6-3e7fd9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T143221Z-174c587ffdftv9hphC1TEBm29w00000006100000000083yb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 14:32:21 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.6	49764	20.198.118.190	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 14:32:22 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 47 74 33 52 49 4b 6d 61 76 30 61 45 33 4f 4f 63 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 32 61 35 33 62 30 31 35 33 65 62 32 33 31 35 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: Gt3RIKmav0aE3OOc.1Context: 22a53b0153eb2315
2024-11-25 14:32:22 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-11-25 14:32:22 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 47 74 33 52 49 4b 6d 61 76 30 61 45 33 4f 4f 63 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 32 61 35 33 62 30 31 35 33 65 62 32 33 31 35 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 66 6d 51 6c 47 64 56 47 6b 50 30 42 57 4a 74 6f 63 35 47 50 30 72 54 65 44 42 4d 59 61 76 51 51 47 66 42 5a 49 39 43 6b 72 7a 70 70 73 69 68 6c 48 66 51 70 59 57 71 78 4d 73 6d 76 6d 65 32 43 70 39 54 6a 56 70 54 30 59 47 73 79 51 69 46 52 61 72 56 44 46 56 58 68 6c 30 64 71 6f 31 6f 4a 57 2f 55 54 50 76 4f 37 6b 38 30 44 38 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: Gt3RIKmav0aE3OOc.2Context: 22a53b0153eb2315<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAfmQlGdVGkP0BWJtoc5GP0rTeDBMYavQQGfBZI9CkrzppsihlHfQpYWqxMsmvme2Cp9TjVpT0YGsyQiFRarVDFVXhl0dqo1oJW/UTPvO7k80D8
2024-11-25 14:32:22 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 47 74 33 52 49 4b 6d 61 76 30 61 45 33 4f 4f 63 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 32 61 35 33 62 30 31 35 33 65 62 32 33 31 35 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: Gt3RIKmav0aE3OOc.3Context: 22a53b0153eb2315<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-11-25 14:32:22 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-11-25 14:32:22 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 2f 70 48 43 4b 46 6e 45 62 6b 4b 61 6e 45 33 76 7a 33 30 45 71 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: /pHCKFnEbkKanE3vz30EqA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.6	49765	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 14:32:22 UTC	192	OUT	GET /rules/rule120645v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 14:32:23 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 14:32:23 GMT Content-Type: text/xml Content-Length: 425 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BBA25094F" x-ms-request-id: fd91c27a-801e-0083-67e3-3ef0ae000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T143223Z-15b8b599d88cn5thhC1TEBqxkn00000005w000000000hkfr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 14:32:23 UTC	425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.6	49766	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 14:32:22 UTC	192	OUT	GET /rules/rule120646v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.6	49767	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 14:32:22 UTC	192	OUT	GET /rules/rule120647v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net

Session ID	Source IP	Source Port	Destination IP	Destination Port
50	192.168.2.6	49768	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 14:32:23 UTC	192	OUT	GET /rules/rule120648v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.6	49769	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 14:32:23 UTC	192	OUT	GET /rules/rule120649v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 2328, Parent PID: 5848

General

Target ID:	1
Start time:	09:31:48
Start date:	25/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6236, Parent PID: 2328

General

Target ID:	3
Start time:	09:31:53
Start date:	25/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=2032,i,18384705071633077732,17718915155899923315,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3064, Parent PID: 5848

General

Target ID:	4
Start time:	09:31:56
Start date:	25/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://trackero.osend.in"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://trackero.osend.in

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Private

General Information

Errors

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 2328, Parent PID: 5848

General

Chronological Activities

Analysis Process: chrome.exePID: 6236, Parent PID: 2328

General

Chronological Activities

Analysis Process: chrome.exePID: 3064, Parent PID: 5848

General

Chronological Activities

Disassembly

Windows Analysis Report
http://trackero.osend.in