Edit tour

Windows Analysis Report
http://greatlink.com

Overview

General Information

Sample URL:	http://greatlink.com
Analysis ID:	1562491
Infos:

Errors URL not reachable

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

chrome.exe (PID: 1096 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 6256 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 --field-trial-handle=2376,i,10519227397119867064,15266233916746815749,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 2752 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://greatlink.com" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknown

HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49744 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 20.198.119.143:443 -> 192.168.2.6:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.143:443 -> 192.168.2.6:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.143:443 -> 192.168.2.6:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.6:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.30.24.109:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.143:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.30.24.109:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.6:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.143:443 -> 192.168.2.6:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.143:443 -> 192.168.2.6:49763 version: TLS 1.2

Source: unknown

HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49744 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.181.5
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.181.5
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.181.5
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.181.5
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.181.5
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63

Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=kc1vUfc76xrO9yg&MD=Yxxl78Y7 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: greatlink.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: greatlink.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: greatlink.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746

Source: unknown	HTTPS traffic detected: 20.198.119.143:443 -> 192.168.2.6:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.143:443 -> 192.168.2.6:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.143:443 -> 192.168.2.6:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.6:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.30.24.109:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.143:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.30.24.109:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.6:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.143:443 -> 192.168.2.6:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.143:443 -> 192.168.2.6:49763 version: TLS 1.2

Source: classification engine

Classification label: unknown0.win@18/0@4/4

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 --field-trial-handle=2376,i,10519227397119867064,15266233916746815749,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://greatlink.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 --field-trial-handle=2376,i,10519227397119867064,15266233916746815749,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://greatlink.com	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://greatlink.com/	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
www.google.com	172.217.21.36	true	false		high
greatlink.com	211.20.112.242	true	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://greatlink.com/	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
211.20.112.242	greatlink.com	Taiwan; Republic of China (ROC)	3462	HINETDataCommunicationBusinessGroupTW	false
172.217.21.36	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.6

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1562491
Start date and time:	2024-11-25 16:20:28 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 3s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://greatlink.com
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	UNKNOWN
Classification:	unknown0.win@18/0@4/4
Cookbook Comments:	URL browsing timeout or error

Errors

URL not reachable

Warnings

Exclude process from analysis (whitelisted): WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 216.58.208.227, 172.217.17.46, 74.125.205.84, 34.104.35.123, 192.229.221.95, 199.232.210.172
Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, clients2.google.com, ocsp.digicert.com, accounts.google.com, edgedl.me.gvt1.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://greatlink.com

Simulations

Behavior and APIs

⊘No simulations

Input	Output
URL: http://greatlink.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: http://greatlink.com

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 25, 2024 16:21:15.576550961 CET	443	49705	20.190.181.5	192.168.2.6
Nov 25, 2024 16:21:15.576577902 CET	443	49705	20.190.181.5	192.168.2.6
Nov 25, 2024 16:21:15.576612949 CET	443	49705	20.190.181.5	192.168.2.6
Nov 25, 2024 16:21:15.576683998 CET	49705	443	192.168.2.6	20.190.181.5
Nov 25, 2024 16:21:15.576786995 CET	443	49705	20.190.181.5	192.168.2.6
Nov 25, 2024 16:21:15.576798916 CET	443	49705	20.190.181.5	192.168.2.6
Nov 25, 2024 16:21:15.576812983 CET	443	49705	20.190.181.5	192.168.2.6
Nov 25, 2024 16:21:15.576844931 CET	49705	443	192.168.2.6	20.190.181.5
Nov 25, 2024 16:21:15.576857090 CET	49705	443	192.168.2.6	20.190.181.5
Nov 25, 2024 16:21:15.584954023 CET	443	49705	20.190.181.5	192.168.2.6
Nov 25, 2024 16:21:15.585058928 CET	443	49705	20.190.181.5	192.168.2.6
Nov 25, 2024 16:21:15.585119009 CET	49705	443	192.168.2.6	20.190.181.5
Nov 25, 2024 16:21:15.593528032 CET	443	49705	20.190.181.5	192.168.2.6
Nov 25, 2024 16:21:15.593636036 CET	443	49705	20.190.181.5	192.168.2.6
Nov 25, 2024 16:21:15.593691111 CET	49705	443	192.168.2.6	20.190.181.5
Nov 25, 2024 16:21:16.448426962 CET	443	49706	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:16.448582888 CET	49706	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:16.455688953 CET	49706	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:16.455705881 CET	443	49706	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:16.456022978 CET	443	49706	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:16.457763910 CET	49706	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:16.457876921 CET	49706	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:16.457884073 CET	443	49706	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:16.458023071 CET	49706	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:16.503360033 CET	443	49706	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:17.093534946 CET	49674	443	192.168.2.6	173.222.162.64
Nov 25, 2024 16:21:17.093550920 CET	49673	443	192.168.2.6	173.222.162.64
Nov 25, 2024 16:21:17.168360949 CET	443	49706	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:17.168443918 CET	443	49706	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:17.168519974 CET	49706	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:17.168864012 CET	49706	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:17.168903112 CET	443	49706	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:17.374794960 CET	49672	443	192.168.2.6	173.222.162.64
Nov 25, 2024 16:21:25.735086918 CET	49707	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:25.735115051 CET	443	49707	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:25.735198021 CET	49707	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:25.735910892 CET	49707	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:25.735937119 CET	443	49707	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:26.365286112 CET	49708	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:26.365379095 CET	443	49708	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:26.365467072 CET	49708	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:26.366044998 CET	49708	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:26.366061926 CET	443	49708	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:26.716414928 CET	49674	443	192.168.2.6	173.222.162.64
Nov 25, 2024 16:21:26.763287067 CET	49673	443	192.168.2.6	173.222.162.64
Nov 25, 2024 16:21:27.107090950 CET	49672	443	192.168.2.6	173.222.162.64
Nov 25, 2024 16:21:27.443909883 CET	49714	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:27.443958998 CET	443	49714	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:27.444175959 CET	49714	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:27.444783926 CET	49714	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:27.444797993 CET	443	49714	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:28.080462933 CET	443	49707	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:28.080558062 CET	49707	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:28.082488060 CET	49707	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:28.082498074 CET	443	49707	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:28.082777023 CET	443	49707	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:28.084604979 CET	49707	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:28.084685087 CET	49707	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:28.084690094 CET	443	49707	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:28.084839106 CET	49707	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:28.110511065 CET	49715	80	192.168.2.6	211.20.112.242
Nov 25, 2024 16:21:28.111026049 CET	49716	80	192.168.2.6	211.20.112.242
Nov 25, 2024 16:21:28.127331018 CET	443	49707	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:28.230518103 CET	80	49715	211.20.112.242	192.168.2.6
Nov 25, 2024 16:21:28.230675936 CET	49715	80	192.168.2.6	211.20.112.242
Nov 25, 2024 16:21:28.230928898 CET	80	49716	211.20.112.242	192.168.2.6
Nov 25, 2024 16:21:28.230995893 CET	49716	80	192.168.2.6	211.20.112.242
Nov 25, 2024 16:21:28.232242107 CET	49715	80	192.168.2.6	211.20.112.242
Nov 25, 2024 16:21:28.352330923 CET	80	49715	211.20.112.242	192.168.2.6
Nov 25, 2024 16:21:28.650460005 CET	443	49707	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:28.650548935 CET	443	49707	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:28.650681973 CET	49707	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:28.650847912 CET	49707	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:28.650866032 CET	443	49707	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:28.694977999 CET	443	49708	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:28.695055008 CET	49708	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:28.697439909 CET	49708	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:28.697452068 CET	443	49708	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:28.697748899 CET	443	49708	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:28.699331045 CET	49708	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:28.699413061 CET	49708	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:28.699419022 CET	443	49708	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:28.699544907 CET	49708	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:28.747332096 CET	443	49708	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:29.248872042 CET	443	49714	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:29.248954058 CET	49714	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:29.262948036 CET	443	49708	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:29.263036013 CET	443	49708	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:29.263117075 CET	49708	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:29.278580904 CET	49708	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:29.278604984 CET	443	49708	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:29.283014059 CET	49714	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:29.283031940 CET	443	49714	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:29.283464909 CET	443	49714	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:29.296451092 CET	49714	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:29.339329958 CET	443	49714	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:29.741341114 CET	443	49714	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:29.741374969 CET	443	49714	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:29.741390944 CET	443	49714	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:29.741427898 CET	49714	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:29.741437912 CET	443	49714	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:29.741467953 CET	49714	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:29.741489887 CET	49714	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:29.925355911 CET	443	49714	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:29.925381899 CET	443	49714	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:29.925426006 CET	49714	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:29.925441980 CET	443	49714	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:29.925482988 CET	49714	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:29.971024036 CET	443	49714	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:29.971064091 CET	443	49714	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:29.971095085 CET	49714	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:29.971110106 CET	443	49714	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:29.971152067 CET	49714	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:30.104022026 CET	443	49714	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:30.104047060 CET	443	49714	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:30.104104996 CET	49714	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:30.104120016 CET	443	49714	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:30.104157925 CET	49714	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:30.104167938 CET	49714	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:30.139359951 CET	443	49714	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:30.139396906 CET	443	49714	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:30.139439106 CET	49714	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:30.139451981 CET	443	49714	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:30.139482021 CET	49714	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:30.139502048 CET	49714	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:30.159636021 CET	443	49714	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:30.159661055 CET	443	49714	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:30.159703970 CET	49714	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:30.159713984 CET	443	49714	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:30.159759998 CET	49714	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:30.159780979 CET	49714	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:30.177068949 CET	443	49714	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:30.177089930 CET	443	49714	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:30.177148104 CET	49714	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:30.177162886 CET	443	49714	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:30.177202940 CET	49714	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:30.218031883 CET	49719	443	192.168.2.6	172.217.21.36
Nov 25, 2024 16:21:30.218122005 CET	443	49719	172.217.21.36	192.168.2.6
Nov 25, 2024 16:21:30.218199015 CET	49719	443	192.168.2.6	172.217.21.36
Nov 25, 2024 16:21:30.218502045 CET	49719	443	192.168.2.6	172.217.21.36
Nov 25, 2024 16:21:30.218517065 CET	443	49719	172.217.21.36	192.168.2.6
Nov 25, 2024 16:21:30.298943043 CET	443	49714	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:30.298964977 CET	443	49714	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:30.299004078 CET	49714	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:30.299015045 CET	443	49714	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:30.299055099 CET	49714	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:30.314704895 CET	443	49714	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:30.314735889 CET	443	49714	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:30.314769030 CET	49714	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:30.314783096 CET	443	49714	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:30.314816952 CET	49714	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:30.314835072 CET	49714	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:30.327909946 CET	443	49714	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:30.327933073 CET	443	49714	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:30.327987909 CET	49714	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:30.328000069 CET	443	49714	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:30.328052998 CET	49714	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:30.343178988 CET	443	49714	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:30.343200922 CET	443	49714	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:30.343265057 CET	49714	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:30.343275070 CET	443	49714	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:30.343457937 CET	49714	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:30.358546019 CET	443	49714	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:30.358565092 CET	443	49714	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:30.358609915 CET	49714	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:30.358617067 CET	443	49714	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:30.358647108 CET	443	49714	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:30.358673096 CET	49714	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:30.358690023 CET	49714	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:30.359277964 CET	49714	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:30.359297037 CET	443	49714	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:30.410717010 CET	49720	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:30.410778999 CET	443	49720	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:30.411201000 CET	49720	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:30.412419081 CET	49720	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:30.412450075 CET	443	49720	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:30.414158106 CET	49721	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:30.414252996 CET	443	49721	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:30.414416075 CET	49721	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:30.414820910 CET	49721	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:30.414841890 CET	443	49721	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:30.415890932 CET	49722	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:30.415926933 CET	443	49722	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:30.415993929 CET	49722	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:30.417503119 CET	49723	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:30.417512894 CET	443	49723	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:30.417563915 CET	49723	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:30.418056965 CET	49722	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:30.418087959 CET	443	49722	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:30.418155909 CET	49723	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:30.418164968 CET	443	49723	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:30.419131041 CET	49724	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:30.419176102 CET	443	49724	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:30.419332981 CET	49724	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:30.419550896 CET	49724	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:30.419567108 CET	443	49724	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:30.648686886 CET	443	49702	173.222.162.64	192.168.2.6
Nov 25, 2024 16:21:30.649893999 CET	49702	443	192.168.2.6	173.222.162.64
Nov 25, 2024 16:21:31.224414110 CET	49725	443	192.168.2.6	184.30.24.109
Nov 25, 2024 16:21:31.224464893 CET	443	49725	184.30.24.109	192.168.2.6
Nov 25, 2024 16:21:31.224534035 CET	49725	443	192.168.2.6	184.30.24.109
Nov 25, 2024 16:21:31.226316929 CET	49725	443	192.168.2.6	184.30.24.109
Nov 25, 2024 16:21:31.226332903 CET	443	49725	184.30.24.109	192.168.2.6
Nov 25, 2024 16:21:31.963118076 CET	443	49719	172.217.21.36	192.168.2.6
Nov 25, 2024 16:21:31.963479996 CET	49719	443	192.168.2.6	172.217.21.36
Nov 25, 2024 16:21:31.963509083 CET	443	49719	172.217.21.36	192.168.2.6
Nov 25, 2024 16:21:31.964590073 CET	443	49719	172.217.21.36	192.168.2.6
Nov 25, 2024 16:21:31.964653969 CET	49719	443	192.168.2.6	172.217.21.36
Nov 25, 2024 16:21:31.966001034 CET	49719	443	192.168.2.6	172.217.21.36
Nov 25, 2024 16:21:31.966063023 CET	443	49719	172.217.21.36	192.168.2.6
Nov 25, 2024 16:21:32.014278889 CET	49719	443	192.168.2.6	172.217.21.36
Nov 25, 2024 16:21:32.014295101 CET	443	49719	172.217.21.36	192.168.2.6
Nov 25, 2024 16:21:32.062175035 CET	49719	443	192.168.2.6	172.217.21.36
Nov 25, 2024 16:21:32.164210081 CET	49726	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:32.164268970 CET	443	49726	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:32.164426088 CET	49726	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:32.165119886 CET	49726	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:32.165136099 CET	443	49726	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:32.363941908 CET	443	49724	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:32.364356995 CET	443	49721	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:32.365430117 CET	443	49720	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:32.365478992 CET	443	49723	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:32.366878033 CET	49723	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:32.366910934 CET	443	49723	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:32.367851973 CET	49723	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:32.367856979 CET	443	49723	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:32.368423939 CET	49724	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:32.368447065 CET	443	49724	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:32.369137049 CET	49724	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:32.369143009 CET	443	49724	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:32.369730949 CET	49721	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:32.369741917 CET	443	49721	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:32.370142937 CET	49721	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:32.370147943 CET	443	49721	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:32.370546103 CET	49720	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:32.370553970 CET	443	49720	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:32.370856047 CET	443	49722	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:32.371154070 CET	49720	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:32.371157885 CET	443	49720	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:32.371655941 CET	49722	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:32.371666908 CET	443	49722	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:32.372345924 CET	49722	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:32.372349977 CET	443	49722	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:32.611397028 CET	443	49725	184.30.24.109	192.168.2.6
Nov 25, 2024 16:21:32.611515045 CET	49725	443	192.168.2.6	184.30.24.109
Nov 25, 2024 16:21:32.613756895 CET	49725	443	192.168.2.6	184.30.24.109
Nov 25, 2024 16:21:32.613776922 CET	443	49725	184.30.24.109	192.168.2.6
Nov 25, 2024 16:21:32.614037037 CET	443	49725	184.30.24.109	192.168.2.6
Nov 25, 2024 16:21:32.654313087 CET	49725	443	192.168.2.6	184.30.24.109
Nov 25, 2024 16:21:32.666611910 CET	49725	443	192.168.2.6	184.30.24.109
Nov 25, 2024 16:21:32.707401991 CET	443	49725	184.30.24.109	192.168.2.6
Nov 25, 2024 16:21:32.853334904 CET	443	49724	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:32.853424072 CET	443	49724	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:32.853559971 CET	49724	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:32.853727102 CET	49724	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:32.853751898 CET	443	49724	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:32.853765965 CET	49724	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:32.853774071 CET	443	49724	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:32.857141972 CET	443	49722	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:32.857214928 CET	443	49722	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:32.857274055 CET	49727	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:32.857300997 CET	49722	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:32.857319117 CET	443	49727	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:32.857398987 CET	49727	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:32.857475996 CET	49722	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:32.857482910 CET	443	49722	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:32.857536077 CET	49727	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:32.857553959 CET	443	49727	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:32.863265991 CET	49728	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:32.863301992 CET	443	49728	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:32.863549948 CET	49728	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:32.863549948 CET	49728	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:32.863590002 CET	443	49728	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:32.868354082 CET	443	49720	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:32.868376970 CET	443	49720	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:32.868424892 CET	443	49720	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:32.868443966 CET	49720	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:32.868500948 CET	49720	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:32.868566990 CET	49720	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:32.868573904 CET	443	49720	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:32.868577957 CET	49720	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:32.868581057 CET	443	49720	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:32.869251013 CET	443	49723	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:32.869273901 CET	443	49723	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:32.869323969 CET	49723	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:32.869328022 CET	443	49723	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:32.869379044 CET	49723	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:32.869693041 CET	49723	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:32.869693041 CET	49723	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:32.869702101 CET	443	49723	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:32.869709969 CET	443	49723	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:32.871285915 CET	49729	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:32.871300936 CET	443	49729	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:32.871380091 CET	49729	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:32.871675014 CET	49729	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:32.871685982 CET	443	49729	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:32.872025967 CET	49730	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:32.872060061 CET	443	49730	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:32.872127056 CET	49730	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:32.872227907 CET	49730	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:32.872241974 CET	443	49730	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:32.882339001 CET	443	49721	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:32.882366896 CET	443	49721	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:32.882426977 CET	49721	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:32.882437944 CET	443	49721	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:32.882482052 CET	49721	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:32.882661104 CET	49721	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:32.882668972 CET	443	49721	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:32.882683039 CET	49721	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:32.882846117 CET	443	49721	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:32.882880926 CET	443	49721	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:32.882972956 CET	49721	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:32.885202885 CET	49731	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:32.885217905 CET	443	49731	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:32.885288954 CET	49731	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:32.885416031 CET	49731	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:32.885427952 CET	443	49731	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:33.131854057 CET	443	49725	184.30.24.109	192.168.2.6
Nov 25, 2024 16:21:33.131938934 CET	443	49725	184.30.24.109	192.168.2.6
Nov 25, 2024 16:21:33.131992102 CET	49725	443	192.168.2.6	184.30.24.109
Nov 25, 2024 16:21:33.132139921 CET	49725	443	192.168.2.6	184.30.24.109
Nov 25, 2024 16:21:33.132157087 CET	443	49725	184.30.24.109	192.168.2.6
Nov 25, 2024 16:21:33.132216930 CET	49725	443	192.168.2.6	184.30.24.109
Nov 25, 2024 16:21:33.132222891 CET	443	49725	184.30.24.109	192.168.2.6
Nov 25, 2024 16:21:33.178353071 CET	49732	443	192.168.2.6	184.30.24.109
Nov 25, 2024 16:21:33.178391933 CET	443	49732	184.30.24.109	192.168.2.6
Nov 25, 2024 16:21:33.178610086 CET	49732	443	192.168.2.6	184.30.24.109
Nov 25, 2024 16:21:33.179122925 CET	49732	443	192.168.2.6	184.30.24.109
Nov 25, 2024 16:21:33.179135084 CET	443	49732	184.30.24.109	192.168.2.6
Nov 25, 2024 16:21:34.509912968 CET	443	49726	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:34.510070086 CET	49726	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:34.511807919 CET	49726	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:34.511827946 CET	443	49726	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:34.512075901 CET	443	49726	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:34.514089108 CET	49726	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:34.514089108 CET	49726	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:34.514111042 CET	443	49726	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:34.514254093 CET	49726	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:34.555340052 CET	443	49726	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:34.590353012 CET	443	49730	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:34.590867996 CET	49730	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:34.590884924 CET	443	49730	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:34.591336966 CET	49730	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:34.591341019 CET	443	49730	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:34.607539892 CET	443	49732	184.30.24.109	192.168.2.6
Nov 25, 2024 16:21:34.607775927 CET	49732	443	192.168.2.6	184.30.24.109
Nov 25, 2024 16:21:34.609000921 CET	49732	443	192.168.2.6	184.30.24.109
Nov 25, 2024 16:21:34.609006882 CET	443	49732	184.30.24.109	192.168.2.6
Nov 25, 2024 16:21:34.609255075 CET	443	49732	184.30.24.109	192.168.2.6
Nov 25, 2024 16:21:34.610774994 CET	49732	443	192.168.2.6	184.30.24.109
Nov 25, 2024 16:21:34.647366047 CET	443	49728	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:34.648222923 CET	49728	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:34.648222923 CET	49728	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:34.648240089 CET	443	49728	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:34.648248911 CET	443	49728	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:34.651331902 CET	443	49732	184.30.24.109	192.168.2.6
Nov 25, 2024 16:21:34.671861887 CET	443	49731	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:34.672322989 CET	49731	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:34.672339916 CET	443	49731	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:34.673224926 CET	49731	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:34.673228979 CET	443	49731	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:34.684981108 CET	443	49729	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:34.685492039 CET	49729	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:34.685509920 CET	443	49729	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:34.686342001 CET	49729	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:34.686347008 CET	443	49729	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:34.703144073 CET	443	49727	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:34.703922987 CET	49727	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:34.703922987 CET	49727	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:34.703941107 CET	443	49727	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:34.703949928 CET	443	49727	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:35.029197931 CET	443	49730	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:35.029259920 CET	443	49730	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:35.029777050 CET	49730	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:35.032103062 CET	49730	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:35.032109022 CET	443	49730	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:35.032134056 CET	49730	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:35.032140017 CET	443	49730	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:35.035429955 CET	49733	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:35.035459042 CET	443	49733	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:35.035573006 CET	49733	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:35.035748005 CET	49733	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:35.035757065 CET	443	49733	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:35.095762014 CET	443	49728	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:35.095860004 CET	443	49728	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:35.095973969 CET	49728	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:35.096110106 CET	49728	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:35.096110106 CET	49728	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:35.096117973 CET	443	49728	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:35.096128941 CET	443	49728	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:35.098799944 CET	49734	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:35.098820925 CET	443	49734	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:35.099083900 CET	49734	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:35.099083900 CET	49734	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:35.099112034 CET	443	49734	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:35.132122993 CET	443	49729	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:35.132200003 CET	443	49729	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:35.132750034 CET	49729	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:35.133577108 CET	49729	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:35.133577108 CET	49729	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:35.133584023 CET	443	49729	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:35.133591890 CET	443	49729	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:35.137635946 CET	49735	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:35.137681961 CET	443	49735	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:35.137829065 CET	49735	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:35.137953043 CET	49735	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:35.137960911 CET	443	49735	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:35.140880108 CET	443	49732	184.30.24.109	192.168.2.6
Nov 25, 2024 16:21:35.141041040 CET	443	49732	184.30.24.109	192.168.2.6
Nov 25, 2024 16:21:35.141810894 CET	49732	443	192.168.2.6	184.30.24.109
Nov 25, 2024 16:21:35.141834021 CET	49732	443	192.168.2.6	184.30.24.109
Nov 25, 2024 16:21:35.141834021 CET	49732	443	192.168.2.6	184.30.24.109
Nov 25, 2024 16:21:35.141841888 CET	443	49732	184.30.24.109	192.168.2.6
Nov 25, 2024 16:21:35.141850948 CET	443	49732	184.30.24.109	192.168.2.6
Nov 25, 2024 16:21:35.150584936 CET	443	49727	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:35.150741100 CET	443	49727	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:35.150835991 CET	49727	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:35.150979042 CET	49727	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:35.150989056 CET	443	49727	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:35.151020050 CET	49727	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:35.151026964 CET	443	49727	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:35.151628017 CET	443	49731	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:35.151695967 CET	443	49731	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:35.151897907 CET	49731	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:35.152247906 CET	49731	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:35.152247906 CET	49731	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:35.152255058 CET	443	49731	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:35.152262926 CET	443	49731	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:35.157250881 CET	49736	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:35.157272100 CET	443	49736	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:35.157757998 CET	49736	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:35.159442902 CET	49737	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:35.159471035 CET	443	49737	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:35.159643888 CET	49736	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:35.159645081 CET	49737	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:35.159658909 CET	443	49736	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:35.159817934 CET	49737	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:35.159830093 CET	443	49737	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:35.191056967 CET	443	49726	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:35.191170931 CET	443	49726	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:35.191282034 CET	49726	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:35.191643953 CET	49726	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:35.191649914 CET	443	49726	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:36.779241085 CET	443	49733	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:36.779680014 CET	49733	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:36.779706001 CET	443	49733	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:36.780205011 CET	49733	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:36.780211926 CET	443	49733	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:36.943351984 CET	443	49737	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:36.943839073 CET	49737	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:36.943856001 CET	443	49737	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:36.944356918 CET	49737	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:36.944361925 CET	443	49737	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:36.978466988 CET	443	49736	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:36.978915930 CET	49736	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:36.978945971 CET	443	49736	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:36.979378939 CET	49736	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:36.979392052 CET	443	49736	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:37.002083063 CET	443	49734	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:37.002526999 CET	49734	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:37.002561092 CET	443	49734	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:37.003015995 CET	49734	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:37.003022909 CET	443	49734	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:37.032443047 CET	443	49735	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:37.032876968 CET	49735	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:37.032892942 CET	443	49735	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:37.033329010 CET	49735	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:37.033334017 CET	443	49735	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:37.221942902 CET	49738	443	192.168.2.6	4.245.163.56
Nov 25, 2024 16:21:37.221986055 CET	443	49738	4.245.163.56	192.168.2.6
Nov 25, 2024 16:21:37.222063065 CET	49738	443	192.168.2.6	4.245.163.56
Nov 25, 2024 16:21:37.223364115 CET	49738	443	192.168.2.6	4.245.163.56
Nov 25, 2024 16:21:37.223382950 CET	443	49738	4.245.163.56	192.168.2.6
Nov 25, 2024 16:21:37.327657938 CET	443	49733	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:37.327733994 CET	443	49733	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:37.327797890 CET	49733	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:37.328015089 CET	49733	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:37.328035116 CET	443	49733	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:37.328046083 CET	49733	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:37.328051090 CET	443	49733	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:37.331334114 CET	49739	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:37.331370115 CET	443	49739	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:37.331466913 CET	49739	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:37.331672907 CET	49739	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:37.331686974 CET	443	49739	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:37.382641077 CET	443	49737	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:37.382704973 CET	443	49737	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:37.382800102 CET	49737	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:37.382967949 CET	49737	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:37.382987022 CET	443	49737	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:37.382997990 CET	49737	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:37.383003950 CET	443	49737	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:37.385749102 CET	49740	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:37.385777950 CET	443	49740	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:37.385854959 CET	49740	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:37.386023045 CET	49740	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:37.386033058 CET	443	49740	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:37.439042091 CET	443	49736	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:37.439102888 CET	443	49736	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:37.439157009 CET	49736	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:37.439333916 CET	49736	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:37.439353943 CET	443	49736	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:37.439364910 CET	49736	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:37.439371109 CET	443	49736	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:37.441998959 CET	49741	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:37.442028999 CET	443	49741	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:37.442107916 CET	49741	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:37.442261934 CET	49741	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:37.442276955 CET	443	49741	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:37.456420898 CET	443	49734	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:37.456511974 CET	443	49734	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:37.456578970 CET	49734	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:37.456906080 CET	49734	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:37.456924915 CET	443	49734	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:37.456954956 CET	49734	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:37.456959963 CET	443	49734	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:37.461337090 CET	49742	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:37.461354017 CET	443	49742	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:37.461425066 CET	49742	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:37.461545944 CET	49742	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:37.461556911 CET	443	49742	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:37.491369009 CET	443	49735	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:37.491449118 CET	443	49735	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:37.491503000 CET	49735	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:37.493267059 CET	49735	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:37.493279934 CET	443	49735	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:37.493289948 CET	49735	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:37.493294954 CET	443	49735	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:37.496890068 CET	49743	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:37.496927023 CET	443	49743	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:37.496994019 CET	49743	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:37.497348070 CET	49743	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:37.497359037 CET	443	49743	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:37.723182917 CET	49702	443	192.168.2.6	173.222.162.64
Nov 25, 2024 16:21:37.723264933 CET	49702	443	192.168.2.6	173.222.162.64
Nov 25, 2024 16:21:37.724128008 CET	49744	443	192.168.2.6	173.222.162.64
Nov 25, 2024 16:21:37.724181890 CET	443	49744	173.222.162.64	192.168.2.6
Nov 25, 2024 16:21:37.724246979 CET	49744	443	192.168.2.6	173.222.162.64
Nov 25, 2024 16:21:37.724757910 CET	49744	443	192.168.2.6	173.222.162.64
Nov 25, 2024 16:21:37.724772930 CET	443	49744	173.222.162.64	192.168.2.6
Nov 25, 2024 16:21:37.843417883 CET	443	49702	173.222.162.64	192.168.2.6
Nov 25, 2024 16:21:37.843518019 CET	443	49702	173.222.162.64	192.168.2.6
Nov 25, 2024 16:21:39.058593035 CET	443	49738	4.245.163.56	192.168.2.6
Nov 25, 2024 16:21:39.058660030 CET	49738	443	192.168.2.6	4.245.163.56
Nov 25, 2024 16:21:39.062557936 CET	49738	443	192.168.2.6	4.245.163.56
Nov 25, 2024 16:21:39.062576056 CET	443	49738	4.245.163.56	192.168.2.6
Nov 25, 2024 16:21:39.062846899 CET	443	49738	4.245.163.56	192.168.2.6
Nov 25, 2024 16:21:39.107595921 CET	49738	443	192.168.2.6	4.245.163.56
Nov 25, 2024 16:21:39.119858980 CET	443	49744	173.222.162.64	192.168.2.6
Nov 25, 2024 16:21:39.119937897 CET	49744	443	192.168.2.6	173.222.162.64
Nov 25, 2024 16:21:39.144336939 CET	49738	443	192.168.2.6	4.245.163.56
Nov 25, 2024 16:21:39.191339970 CET	443	49738	4.245.163.56	192.168.2.6
Nov 25, 2024 16:21:39.192912102 CET	443	49739	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:39.193727016 CET	49739	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:39.193749905 CET	443	49739	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:39.194694042 CET	49739	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:39.194700956 CET	443	49739	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:39.204044104 CET	443	49742	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:39.207093000 CET	49742	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:39.207124949 CET	443	49742	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:39.212366104 CET	49742	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:39.212373018 CET	443	49742	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:39.240092039 CET	443	49740	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:39.240240097 CET	443	49741	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:39.240561962 CET	49740	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:39.240577936 CET	443	49740	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:39.240710974 CET	49741	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:39.240725994 CET	443	49741	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:39.241134882 CET	49740	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:39.241147041 CET	443	49740	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:39.241466045 CET	49741	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:39.241471052 CET	443	49741	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:39.363955975 CET	443	49743	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:39.364485025 CET	49743	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:39.364506006 CET	443	49743	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:39.365086079 CET	49743	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:39.365092993 CET	443	49743	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:39.691385984 CET	49746	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:39.691432953 CET	443	49746	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:39.691673994 CET	49746	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:39.692291975 CET	49746	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:39.692311049 CET	443	49746	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:39.771114111 CET	443	49742	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:39.771207094 CET	443	49742	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:39.771414995 CET	49742	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:39.771414995 CET	49742	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:39.771776915 CET	49742	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:39.771800041 CET	443	49742	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:39.772393942 CET	443	49738	4.245.163.56	192.168.2.6
Nov 25, 2024 16:21:39.772413969 CET	443	49738	4.245.163.56	192.168.2.6
Nov 25, 2024 16:21:39.772425890 CET	443	49738	4.245.163.56	192.168.2.6
Nov 25, 2024 16:21:39.772444963 CET	443	49738	4.245.163.56	192.168.2.6
Nov 25, 2024 16:21:39.772486925 CET	443	49738	4.245.163.56	192.168.2.6
Nov 25, 2024 16:21:39.772500992 CET	49738	443	192.168.2.6	4.245.163.56
Nov 25, 2024 16:21:39.772520065 CET	443	49738	4.245.163.56	192.168.2.6
Nov 25, 2024 16:21:39.772536993 CET	49738	443	192.168.2.6	4.245.163.56
Nov 25, 2024 16:21:39.772536993 CET	49738	443	192.168.2.6	4.245.163.56
Nov 25, 2024 16:21:39.772620916 CET	49738	443	192.168.2.6	4.245.163.56
Nov 25, 2024 16:21:39.777641058 CET	49747	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:39.777667046 CET	443	49747	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:39.777806044 CET	49747	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:39.778428078 CET	49747	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:39.778441906 CET	443	49747	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:39.780540943 CET	443	49739	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:39.780601978 CET	443	49739	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:39.780836105 CET	49739	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:39.780982018 CET	443	49741	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:39.781073093 CET	443	49741	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:39.781188965 CET	49741	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:39.783253908 CET	49739	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:39.783271074 CET	443	49739	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:39.783303022 CET	49739	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:39.783323050 CET	443	49739	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:39.784682989 CET	49741	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:39.784696102 CET	443	49741	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:39.784722090 CET	49741	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:39.784725904 CET	443	49741	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:39.787611008 CET	49748	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:39.787635088 CET	443	49748	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:39.787834883 CET	49748	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:39.787910938 CET	49749	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:39.787925959 CET	443	49749	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:39.787955046 CET	49748	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:39.787967920 CET	443	49748	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:39.787993908 CET	49749	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:39.788064003 CET	49749	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:39.788074017 CET	443	49749	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:39.789911032 CET	443	49740	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:39.789969921 CET	443	49740	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:39.790127039 CET	49740	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:39.790127039 CET	49740	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:39.790163994 CET	49740	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:39.790177107 CET	443	49740	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:39.792092085 CET	49750	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:39.792100906 CET	443	49750	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:39.792258978 CET	49750	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:39.792330027 CET	49750	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:39.792341948 CET	443	49750	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:39.792550087 CET	443	49738	4.245.163.56	192.168.2.6
Nov 25, 2024 16:21:39.792614937 CET	443	49738	4.245.163.56	192.168.2.6
Nov 25, 2024 16:21:39.792639017 CET	49738	443	192.168.2.6	4.245.163.56
Nov 25, 2024 16:21:39.793555021 CET	49738	443	192.168.2.6	4.245.163.56
Nov 25, 2024 16:21:39.793555021 CET	49738	443	192.168.2.6	4.245.163.56
Nov 25, 2024 16:21:39.793622017 CET	49738	443	192.168.2.6	4.245.163.56
Nov 25, 2024 16:21:39.793637037 CET	443	49738	4.245.163.56	192.168.2.6
Nov 25, 2024 16:21:39.910476923 CET	443	49743	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:39.910547972 CET	443	49743	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:39.911640882 CET	49743	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:39.921284914 CET	49743	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:39.921308041 CET	443	49743	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:39.921331882 CET	49743	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:39.921339989 CET	443	49743	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:39.924931049 CET	49751	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:39.924973965 CET	443	49751	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:39.925194025 CET	49751	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:39.925906897 CET	49751	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:39.925919056 CET	443	49751	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:41.628863096 CET	443	49747	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:41.629666090 CET	49747	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:41.629690886 CET	443	49747	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:41.630141020 CET	49747	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:41.630147934 CET	443	49747	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:41.631700993 CET	443	49748	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:41.632280111 CET	49748	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:41.632297993 CET	443	49748	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:41.632766962 CET	49748	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:41.632771015 CET	443	49748	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:41.643500090 CET	443	49719	172.217.21.36	192.168.2.6
Nov 25, 2024 16:21:41.643562078 CET	443	49719	172.217.21.36	192.168.2.6
Nov 25, 2024 16:21:41.643635035 CET	49719	443	192.168.2.6	172.217.21.36
Nov 25, 2024 16:21:41.686808109 CET	443	49750	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:41.687330008 CET	49750	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:41.687342882 CET	443	49750	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:41.687768936 CET	49750	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:41.687772989 CET	443	49750	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:41.688702106 CET	443	49749	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:41.689512968 CET	49749	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:41.689528942 CET	443	49749	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:41.689913988 CET	49749	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:41.689917088 CET	443	49749	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:41.771882057 CET	443	49751	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:41.772341967 CET	49751	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:41.772375107 CET	443	49751	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:41.772805929 CET	49751	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:41.772809982 CET	443	49751	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:41.980701923 CET	443	49746	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:41.980797052 CET	49746	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:41.983534098 CET	49746	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:41.983541965 CET	443	49746	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:41.983829975 CET	443	49746	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:41.987457991 CET	49746	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:41.987526894 CET	49746	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:41.987533092 CET	443	49746	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:41.987669945 CET	49746	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:42.035330057 CET	443	49746	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:42.079910040 CET	443	49747	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:42.079977036 CET	443	49747	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:42.080720901 CET	443	49748	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:42.080786943 CET	443	49748	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:42.080810070 CET	49747	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:42.080832958 CET	49748	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:42.080859900 CET	49747	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:42.080859900 CET	49747	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:42.080881119 CET	443	49747	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:42.080892086 CET	443	49747	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:42.081444979 CET	49748	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:42.081465960 CET	443	49748	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:42.081478119 CET	49748	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:42.081484079 CET	443	49748	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:42.083642960 CET	49753	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:42.083687067 CET	443	49753	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:42.083735943 CET	49754	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:42.083771944 CET	49753	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:42.083772898 CET	443	49754	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:42.083832979 CET	49754	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:42.083933115 CET	49753	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:42.083950996 CET	443	49753	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:42.083997011 CET	49754	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:42.084011078 CET	443	49754	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:42.156312943 CET	443	49750	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:42.156383991 CET	443	49750	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:42.156590939 CET	49750	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:42.156624079 CET	49750	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:42.156641960 CET	443	49750	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:42.156653881 CET	49750	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:42.156660080 CET	443	49750	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:42.159559965 CET	49755	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:42.159574032 CET	443	49755	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:42.159665108 CET	49755	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:42.159852028 CET	49755	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:42.159863949 CET	443	49755	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:42.216469049 CET	443	49751	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:42.216548920 CET	443	49751	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:42.216792107 CET	49751	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:42.216819048 CET	49751	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:42.216828108 CET	443	49751	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:42.216840029 CET	49751	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:42.216844082 CET	443	49751	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:42.221577883 CET	49756	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:42.221611023 CET	443	49756	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:42.221690893 CET	49756	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:42.221868992 CET	49756	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:42.221884012 CET	443	49756	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:42.364243984 CET	443	49749	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:42.365056038 CET	443	49749	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:42.365132093 CET	49749	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:42.365166903 CET	49749	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:42.365185976 CET	443	49749	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:42.365197897 CET	49749	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:42.365204096 CET	443	49749	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:42.367963076 CET	49757	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:42.368004084 CET	443	49757	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:42.368097067 CET	49757	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:42.368284941 CET	49757	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:42.368294001 CET	443	49757	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:42.533636093 CET	49719	443	192.168.2.6	172.217.21.36
Nov 25, 2024 16:21:42.533687115 CET	443	49719	172.217.21.36	192.168.2.6
Nov 25, 2024 16:21:42.575705051 CET	443	49746	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:42.576291084 CET	443	49746	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:42.576350927 CET	49746	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:42.577336073 CET	49746	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:42.577346087 CET	443	49746	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:42.577367067 CET	49746	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:43.854382038 CET	443	49754	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:43.854957104 CET	49754	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:43.854981899 CET	443	49754	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:43.856811047 CET	49754	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:43.856817007 CET	443	49754	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:43.897952080 CET	443	49753	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:43.898441076 CET	49753	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:43.898458004 CET	443	49753	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:43.898880005 CET	49753	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:43.898884058 CET	443	49753	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:43.945128918 CET	443	49755	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:43.945552111 CET	49755	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:43.945569038 CET	443	49755	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:43.945951939 CET	49755	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:43.945955992 CET	443	49755	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:44.016774893 CET	443	49756	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:44.017256021 CET	49756	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:44.017282009 CET	443	49756	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:44.017761946 CET	49756	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:44.017770052 CET	443	49756	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:44.111037970 CET	443	49757	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:44.111563921 CET	49757	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:44.111610889 CET	443	49757	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:44.112049103 CET	49757	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:44.112061977 CET	443	49757	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:44.384497881 CET	443	49754	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:44.384573936 CET	443	49754	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:44.384680986 CET	49754	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:44.384882927 CET	49754	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:44.384896040 CET	443	49754	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:44.384910107 CET	49754	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:44.384917974 CET	443	49754	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:44.387484074 CET	49758	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:44.387527943 CET	443	49758	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:44.387614012 CET	49758	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:44.387748957 CET	49758	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:44.387763977 CET	443	49758	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:44.403266907 CET	443	49753	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:44.403337002 CET	443	49753	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:44.403403044 CET	49753	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:44.403630972 CET	49753	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:44.403630972 CET	49753	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:44.403676033 CET	443	49753	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:44.403707027 CET	443	49753	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:44.406646967 CET	49759	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:44.406716108 CET	443	49759	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:44.406820059 CET	49759	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:44.406987906 CET	49759	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:44.407022953 CET	443	49759	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:44.420413971 CET	443	49755	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:44.420479059 CET	443	49755	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:44.420526981 CET	49755	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:44.420764923 CET	49755	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:44.420774937 CET	443	49755	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:44.420789957 CET	49755	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:44.420795918 CET	443	49755	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:44.423207998 CET	49760	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:44.423243999 CET	443	49760	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:44.423338890 CET	49760	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:44.423568010 CET	49760	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:44.423583031 CET	443	49760	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:44.490410089 CET	443	49756	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:44.490470886 CET	443	49756	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:44.490531921 CET	49756	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:44.490705967 CET	49756	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:44.490720034 CET	443	49756	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:44.490731955 CET	49756	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:44.490736961 CET	443	49756	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:44.494190931 CET	49761	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:44.494203091 CET	443	49761	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:44.494271040 CET	49761	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:44.494417906 CET	49761	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:44.494429111 CET	443	49761	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:44.547715902 CET	443	49757	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:44.547795057 CET	443	49757	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:44.547847033 CET	49757	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:44.548011065 CET	49757	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:44.548011065 CET	49757	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:44.548029900 CET	443	49757	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:44.548053026 CET	443	49757	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:44.551337004 CET	49762	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:44.551374912 CET	443	49762	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:44.551454067 CET	49762	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:44.551641941 CET	49762	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:44.551657915 CET	443	49762	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:45.618036032 CET	49763	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:45.618088961 CET	443	49763	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:45.618180990 CET	49763	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:45.618824005 CET	49763	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:45.618838072 CET	443	49763	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:46.296916962 CET	443	49760	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:46.297759056 CET	49760	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:46.297784090 CET	443	49760	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:46.299248934 CET	49760	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:46.299257994 CET	443	49760	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:46.300761938 CET	443	49759	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:46.301146030 CET	49759	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:46.301203966 CET	443	49759	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:46.301574945 CET	49759	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:46.301592112 CET	443	49759	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:46.302645922 CET	443	49758	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:46.302956104 CET	49758	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:46.302983999 CET	443	49758	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:46.303349018 CET	49758	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:46.303354979 CET	443	49758	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:46.419087887 CET	443	49762	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:46.419600010 CET	49762	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:46.419620037 CET	443	49762	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:46.420047045 CET	49762	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:46.420054913 CET	443	49762	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:46.474494934 CET	443	49761	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:46.475045919 CET	49761	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:46.475075006 CET	443	49761	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:46.475524902 CET	49761	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:46.475529909 CET	443	49761	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:46.757159948 CET	443	49759	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:46.757164955 CET	443	49760	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:46.757250071 CET	443	49759	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:46.757266045 CET	443	49760	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:46.757317066 CET	49759	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:46.757333994 CET	49760	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:46.757534981 CET	49760	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:46.757534981 CET	49760	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:46.757549047 CET	49759	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:46.757556915 CET	443	49760	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:46.757572889 CET	443	49760	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:46.757592916 CET	443	49759	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:46.757623911 CET	49759	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:46.757639885 CET	443	49759	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:46.760582924 CET	49764	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:46.760603905 CET	49765	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:46.760628939 CET	443	49764	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:46.760644913 CET	443	49765	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:46.760698080 CET	49764	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:46.760730028 CET	49765	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:46.760865927 CET	49764	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:46.760885954 CET	443	49764	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:46.760893106 CET	49765	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:46.760905981 CET	443	49765	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:46.864878893 CET	443	49762	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:46.864938974 CET	443	49762	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:46.865026951 CET	49762	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:46.865302086 CET	49762	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:46.865302086 CET	49762	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:46.865309954 CET	443	49762	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:46.865318060 CET	443	49762	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:46.868293047 CET	49766	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:46.868324041 CET	443	49766	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:46.868417025 CET	49766	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:46.868577003 CET	49766	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:46.868592978 CET	443	49766	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:46.885420084 CET	443	49758	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:46.885499954 CET	443	49758	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:46.885637999 CET	49758	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:46.885957003 CET	49758	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:46.885981083 CET	443	49758	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:46.885993958 CET	49758	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:46.886003017 CET	443	49758	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:46.888196945 CET	49767	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:46.888225079 CET	443	49767	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:46.888297081 CET	49767	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:46.888556957 CET	49767	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:46.888571978 CET	443	49767	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:46.930592060 CET	443	49761	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:46.930648088 CET	443	49761	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:46.930746078 CET	49761	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:46.930927038 CET	49761	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:46.930944920 CET	443	49761	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:46.930958033 CET	49761	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:46.930963993 CET	443	49761	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:46.933933973 CET	49768	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:46.933969021 CET	443	49768	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:46.934093952 CET	49768	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:46.934253931 CET	49768	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:46.934263945 CET	443	49768	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:47.901179075 CET	443	49763	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:47.901261091 CET	49763	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:47.904900074 CET	49763	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:47.904908895 CET	443	49763	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:47.905158043 CET	443	49763	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:47.907121897 CET	49763	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:47.907181978 CET	49763	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:47.907186985 CET	443	49763	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:47.907303095 CET	49763	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:47.951348066 CET	443	49763	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:48.501148939 CET	443	49764	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:48.501632929 CET	49764	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:48.501677036 CET	443	49764	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:48.502964973 CET	49764	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:48.502973080 CET	443	49764	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:48.547089100 CET	443	49765	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:48.547842979 CET	49765	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:48.547857046 CET	443	49765	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:48.548427105 CET	49765	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:48.548430920 CET	443	49765	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:48.580899954 CET	443	49763	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:48.581041098 CET	443	49763	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:48.581126928 CET	49763	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:48.581337929 CET	49763	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:48.581350088 CET	443	49763	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:48.661142111 CET	443	49766	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:48.661631107 CET	49766	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:48.661653042 CET	443	49766	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:48.662087917 CET	49766	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:48.662092924 CET	443	49766	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:48.717334032 CET	443	49768	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:48.717885017 CET	49768	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:48.717911959 CET	443	49768	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:48.718379974 CET	49768	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:48.718384027 CET	443	49768	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:48.758658886 CET	443	49767	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:48.759238958 CET	49767	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:48.759257078 CET	443	49767	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:48.759696960 CET	49767	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:48.759701967 CET	443	49767	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:48.941891909 CET	443	49764	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:48.941953897 CET	443	49764	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:48.942189932 CET	49764	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:48.942275047 CET	49764	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:48.942291021 CET	443	49764	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:48.942327023 CET	49764	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:48.942332983 CET	443	49764	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:48.945146084 CET	49769	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:48.945180893 CET	443	49769	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:48.945270061 CET	49769	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:48.945439100 CET	49769	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:48.945451021 CET	443	49769	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:48.995847940 CET	443	49765	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:48.995917082 CET	443	49765	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:48.996131897 CET	49765	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:48.996184111 CET	49765	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:48.996227980 CET	443	49765	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:48.996260881 CET	49765	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:48.996293068 CET	443	49765	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:48.998877048 CET	49770	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:48.998910904 CET	443	49770	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:48.999696016 CET	49770	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:48.999840975 CET	49770	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:48.999855995 CET	443	49770	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:49.106004000 CET	443	49766	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:49.106092930 CET	443	49766	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:49.106349945 CET	49766	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:49.106376886 CET	49766	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:49.106394053 CET	443	49766	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:49.106405020 CET	49766	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:49.106410980 CET	443	49766	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:49.109771013 CET	49771	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:49.109785080 CET	443	49771	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:49.109857082 CET	49771	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:49.110002995 CET	49771	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:49.110013008 CET	443	49771	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:49.163049936 CET	443	49768	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:49.163126945 CET	443	49768	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:49.163331985 CET	49768	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:49.163360119 CET	49768	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:49.163372993 CET	443	49768	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:49.163384914 CET	49768	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:49.163389921 CET	443	49768	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:49.166114092 CET	49772	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:49.166157961 CET	443	49772	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:49.166227102 CET	49772	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:49.166362047 CET	49772	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:49.166377068 CET	443	49772	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:49.215523958 CET	443	49767	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:49.215596914 CET	443	49767	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:49.215712070 CET	49767	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:49.215873003 CET	49767	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:49.215883970 CET	443	49767	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:49.215895891 CET	49767	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:49.215900898 CET	443	49767	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:49.218983889 CET	49773	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:49.219034910 CET	443	49773	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:49.219113111 CET	49773	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:49.219307899 CET	49773	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:49.219350100 CET	443	49773	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:50.195272923 CET	80	49715	211.20.112.242	192.168.2.6
Nov 25, 2024 16:21:50.195382118 CET	49715	80	192.168.2.6	211.20.112.242
Nov 25, 2024 16:21:50.195806980 CET	49715	80	192.168.2.6	211.20.112.242
Nov 25, 2024 16:21:50.210551023 CET	80	49716	211.20.112.242	192.168.2.6
Nov 25, 2024 16:21:50.210633039 CET	49716	80	192.168.2.6	211.20.112.242
Nov 25, 2024 16:21:50.252450943 CET	49716	80	192.168.2.6	211.20.112.242
Nov 25, 2024 16:21:50.315759897 CET	80	49715	211.20.112.242	192.168.2.6
Nov 25, 2024 16:21:50.372440100 CET	80	49716	211.20.112.242	192.168.2.6
Nov 25, 2024 16:21:50.799304962 CET	443	49769	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:50.799751997 CET	49769	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:50.799768925 CET	443	49769	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:50.803488970 CET	49769	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:50.803494930 CET	443	49769	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:50.865510941 CET	443	49770	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:50.867602110 CET	49770	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:50.867623091 CET	443	49770	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:50.873806953 CET	49770	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:50.873812914 CET	443	49770	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:50.967469931 CET	443	49771	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:50.969337940 CET	49771	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:50.969352007 CET	443	49771	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:50.969819069 CET	49771	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:50.969824076 CET	443	49771	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:51.103203058 CET	443	49772	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:51.103868008 CET	49772	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:51.103915930 CET	443	49772	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:51.104224920 CET	49772	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:51.104233027 CET	443	49772	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:51.203104973 CET	443	49773	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:51.203661919 CET	49773	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:51.203701019 CET	443	49773	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:51.204153061 CET	49773	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:51.204183102 CET	443	49773	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:51.243330002 CET	49774	80	192.168.2.6	211.20.112.242
Nov 25, 2024 16:21:51.243479967 CET	49775	80	192.168.2.6	211.20.112.242
Nov 25, 2024 16:21:51.268090963 CET	443	49769	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:51.268157005 CET	443	49769	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:51.268213034 CET	49769	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:51.268383026 CET	49769	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:51.268394947 CET	443	49769	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:51.268408060 CET	49769	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:51.268414974 CET	443	49769	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:51.299644947 CET	49776	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:51.299664021 CET	443	49776	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:51.299736023 CET	49776	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:51.299942017 CET	49776	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:51.299952984 CET	443	49776	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:51.320147991 CET	443	49770	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:51.320214033 CET	443	49770	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:51.320261955 CET	49770	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:51.320394039 CET	49770	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:51.320410967 CET	443	49770	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:51.320422888 CET	49770	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:51.320426941 CET	443	49770	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:51.322777033 CET	49777	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:51.322794914 CET	443	49777	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:51.322891951 CET	49777	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:51.323019981 CET	49777	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:51.323030949 CET	443	49777	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:51.367969990 CET	80	49774	211.20.112.242	192.168.2.6
Nov 25, 2024 16:21:51.367985010 CET	80	49775	211.20.112.242	192.168.2.6
Nov 25, 2024 16:21:51.368208885 CET	49774	80	192.168.2.6	211.20.112.242
Nov 25, 2024 16:21:51.368210077 CET	49775	80	192.168.2.6	211.20.112.242
Nov 25, 2024 16:21:51.368489027 CET	49774	80	192.168.2.6	211.20.112.242
Nov 25, 2024 16:21:51.427712917 CET	443	49771	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:51.427777052 CET	443	49771	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:51.427830935 CET	49771	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:51.428020000 CET	49771	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:51.428026915 CET	443	49771	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:51.428037882 CET	49771	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:51.428041935 CET	443	49771	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:51.430819035 CET	49778	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:51.430839062 CET	443	49778	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:51.430908918 CET	49778	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:51.431082010 CET	49778	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:51.431092978 CET	443	49778	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:51.492646933 CET	80	49774	211.20.112.242	192.168.2.6
Nov 25, 2024 16:21:51.553868055 CET	443	49772	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:51.553926945 CET	443	49772	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:51.553985119 CET	49772	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:51.554152966 CET	49772	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:51.554174900 CET	443	49772	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:51.554187059 CET	49772	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:51.554192066 CET	443	49772	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:51.557651997 CET	49779	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:51.557681084 CET	443	49779	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:51.557749987 CET	49779	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:51.557955027 CET	49779	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:51.557967901 CET	443	49779	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:51.672549963 CET	443	49773	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:51.672615051 CET	443	49773	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:51.672696114 CET	49773	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:51.672888041 CET	49773	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:51.672914028 CET	443	49773	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:51.672938108 CET	49773	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:51.672950983 CET	443	49773	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:51.675915956 CET	49780	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:51.675959110 CET	443	49780	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:51.676071882 CET	49780	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:51.676249027 CET	49780	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:51.676279068 CET	443	49780	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:53.034712076 CET	443	49776	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:53.035234928 CET	49776	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:53.035274029 CET	443	49776	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:53.035723925 CET	49776	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:53.035741091 CET	443	49776	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:53.182724953 CET	443	49777	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:53.183218956 CET	49777	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:53.183237076 CET	443	49777	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:53.183729887 CET	49777	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:53.183734894 CET	443	49777	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:53.281687975 CET	443	49778	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:53.282284975 CET	49778	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:53.282330036 CET	443	49778	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:53.282718897 CET	49778	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:53.282733917 CET	443	49778	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:53.404467106 CET	443	49779	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:53.405066967 CET	49779	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:53.405090094 CET	443	49779	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:53.405538082 CET	49779	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:53.405543089 CET	443	49779	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:53.460026979 CET	443	49780	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:53.460642099 CET	49780	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:53.460722923 CET	443	49780	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:53.461128950 CET	49780	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:53.461146116 CET	443	49780	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:53.474173069 CET	443	49776	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:53.474246025 CET	443	49776	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:53.474330902 CET	49776	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:53.474513054 CET	49776	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:53.474533081 CET	443	49776	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:53.474565029 CET	49776	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:53.474572897 CET	443	49776	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:53.477359056 CET	49781	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:53.477406025 CET	443	49781	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:53.477502108 CET	49781	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:53.477674007 CET	49781	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:53.477704048 CET	443	49781	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:53.649024010 CET	443	49777	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:53.649110079 CET	443	49777	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:53.649214029 CET	49777	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:53.649456978 CET	49777	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:53.649478912 CET	443	49777	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:53.649507046 CET	49777	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:53.649513960 CET	443	49777	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:53.653248072 CET	49782	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:53.653361082 CET	443	49782	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:53.653450966 CET	49782	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:53.653708935 CET	49782	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:53.653737068 CET	443	49782	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:53.814285994 CET	443	49778	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:53.814358950 CET	443	49778	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:53.814455032 CET	49778	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:53.814678907 CET	49778	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:53.814697027 CET	443	49778	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:53.814708948 CET	49778	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:53.814714909 CET	443	49778	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:53.817837000 CET	49783	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:53.817881107 CET	443	49783	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:53.817980051 CET	49783	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:53.818166018 CET	49783	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:53.818182945 CET	443	49783	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:53.928067923 CET	443	49780	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:53.928136110 CET	443	49780	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:53.928250074 CET	49780	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:53.928451061 CET	49780	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:53.928498983 CET	443	49780	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:53.928527117 CET	49780	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:53.928543091 CET	443	49780	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:53.931478024 CET	49784	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:53.931505919 CET	443	49784	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:53.931596994 CET	49784	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:53.931780100 CET	49784	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:53.931796074 CET	443	49784	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:54.107777119 CET	443	49779	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:54.107901096 CET	443	49779	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:54.107989073 CET	49779	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:54.108170986 CET	49779	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:54.108191967 CET	443	49779	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:54.108201981 CET	49779	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:54.108207941 CET	443	49779	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:54.111227036 CET	49785	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:54.111268044 CET	443	49785	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:54.111392021 CET	49785	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:54.111557007 CET	49785	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:54.111567974 CET	443	49785	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:55.266024113 CET	443	49781	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:55.266581059 CET	49781	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:55.266623974 CET	443	49781	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:55.267062902 CET	49781	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:55.267069101 CET	443	49781	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:55.446485043 CET	443	49782	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:55.447115898 CET	49782	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:55.447158098 CET	443	49782	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:55.447580099 CET	49782	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:55.447597027 CET	443	49782	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:55.606703997 CET	443	49783	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:55.607292891 CET	49783	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:55.607328892 CET	443	49783	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:55.607825994 CET	49783	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:55.607834101 CET	443	49783	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:55.701519012 CET	443	49781	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:55.701601982 CET	443	49781	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:55.701723099 CET	49781	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:55.702024937 CET	49781	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:55.702044964 CET	443	49781	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:55.702055931 CET	49781	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:55.702061892 CET	443	49781	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:55.705243111 CET	49786	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:55.705298901 CET	443	49786	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:55.705365896 CET	49786	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:55.705511093 CET	49786	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:55.705523968 CET	443	49786	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:55.725832939 CET	443	49784	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:55.726290941 CET	49784	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:55.726310015 CET	443	49784	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:55.726732969 CET	49784	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:55.726738930 CET	443	49784	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:55.854372978 CET	443	49785	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:55.854932070 CET	49785	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:55.854965925 CET	443	49785	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:55.855475903 CET	49785	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:55.855483055 CET	443	49785	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:55.903240919 CET	443	49782	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:55.903325081 CET	443	49782	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:55.903544903 CET	49782	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:55.903590918 CET	49782	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:55.903590918 CET	49782	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:55.903613091 CET	443	49782	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:55.903630018 CET	443	49782	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:55.906950951 CET	49787	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:55.906990051 CET	443	49787	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:55.907099962 CET	49787	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:55.907324076 CET	49787	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:55.907340050 CET	443	49787	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:56.086458921 CET	443	49783	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:56.086528063 CET	443	49783	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:56.086639881 CET	49783	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:56.086833000 CET	49783	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:56.086848021 CET	443	49783	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:56.086860895 CET	49783	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:56.086865902 CET	443	49783	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:56.089777946 CET	49788	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:56.089832067 CET	443	49788	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:56.089941025 CET	49788	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:56.090105057 CET	49788	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:56.090116978 CET	443	49788	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:56.178034067 CET	443	49784	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:56.178105116 CET	443	49784	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:56.178332090 CET	49784	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:56.178390026 CET	49784	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:56.178390026 CET	49784	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:56.178416967 CET	443	49784	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:56.178433895 CET	443	49784	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:56.180953026 CET	49789	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:56.180994034 CET	443	49789	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:56.181072950 CET	49789	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:56.181267977 CET	49789	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:56.181282043 CET	443	49789	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:56.318792105 CET	443	49785	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:56.318872929 CET	443	49785	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:56.319164038 CET	49785	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:56.319164038 CET	49785	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:56.319245100 CET	49785	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:56.319259882 CET	443	49785	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:56.321974993 CET	49790	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:56.322016001 CET	443	49790	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:56.322107077 CET	49790	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:56.322284937 CET	49790	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:56.322297096 CET	443	49790	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:57.264220953 CET	49791	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:57.264280081 CET	443	49791	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:57.264375925 CET	49791	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:57.264931917 CET	49791	443	192.168.2.6	20.198.119.143
Nov 25, 2024 16:21:57.264947891 CET	443	49791	20.198.119.143	192.168.2.6
Nov 25, 2024 16:21:57.426774979 CET	443	49786	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:57.427450895 CET	49786	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:57.427479029 CET	443	49786	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:57.427850008 CET	49786	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:57.427855015 CET	443	49786	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:57.759421110 CET	443	49787	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:57.760617971 CET	49787	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:57.760618925 CET	49787	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:57.760643005 CET	443	49787	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:57.760652065 CET	443	49787	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:57.870357990 CET	443	49788	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:57.871165037 CET	49788	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:57.871200085 CET	443	49788	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:57.871690989 CET	49788	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:57.871695995 CET	443	49788	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:57.962788105 CET	443	49789	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:57.963999987 CET	49789	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:57.963999987 CET	49789	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:57.964015007 CET	443	49789	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:57.964025974 CET	443	49789	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:58.039638042 CET	443	49790	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:58.040395021 CET	49790	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:58.040405989 CET	443	49790	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:58.041058064 CET	49790	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:58.041062117 CET	443	49790	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:58.223630905 CET	443	49787	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:58.223715067 CET	443	49787	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:58.223938942 CET	49787	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:58.223938942 CET	49787	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:58.225027084 CET	49787	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:58.225054979 CET	443	49787	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:58.227238894 CET	49792	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:58.227291107 CET	443	49792	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:58.227515936 CET	49792	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:58.227515936 CET	49792	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:58.227555037 CET	443	49792	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:58.252835035 CET	443	49786	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:58.252902985 CET	443	49786	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:58.253086090 CET	49786	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:58.253086090 CET	49786	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:58.253537893 CET	49786	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:58.253563881 CET	443	49786	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:58.255369902 CET	49793	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:58.255410910 CET	443	49793	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:58.255599022 CET	49793	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:58.255599022 CET	49793	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:58.255633116 CET	443	49793	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:58.320784092 CET	443	49788	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:58.320950031 CET	443	49788	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:58.321059942 CET	49788	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:58.321059942 CET	49788	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:58.321135998 CET	49788	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:58.321151972 CET	443	49788	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:58.323635101 CET	49794	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:58.323702097 CET	443	49794	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:58.323832989 CET	49794	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:58.324158907 CET	49794	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:58.324189901 CET	443	49794	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:58.425515890 CET	443	49789	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:58.425584078 CET	443	49789	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:58.425802946 CET	49789	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:58.425913095 CET	49789	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:58.425914049 CET	49789	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:58.425931931 CET	443	49789	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:58.425940037 CET	443	49789	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:58.428599119 CET	49795	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:58.428653955 CET	443	49795	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:58.428869963 CET	49795	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:58.428869963 CET	49795	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:58.428905964 CET	443	49795	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:58.476560116 CET	443	49790	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:58.476639032 CET	443	49790	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:58.476862907 CET	49790	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:58.476862907 CET	49790	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:58.477646112 CET	49790	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:58.477653980 CET	443	49790	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:58.479477882 CET	49796	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:58.479505062 CET	443	49796	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:58.479734898 CET	49796	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:58.479734898 CET	49796	443	192.168.2.6	13.107.246.63
Nov 25, 2024 16:21:58.479762077 CET	443	49796	13.107.246.63	192.168.2.6
Nov 25, 2024 16:21:58.524044991 CET	443	49744	173.222.162.64	192.168.2.6
Nov 25, 2024 16:21:58.524116039 CET	49744	443	192.168.2.6	173.222.162.64

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 25, 2024 16:21:26.460926056 CET	53	50781	1.1.1.1	192.168.2.6
Nov 25, 2024 16:21:26.489780903 CET	53	62806	1.1.1.1	192.168.2.6
Nov 25, 2024 16:21:27.567157984 CET	63510	53	192.168.2.6	1.1.1.1
Nov 25, 2024 16:21:27.567555904 CET	63392	53	192.168.2.6	1.1.1.1
Nov 25, 2024 16:21:28.109232903 CET	53	63510	1.1.1.1	192.168.2.6
Nov 25, 2024 16:21:28.109930038 CET	53	63392	1.1.1.1	192.168.2.6
Nov 25, 2024 16:21:29.243247986 CET	53	60716	1.1.1.1	192.168.2.6
Nov 25, 2024 16:21:30.078502893 CET	49191	53	192.168.2.6	1.1.1.1
Nov 25, 2024 16:21:30.078831911 CET	56832	53	192.168.2.6	1.1.1.1
Nov 25, 2024 16:21:30.216669083 CET	53	49191	1.1.1.1	192.168.2.6
Nov 25, 2024 16:21:30.216963053 CET	53	56832	1.1.1.1	192.168.2.6
Nov 25, 2024 16:21:46.234445095 CET	53	65183	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 25, 2024 16:21:27.567157984 CET	192.168.2.6	1.1.1.1	0x6e13	Standard query (0)	greatlink.com	A (IP address)	IN (0x0001)	false
Nov 25, 2024 16:21:27.567555904 CET	192.168.2.6	1.1.1.1	0x3d38	Standard query (0)	greatlink.com	65	IN (0x0001)	false
Nov 25, 2024 16:21:30.078502893 CET	192.168.2.6	1.1.1.1	0x5c64	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 25, 2024 16:21:30.078831911 CET	192.168.2.6	1.1.1.1	0xef14	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Nov 25, 2024 16:21:28.109232903 CET	1.1.1.1	192.168.2.6	0x6e13	No error (0)	greatlink.com	211.20.112.242	A (IP address)	IN (0x0001)	false
Nov 25, 2024 16:21:30.216669083 CET	1.1.1.1	192.168.2.6	0x5c64	No error (0)	www.google.com	172.217.21.36	A (IP address)	IN (0x0001)	false
Nov 25, 2024 16:21:30.216963053 CET	1.1.1.1	192.168.2.6	0xef14	No error (0)	www.google.com		65	IN (0x0001)	false

HTTP Request Dependency Graph

otelrules.azureedge.net

fs.microsoft.com

slscr.update.microsoft.com

greatlink.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49715	211.20.112.242	80	6256	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Nov 25, 2024 16:21:28.232242107 CET	428	OUT	GET / HTTP/1.1 Host: greatlink.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49774	211.20.112.242	80	6256	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Nov 25, 2024 16:21:51.368489027 CET	454	OUT	GET / HTTP/1.1 Host: greatlink.com Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.6	49706	20.198.119.143	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:16 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 6e 4b 4a 33 5a 4f 74 4c 72 6b 32 56 75 45 65 62 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 66 37 32 38 35 65 61 34 39 31 30 38 66 39 30 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: nKJ3ZOtLrk2VuEeb.1Context: 7f7285ea49108f90
2024-11-25 15:21:16 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-11-25 15:21:16 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 6e 4b 4a 33 5a 4f 74 4c 72 6b 32 56 75 45 65 62 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 66 37 32 38 35 65 61 34 39 31 30 38 66 39 30 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 59 62 46 66 49 61 38 42 37 7a 2f 45 70 43 53 31 4d 59 50 62 64 39 73 4c 36 37 54 6a 70 52 2f 41 78 6e 53 6d 50 56 4e 6e 32 68 59 35 73 54 6d 53 65 64 47 4c 35 6a 53 74 71 42 58 2f 34 74 42 73 42 67 78 4a 6e 74 57 59 64 57 39 43 76 53 38 76 44 37 76 55 48 69 78 72 4a 5a 2b 4f 4c 77 41 38 79 48 66 37 6b 5a 30 43 6e 2b 49 33 38 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: nKJ3ZOtLrk2VuEeb.2Context: 7f7285ea49108f90<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAYbFfIa8B7z/EpCS1MYPbd9sL67TjpR/AxnSmPVNn2hY5sTmSedGL5jStqBX/4tBsBgxJntWYdW9CvS8vD7vUHixrJZ+OLwA8yHf7kZ0Cn+I38
2024-11-25 15:21:16 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 6e 4b 4a 33 5a 4f 74 4c 72 6b 32 56 75 45 65 62 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 66 37 32 38 35 65 61 34 39 31 30 38 66 39 30 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: nKJ3ZOtLrk2VuEeb.3Context: 7f7285ea49108f90
2024-11-25 15:21:17 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-11-25 15:21:17 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 68 69 34 51 45 30 76 39 56 30 65 53 66 46 4d 33 6a 5a 78 57 33 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: hi4QE0v9V0eSfFM3jZxW3w.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.6	49707	20.198.119.143	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:28 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 63 50 67 62 70 39 30 6c 62 30 61 64 35 41 77 2f 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 38 38 37 34 61 63 31 32 34 39 39 63 32 32 66 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: cPgbp90lb0ad5Aw/.1Context: 68874ac12499c22f
2024-11-25 15:21:28 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-11-25 15:21:28 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 63 50 67 62 70 39 30 6c 62 30 61 64 35 41 77 2f 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 38 38 37 34 61 63 31 32 34 39 39 63 32 32 66 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 59 62 46 66 49 61 38 42 37 7a 2f 45 70 43 53 31 4d 59 50 62 64 39 73 4c 36 37 54 6a 70 52 2f 41 78 6e 53 6d 50 56 4e 6e 32 68 59 35 73 54 6d 53 65 64 47 4c 35 6a 53 74 71 42 58 2f 34 74 42 73 42 67 78 4a 6e 74 57 59 64 57 39 43 76 53 38 76 44 37 76 55 48 69 78 72 4a 5a 2b 4f 4c 77 41 38 79 48 66 37 6b 5a 30 43 6e 2b 49 33 38 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: cPgbp90lb0ad5Aw/.2Context: 68874ac12499c22f<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAYbFfIa8B7z/EpCS1MYPbd9sL67TjpR/AxnSmPVNn2hY5sTmSedGL5jStqBX/4tBsBgxJntWYdW9CvS8vD7vUHixrJZ+OLwA8yHf7kZ0Cn+I38
2024-11-25 15:21:28 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 63 50 67 62 70 39 30 6c 62 30 61 64 35 41 77 2f 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 38 38 37 34 61 63 31 32 34 39 39 63 32 32 66 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: cPgbp90lb0ad5Aw/.3Context: 68874ac12499c22f<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-11-25 15:21:28 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-11-25 15:21:28 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 78 6f 72 59 47 77 54 76 5a 55 47 4e 2f 44 58 71 6a 2b 74 50 71 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: xorYGwTvZUGN/DXqj+tPqQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
2	192.168.2.6	49708	20.198.119.143	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:28 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 33 31 62 73 58 51 59 70 61 6b 53 6f 69 2b 6e 47 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 33 36 33 63 39 33 31 65 34 64 36 39 30 36 63 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 31bsXQYpakSoi+nG.1Context: 6363c931e4d6906c
2024-11-25 15:21:28 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-11-25 15:21:28 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 33 31 62 73 58 51 59 70 61 6b 53 6f 69 2b 6e 47 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 33 36 33 63 39 33 31 65 34 64 36 39 30 36 63 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 59 62 46 66 49 61 38 42 37 7a 2f 45 70 43 53 31 4d 59 50 62 64 39 73 4c 36 37 54 6a 70 52 2f 41 78 6e 53 6d 50 56 4e 6e 32 68 59 35 73 54 6d 53 65 64 47 4c 35 6a 53 74 71 42 58 2f 34 74 42 73 42 67 78 4a 6e 74 57 59 64 57 39 43 76 53 38 76 44 37 76 55 48 69 78 72 4a 5a 2b 4f 4c 77 41 38 79 48 66 37 6b 5a 30 43 6e 2b 49 33 38 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 31bsXQYpakSoi+nG.2Context: 6363c931e4d6906c<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAYbFfIa8B7z/EpCS1MYPbd9sL67TjpR/AxnSmPVNn2hY5sTmSedGL5jStqBX/4tBsBgxJntWYdW9CvS8vD7vUHixrJZ+OLwA8yHf7kZ0Cn+I38
2024-11-25 15:21:28 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 33 31 62 73 58 51 59 70 61 6b 53 6f 69 2b 6e 47 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 33 36 33 63 39 33 31 65 34 64 36 39 30 36 63 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: 31bsXQYpakSoi+nG.3Context: 6363c931e4d6906c
2024-11-25 15:21:29 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-11-25 15:21:29 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 74 6a 6c 34 39 37 63 53 46 45 65 75 74 64 72 35 77 46 43 56 58 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: tjl497cSFEeutdr5wFCVXQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
3	192.168.2.6	49714	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:29 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:29 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:29 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Cache-Control: public Last-Modified: Sat, 23 Nov 2024 12:15:37 GMT ETag: "0x8DD0BB889D4282C" x-ms-request-id: 19b35b80-c01e-0049-150a-3eac27000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152129Z-174c587ffdfks6tlhC1TEBeza4000000068g000000003rbq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:29 UTC	15913	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-11-25 15:21:29 UTC	16384	IN	Data Raw: 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 Data Ascii: /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" /> </L> <R> <V V="400" T="I32" />
2024-11-25 15:21:29 UTC	16384	IN	Data Raw: 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 68 75 74 64 6f 77 6e 22 20 2f 3e 0d Data Ascii: .0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryShutdown" />
2024-11-25 15:21:30 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 31 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 46 69 6c 65 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 38 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 Data Ascii: </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32" I="11" O="true" N="File_Count"> <S T="8" F="Count" /> </C>
2024-11-25 15:21:30 UTC	16384	IN	Data Raw: 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 52 65 73 75 6c 74 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 32 22 20 2f 3e 0d 0a 20 Data Ascii: <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Count_CreateResult_ValidPersona_False"> <C> <S T="12" />
2024-11-25 15:21:30 UTC	16384	IN	Data Raw: 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6c 65 61 6e 75 70 4d 73 6f 50 65 72 73 6f 6e 61 5f 49 4d 73 6f 50 65 72 73 6f 6e Data Ascii: Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C> </C> <C T="U32" I="21" O="false" N="CleanupMsoPersona_IMsoPerson
2024-11-25 15:21:30 UTC	16384	IN	Data Raw: 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 Data Ascii: <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="400"
2024-11-25 15:21:30 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 46 61 69 6c 65 64 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 Data Ascii: </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIntegrationFirstCallFailedCount"> <C> <S T="10" /> </C
2024-11-25 15:21:30 UTC	16384	IN	Data Raw: 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 Data Ascii: L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L> <R> <V V="false" T="B" /> </R>
2024-11-25 15:21:30 UTC	16384	IN	Data Raw: 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 Data Ascii: us" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <L> <S T="2" F="HttpStatus" /> </L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
4	192.168.2.6	49723	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:32 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:32 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:32 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: c9502ca5-e01e-0033-0fb4-3e4695000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152132Z-15b8b599d88pxmdghC1TEBux9c000000064g00000000ny5z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:32 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.6	49724	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:32 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:32 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:32 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: e7cf57de-301e-006e-404d-3cf018000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152132Z-15b8b599d889gj5whC1TEBfyk000000005x000000000h4rc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:32 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.6	49721	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:32 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:32 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:32 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: d4aa3518-701e-0098-625d-3c395f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152132Z-15b8b599d88cn5thhC1TEBqxkn000000063g000000000yv5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:32 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.6	49720	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:32 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:32 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:32 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: 15799d2c-401e-0047-13c9-3e8597000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152132Z-178bfbc474btvfdfhC1NYCa2en00000007pg00000000h261 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:32 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.6	49722	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:32 UTC	192	OUT	GET /rules/rule224902v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:32 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:32 GMT Content-Type: text/xml Content-Length: 450 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT ETag: "0x8DC582BD4C869AE" x-ms-request-id: 97edb58e-001e-00a2-13a4-3ed4d5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152132Z-178bfbc474bv7whqhC1NYC1fg400000007k000000000ptz3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:32 UTC	450	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.6	49725	184.30.24.109	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:32 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-25 15:21:33 UTC	478	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Server: Kestrel ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-OSID: 2 X-CID: 2 X-CCC: GB Cache-Control: public, max-age=65525 Date: Mon, 25 Nov 2024 15:21:32 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.6	49726	20.198.119.143	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:34 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 52 46 6c 47 72 78 68 46 63 45 6d 4e 48 4c 78 50 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 36 63 37 61 64 31 31 62 33 37 65 37 65 63 39 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: RFlGrxhFcEmNHLxP.1Context: 86c7ad11b37e7ec9
2024-11-25 15:21:34 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-11-25 15:21:34 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 52 46 6c 47 72 78 68 46 63 45 6d 4e 48 4c 78 50 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 36 63 37 61 64 31 31 62 33 37 65 37 65 63 39 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 59 62 46 66 49 61 38 42 37 7a 2f 45 70 43 53 31 4d 59 50 62 64 39 73 4c 36 37 54 6a 70 52 2f 41 78 6e 53 6d 50 56 4e 6e 32 68 59 35 73 54 6d 53 65 64 47 4c 35 6a 53 74 71 42 58 2f 34 74 42 73 42 67 78 4a 6e 74 57 59 64 57 39 43 76 53 38 76 44 37 76 55 48 69 78 72 4a 5a 2b 4f 4c 77 41 38 79 48 66 37 6b 5a 30 43 6e 2b 49 33 38 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: RFlGrxhFcEmNHLxP.2Context: 86c7ad11b37e7ec9<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAYbFfIa8B7z/EpCS1MYPbd9sL67TjpR/AxnSmPVNn2hY5sTmSedGL5jStqBX/4tBsBgxJntWYdW9CvS8vD7vUHixrJZ+OLwA8yHf7kZ0Cn+I38
2024-11-25 15:21:34 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 52 46 6c 47 72 78 68 46 63 45 6d 4e 48 4c 78 50 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 36 63 37 61 64 31 31 62 33 37 65 37 65 63 39 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: RFlGrxhFcEmNHLxP.3Context: 86c7ad11b37e7ec9<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-11-25 15:21:35 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-11-25 15:21:35 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 38 34 32 4a 74 4e 33 6b 43 45 36 36 67 73 2f 4c 31 72 34 55 44 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 842JtN3kCE66gs/L1r4UDw.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.6	49730	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:34 UTC	192	OUT	GET /rules/rule120613v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:35 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:34 GMT Content-Type: text/xml Content-Length: 632 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6E3779E" x-ms-request-id: 3257c6a6-201e-005d-32b4-3eafb3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152134Z-178bfbc474bgvl54hC1NYCsfuw00000007h000000000psv4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:35 UTC	632	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]\|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.6	49732	184.30.24.109	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:34 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-25 15:21:35 UTC	534	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0WwMRYwAAAABe7whxSEuqSJRuLqzPsqCaTE9OMjFFREdFMTcxNQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y= Cache-Control: public, max-age=65472 Date: Mon, 25 Nov 2024 15:21:34 GMT Content-Length: 55 Connection: close X-CID: 2
2024-11-25 15:21:35 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.6	49728	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:34 UTC	192	OUT	GET /rules/rule120611v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:35 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:34 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT ETag: "0x8DC582B9F6F3512" x-ms-request-id: c312cdef-801e-0083-52a3-3ef0ae000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152134Z-174c587ffdf7t49mhC1TEB4qbg000000062000000000a8rz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:35 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.6	49731	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:34 UTC	192	OUT	GET /rules/rule120614v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:35 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:34 GMT Content-Type: text/xml Content-Length: 467 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6C038BC" x-ms-request-id: de6003cd-b01e-0098-493c-3ccead000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152134Z-178bfbc474bv7whqhC1NYC1fg400000007n000000000f1q7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:35 UTC	467	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.6	49729	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:34 UTC	192	OUT	GET /rules/rule120612v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:35 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:34 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT ETag: "0x8DC582BB10C598B" x-ms-request-id: ce5ebd39-a01e-0053-183c-3c8603000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152134Z-15b8b599d88s6mj9hC1TEBur3000000005yg00000000b6g4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:35 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.6	49727	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:34 UTC	192	OUT	GET /rules/rule120610v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:35 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:34 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT ETag: "0x8DC582B9964B277" x-ms-request-id: 657d02d2-201e-0033-2f57-3cb167000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152134Z-178bfbc474b9xljthC1NYCtw9400000007e000000000rksa x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:35 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.6	49733	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:36 UTC	192	OUT	GET /rules/rule120615v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:37 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:37 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBAD04B7B" x-ms-request-id: 2f8155c7-701e-0098-4401-3f395f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152137Z-174c587ffdfmrvb9hC1TEBtn38000000060000000000x987 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:37 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.6	49737	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:36 UTC	192	OUT	GET /rules/rule120619v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:37 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:37 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT ETag: "0x8DC582B9698189B" x-ms-request-id: d1e74057-c01e-0014-6563-3ba6a3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152137Z-178bfbc474bmqmgjhC1NYCy16c00000007ng00000000m8za x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:37 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.6	49736	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:36 UTC	192	OUT	GET /rules/rule120618v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:37 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:37 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT ETag: "0x8DC582B9018290B" x-ms-request-id: eb93f719-b01e-0098-406c-3dcead000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152137Z-15b8b599d885ffrhhC1TEBtuv00000000690000000000bey x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:37 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.6	49734	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:36 UTC	192	OUT	GET /rules/rule120616v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:37 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:37 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB344914B" x-ms-request-id: 9bcae678-901e-007b-2946-3cac50000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152137Z-15b8b599d88hd9g7hC1TEBp75c000000063000000000br6f x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:37 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.6	49735	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:37 UTC	192	OUT	GET /rules/rule120617v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:37 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:37 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT ETag: "0x8DC582BA310DA18" x-ms-request-id: 922c5f4e-601e-005c-577c-3bf06f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152137Z-174c587ffdfks6tlhC1TEBeza4000000061g00000000wrgq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:37 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.6	49738	4.245.163.56	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:39 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=kc1vUfc76xrO9yg&MD=Yxxl78Y7 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-25 15:21:39 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 19dbdfe0-8fcd-435f-b8b9-525f855650fc MS-RequestId: ee8517d2-c2ba-42cf-a947-953a1ccb5666 MS-CV: +8lMWWt9Lk63kraL.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 25 Nov 2024 15:21:38 GMT Connection: close Content-Length: 24490
2024-11-25 15:21:39 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-11-25 15:21:39 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.6	49739	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:39 UTC	192	OUT	GET /rules/rule120620v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:39 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:39 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA701121" x-ms-request-id: ce6e3a8c-101e-0017-74b5-3e47c7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152139Z-178bfbc474bv587zhC1NYCny5w00000007f000000000hv3z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:39 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.6	49742	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:39 UTC	192	OUT	GET /rules/rule120623v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:39 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:39 GMT Content-Type: text/xml Content-Length: 464 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97FB6C3C" x-ms-request-id: 3257ccc0-201e-005d-19b5-3eafb3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152139Z-178bfbc474btvfdfhC1NYCa2en00000007m000000000re4k x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:39 UTC	464	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.6	49740	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:39 UTC	192	OUT	GET /rules/rule120621v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:39 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:39 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA41997E3" x-ms-request-id: 9bf3f441-f01e-003f-246b-3bd19d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152139Z-178bfbc474bbcwv4hC1NYCypys00000007e000000000kaxb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:39 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.6	49741	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:39 UTC	192	OUT	GET /rules/rule120622v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:39 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:39 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8CEAC16" x-ms-request-id: 44207c53-001e-0079-37ad-3b12e8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152139Z-15b8b599d882l6clhC1TEBxd5c000000062g000000004zu0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:39 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.6	49743	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:39 UTC	192	OUT	GET /rules/rule120624v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:39 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:39 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB7010D66" x-ms-request-id: f1d8b84e-f01e-0096-7de6-3d10ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152139Z-178bfbc474bfw4gbhC1NYCunf400000007rg0000000032gc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:39 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.6	49747	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:41 UTC	192	OUT	GET /rules/rule120625v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:42 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:41 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT ETag: "0x8DC582B9748630E" x-ms-request-id: feb62e3a-f01e-0085-1d2f-3c88ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152141Z-178bfbc474bwlrhlhC1NYCy3kg00000007qg00000000777z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:42 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.6	49748	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:41 UTC	192	OUT	GET /rules/rule120626v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:42 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:41 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DACDF62" x-ms-request-id: 7a05741d-701e-0021-0754-3c3d45000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152141Z-15b8b599d882hxlwhC1TEBfa5w00000005z000000000gdww x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:42 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.6	49750	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:41 UTC	192	OUT	GET /rules/rule120628v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:42 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:41 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C8E04C8" x-ms-request-id: 6ea5360a-801e-002a-4904-3e31dc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152141Z-178bfbc474bgvl54hC1NYCsfuw00000007rg000000000y37 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:42 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.6	49749	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:41 UTC	192	OUT	GET /rules/rule120627v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:42 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:42 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT ETag: "0x8DC582B9E8EE0F3" x-ms-request-id: 561b455d-701e-003e-353f-3e79b3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152141Z-178bfbc474bfw4gbhC1NYCunf400000007hg00000000rp8q x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:42 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.6	49751	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:41 UTC	192	OUT	GET /rules/rule120629v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:42 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:42 GMT Content-Type: text/xml Content-Length: 428 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC4F34CA" x-ms-request-id: ffa63380-201e-006e-3b6c-3dbbe3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152142Z-15b8b599d885ffrhhC1TEBtuv0000000065g00000000dt6p x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:42 UTC	428	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.6	49746	20.198.119.143	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:41 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 6c 71 59 53 79 6b 6b 58 54 55 4b 38 4c 55 78 50 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 66 65 64 62 63 36 39 30 30 33 63 65 37 34 38 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: lqYSykkXTUK8LUxP.1Context: cfedbc69003ce748
2024-11-25 15:21:41 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-11-25 15:21:41 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 6c 71 59 53 79 6b 6b 58 54 55 4b 38 4c 55 78 50 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 66 65 64 62 63 36 39 30 30 33 63 65 37 34 38 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 59 62 46 66 49 61 38 42 37 7a 2f 45 70 43 53 31 4d 59 50 62 64 39 73 4c 36 37 54 6a 70 52 2f 41 78 6e 53 6d 50 56 4e 6e 32 68 59 35 73 54 6d 53 65 64 47 4c 35 6a 53 74 71 42 58 2f 34 74 42 73 42 67 78 4a 6e 74 57 59 64 57 39 43 76 53 38 76 44 37 76 55 48 69 78 72 4a 5a 2b 4f 4c 77 41 38 79 48 66 37 6b 5a 30 43 6e 2b 49 33 38 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: lqYSykkXTUK8LUxP.2Context: cfedbc69003ce748<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAYbFfIa8B7z/EpCS1MYPbd9sL67TjpR/AxnSmPVNn2hY5sTmSedGL5jStqBX/4tBsBgxJntWYdW9CvS8vD7vUHixrJZ+OLwA8yHf7kZ0Cn+I38
2024-11-25 15:21:41 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 6c 71 59 53 79 6b 6b 58 54 55 4b 38 4c 55 78 50 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 66 65 64 62 63 36 39 30 30 33 63 65 37 34 38 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: lqYSykkXTUK8LUxP.3Context: cfedbc69003ce748
2024-11-25 15:21:42 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-11-25 15:21:42 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 38 43 76 42 5a 48 7a 43 31 6b 47 2b 70 68 43 43 33 63 38 70 7a 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 8CvBZHzC1kG+phCC3c8pzA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.6	49754	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:43 UTC	192	OUT	GET /rules/rule120630v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:44 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:44 GMT Content-Type: text/xml Content-Length: 499 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT ETag: "0x8DC582B98CEC9F6" x-ms-request-id: aaf2b452-f01e-0071-621c-3e431c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152144Z-178bfbc474b9xljthC1NYCtw9400000007g000000000kn6t x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:44 UTC	499	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.6	49753	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:43 UTC	192	OUT	GET /rules/rule120631v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:44 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:44 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B988EBD12" x-ms-request-id: 47ff93a4-401e-0083-0f5d-3e075c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152144Z-174c587ffdf8lw6dhC1TEBkgs800000006600000000046x2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:44 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.6	49755	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:43 UTC	192	OUT	GET /rules/rule120632v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:44 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:44 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5815C4C" x-ms-request-id: 876f21bf-101e-007a-0bbf-3e047e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152144Z-178bfbc474b9xljthC1NYCtw9400000007e000000000rm9c x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:44 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.6	49756	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:44 UTC	192	OUT	GET /rules/rule120633v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:44 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:44 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB32BB5CB" x-ms-request-id: a8d62205-901e-0083-0c0e-3bbb55000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152144Z-174c587ffdf9xbcchC1TEBxkz4000000060g0000000083he x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:44 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.6	49757	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:44 UTC	192	OUT	GET /rules/rule120634v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:44 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:44 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8972972" x-ms-request-id: ea8695b1-901e-002a-7283-3b7a27000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152144Z-174c587ffdf6b487hC1TEBydsn00000005xg00000000wd4m x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:44 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.6	49760	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:46 UTC	192	OUT	GET /rules/rule120637v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:46 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:46 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT ETag: "0x8DC582BA909FA21" x-ms-request-id: 79192ebf-401e-0035-7e68-3b82d8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152146Z-178bfbc474bbbqrhhC1NYCvw7400000007t000000000f2f8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:46 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
40	192.168.2.6	49759	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:46 UTC	192	OUT	GET /rules/rule120636v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:46 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:46 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D43097E" x-ms-request-id: 413a5bf0-401e-0035-1ab5-3e82d8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152146Z-178bfbc474bv7whqhC1NYC1fg400000007h000000000q69h x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:46 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
41	192.168.2.6	49758	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:46 UTC	192	OUT	GET /rules/rule120635v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:46 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:46 GMT Content-Type: text/xml Content-Length: 420 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DAE3EC0" x-ms-request-id: 81672928-a01e-001e-4184-3b49ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152146Z-174c587ffdftv9hphC1TEBm29w000000060000000000mg09 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:46 UTC	420	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O

Session ID	Source IP	Source Port	Destination IP	Destination Port
42	192.168.2.6	49762	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:46 UTC	192	OUT	GET /rules/rule120639v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:46 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:46 GMT Content-Type: text/xml Content-Length: 423 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT ETag: "0x8DC582BB7564CE8" x-ms-request-id: 043e45ca-501e-0078-1031-3e06cf000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152146Z-178bfbc474btrnf9hC1NYCb80g00000007x00000000008kn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:46 UTC	423	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0

Session ID	Source IP	Source Port	Destination IP	Destination Port
43	192.168.2.6	49761	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:46 UTC	192	OUT	GET /rules/rule120638v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:46 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:46 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT ETag: "0x8DC582B92FCB436" x-ms-request-id: 09788b64-001e-0046-6eb7-3eda4b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152146Z-178bfbc474bmqmgjhC1NYCy16c00000007pg00000000gabx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:46 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
44	192.168.2.6	49763	20.198.119.143	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:47 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 6f 34 64 2b 36 39 63 6e 6b 30 4f 6a 68 58 76 61 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 62 62 31 37 30 38 64 34 62 32 37 63 36 31 64 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: o4d+69cnk0OjhXva.1Context: cbb1708d4b27c61d
2024-11-25 15:21:47 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-11-25 15:21:47 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 6f 34 64 2b 36 39 63 6e 6b 30 4f 6a 68 58 76 61 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 62 62 31 37 30 38 64 34 62 32 37 63 36 31 64 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 59 62 46 66 49 61 38 42 37 7a 2f 45 70 43 53 31 4d 59 50 62 64 39 73 4c 36 37 54 6a 70 52 2f 41 78 6e 53 6d 50 56 4e 6e 32 68 59 35 73 54 6d 53 65 64 47 4c 35 6a 53 74 71 42 58 2f 34 74 42 73 42 67 78 4a 6e 74 57 59 64 57 39 43 76 53 38 76 44 37 76 55 48 69 78 72 4a 5a 2b 4f 4c 77 41 38 79 48 66 37 6b 5a 30 43 6e 2b 49 33 38 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: o4d+69cnk0OjhXva.2Context: cbb1708d4b27c61d<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAYbFfIa8B7z/EpCS1MYPbd9sL67TjpR/AxnSmPVNn2hY5sTmSedGL5jStqBX/4tBsBgxJntWYdW9CvS8vD7vUHixrJZ+OLwA8yHf7kZ0Cn+I38
2024-11-25 15:21:47 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 6f 34 64 2b 36 39 63 6e 6b 30 4f 6a 68 58 76 61 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 62 62 31 37 30 38 64 34 62 32 37 63 36 31 64 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: o4d+69cnk0OjhXva.3Context: cbb1708d4b27c61d<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-11-25 15:21:48 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-11-25 15:21:48 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 31 44 51 49 78 61 75 46 46 45 75 47 33 47 4d 39 36 77 38 33 61 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 1DQIxauFFEuG3GM96w83aQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.6	49764	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:48 UTC	192	OUT	GET /rules/rule120641v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:48 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:48 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B95C61A3C" x-ms-request-id: 90afbbb2-501e-0047-6404-3fce6c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152148Z-15b8b599d88hd9g7hC1TEBp75c0000000660000000001ssm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:48 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.6	49765	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:48 UTC	192	OUT	GET /rules/rule120640v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:48 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:48 GMT Content-Type: text/xml Content-Length: 478 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT ETag: "0x8DC582B9B233827" x-ms-request-id: 962f41f4-301e-0052-17bf-3e65d6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152148Z-15b8b599d88n8stkhC1TEBb78n00000000wg00000000mz22 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:48 UTC	478	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.6	49766	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:48 UTC	192	OUT	GET /rules/rule120642v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:49 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:48 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT ETag: "0x8DC582BB046B576" x-ms-request-id: c30ad238-e01e-0051-4a01-3f84b2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152148Z-15b8b599d88tmlzshC1TEB4xpn000000061000000000agz7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:49 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.6	49768	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:48 UTC	192	OUT	GET /rules/rule120644v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:49 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:48 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7D702D0" x-ms-request-id: a1d815ed-301e-0096-3f8c-3ae71d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152148Z-174c587ffdfmrvb9hC1TEBtn380000000650000000009g2b x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:49 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.6	49767	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:48 UTC	192	OUT	GET /rules/rule120643v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:49 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:49 GMT Content-Type: text/xml Content-Length: 400 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2D62837" x-ms-request-id: 069344af-301e-0020-09c0-3e6299000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152149Z-178bfbc474bbbqrhhC1NYCvw7400000007u000000000ax5v x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:49 UTC	400	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
50	192.168.2.6	49769	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:50 UTC	192	OUT	GET /rules/rule120645v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:51 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:51 GMT Content-Type: text/xml Content-Length: 425 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BBA25094F" x-ms-request-id: fd91c27a-801e-0083-67e3-3ef0ae000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152151Z-15b8b599d88phfhnhC1TEBr51n00000006a0000000004cyz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:51 UTC	425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.6	49770	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:50 UTC	192	OUT	GET /rules/rule120646v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:51 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:51 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2BE84FD" x-ms-request-id: 974535d3-001e-002b-30bf-3e99f2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152151Z-178bfbc474btrnf9hC1NYCb80g00000007v0000000007qey x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:51 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.2.6	49771	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:50 UTC	192	OUT	GET /rules/rule120647v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:51 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:51 GMT Content-Type: text/xml Content-Length: 448 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB389F49B" x-ms-request-id: 0d55f323-a01e-0032-4300-3f1949000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152151Z-15b8b599d88phfhnhC1TEBr51n000000069g000000006de7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:51 UTC	448	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>

Session ID	Source IP	Source Port	Destination IP	Destination Port
53	192.168.2.6	49772	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:51 UTC	192	OUT	GET /rules/rule120648v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:51 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:51 GMT Content-Type: text/xml Content-Length: 491 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B98B88612" x-ms-request-id: af6ae163-c01e-0082-6735-3caf72000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152151Z-178bfbc474bwh9gmhC1NYCy3rs00000007q000000000h3em x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:51 UTC	491	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
54	192.168.2.6	49773	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:51 UTC	192	OUT	GET /rules/rule120649v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:51 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:51 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT ETag: "0x8DC582BAEA4B445" x-ms-request-id: a6b1c0e3-801e-002a-1ea2-3e31dc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152151Z-178bfbc474b7cbwqhC1NYC8z4n00000007n00000000054be x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:51 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
55	192.168.2.6	49776	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:53 UTC	192	OUT	GET /rules/rule120650v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:53 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:53 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989EE75B" x-ms-request-id: 79b51860-701e-0021-623a-3c3d45000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152153Z-174c587ffdfn4nhwhC1TEB2nbc000000066000000000f69k x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:53 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
56	192.168.2.6	49777	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:53 UTC	192	OUT	GET /rules/rule120651v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:53 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:53 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: f74d53c0-801e-0048-600d-3ff3fb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152153Z-15b8b599d88qw29phC1TEB5zag000000060g00000000nsv0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:53 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
57	192.168.2.6	49778	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:53 UTC	192	OUT	GET /rules/rule120652v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:53 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:53 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97E6FCDD" x-ms-request-id: 79a9dcb6-201e-003c-1c7b-3b30f9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152153Z-174c587ffdfb74xqhC1TEBhabc0000000670000000000r3h x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:53 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
58	192.168.2.6	49779	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:53 UTC	192	OUT	GET /rules/rule120653v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:54 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:53 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C710B28" x-ms-request-id: 3074f9d5-701e-001e-47fc-3df5e6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152153Z-178bfbc474bgvl54hC1NYCsfuw00000007kg00000000hw3s x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:54 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
59	192.168.2.6	49780	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:53 UTC	192	OUT	GET /rules/rule120654v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:53 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:53 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT ETag: "0x8DC582BA54DCC28" x-ms-request-id: 38a668eb-401e-00ac-34a1-3b0a97000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152153Z-15b8b599d885ffrhhC1TEBtuv0000000062000000000sx34 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:53 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
60	192.168.2.6	49781	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:55 UTC	192	OUT	GET /rules/rule120655v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:55 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:55 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7F164C3" x-ms-request-id: 7bd180c9-401e-008c-0e8c-3a86c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152155Z-174c587ffdfx984chC1TEB676g000000061g00000000nknm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:55 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 49 69 5d 5b 4d 6d 5d 5b 42 62 5d 5b 4f 6f 5d 5b 58 78 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120655" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <SR T="2" R="([Nn][Ii][Mm][Bb][Oo][Xx][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
61	192.168.2.6	49782	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:55 UTC	192	OUT	GET /rules/rule120656v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:55 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:55 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT ETag: "0x8DC582BA48B5BDD" x-ms-request-id: 449238ea-501e-0029-7d7c-3bd0b8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152155Z-174c587ffdfcb7qhhC1TEB3x70000000063000000000t446 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:55 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120656" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
62	192.168.2.6	49783	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:55 UTC	192	OUT	GET /rules/rule120657v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:56 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:55 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:57 GMT ETag: "0x8DC582B9FF95F80" x-ms-request-id: 1e280d2f-401e-0029-0d7f-3b9b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152155Z-174c587ffdfb74xqhC1TEBhabc0000000660000000004p74 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:56 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 55 75 5d 5b 54 74 5d 5b 41 61 5d 5b 4e 6e 5d 5b 49 69 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120657" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <SR T="2" R="([Nn][Uu][Tt][Aa][Nn][Ii][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
63	192.168.2.6	49784	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:55 UTC	192	OUT	GET /rules/rule120658v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:56 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:56 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:34 GMT ETag: "0x8DC582BB650C2EC" x-ms-request-id: 1ea24147-701e-000d-3aeb-3e6de3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152156Z-15b8b599d889gj5whC1TEBfyk000000005u000000000u0qw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:56 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120658" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
64	192.168.2.6	49785	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:55 UTC	192	OUT	GET /rules/rule120659v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:56 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:56 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3EAF226" x-ms-request-id: 1b17855c-f01e-0099-1f6a-3c9171000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152156Z-174c587ffdf59vqchC1TEByk6800000006a0000000007v1c x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:56 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 50 70 5d 5b 45 65 5d 5b 4e 6e 5d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 43 63 5d 5b 4b 6b 5d 20 5b 46 66 5d 5b 4f 6f 5d 5b 55 75 5d 5b 4e 6e 5d 5b 44 64 5d 5b 41 61 5d 5b 54 74 5d 5b 49 69 5d 5b 4f 6f 5d 5b 4e 6e 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120659" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <SR T="2" R="([Oo][Pp][Ee][Nn][Ss][Tt][Aa][Cc][Kk] [Ff][Oo][Uu][Nn][Dd][Aa][Tt][Ii][Oo][Nn])"> <S T="1" F="1" M="I

Session ID	Source IP	Source Port	Destination IP	Destination Port
65	192.168.2.6	49786	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:57 UTC	192	OUT	GET /rules/rule120660v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:58 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:57 GMT Content-Type: text/xml Content-Length: 485 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:39 GMT ETag: "0x8DC582BB9769355" x-ms-request-id: c63dd3a8-001e-0017-61d8-3d0c3c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152157Z-178bfbc474b9fdhphC1NYCac0n00000007p0000000003m7h x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:58 UTC	485	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120660" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
66	192.168.2.6	49787	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:57 UTC	192	OUT	GET /rules/rule120661v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:58 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:58 GMT Content-Type: text/xml Content-Length: 411 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989AF051" x-ms-request-id: 096488c1-001e-0046-44af-3eda4b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152158Z-15b8b599d88vp97chC1TEB5pzw000000061g00000000g85m x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-25 15:21:58 UTC	411	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 56 76 5d 5b 49 69 5d 5b 52 72 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120661" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <SR T="2" R="([Oo][Vv][Ii][Rr][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
67	192.168.2.6	49788	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:57 UTC	192	OUT	GET /rules/rule120662v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:58 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:58 GMT Content-Type: text/xml Content-Length: 470 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBB181F65" x-ms-request-id: db5fa324-001e-00ad-2244-3c554b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152158Z-174c587ffdfb5q56hC1TEB04kg00000005y000000000sk4u x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:58 UTC	470	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120662" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
68	192.168.2.6	49789	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:57 UTC	192	OUT	GET /rules/rule120663v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:58 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:58 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB556A907" x-ms-request-id: c14060eb-d01e-007a-6e7d-3bf38c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152158Z-174c587ffdfldtt2hC1TEBwv9c00000005xg00000000hm50 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:58 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 52 72 5d 5b 41 61 5d 5b 4c 6c 5d 5b 4c 6c 5d 5b 45 65 5d 5b 4c 6c 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120663" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <SR T="2" R="([Pp][Aa][Rr][Aa][Ll][Ll][Ee][Ll][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
69	192.168.2.6	49790	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:58 UTC	192	OUT	GET /rules/rule120664v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:21:58 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:21:58 GMT Content-Type: text/xml Content-Length: 502 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6A0D312" x-ms-request-id: 2151d667-701e-0021-3e0f-3d3d45000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152158Z-178bfbc474bbcwv4hC1NYCypys00000007dg00000000n87a x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:21:58 UTC	502	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120664" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
70	192.168.2.6	49791	20.198.119.143	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:21:59 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 30 6a 6f 79 4c 62 45 6a 42 55 4b 38 62 6d 68 2f 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 62 62 62 32 35 31 31 33 37 38 61 30 36 66 32 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 0joyLbEjBUK8bmh/.1Context: 6bbb2511378a06f2
2024-11-25 15:21:59 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-11-25 15:21:59 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 30 6a 6f 79 4c 62 45 6a 42 55 4b 38 62 6d 68 2f 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 62 62 62 32 35 31 31 33 37 38 61 30 36 66 32 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 59 62 46 66 49 61 38 42 37 7a 2f 45 70 43 53 31 4d 59 50 62 64 39 73 4c 36 37 54 6a 70 52 2f 41 78 6e 53 6d 50 56 4e 6e 32 68 59 35 73 54 6d 53 65 64 47 4c 35 6a 53 74 71 42 58 2f 34 74 42 73 42 67 78 4a 6e 74 57 59 64 57 39 43 76 53 38 76 44 37 76 55 48 69 78 72 4a 5a 2b 4f 4c 77 41 38 79 48 66 37 6b 5a 30 43 6e 2b 49 33 38 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 0joyLbEjBUK8bmh/.2Context: 6bbb2511378a06f2<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAYbFfIa8B7z/EpCS1MYPbd9sL67TjpR/AxnSmPVNn2hY5sTmSedGL5jStqBX/4tBsBgxJntWYdW9CvS8vD7vUHixrJZ+OLwA8yHf7kZ0Cn+I38
2024-11-25 15:21:59 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 30 6a 6f 79 4c 62 45 6a 42 55 4b 38 62 6d 68 2f 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 62 62 62 32 35 31 31 33 37 38 61 30 36 66 32 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: 0joyLbEjBUK8bmh/.3Context: 6bbb2511378a06f2
2024-11-25 15:22:00 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-11-25 15:22:00 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 35 6f 57 48 67 59 71 5a 4f 45 79 5a 48 66 75 2b 53 47 5a 74 47 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 5oWHgYqZOEyZHfu+SGZtGg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
71	192.168.2.6	49792	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:22:00 UTC	192	OUT	GET /rules/rule120665v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:22:00 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:22:00 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D30478D" x-ms-request-id: 96754fe9-301e-0052-4f54-3d65d6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152200Z-15b8b599d885v8r9hC1TEB104g000000066g000000008gh7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:22:00 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 53 73 5d 5b 53 73 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120665" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <SR T="2" R="([Pp][Ss][Ss][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
72	192.168.2.6	49793	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:22:00 UTC	192	OUT	GET /rules/rule120666v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 15:22:00 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 15:22:00 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3F48DAE" x-ms-request-id: 877e641f-101e-007a-18c6-3e047e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T152200Z-178bfbc474b9fdhphC1NYCac0n00000007ng000000005vuq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 15:22:00 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120666" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
73	192.168.2.6	49794	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:22:00 UTC	192	OUT	GET /rules/rule120667v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net

Session ID	Source IP	Source Port	Destination IP	Destination Port
74	192.168.2.6	49795	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:22:00 UTC	192	OUT	GET /rules/rule120668v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net

Session ID	Source IP	Source Port	Destination IP	Destination Port
75	192.168.2.6	49796	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 15:22:00 UTC	192	OUT	GET /rules/rule120669v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 1096, Parent PID: 5972

General

Target ID:	1
Start time:	10:21:21
Start date:	25/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6256, Parent PID: 1096

General

Target ID:	3
Start time:	10:21:24
Start date:	25/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 --field-trial-handle=2376,i,10519227397119867064,15266233916746815749,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 2752, Parent PID: 5972

General

Target ID:	4
Start time:	10:21:26
Start date:	25/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://greatlink.com"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://greatlink.com

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Errors

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 1096, Parent PID: 5972

General

Chronological Activities

Analysis Process: chrome.exePID: 6256, Parent PID: 1096

General

Chronological Activities

Analysis Process: chrome.exePID: 2752, Parent PID: 5972

General

Chronological Activities

Disassembly

Windows Analysis Report
http://greatlink.com