Edit tour

Windows Analysis Report
http://relevanteduofficelogin.relevantedu.xyz

Overview

General Information

Sample URL:	http://relevanteduofficelogin.relevantedu.xyz
Analysis ID:	1432223
Infos:

Detection

HTMLPhisher

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Phishing site detected (based on favicon image match)

Yara detected HtmlPhish54

Performs DNS queries to domains with low reputation

HTML body contains low number of good links

HTML page contains hidden URLs or javascript code

HTML title does not match URL

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6912 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 5916 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2508 --field-trial-handle=2472,i,3685527749275689148,13619911006940924021,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 5320 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://relevanteduofficelogin.relevantedu.xyz" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author	Strings
1.2.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
2.3.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://relevanteduofficelogin.relevantedu.xyz

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social usering

Phishing

Phishing site detected (based on favicon image match)

Source: https://relevantedu.xyz

Matcher: Template: microsoft matched with high similarity

Yara detected HtmlPhish54

Source: Yara match	File source: 1.2.pages.csv, type: HTML
Source: Yara match	File source: 2.3.pages.csv, type: HTML

Source: https://relevanteduofficelogin.relevantedu.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2F0ffice.relevantedu.xyz%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2F0ffice.relevantedu.xyz%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638497434879938985.OTMyZmM3YzEtY2MyMi00ZmU5LTkxMTQtMWMyYmUxMzYyYzk4OTQ3NDFiZTItZTk1Yi00YmUzLTg0NTItYzljYzJmODhkMTg5&ui_locales=en-US&mkt=en-US&client-request-id=a4b512c3-a4a0-416b-b35b-186efbe5fd83&state=z_lP4Q7OlsbDNVLBmi5Sby8cvacKieMrTNK4rEt0GbamdiB8wnIxsYcFX-rFgHWE_Ru2xu_bmjibdV8Ddj3tloQQaAJAjps-zHUvR0J7MIwpLI1Y0mPgnAQw4mD5QWLEl5GuAesYSybJvS4VEOlwn1h8fvgK1g1vCRIePf0_pCHGdDqF5ULOxPc1BylSBOJ3E7LyUlGJCUjO87Y6yncYfdeUHtqs7BjUgu0zRe2oX7FTvRghQR51J1XPJez2jEdriWD-Zask3nenOQMdGQWWVw&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0	HTTP Parser: Number of links: 0
Source: https://relevanteduofficelogin.relevantedu.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2F0ffice.relevantedu.xyz%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2F0ffice.relevantedu.xyz%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638497434879938985.OTMyZmM3YzEtY2MyMi00ZmU5LTkxMTQtMWMyYmUxMzYyYzk4OTQ3NDFiZTItZTk1Yi00YmUzLTg0NTItYzljYzJmODhkMTg5&ui_locales=en-US&mkt=en-US&client-request-id=a4b512c3-a4a0-416b-b35b-186efbe5fd83&state=z_lP4Q7OlsbDNVLBmi5Sby8cvacKieMrTNK4rEt0GbamdiB8wnIxsYcFX-rFgHWE_Ru2xu_bmjibdV8Ddj3tloQQaAJAjps-zHUvR0J7MIwpLI1Y0mPgnAQw4mD5QWLEl5GuAesYSybJvS4VEOlwn1h8fvgK1g1vCRIePf0_pCHGdDqF5ULOxPc1BylSBOJ3E7LyUlGJCUjO87Y6yncYfdeUHtqs7BjUgu0zRe2oX7FTvRghQR51J1XPJez2jEdriWD-Zask3nenOQMdGQWWVw&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=true	HTTP Parser: Number of links: 0

Source: https://relevanteduofficelogin.relevantedu.xyz/

HTTP Parser: Base64 decoded: a[href="http://www.salidzini.lv/"][style="display: block; width: 88px; height: 31px; overflow: hidden; position: relative;"]

Source: https://relevanteduofficelogin.relevantedu.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2F0ffice.relevantedu.xyz%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2F0ffice.relevantedu.xyz%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638497434879938985.OTMyZmM3YzEtY2MyMi00ZmU5LTkxMTQtMWMyYmUxMzYyYzk4OTQ3NDFiZTItZTk1Yi00YmUzLTg0NTItYzljYzJmODhkMTg5&ui_locales=en-US&mkt=en-US&client-request-id=a4b512c3-a4a0-416b-b35b-186efbe5fd83&state=z_lP4Q7OlsbDNVLBmi5Sby8cvacKieMrTNK4rEt0GbamdiB8wnIxsYcFX-rFgHWE_Ru2xu_bmjibdV8Ddj3tloQQaAJAjps-zHUvR0J7MIwpLI1Y0mPgnAQw4mD5QWLEl5GuAesYSybJvS4VEOlwn1h8fvgK1g1vCRIePf0_pCHGdDqF5ULOxPc1BylSBOJ3E7LyUlGJCUjO87Y6yncYfdeUHtqs7BjUgu0zRe2oX7FTvRghQR51J1XPJez2jEdriWD-Zask3nenOQMdGQWWVw&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0	HTTP Parser: Title: Redirecting does not match URL
Source: https://relevanteduofficelogin.relevantedu.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2F0ffice.relevantedu.xyz%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2F0ffice.relevantedu.xyz%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638497434879938985.OTMyZmM3YzEtY2MyMi00ZmU5LTkxMTQtMWMyYmUxMzYyYzk4OTQ3NDFiZTItZTk1Yi00YmUzLTg0NTItYzljYzJmODhkMTg5&ui_locales=en-US&mkt=en-US&client-request-id=a4b512c3-a4a0-416b-b35b-186efbe5fd83&state=z_lP4Q7OlsbDNVLBmi5Sby8cvacKieMrTNK4rEt0GbamdiB8wnIxsYcFX-rFgHWE_Ru2xu_bmjibdV8Ddj3tloQQaAJAjps-zHUvR0J7MIwpLI1Y0mPgnAQw4mD5QWLEl5GuAesYSybJvS4VEOlwn1h8fvgK1g1vCRIePf0_pCHGdDqF5ULOxPc1BylSBOJ3E7LyUlGJCUjO87Y6yncYfdeUHtqs7BjUgu0zRe2oX7FTvRghQR51J1XPJez2jEdriWD-Zask3nenOQMdGQWWVw&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=true	HTTP Parser: Title: Sign in to your account does not match URL

Source: https://relevanteduofficelogin.relevantedu.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2F0ffice.relevantedu.xyz%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2F0ffice.relevantedu.xyz%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638497434879938985.OTMyZmM3YzEtY2MyMi00ZmU5LTkxMTQtMWMyYmUxMzYyYzk4OTQ3NDFiZTItZTk1Yi00YmUzLTg0NTItYzljYzJmODhkMTg5&ui_locales=en-US&mkt=en-US&client-request-id=a4b512c3-a4a0-416b-b35b-186efbe5fd83&state=z_lP4Q7OlsbDNVLBmi5Sby8cvacKieMrTNK4rEt0GbamdiB8wnIxsYcFX-rFgHWE_Ru2xu_bmjibdV8Ddj3tloQQaAJAjps-zHUvR0J7MIwpLI1Y0mPgnAQw4mD5QWLEl5GuAesYSybJvS4VEOlwn1h8fvgK1g1vCRIePf0_pCHGdDqF5ULOxPc1BylSBOJ3E7LyUlGJCUjO87Y6yncYfdeUHtqs7BjUgu0zRe2oX7FTvRghQR51J1XPJez2jEdriWD-Zask3nenOQMdGQWWVw&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0

HTTP Parser: No favicon

Source: https://relevanteduofficelogin.relevantedu.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2F0ffice.relevantedu.xyz%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2F0ffice.relevantedu.xyz%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638497434879938985.OTMyZmM3YzEtY2MyMi00ZmU5LTkxMTQtMWMyYmUxMzYyYzk4OTQ3NDFiZTItZTk1Yi00YmUzLTg0NTItYzljYzJmODhkMTg5&ui_locales=en-US&mkt=en-US&client-request-id=a4b512c3-a4a0-416b-b35b-186efbe5fd83&state=z_lP4Q7OlsbDNVLBmi5Sby8cvacKieMrTNK4rEt0GbamdiB8wnIxsYcFX-rFgHWE_Ru2xu_bmjibdV8Ddj3tloQQaAJAjps-zHUvR0J7MIwpLI1Y0mPgnAQw4mD5QWLEl5GuAesYSybJvS4VEOlwn1h8fvgK1g1vCRIePf0_pCHGdDqF5ULOxPc1BylSBOJ3E7LyUlGJCUjO87Y6yncYfdeUHtqs7BjUgu0zRe2oX7FTvRghQR51J1XPJez2jEdriWD-Zask3nenOQMdGQWWVw&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0	HTTP Parser: No <meta name="author".. found
Source: https://relevanteduofficelogin.relevantedu.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2F0ffice.relevantedu.xyz%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2F0ffice.relevantedu.xyz%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638497434879938985.OTMyZmM3YzEtY2MyMi00ZmU5LTkxMTQtMWMyYmUxMzYyYzk4OTQ3NDFiZTItZTk1Yi00YmUzLTg0NTItYzljYzJmODhkMTg5&ui_locales=en-US&mkt=en-US&client-request-id=a4b512c3-a4a0-416b-b35b-186efbe5fd83&state=z_lP4Q7OlsbDNVLBmi5Sby8cvacKieMrTNK4rEt0GbamdiB8wnIxsYcFX-rFgHWE_Ru2xu_bmjibdV8Ddj3tloQQaAJAjps-zHUvR0J7MIwpLI1Y0mPgnAQw4mD5QWLEl5GuAesYSybJvS4VEOlwn1h8fvgK1g1vCRIePf0_pCHGdDqF5ULOxPc1BylSBOJ3E7LyUlGJCUjO87Y6yncYfdeUHtqs7BjUgu0zRe2oX7FTvRghQR51J1XPJez2jEdriWD-Zask3nenOQMdGQWWVw&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=true	HTTP Parser: No <meta name="author".. found

Source: https://relevanteduofficelogin.relevantedu.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2F0ffice.relevantedu.xyz%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2F0ffice.relevantedu.xyz%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638497434879938985.OTMyZmM3YzEtY2MyMi00ZmU5LTkxMTQtMWMyYmUxMzYyYzk4OTQ3NDFiZTItZTk1Yi00YmUzLTg0NTItYzljYzJmODhkMTg5&ui_locales=en-US&mkt=en-US&client-request-id=a4b512c3-a4a0-416b-b35b-186efbe5fd83&state=z_lP4Q7OlsbDNVLBmi5Sby8cvacKieMrTNK4rEt0GbamdiB8wnIxsYcFX-rFgHWE_Ru2xu_bmjibdV8Ddj3tloQQaAJAjps-zHUvR0J7MIwpLI1Y0mPgnAQw4mD5QWLEl5GuAesYSybJvS4VEOlwn1h8fvgK1g1vCRIePf0_pCHGdDqF5ULOxPc1BylSBOJ3E7LyUlGJCUjO87Y6yncYfdeUHtqs7BjUgu0zRe2oX7FTvRghQR51J1XPJez2jEdriWD-Zask3nenOQMdGQWWVw&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0	HTTP Parser: No <meta name="copyright".. found
Source: https://relevanteduofficelogin.relevantedu.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2F0ffice.relevantedu.xyz%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2F0ffice.relevantedu.xyz%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638497434879938985.OTMyZmM3YzEtY2MyMi00ZmU5LTkxMTQtMWMyYmUxMzYyYzk4OTQ3NDFiZTItZTk1Yi00YmUzLTg0NTItYzljYzJmODhkMTg5&ui_locales=en-US&mkt=en-US&client-request-id=a4b512c3-a4a0-416b-b35b-186efbe5fd83&state=z_lP4Q7OlsbDNVLBmi5Sby8cvacKieMrTNK4rEt0GbamdiB8wnIxsYcFX-rFgHWE_Ru2xu_bmjibdV8Ddj3tloQQaAJAjps-zHUvR0J7MIwpLI1Y0mPgnAQw4mD5QWLEl5GuAesYSybJvS4VEOlwn1h8fvgK1g1vCRIePf0_pCHGdDqF5ULOxPc1BylSBOJ3E7LyUlGJCUjO87Y6yncYfdeUHtqs7BjUgu0zRe2oX7FTvRghQR51J1XPJez2jEdriWD-Zask3nenOQMdGQWWVw&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=true	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.6:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49755 version: TLS 1.2

Networking

Performs DNS queries to domains with low reputation

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: relevanteduofficelogin.relevantedu.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: relevanteduofficelogin.relevantedu.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: relevanteduofficelogin.relevantedu.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: relevanteduofficelogin.relevantedu.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: 0ffice.relevantedu.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: 0ffice.relevantedu.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: b72d03ca-862723ea.relevantedu.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: b72d03ca-862723ea.relevantedu.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: b5e70507-862723ea.relevantedu.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: b5e70507-862723ea.relevantedu.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: 181eeb1c-862723ea.relevantedu.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: 181eeb1c-862723ea.relevantedu.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: l1ve.relevantedu.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: l1ve.relevantedu.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: 181eeb1c-862723ea.relevantedu.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: 181eeb1c-862723ea.relevantedu.xyz

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: relevanteduofficelogin.relevantedu.xyzConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: relevanteduofficelogin.relevantedu.xyzConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://relevanteduofficelogin.relevantedu.xyz/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: bqmoZj="ODYyNzIzZWEtY2E0YS00OTJkLTgyZmYtNjVlMmM5MTFiOGY3OmFjZTJhNDYxLTA1NDEtNDJmOC04OTdkLWI3MDcwOWYyZmQ4ZA=="
Source: global traffic	HTTP traffic detected: GET /login HTTP/1.1Host: 0ffice.relevantedu.xyzConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://relevanteduofficelogin.relevantedu.xyz/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: bqmoZj="ODYyNzIzZWEtY2E0YS00OTJkLTgyZmYtNjVlMmM5MTFiOGY3OmFjZTJhNDYxLTA1NDEtNDJmOC04OTdkLWI3MDcwOWYyZmQ4ZA=="
Source: global traffic	HTTP traffic detected: GET /common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2F0ffice.relevantedu.xyz%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2F0ffice.relevantedu.xyz%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638497434879938985.OTMyZmM3YzEtY2MyMi00ZmU5LTkxMTQtMWMyYmUxMzYyYzk4OTQ3NDFiZTItZTk1Yi00YmUzLTg0NTItYzljYzJmODhkMTg5&ui_locales=en-US&mkt=en-US&client-request-id=a4b512c3-a4a0-416b-b35b-186efbe5fd83&state=z_lP4Q7OlsbDNVLBmi5Sby8cvacKieMrTNK4rEt0GbamdiB8wnIxsYcFX-rFgHWE_Ru2xu_bmjibdV8Ddj3tloQQaAJAjps-zHUvR0J7MIwpLI1Y0mPgnAQw4mD5QWLEl5GuAesYSybJvS4VEOlwn1h8fvgK1g1vCRIePf0_pCHGdDqF5ULOxPc1BylSBOJ3E7LyUlGJCUjO87Y6yncYfdeUHtqs7BjUgu0zRe2oX7FTvRghQR51J1XPJez2jEdriWD-Zask3nenOQMdGQWWVw&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0 HTTP/1.1Host: relevanteduofficelogin.relevantedu.xyzConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://relevanteduofficelogin.relevantedu.xyz/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: bqmoZj="ODYyNzIzZWEtY2E0YS00OTJkLTgyZmYtNjVlMmM5MTFiOGY3OmFjZTJhNDYxLTA1NDEtNDJmOC04OTdkLWI3MDcwOWYyZmQ4ZA=="; MUID=2264A79D5E1D6D4A1F42B3F05F286C5D
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_Ggyc2EJnCaHFrI6xkBPLcg2.js HTTP/1.1Host: b72d03ca-862723ea.relevantedu.xyzConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://relevanteduofficelogin.relevantedu.xyzsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://relevanteduofficelogin.relevantedu.xyz/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /862723eaca4a492d82ff65e2c911b8f7/ HTTP/1.1Host: relevanteduofficelogin.relevantedu.xyzConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://relevanteduofficelogin.relevantedu.xyzSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: bqmoZj="ODYyNzIzZWEtY2E0YS00OTJkLTgyZmYtNjVlMmM5MTFiOGY3OmFjZTJhNDYxLTA1NDEtNDJmOC04OTdkLWI3MDcwOWYyZmQ4ZA=="; MUID=2264A79D5E1D6D4A1F42B3F05F286C5DSec-WebSocket-Key: +LiSn82gOP/GhWDwOq9nZA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2F0ffice.relevantedu.xyz%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2F0ffice.relevantedu.xyz%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638497434879938985.OTMyZmM3YzEtY2MyMi00ZmU5LTkxMTQtMWMyYmUxMzYyYzk4OTQ3NDFiZTItZTk1Yi00YmUzLTg0NTItYzljYzJmODhkMTg5&ui_locales=en-US&mkt=en-US&client-request-id=a4b512c3-a4a0-416b-b35b-186efbe5fd83&state=z_lP4Q7OlsbDNVLBmi5Sby8cvacKieMrTNK4rEt0GbamdiB8wnIxsYcFX-rFgHWE_Ru2xu_bmjibdV8Ddj3tloQQaAJAjps-zHUvR0J7MIwpLI1Y0mPgnAQw4mD5QWLEl5GuAesYSybJvS4VEOlwn1h8fvgK1g1vCRIePf0_pCHGdDqF5ULOxPc1BylSBOJ3E7LyUlGJCUjO87Y6yncYfdeUHtqs7BjUgu0zRe2oX7FTvRghQR51J1XPJez2jEdriWD-Zask3nenOQMdGQWWVw&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=true HTTP/1.1Host: relevanteduofficelogin.relevantedu.xyzConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://relevanteduofficelogin.relevantedu.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2F0ffice.relevantedu.xyz%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2F0ffice.relevantedu.xyz%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638497434879938985.OTMyZmM3YzEtY2MyMi00ZmU5LTkxMTQtMWMyYmUxMzYyYzk4OTQ3NDFiZTItZTk1Yi00YmUzLTg0NTItYzljYzJmODhkMTg5&ui_locales=en-US&mkt=en-US&client-request-id=a4b512c3-a4a0-416b-b35b-186efbe5fd83&state=z_lP4Q7OlsbDNVLBmi5Sby8cvacKieMrTNK4rEt0GbamdiB8wnIxsYcFX-rFgHWE_Ru2xu_bmjibdV8Ddj3tloQQaAJAjps-zHUvR0J7MIwpLI1Y0mPgnAQw4mD5QWLEl5GuAesYSybJvS4VEOlwn1h8fvgK1g1vCRIePf0_pCHGdDqF5ULOxPc1BylSBOJ3E7LyUlGJCUjO87Y6yncYfdeUHtqs7BjUgu0zRe2oX7FTvRghQR51J1XPJez2jEdriWD-Zask3nenOQMdGQWWVw&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: bqmoZj="ODYyNzIzZWEtY2E0YS00OTJkLTgyZmYtNjVlMmM5MTFiOGY3OmFjZTJhNDYxLTA1NDEtNDJmOC04OTdkLWI3MDcwOWYyZmQ4ZA=="; MUID=2264A79D5E1D6D4A1F42B3F05F286C5D; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: relevanteduofficelogin.relevantedu.xyzConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://relevanteduofficelogin.relevantedu.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2F0ffice.relevantedu.xyz%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2F0ffice.relevantedu.xyz%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638497434879938985.OTMyZmM3YzEtY2MyMi00ZmU5LTkxMTQtMWMyYmUxMzYyYzk4OTQ3NDFiZTItZTk1Yi00YmUzLTg0NTItYzljYzJmODhkMTg5&ui_locales=en-US&mkt=en-US&client-request-id=a4b512c3-a4a0-416b-b35b-186efbe5fd83&state=z_lP4Q7OlsbDNVLBmi5Sby8cvacKieMrTNK4rEt0GbamdiB8wnIxsYcFX-rFgHWE_Ru2xu_bmjibdV8Ddj3tloQQaAJAjps-zHUvR0J7MIwpLI1Y0mPgnAQw4mD5QWLEl5GuAesYSybJvS4VEOlwn1h8fvgK1g1vCRIePf0_pCHGdDqF5ULOxPc1BylSBOJ3E7LyUlGJCUjO87Y6yncYfdeUHtqs7BjUgu0zRe2oX7FTvRghQR51J1XPJez2jEdriWD-Zask3nenOQMdGQWWVw&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: bqmoZj="ODYyNzIzZWEtY2E0YS00OTJkLTgyZmYtNjVlMmM5MTFiOGY3OmFjZTJhNDYxLTA1NDEtNDJmOC04OTdkLWI3MDcwOWYyZmQ4ZA=="; MUID=2264A79D5E1D6D4A1F42B3F05F286C5D; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /862723eaca4a492d82ff65e2c911b8f7/ HTTP/1.1Host: relevanteduofficelogin.relevantedu.xyzConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://relevanteduofficelogin.relevantedu.xyzSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: bqmoZj="ODYyNzIzZWEtY2E0YS00OTJkLTgyZmYtNjVlMmM5MTFiOGY3OmFjZTJhNDYxLTA1NDEtNDJmOC04OTdkLWI3MDcwOWYyZmQ4ZA=="; MUID=2264A79D5E1D6D4A1F42B3F05F286C5D; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1Sec-WebSocket-Key: WrUkSU9BENdCQX5aK2Nfeg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css HTTP/1.1Host: 181eeb1c-862723ea.relevantedu.xyzConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://relevanteduofficelogin.relevantedu.xyzsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://relevanteduofficelogin.relevantedu.xyz/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_0lriinjhzchre9aqecvmpg2.js HTTP/1.1Host: 181eeb1c-862723ea.relevantedu.xyzConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://relevanteduofficelogin.relevantedu.xyzsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://relevanteduofficelogin.relevantedu.xyz/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_4aBF4cdky--I3Cpch7JoPw2.js HTTP/1.1Host: 181eeb1c-862723ea.relevantedu.xyzConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://relevanteduofficelogin.relevantedu.xyzsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://relevanteduofficelogin.relevantedu.xyz/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Me.htm?v=3 HTTP/1.1Host: l1ve.relevantedu.xyzConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://relevanteduofficelogin.relevantedu.xyz/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: bqmoZj="ODYyNzIzZWEtY2E0YS00OTJkLTgyZmYtNjVlMmM5MTFiOGY3OmFjZTJhNDYxLTA1NDEtNDJmOC04OTdkLWI3MDcwOWYyZmQ4ZA=="; MUID=2264A79D5E1D6D4A1F42B3F05F286C5D
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: 181eeb1c-862723ea.relevantedu.xyzConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://relevanteduofficelogin.relevantedu.xyz/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: bqmoZj="ODYyNzIzZWEtY2E0YS00OTJkLTgyZmYtNjVlMmM5MTFiOGY3OmFjZTJhNDYxLTA1NDEtNDJmOC04OTdkLWI3MDcwOWYyZmQ4ZA=="; MUID=2264A79D5E1D6D4A1F42B3F05F286C5D
Source: global traffic	HTTP traffic detected: GET /862723eaca4a492d82ff65e2c911b8f7/ HTTP/1.1Host: relevanteduofficelogin.relevantedu.xyzConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://relevanteduofficelogin.relevantedu.xyzSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: bqmoZj="ODYyNzIzZWEtY2E0YS00OTJkLTgyZmYtNjVlMmM5MTFiOGY3OmFjZTJhNDYxLTA1NDEtNDJmOC04OTdkLWI3MDcwOWYyZmQ4ZA=="; MUID=2264A79D5E1D6D4A1F42B3F05F286C5D; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1Sec-WebSocket-Key: u0kpqEbF5W6TdMm9dQ3+VQ==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_8e14dcf0e3ff5580d170.js HTTP/1.1Host: 181eeb1c-862723ea.relevantedu.xyzConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://relevanteduofficelogin.relevantedu.xyz/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: bqmoZj="ODYyNzIzZWEtY2E0YS00OTJkLTgyZmYtNjVlMmM5MTFiOGY3OmFjZTJhNDYxLTA1NDEtNDJmOC04OTdkLWI3MDcwOWYyZmQ4ZA=="; MUID=2264A79D5E1D6D4A1F42B3F05F286C5D
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: relevanteduofficelogin.relevantedu.xyzConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: relevanteduofficelogin.relevantedu.xyz
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: 0ffice.relevantedu.xyz
Source: global traffic	DNS traffic detected: DNS query: b72d03ca-862723ea.relevantedu.xyz
Source: global traffic	DNS traffic detected: DNS query: b5e70507-862723ea.relevantedu.xyz
Source: global traffic	DNS traffic detected: DNS query: 181eeb1c-862723ea.relevantedu.xyz
Source: global traffic	DNS traffic detected: DNS query: l1ve.relevantedu.xyz

Source: unknown

HTTP traffic detected: POST / HTTP/1.1Host: relevanteduofficelogin.relevantedu.xyzConnection: keep-aliveContent-Length: 4046Cache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1Origin: https://relevanteduofficelogin.relevantedu.xyzContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://relevanteduofficelogin.relevantedu.xyz/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 26 Apr 2024 15:51:55 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 76dd33a3-d7a2-4f5f-88b3-a6db6d392e01x-ms-ests-server: 2.1.17846.6 - FRC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://b5e70507-862723ea.relevantedu.xyz/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 26 Apr 2024 15:52:20 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 66d9ec61-bd8e-42d6-bda2-b53ba695a200x-ms-ests-server: 2.1.17846.6 - SEC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://b5e70507-862723ea.relevantedu.xyz/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.6:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49755 version: TLS 1.2

Source: classification engine

Classification label: mal68.phis.troj.win@17/12@20/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2508 --field-trial-handle=2472,i,3685527749275689148,13619911006940924021,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://relevanteduofficelogin.relevantedu.xyz"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2508 --field-trial-handle=2472,i,3685527749275689148,13619911006940924021,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://relevanteduofficelogin.relevantedu.xyz	0%	Avira URL Cloud	safe
http://relevanteduofficelogin.relevantedu.xyz	4%	Virustotal		Browse
http://relevanteduofficelogin.relevantedu.xyz	100%	SlashNext	Credential Stealing type: Phishing & Social usering

Source	Detection	Scanner	Label	Link
https://181eeb1c-862723ea.relevantedu.xyz/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico	0%	Avira URL Cloud	safe
https://l1ve.relevantedu.xyz/Me.htm?v=3	0%	Avira URL Cloud	safe
https://181eeb1c-862723ea.relevantedu.xyz/shared/1.0/content/js/ConvergedLogin_PCore_4aBF4cdky--I3Cpch7JoPw2.js	0%	Avira URL Cloud	safe
http://relevanteduofficelogin.relevantedu.xyz/	0%	Avira URL Cloud	safe
https://b5e70507-862723ea.relevantedu.xyz/api/report?catId=GW+estsfd+ams2	0%	Avira URL Cloud	safe
https://0ffice.relevantedu.xyz/login	0%	Avira URL Cloud	safe
https://b72d03ca-862723ea.relevantedu.xyz/shared/1.0/content/js/BssoInterrupt_Core_Ggyc2EJnCaHFrI6xkBPLcg2.js	0%	Avira URL Cloud	safe
https://relevanteduofficelogin.relevantedu.xyz/favicon.ico	0%	Avira URL Cloud	safe
http://relevanteduofficelogin.relevantedu.xyz/	4%	Virustotal		Browse
https://181eeb1c-862723ea.relevantedu.xyz/ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css	0%	Avira URL Cloud	safe
https://181eeb1c-862723ea.relevantedu.xyz/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_8e14dcf0e3ff5580d170.js	0%	Avira URL Cloud	safe
https://relevanteduofficelogin.relevantedu.xyz/862723eaca4a492d82ff65e2c911b8f7/	0%	Avira URL Cloud	safe
https://181eeb1c-862723ea.relevantedu.xyz/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_0lriinjhzchre9aqecvmpg2.js	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.214.172	true	false	unknown
l1ve.relevantedu.xyz	178.128.58.202	true	true	unknown
relevanteduofficelogin.relevantedu.xyz	178.128.58.202	true	true	unknown
0ffice.relevantedu.xyz	178.128.58.202	true	true	unknown
www.google.com	142.250.217.196	true	false	high
b72d03ca-862723ea.relevantedu.xyz	178.128.58.202	true	true	unknown
b5e70507-862723ea.relevantedu.xyz	178.128.58.202	true	true	unknown
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false	unknown
181eeb1c-862723ea.relevantedu.xyz	178.128.58.202	true	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://181eeb1c-862723ea.relevantedu.xyz/shared/1.0/content/js/ConvergedLogin_PCore_4aBF4cdky--I3Cpch7JoPw2.js	false	Avira URL Cloud: safe	unknown
http://relevanteduofficelogin.relevantedu.xyz/	false	4%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://l1ve.relevantedu.xyz/Me.htm?v=3	false	Avira URL Cloud: safe	unknown
https://181eeb1c-862723ea.relevantedu.xyz/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico	false	Avira URL Cloud: safe	unknown
https://b5e70507-862723ea.relevantedu.xyz/api/report?catId=GW+estsfd+ams2	false	Avira URL Cloud: safe	unknown
https://relevanteduofficelogin.relevantedu.xyz/	false		unknown
https://0ffice.relevantedu.xyz/login	false	Avira URL Cloud: safe	unknown
https://b72d03ca-862723ea.relevantedu.xyz/shared/1.0/content/js/BssoInterrupt_Core_Ggyc2EJnCaHFrI6xkBPLcg2.js	false	Avira URL Cloud: safe	unknown
https://relevanteduofficelogin.relevantedu.xyz/favicon.ico	false	Avira URL Cloud: safe	unknown
https://181eeb1c-862723ea.relevantedu.xyz/ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css	false	Avira URL Cloud: safe	unknown
https://181eeb1c-862723ea.relevantedu.xyz/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_8e14dcf0e3ff5580d170.js	false	Avira URL Cloud: safe	unknown
https://relevanteduofficelogin.relevantedu.xyz/862723eaca4a492d82ff65e2c911b8f7/	false	Avira URL Cloud: safe	unknown
https://181eeb1c-862723ea.relevantedu.xyz/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_0lriinjhzchre9aqecvmpg2.js	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.217.228	unknown	United States	15169	GOOGLEUS	false
178.128.58.202	l1ve.relevantedu.xyz	Netherlands	14061	DIGITALOCEAN-ASNUS	true

Private

IP
192.168.2.6
192.168.2.5

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1432223
Start date and time:	2024-04-26 17:50:04 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 25s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://relevanteduofficelogin.relevantedu.xyz
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal68.phis.troj.win@17/12@20/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.2.195, 142.250.217.174, 173.194.215.84, 34.104.35.123, 40.127.169.103, 192.229.211.108, 199.232.214.172, 20.242.39.171, 23.45.182.96, 23.45.182.80, 23.45.182.78, 23.45.182.93, 23.45.182.87, 23.45.182.77, 23.45.182.100, 23.45.182.81, 23.45.182.88, 20.3.187.198, 23.45.182.95, 23.45.182.101, 23.45.182.97, 23.45.182.86, 23.45.182.104, 23.45.182.91, 192.178.50.67
Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-bg-shim.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 2456
Category:	downloaded
Size (bytes):	1171
Entropy (8bit):	7.848112150858051
Encrypted:	false
SSDEEP:	24:X1oOl6L30Sl7dH3NMBGwGjacpfmZMjhCHS2GM+F3RF45eCpIlaTOB5h/mkp:X1oN0K93+ckraM+57WpIlaaD+k
MD5:	5BF0131C420D3953B3CCC37D91F1224E
SHA1:	142A87B02C4BE08B9D4F39207FE5EE2C13227A7C
SHA-256:	6B1D4F47781FAE7CE1680269C7475DCFED99BC38F0EB453A945C1CB19E813A8B
SHA-512:	99EC65D37FB8814D1FF53E3FB64E4D9DCC8064E559BBE832556EC4EDD497FD85B792EAB2E74DE2D1A3070BC7F6137E91BE617E3DFC56CBCF1BD998CE2F49007B
Malicious:	false
Reputation:	low
URL:	https://l1ve.relevantedu.xyz/Me.htm?v=3
Preview:	...........V.n.F.}.WHD p.--....HZDA..v.>0,.".....].ve.{.7.v.V0LQs9{.pf.K.."3=......?...V..U...ed.............'d...@..^..l...`.m.{...(.......>.....L.F.%.f.....w,..=AS.c...[.M.,S#...n.(.=..._.4....E......c(...5c.E.=".......JVS..6A.R`#.qR.....R..!..[..1&...Qs.JyB.%".......:C.-f.!...;.HV...8:K..-."x:.d.2.....!9......C....?....owC..../...e.9E....5A.E\|$6B...2...(..4...kmr!7v+....'...".J.$.4.d+.C...IT...D.E]r.....uH.D..6.u..``k..\.J.;r.V$.&..u.j..EO.J......mM.`.V......$$..F.=.);j..+....K.A3..inQ.o...Jz.QQ..$.:..)..t7$4uR..8..&.Lk&..........:SG.-....B.S...v.a.:s.)@0..;'...q..X..i.~U7_.._.V..z^C......@..........g.>...c%-..Zu..5...a.....o4[.......jl.U..Y.UD+..^o.P.0...8..85.j.M..8...FH2.H'...?...x...S..._...6<7....]...qy .....9...'.".&....u...Zi..-w.[..+6~.C.b..f.N.2%q.q....K)5.c.C....G...=@^......W............m}....g.6.'...//=.*.H.@....C...e..-.)m.k.]U.^."y@=..S..]. 8.V.+$].......{#.mS..:.....vk..7bR..SZ..<...v.....MBj.i,/...d...,.w...~\....8.a.....{..

Chrome Cache Entry: 47

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 55037
Category:	downloaded
Size (bytes):	15776
Entropy (8bit):	7.985952129991543
Encrypted:	false
SSDEEP:	384:TwXl87i4naaFtPESJ2DWOq1IcQS0SL7EOONbPHG:TwXW7i4naTSOAszOGb/G
MD5:	C9FEA7B73DB87151F6E7414DBE01BC09
SHA1:	749C0343CDA07BE115086D4BABA33C1482B4B331
SHA-256:	21E3EA815C63CA5D738E667982E41C91C299E461649A812DFC28244DE41AEBC5
SHA-512:	321F6E3ECEBAF0A19973B1231292FDC00B453C327287FB64B44EBF2044F0EA69FA03FBA701A857AEAAC694043EF22D9514B766F6A7D8788533655C3E31138E76
Malicious:	false
Reputation:	low
URL:	https://181eeb1c-862723ea.relevantedu.xyz/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_0lriinjhzchre9aqecvmpg2.js
Preview:	...........}Ms#G.....uh.O=.>...4..p.O$...P.IF4.".K....1..5.......7.\|.....S6..w8?......9...B.AwUeeeeeefee..f.Oc/._..G.............{..._..%.q..q........j<.w..O.7..."pgbV.C..k.T`..X....'v....<p....I.'..k<j@Ai..NP.6<..j..N.....0.......=..ox/+...9.sB..p.q.ai...?.....qw.D.X..b..?.bOD.x.B1..X..`.N..b..E...%JWg..x8.ys..:...I.....b1...q.......[..a..7q..N........._..4....&.. ........m&6.F.\.@.e.B..`.'.....0............]/.........`..iZ6......./f8..BCz_...i....MQ>..E,/x>v......{.........._.........Z.rP+......e..R.\.Z.u..3@./.oJ7.'.......%.;.WP.9.b..z._..b....0......X...Ro^k.lI..t..K7~.ep.`.)......'."".."....../..S....M..B5nEc2..g..m..\|f.{...pbi(.0.@[_Lc.Z.....U`./!..@.....p.-..kQ@T..8...-...0.....AX.D.?...".....5.NE..\...VQa.....,......?..M.0......_<......C..fOq..bz'..z/BF.;&.K......%.....g........f!..^.:Z...g...j...7.._........S.2/.2.n.....>.<P!!.Bv..J........e!d....B.Ra$.......N........> f.C.....^.D.-.e.c+...............!....$.9x...{.....p~._.0.

Chrome Cache Entry: 48

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, 16x16 with PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 24x24 with PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced, 32 bits/pixel
Category:	downloaded
Size (bytes):	2279
Entropy (8bit):	7.354295352983905
Encrypted:	false
SSDEEP:	24:sb8IQUm7Ar/pPwZRbiHGIc+CozPPdv4CA0H+9dCjnmLr7laO+If7xkLLVP:sbvmiRwZUmD+CoTU0HbEXRzxkLBP
MD5:	7E0D59593F3377B72C29435C4B43954A
SHA1:	B4C5C39A6DFB460BBD2EACCEB09EC8079FB6A8E2
SHA-256:	62D706019A0D80173113EF70FBBEE12F286E8E221534BE788448AADA4B14C8E8
SHA-512:	397416A6A96A39F46F22E906A60E56067E5B7B11FB0597A733F862FC077C88D5ED31F51A82709A56F6082FB1F2F72F9A0FE0849E3DD493BB4240C265B546AAD3
Malicious:	false
Reputation:	low
URL:	https://181eeb1c-862723ea.relevantedu.xyz/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Preview:	............ .....f......... .$...\|... .... .5.......00.... .j.......@@.... .....?......... .....2....PNG........IHDR................a....IDATx..1NCA.C..D@."-en.!.h..8@..9h..".....5M....h..-..l..L..P.Y.^luw...r.(.........w...B({....&.F......N.f%..........^&.x}Zu........g..7m......n?..U`....@.M8.g.-..\|..S.K.!....].%.I......&.I..`...F \|o;....{S....\|..VL...E....IEND.B`..PNG........IHDR..............w=.....IDATx..AJ.A.E_.5...D..$'....<.g.\...!.].!..Y....4...B.......4U...Q..J(...y....%..[t;..>\...~....O....r......e...F....8.d9....4.x.xW..e...c...~W..P2.........[.....r<..,..>....q.\...U...v.'......!.1.....9..:8............I.I.d.......IEND.B`..PNG........IHDR... ... .....szz.....IDATx..AJC1.E.{..... .;..>\..q+.. ..N.j....."8k.P..IF...M..{.8..F..Z.q...~.y}...0.f..U....Z...@yd...4......DT.B..)......v.8.....)..Lq.[....]_jrG$...3.%......i.vU...C...h0.....rz^.].....9..5.....mU~.E..GMF.X....?..Y.U..\|.c.k.v>..@.h..........Nh.u......IEND.B`..PNG........IHDR...

Chrome Cache Entry: 49

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 444333
Category:	downloaded
Size (bytes):	121267
Entropy (8bit):	7.997339385404732
Encrypted:	true
SSDEEP:	3072:OJO5SnCFpI2NYqAz2ht/WtZe8sxFSfx3jS5lVFQO8zibUIjgojKvT:JQnsh0c8fx+9FpTgWKb
MD5:	45E19FFF6EFC5C12D188EADDBF8FA47D
SHA1:	55F980D10B2C4445DF0086D71CD865894AC6D97F
SHA-256:	0ADF144B3CF14920D70FE305952A62E4D0C56389998FF8C5B8BBA62232B865E7
SHA-512:	7AAB7B2BDC8F1220BD3B5C5942CDADEB0462E76F9B8D8A6C8FA0DCBD68EA6DC30088ED79FB87ED3E1BBC1E3C909E77C89C1A60135CFDB55F7F31D58AF628FA85
Malicious:	false
Reputation:	low
URL:	https://181eeb1c-862723ea.relevantedu.xyz/shared/1.0/content/js/ConvergedLogin_PCore_4aBF4cdky--I3Cpch7JoPw2.js
Preview:	............{.8.......f.cw...Wl..Y.U..$..Iw.2.d.v.%.$.1..o?.$%J.SU.{w.}.S.H... .......O.....2..\.T..../g..+.............F..7.^\.x>....3....0.x..F.0...Wf.o..~e...J...(..9I\.8.Bc./.T...+;J.gW.:..6o..P...o..1..a.9.b.....G..."pYTyy.....Da.N.J...=C#....M..;b..%.I.%......!E.15.[...:..P.........8_...L..ou..ie..\|.IXy.....x.`Z...bj......I.a.,z...~%..B.....:.....L#;@...`..i......cTt.V.fs...L..8..s...R./^....?.0h...+.f...6:......d...>M..q1.G.g..E....p1.....<.@.O.>.^.......of.j1..T......+u&.r3q%gb.3!..`..Z9.<....\..&....UYm).W.j._aT}.a"tO...q.G...c..;...~.sX.Y0M....g.w.>.....%$a.6g.G;.....9..;@.U[.j....w..........JM..Vc.;...W..wU...TYew...?5....va8...i...$.......\.l...j?EC.h.&U....E,YDA...faQ..T..$k..[..2..j./.1,D}LdY=..a.>\|k....NE/.A...}..&. ..7%#.u.o(a.S....e!P8..VK.#.t.{..@.I....uVva=....$z#~.....CX...+..l.}...Q.......\.n...........Z...LK.~.\|."...D;u{>......T$.C..^\|%..'U....k2=...)Y! )..+.Y.#%........C..?2.r_....%'>.....^.3V..H..zSF..

Chrome Cache Entry: 50

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 113084
Category:	downloaded
Size (bytes):	20314
Entropy (8bit):	7.979532931860973
Encrypted:	false
SSDEEP:	384:VkqQ8rNFEhCgMyL2iww6oIR8mWG+Pu9Z5IM6mxqrghTvUty7T9Q:gCGEiL/w7R8DW9Z5B6AasTv37T9Q
MD5:	7B082644CE5A069FB55F47B1A6B667F2
SHA1:	6A5FFA5369BF15FA42446C6EDE88E9E40A40E0E9
SHA-256:	8E34884C24973C66D83BAFDEC9445F746BEFEE773A384B340CA24C7B7703AF3A
SHA-512:	778CC9EA8646B747C02A1BFC68F7CB973A721328B180211657B2FEC2E5487500E8BD4D5A110C3C7C09C8BA66FE28BD47043C200227040B0B544941425473173A
Malicious:	false
Reputation:	low
URL:	https://181eeb1c-862723ea.relevantedu.xyz/ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css
Preview:	...........}ks.6.....\.R;.J.H=-WR;..&>g^53.G.R[.DY<C..$e.WG..... )...{+'g...l............bw_f7.:x..<x.-.V5)/wE..Y...gy.0.(.-o.e.\|..._..I.....?<{.!x...W..._..^..p..E..'..Y...<.....]..6(. ..D.....Y.......:.ve.?..!..\|t...].+.......a.......\|.P...u.H.d.d.r.c[..~.L..n.-.}e.H3...r..^..iP.u..z.....)..Z.jx..C'......u..{.C...N.o.m~..F(b..f.....h..O.....6....kr.......n2m M$.R..R..i{.~.....n.dKY..#.Kn.4..G...O..l.#.a=..iU..].S.2.wY..O.\|...Z.A....].uU.._%U.<...pp..u=.....C.R..S.....0...A<......&...W..'o.T.."..jO..^+.....DiW.b..7i..7..........lKe.0.~B0.....zQu#...YB.,.{.&.6..G.6..._...J.i.?.LS$( .^.{..u.-.0....K....M&j..s.yB..+....^.)...7e.....]..eFI_.kRX.B......D[.4......+.u=>....R.`QEK...R..d...*S.. ,c5RKBK(......][..eF{T.....6...".....Uk:..S.0Ro.}B.dwJZ}U..S.F.....&.&.~\|......{..Ep.>x..._....}p..=.}...v...7?}...g..1&.......}...^...o.x.>x...../.^....._.........w.v./.........BA...{J..w..$?.}w....?zO.r..5...7.gl..z...g.?.{....R.......yGj

Chrome Cache Entry: 51

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 141272
Category:	downloaded
Size (bytes):	49626
Entropy (8bit):	7.995283415822979
Encrypted:	true
SSDEEP:	1536:J+Rly7ClHM8uFsPoHZOqk36/liAnSXcOr+/GVHLzbvBP7olfJ:J+RlYgyFtEf36jn0pr+yz6R
MD5:	EB3346B791286D2F9F4686CC01BCF62E
SHA1:	601AC7448B388D5309DA64E096048D8ADFBAE010
SHA-256:	A191E62F6507D0D73F9F19A9BE602C8FEB4752B3C247242D7A52A7F9D17272F7
SHA-512:	FD3C2EEB12AF6BD3C65578F23B4A927217E8F9C912B59AC759845BFCED592750C25B0BBBF924E5BDF9167481DD3142A01287EB47C3EC0A71DC9415BFD44DCE75
Malicious:	false
Reputation:	low
URL:	https://b72d03ca-862723ea.relevantedu.xyz/shared/1.0/content/js/BssoInterrupt_Core_Ggyc2EJnCaHFrI6xkBPLcg2.js
Preview:	............[.8.8...+.w..O...hp../.t73@..sY`y.X.O.;k;\.r..S.......<..K...,..JU........~..}.?..y....T;.rx._;..?j'......?.....Im.LD....D..(.Eq-.GQ<.b/.I..~.....qt_K.Dm.G..Q..&A.B...D..:T...S/N.k.......-..B(=....\|...(.F..>.6..0..Y..x...j..(..h..b1...\|$.Az..V.E-.im........R..g....C.....SG..:.D....:.e.p.lk......PK..s4.......5..}B....:h.?..v........I-..F.J..5.4..d.\....Q.>.....B.0..y....k....B=.j"I..TLpl... ..".Z..$....I..n....k..Ywi:M.... ....XL..5af?=...G...@7F_....O......>b.9....ZS.. T.=.G.0..j$.0...o.........S.U.W.p.....E=..z.oQ\..` .....ymy.um%n......}`ODx..u.F...2...C. .(!.......J........#+6WW...zuufOg.]._.+...n...H..k..]UzV.U..ez.z.cR.....t.;S-5gvr...Y7.......w3,...`\./.k3..,.k.l...O&].b...8.5qVZ..t^..,$..51Ue.....^&.J3O......<.B......8.......ZR..G.zc.wc.E.hL.f.w1..P<..!. ..w.:kk..^..5..I.D .j..x.S.....p".........v.,.X-.0..q..c;....0..*........t:y..VV7..L.....z....].u....paJ^.(J..-f....!............\|........`B.-..\|..x..n .a".i=.R Q2.

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 26, 2024 17:50:48.420435905 CEST	49673	443	192.168.2.6	173.222.162.64
Apr 26, 2024 17:50:48.420435905 CEST	49674	443	192.168.2.6	173.222.162.64
Apr 26, 2024 17:50:48.717286110 CEST	49672	443	192.168.2.6	173.222.162.64
Apr 26, 2024 17:50:54.875544071 CEST	443	49706	173.222.162.64	192.168.2.6
Apr 26, 2024 17:50:54.875801086 CEST	49706	443	192.168.2.6	173.222.162.64
Apr 26, 2024 17:50:57.899703026 CEST	49715	80	192.168.2.6	178.128.58.202
Apr 26, 2024 17:50:57.963228941 CEST	49716	80	192.168.2.6	178.128.58.202
Apr 26, 2024 17:50:57.985001087 CEST	49717	80	192.168.2.6	178.128.58.202
Apr 26, 2024 17:50:58.068932056 CEST	49674	443	192.168.2.6	173.222.162.64
Apr 26, 2024 17:50:58.068934917 CEST	49673	443	192.168.2.6	173.222.162.64
Apr 26, 2024 17:50:58.379273891 CEST	80	49715	178.128.58.202	192.168.2.6
Apr 26, 2024 17:50:58.379369020 CEST	49715	80	192.168.2.6	178.128.58.202
Apr 26, 2024 17:50:58.379620075 CEST	49715	80	192.168.2.6	178.128.58.202
Apr 26, 2024 17:50:58.389344931 CEST	80	49716	178.128.58.202	192.168.2.6
Apr 26, 2024 17:50:58.389439106 CEST	49716	80	192.168.2.6	178.128.58.202
Apr 26, 2024 17:50:58.461828947 CEST	49672	443	192.168.2.6	173.222.162.64
Apr 26, 2024 17:50:58.497005939 CEST	80	49717	178.128.58.202	192.168.2.6
Apr 26, 2024 17:50:58.497068882 CEST	49717	80	192.168.2.6	178.128.58.202
Apr 26, 2024 17:50:58.847285986 CEST	49720	443	192.168.2.6	20.25.241.18
Apr 26, 2024 17:50:58.847337008 CEST	443	49720	20.25.241.18	192.168.2.6
Apr 26, 2024 17:50:58.847404003 CEST	49720	443	192.168.2.6	20.25.241.18
Apr 26, 2024 17:50:58.849507093 CEST	49720	443	192.168.2.6	20.25.241.18
Apr 26, 2024 17:50:58.849524021 CEST	443	49720	20.25.241.18	192.168.2.6
Apr 26, 2024 17:50:58.858107090 CEST	80	49715	178.128.58.202	192.168.2.6
Apr 26, 2024 17:50:58.858129978 CEST	80	49715	178.128.58.202	192.168.2.6
Apr 26, 2024 17:50:58.908864021 CEST	49715	80	192.168.2.6	178.128.58.202
Apr 26, 2024 17:50:59.000344992 CEST	49721	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:50:59.000386953 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:50:59.000446081 CEST	49721	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:50:59.001030922 CEST	49721	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:50:59.001045942 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:50:59.334378958 CEST	443	49720	20.25.241.18	192.168.2.6
Apr 26, 2024 17:50:59.334451914 CEST	49720	443	192.168.2.6	20.25.241.18
Apr 26, 2024 17:50:59.347394943 CEST	49720	443	192.168.2.6	20.25.241.18
Apr 26, 2024 17:50:59.347407103 CEST	443	49720	20.25.241.18	192.168.2.6
Apr 26, 2024 17:50:59.347681046 CEST	443	49720	20.25.241.18	192.168.2.6
Apr 26, 2024 17:50:59.351432085 CEST	49720	443	192.168.2.6	20.25.241.18
Apr 26, 2024 17:50:59.351912975 CEST	49720	443	192.168.2.6	20.25.241.18
Apr 26, 2024 17:50:59.351918936 CEST	443	49720	20.25.241.18	192.168.2.6
Apr 26, 2024 17:50:59.352081060 CEST	49720	443	192.168.2.6	20.25.241.18
Apr 26, 2024 17:50:59.396121025 CEST	443	49720	20.25.241.18	192.168.2.6
Apr 26, 2024 17:50:59.508301020 CEST	443	49720	20.25.241.18	192.168.2.6
Apr 26, 2024 17:50:59.508881092 CEST	443	49720	20.25.241.18	192.168.2.6
Apr 26, 2024 17:50:59.508945942 CEST	49720	443	192.168.2.6	20.25.241.18
Apr 26, 2024 17:50:59.512325048 CEST	49720	443	192.168.2.6	20.25.241.18
Apr 26, 2024 17:50:59.512342930 CEST	443	49720	20.25.241.18	192.168.2.6
Apr 26, 2024 17:50:59.512401104 CEST	49720	443	192.168.2.6	20.25.241.18
Apr 26, 2024 17:51:01.917102098 CEST	49722	443	192.168.2.6	142.250.217.228
Apr 26, 2024 17:51:01.917191029 CEST	443	49722	142.250.217.228	192.168.2.6
Apr 26, 2024 17:51:01.917273998 CEST	49722	443	192.168.2.6	142.250.217.228
Apr 26, 2024 17:51:01.917568922 CEST	49722	443	192.168.2.6	142.250.217.228
Apr 26, 2024 17:51:01.917618990 CEST	443	49722	142.250.217.228	192.168.2.6
Apr 26, 2024 17:51:02.367175102 CEST	443	49722	142.250.217.228	192.168.2.6
Apr 26, 2024 17:51:02.367609978 CEST	49722	443	192.168.2.6	142.250.217.228
Apr 26, 2024 17:51:02.367655039 CEST	443	49722	142.250.217.228	192.168.2.6
Apr 26, 2024 17:51:02.368674994 CEST	443	49722	142.250.217.228	192.168.2.6
Apr 26, 2024 17:51:02.368745089 CEST	49722	443	192.168.2.6	142.250.217.228
Apr 26, 2024 17:51:02.378386974 CEST	49722	443	192.168.2.6	142.250.217.228
Apr 26, 2024 17:51:02.378468990 CEST	443	49722	142.250.217.228	192.168.2.6
Apr 26, 2024 17:51:02.455557108 CEST	49723	443	192.168.2.6	23.204.76.112
Apr 26, 2024 17:51:02.455583096 CEST	443	49723	23.204.76.112	192.168.2.6
Apr 26, 2024 17:51:02.455660105 CEST	49723	443	192.168.2.6	23.204.76.112
Apr 26, 2024 17:51:02.460083008 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:02.460938931 CEST	49721	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:02.460969925 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:02.461391926 CEST	49723	443	192.168.2.6	23.204.76.112
Apr 26, 2024 17:51:02.461406946 CEST	443	49723	23.204.76.112	192.168.2.6
Apr 26, 2024 17:51:02.462007999 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:02.462085009 CEST	49721	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:02.463772058 CEST	49721	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:02.463835001 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:02.464133978 CEST	49721	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:02.464143038 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:02.464766026 CEST	49722	443	192.168.2.6	142.250.217.228
Apr 26, 2024 17:51:02.464785099 CEST	443	49722	142.250.217.228	192.168.2.6
Apr 26, 2024 17:51:02.657633066 CEST	49722	443	192.168.2.6	142.250.217.228
Apr 26, 2024 17:51:02.657778978 CEST	49721	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:02.722671032 CEST	443	49723	23.204.76.112	192.168.2.6
Apr 26, 2024 17:51:02.722753048 CEST	49723	443	192.168.2.6	23.204.76.112
Apr 26, 2024 17:51:02.725286007 CEST	49723	443	192.168.2.6	23.204.76.112
Apr 26, 2024 17:51:02.725291967 CEST	443	49723	23.204.76.112	192.168.2.6
Apr 26, 2024 17:51:02.725713015 CEST	443	49723	23.204.76.112	192.168.2.6
Apr 26, 2024 17:51:02.761955023 CEST	49723	443	192.168.2.6	23.204.76.112
Apr 26, 2024 17:51:02.808137894 CEST	443	49723	23.204.76.112	192.168.2.6
Apr 26, 2024 17:51:02.963843107 CEST	443	49723	23.204.76.112	192.168.2.6
Apr 26, 2024 17:51:02.963922977 CEST	443	49723	23.204.76.112	192.168.2.6
Apr 26, 2024 17:51:02.963990927 CEST	49723	443	192.168.2.6	23.204.76.112
Apr 26, 2024 17:51:03.500987053 CEST	49723	443	192.168.2.6	23.204.76.112
Apr 26, 2024 17:51:03.501013041 CEST	443	49723	23.204.76.112	192.168.2.6
Apr 26, 2024 17:51:03.501041889 CEST	49723	443	192.168.2.6	23.204.76.112
Apr 26, 2024 17:51:03.501048088 CEST	443	49723	23.204.76.112	192.168.2.6
Apr 26, 2024 17:51:05.458508968 CEST	49724	443	192.168.2.6	23.204.76.112
Apr 26, 2024 17:51:05.458544970 CEST	443	49724	23.204.76.112	192.168.2.6
Apr 26, 2024 17:51:05.458609104 CEST	49724	443	192.168.2.6	23.204.76.112
Apr 26, 2024 17:51:05.459681988 CEST	49724	443	192.168.2.6	23.204.76.112
Apr 26, 2024 17:51:05.459696054 CEST	443	49724	23.204.76.112	192.168.2.6
Apr 26, 2024 17:51:05.471096039 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:05.471122026 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:05.471128941 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:05.471174955 CEST	49721	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:05.471190929 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:05.471244097 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:05.471266031 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:05.471319914 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:05.471344948 CEST	49721	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:05.471344948 CEST	49721	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:05.471344948 CEST	49721	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:05.471344948 CEST	49721	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:05.471355915 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:05.471376896 CEST	49721	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:05.471729994 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:05.471738100 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:05.471774101 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:05.471776009 CEST	49721	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:05.471796036 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:05.471837044 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:05.471851110 CEST	49721	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:05.471851110 CEST	49721	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:05.471851110 CEST	49721	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:05.654897928 CEST	49721	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:05.721702099 CEST	443	49724	23.204.76.112	192.168.2.6
Apr 26, 2024 17:51:05.721769094 CEST	49724	443	192.168.2.6	23.204.76.112
Apr 26, 2024 17:51:05.745574951 CEST	49724	443	192.168.2.6	23.204.76.112
Apr 26, 2024 17:51:05.745604038 CEST	443	49724	23.204.76.112	192.168.2.6
Apr 26, 2024 17:51:05.746500015 CEST	443	49724	23.204.76.112	192.168.2.6
Apr 26, 2024 17:51:05.748975992 CEST	49724	443	192.168.2.6	23.204.76.112
Apr 26, 2024 17:51:05.796122074 CEST	443	49724	23.204.76.112	192.168.2.6
Apr 26, 2024 17:51:05.932712078 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:05.932725906 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:05.932801962 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:05.932857037 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:05.932898045 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:05.932934046 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:05.933031082 CEST	49721	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:05.933031082 CEST	49721	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:05.933031082 CEST	49721	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:05.933031082 CEST	49721	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:05.933031082 CEST	49721	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:05.933062077 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:05.933105946 CEST	49721	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:05.933424950 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:05.933432102 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:05.933475018 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:05.933484077 CEST	49721	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:05.933497906 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:05.933536053 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:05.933548927 CEST	49721	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:05.933562040 CEST	49721	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:05.933573961 CEST	49721	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:05.934237957 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:05.934246063 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:05.934292078 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:05.934299946 CEST	49721	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:05.934331894 CEST	49721	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:05.934338093 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:05.934365988 CEST	49721	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:05.934365988 CEST	49721	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:05.934417963 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:05.934467077 CEST	49721	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:05.973589897 CEST	443	49724	23.204.76.112	192.168.2.6
Apr 26, 2024 17:51:05.973762035 CEST	443	49724	23.204.76.112	192.168.2.6
Apr 26, 2024 17:51:05.973846912 CEST	49724	443	192.168.2.6	23.204.76.112
Apr 26, 2024 17:51:05.974651098 CEST	49724	443	192.168.2.6	23.204.76.112
Apr 26, 2024 17:51:05.974666119 CEST	443	49724	23.204.76.112	192.168.2.6
Apr 26, 2024 17:51:06.393255949 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:06.393270969 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:06.393332005 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:06.393347025 CEST	49721	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:06.393379927 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:06.393400908 CEST	49721	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:06.393430948 CEST	49721	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:06.394241095 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:06.394256115 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:06.394301891 CEST	49721	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:06.394309998 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:06.394324064 CEST	49721	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:06.394351959 CEST	49721	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:06.395061016 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:06.395076036 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:06.395133018 CEST	49721	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:06.395140886 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:06.395184040 CEST	49721	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:06.396119118 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:06.396132946 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:06.396183014 CEST	49721	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:06.396190882 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:06.396203995 CEST	49721	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:06.396231890 CEST	49721	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:06.396884918 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:06.396900892 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:06.396948099 CEST	49721	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:06.396958113 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:06.396971941 CEST	49721	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:06.397000074 CEST	49721	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:06.397124052 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:06.397177935 CEST	49721	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:06.397193909 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:06.397222042 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:06.397238016 CEST	49721	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:06.397269011 CEST	49721	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:07.743079901 CEST	49721	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:07.815418005 CEST	49721	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:07.815434933 CEST	443	49721	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:07.944155931 CEST	49725	443	192.168.2.6	20.25.241.18
Apr 26, 2024 17:51:07.944209099 CEST	443	49725	20.25.241.18	192.168.2.6
Apr 26, 2024 17:51:07.944272995 CEST	49725	443	192.168.2.6	20.25.241.18
Apr 26, 2024 17:51:07.946069002 CEST	49725	443	192.168.2.6	20.25.241.18
Apr 26, 2024 17:51:07.946088076 CEST	443	49725	20.25.241.18	192.168.2.6
Apr 26, 2024 17:51:08.419914961 CEST	443	49725	20.25.241.18	192.168.2.6
Apr 26, 2024 17:51:08.420027018 CEST	49725	443	192.168.2.6	20.25.241.18
Apr 26, 2024 17:51:08.426203012 CEST	49725	443	192.168.2.6	20.25.241.18
Apr 26, 2024 17:51:08.426234961 CEST	443	49725	20.25.241.18	192.168.2.6
Apr 26, 2024 17:51:08.426501036 CEST	443	49725	20.25.241.18	192.168.2.6
Apr 26, 2024 17:51:08.432323933 CEST	49725	443	192.168.2.6	20.25.241.18
Apr 26, 2024 17:51:08.432364941 CEST	49725	443	192.168.2.6	20.25.241.18
Apr 26, 2024 17:51:08.432377100 CEST	443	49725	20.25.241.18	192.168.2.6
Apr 26, 2024 17:51:08.432486057 CEST	49725	443	192.168.2.6	20.25.241.18
Apr 26, 2024 17:51:08.448879957 CEST	49726	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:08.448908091 CEST	443	49726	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:08.448973894 CEST	49726	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:08.449244022 CEST	49727	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:08.449280024 CEST	443	49727	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:08.449331999 CEST	49727	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:08.451190948 CEST	49727	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:08.451205969 CEST	443	49727	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:08.451448917 CEST	49726	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:08.451462984 CEST	443	49726	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:08.480120897 CEST	443	49725	20.25.241.18	192.168.2.6
Apr 26, 2024 17:51:08.587784052 CEST	443	49725	20.25.241.18	192.168.2.6
Apr 26, 2024 17:51:08.587882042 CEST	443	49725	20.25.241.18	192.168.2.6
Apr 26, 2024 17:51:08.587995052 CEST	49725	443	192.168.2.6	20.25.241.18
Apr 26, 2024 17:51:08.588350058 CEST	49725	443	192.168.2.6	20.25.241.18
Apr 26, 2024 17:51:08.588385105 CEST	443	49725	20.25.241.18	192.168.2.6
Apr 26, 2024 17:51:09.077250957 CEST	49706	443	192.168.2.6	173.222.162.64
Apr 26, 2024 17:51:09.291701078 CEST	443	49706	173.222.162.64	192.168.2.6
Apr 26, 2024 17:51:09.333010912 CEST	443	49706	173.222.162.64	192.168.2.6
Apr 26, 2024 17:51:09.333041906 CEST	443	49706	173.222.162.64	192.168.2.6
Apr 26, 2024 17:51:09.333107948 CEST	49706	443	192.168.2.6	173.222.162.64
Apr 26, 2024 17:51:09.333108902 CEST	49706	443	192.168.2.6	173.222.162.64
Apr 26, 2024 17:51:09.333125114 CEST	443	49706	173.222.162.64	192.168.2.6
Apr 26, 2024 17:51:09.333144903 CEST	443	49706	173.222.162.64	192.168.2.6
Apr 26, 2024 17:51:09.333193064 CEST	49706	443	192.168.2.6	173.222.162.64
Apr 26, 2024 17:51:09.333193064 CEST	49706	443	192.168.2.6	173.222.162.64
Apr 26, 2024 17:51:09.466964006 CEST	443	49727	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:09.467221975 CEST	49727	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:09.467248917 CEST	443	49727	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:09.467698097 CEST	443	49727	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:09.468116999 CEST	49727	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:09.468213081 CEST	443	49727	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:09.468266964 CEST	49727	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:09.468312979 CEST	49727	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:09.468373060 CEST	443	49727	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:09.479639053 CEST	443	49726	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:09.479849100 CEST	49726	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:09.479861975 CEST	443	49726	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:09.481003046 CEST	443	49726	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:09.481390953 CEST	49726	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:09.481569052 CEST	443	49726	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:09.555475950 CEST	49726	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:11.009947062 CEST	443	49727	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:11.010119915 CEST	443	49727	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:11.010185957 CEST	49727	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:11.111578941 CEST	49727	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:11.111618042 CEST	443	49727	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:11.120341063 CEST	49726	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:11.164159060 CEST	443	49726	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:12.357662916 CEST	443	49722	142.250.217.228	192.168.2.6
Apr 26, 2024 17:51:12.357731104 CEST	443	49722	142.250.217.228	192.168.2.6
Apr 26, 2024 17:51:12.357786894 CEST	49722	443	192.168.2.6	142.250.217.228
Apr 26, 2024 17:51:13.067533970 CEST	49722	443	192.168.2.6	142.250.217.228
Apr 26, 2024 17:51:13.067610979 CEST	443	49722	142.250.217.228	192.168.2.6
Apr 26, 2024 17:51:15.145855904 CEST	443	49706	173.222.162.64	192.168.2.6
Apr 26, 2024 17:51:15.145956039 CEST	49706	443	192.168.2.6	173.222.162.64
Apr 26, 2024 17:51:18.925268888 CEST	443	49726	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:18.925331116 CEST	443	49726	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:18.925350904 CEST	443	49726	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:18.925395012 CEST	443	49726	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:18.925403118 CEST	49726	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:18.925426960 CEST	443	49726	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:18.925467968 CEST	443	49726	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:18.925486088 CEST	443	49726	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:18.925499916 CEST	49726	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:18.925514936 CEST	443	49726	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:18.925529003 CEST	49726	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:18.925573111 CEST	49726	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:18.925606966 CEST	443	49726	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:18.925651073 CEST	443	49726	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:18.925683975 CEST	49726	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:18.925690889 CEST	443	49726	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:18.925718069 CEST	49726	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:18.928260088 CEST	49726	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:18.928339958 CEST	49726	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:18.928342104 CEST	443	49726	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:18.928423882 CEST	49726	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:19.063736916 CEST	49732	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:19.063781977 CEST	443	49732	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:19.063867092 CEST	49732	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:19.064129114 CEST	49732	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:19.064142942 CEST	443	49732	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:20.751199961 CEST	443	49732	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:20.796113968 CEST	49732	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:21.019411087 CEST	49732	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:21.019458055 CEST	443	49732	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:21.020659924 CEST	443	49732	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:21.020725965 CEST	49732	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:21.024203062 CEST	49732	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:21.024420977 CEST	49732	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:21.024426937 CEST	443	49732	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:21.047518015 CEST	49733	443	192.168.2.6	20.25.241.18
Apr 26, 2024 17:51:21.047564030 CEST	443	49733	20.25.241.18	192.168.2.6
Apr 26, 2024 17:51:21.047677994 CEST	49733	443	192.168.2.6	20.25.241.18
Apr 26, 2024 17:51:21.048937082 CEST	49733	443	192.168.2.6	20.25.241.18
Apr 26, 2024 17:51:21.048949957 CEST	443	49733	20.25.241.18	192.168.2.6
Apr 26, 2024 17:51:21.068131924 CEST	443	49732	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:21.075315952 CEST	49732	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:21.075342894 CEST	443	49732	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:21.122412920 CEST	49732	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:21.525979042 CEST	443	49733	20.25.241.18	192.168.2.6
Apr 26, 2024 17:51:21.526072025 CEST	49733	443	192.168.2.6	20.25.241.18
Apr 26, 2024 17:51:21.540442944 CEST	49733	443	192.168.2.6	20.25.241.18
Apr 26, 2024 17:51:21.540484905 CEST	443	49733	20.25.241.18	192.168.2.6
Apr 26, 2024 17:51:21.540738106 CEST	443	49733	20.25.241.18	192.168.2.6
Apr 26, 2024 17:51:21.570070982 CEST	49733	443	192.168.2.6	20.25.241.18
Apr 26, 2024 17:51:21.570692062 CEST	49733	443	192.168.2.6	20.25.241.18
Apr 26, 2024 17:51:21.570707083 CEST	443	49733	20.25.241.18	192.168.2.6
Apr 26, 2024 17:51:21.571187973 CEST	49733	443	192.168.2.6	20.25.241.18
Apr 26, 2024 17:51:21.616132021 CEST	443	49733	20.25.241.18	192.168.2.6
Apr 26, 2024 17:51:21.727232933 CEST	443	49733	20.25.241.18	192.168.2.6
Apr 26, 2024 17:51:21.727427959 CEST	443	49733	20.25.241.18	192.168.2.6
Apr 26, 2024 17:51:21.727513075 CEST	49733	443	192.168.2.6	20.25.241.18
Apr 26, 2024 17:51:21.727899075 CEST	49733	443	192.168.2.6	20.25.241.18
Apr 26, 2024 17:51:21.727914095 CEST	443	49733	20.25.241.18	192.168.2.6
Apr 26, 2024 17:51:28.736565113 CEST	443	49732	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:28.736634970 CEST	49732	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:28.736661911 CEST	443	49732	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:28.736675978 CEST	443	49732	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:28.736717939 CEST	49732	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:28.737431049 CEST	49732	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:28.737447977 CEST	443	49732	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:28.739712954 CEST	49734	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:28.739758968 CEST	443	49734	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:28.739857912 CEST	49734	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:28.740207911 CEST	49734	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:28.740223885 CEST	443	49734	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:30.938879967 CEST	443	49734	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:30.939176083 CEST	49734	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:30.939208984 CEST	443	49734	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:30.940224886 CEST	443	49734	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:30.940290928 CEST	49734	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:30.940802097 CEST	49734	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:30.940855980 CEST	443	49734	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:30.941140890 CEST	49734	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:30.941148996 CEST	443	49734	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:30.988219976 CEST	49734	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:38.102961063 CEST	443	49734	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:38.102994919 CEST	443	49734	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:38.103004932 CEST	443	49734	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:38.103039026 CEST	443	49734	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:38.103049994 CEST	49734	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:38.103075981 CEST	443	49734	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:38.103091002 CEST	443	49734	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:38.103100061 CEST	49734	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:38.103144884 CEST	49734	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:38.103719950 CEST	443	49734	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:38.103743076 CEST	443	49734	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:38.103770971 CEST	49734	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:38.103781939 CEST	443	49734	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:38.103806019 CEST	49734	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:38.103823900 CEST	49734	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:38.354959011 CEST	49735	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:38.354999065 CEST	443	49735	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:38.355130911 CEST	49735	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:38.355674982 CEST	49735	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:38.355688095 CEST	443	49735	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:38.583416939 CEST	443	49734	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:38.583437920 CEST	443	49734	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:38.583460093 CEST	443	49734	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:38.583534956 CEST	49734	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:38.583561897 CEST	443	49734	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:38.583579063 CEST	49734	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:38.583605051 CEST	49734	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:38.584067106 CEST	443	49734	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:38.584181070 CEST	443	49734	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:38.584342003 CEST	49734	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:39.196477890 CEST	443	49735	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:39.241890907 CEST	49735	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:41.131680012 CEST	49735	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:41.131756067 CEST	443	49735	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:41.132297039 CEST	49734	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:41.132334948 CEST	443	49734	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:41.132847071 CEST	443	49735	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:41.132920027 CEST	49735	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:41.534117937 CEST	49735	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:41.534296989 CEST	49735	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:41.534307957 CEST	443	49735	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:41.534334898 CEST	443	49735	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:41.608071089 CEST	49735	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:41.608086109 CEST	443	49735	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:41.795097113 CEST	49735	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:42.393769979 CEST	49736	443	192.168.2.6	20.25.241.18
Apr 26, 2024 17:51:42.393800020 CEST	443	49736	20.25.241.18	192.168.2.6
Apr 26, 2024 17:51:42.394191980 CEST	49736	443	192.168.2.6	20.25.241.18
Apr 26, 2024 17:51:42.395651102 CEST	49736	443	192.168.2.6	20.25.241.18
Apr 26, 2024 17:51:42.395665884 CEST	443	49736	20.25.241.18	192.168.2.6
Apr 26, 2024 17:51:42.872414112 CEST	443	49736	20.25.241.18	192.168.2.6
Apr 26, 2024 17:51:42.872493982 CEST	49736	443	192.168.2.6	20.25.241.18
Apr 26, 2024 17:51:42.874696970 CEST	49736	443	192.168.2.6	20.25.241.18
Apr 26, 2024 17:51:42.874708891 CEST	443	49736	20.25.241.18	192.168.2.6
Apr 26, 2024 17:51:42.875010967 CEST	443	49736	20.25.241.18	192.168.2.6
Apr 26, 2024 17:51:42.877074003 CEST	49736	443	192.168.2.6	20.25.241.18
Apr 26, 2024 17:51:42.877300978 CEST	49736	443	192.168.2.6	20.25.241.18
Apr 26, 2024 17:51:42.877300978 CEST	49736	443	192.168.2.6	20.25.241.18
Apr 26, 2024 17:51:42.877307892 CEST	443	49736	20.25.241.18	192.168.2.6
Apr 26, 2024 17:51:42.924118042 CEST	443	49736	20.25.241.18	192.168.2.6
Apr 26, 2024 17:51:43.033512115 CEST	443	49736	20.25.241.18	192.168.2.6
Apr 26, 2024 17:51:43.033689022 CEST	443	49736	20.25.241.18	192.168.2.6
Apr 26, 2024 17:51:43.033787012 CEST	49736	443	192.168.2.6	20.25.241.18
Apr 26, 2024 17:51:43.034039974 CEST	49736	443	192.168.2.6	20.25.241.18
Apr 26, 2024 17:51:43.034061909 CEST	443	49736	20.25.241.18	192.168.2.6
Apr 26, 2024 17:51:43.435220003 CEST	49716	80	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:43.498646021 CEST	49717	80	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:43.858258009 CEST	49715	80	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:43.869766951 CEST	80	49716	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:44.335808039 CEST	80	49715	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:48.499839067 CEST	443	49735	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:48.499866009 CEST	443	49735	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:48.499872923 CEST	443	49735	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:48.499886036 CEST	443	49735	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:48.499891996 CEST	443	49735	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:48.499898911 CEST	443	49735	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:48.499922037 CEST	49735	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:48.499967098 CEST	443	49735	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:48.499994040 CEST	49735	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:48.500588894 CEST	443	49735	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:48.500597000 CEST	443	49735	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:48.500627041 CEST	443	49735	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:48.500642061 CEST	443	49735	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:48.500649929 CEST	443	49735	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:48.500662088 CEST	49735	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:48.500665903 CEST	443	49735	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:48.500684023 CEST	443	49735	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:48.500689983 CEST	49735	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:48.500721931 CEST	49735	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:48.916655064 CEST	443	49735	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:48.916691065 CEST	443	49735	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:48.916707039 CEST	443	49735	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:48.916739941 CEST	49735	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:48.916755915 CEST	443	49735	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:48.916776896 CEST	443	49735	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:48.916785002 CEST	49735	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:48.916796923 CEST	443	49735	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:48.916806936 CEST	49735	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:48.916826010 CEST	49735	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:48.916826010 CEST	443	49735	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:48.916938066 CEST	443	49735	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:48.916970968 CEST	49735	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:48.916997910 CEST	49735	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:48.917006016 CEST	443	49735	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:48.917155981 CEST	443	49735	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:48.917376041 CEST	49735	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:48.924597025 CEST	49735	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:48.924632072 CEST	443	49735	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:49.021414995 CEST	49737	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:49.021529913 CEST	443	49737	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:49.021634102 CEST	49737	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:49.022222996 CEST	49737	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:49.022258997 CEST	443	49737	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:49.124735117 CEST	49738	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:49.124800920 CEST	443	49738	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:49.124882936 CEST	49738	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:49.125153065 CEST	49738	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:49.125170946 CEST	443	49738	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:49.127523899 CEST	49739	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:49.127571106 CEST	443	49739	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:49.127640963 CEST	49739	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:49.127866030 CEST	49739	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:49.127881050 CEST	443	49739	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:49.128746033 CEST	49740	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:49.128783941 CEST	443	49740	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:49.128849983 CEST	49740	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:49.129277945 CEST	49741	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:49.129317045 CEST	443	49741	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:49.129396915 CEST	49741	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:49.129494905 CEST	49740	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:49.129514933 CEST	443	49740	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:49.129673004 CEST	49741	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:49.129689932 CEST	443	49741	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:49.899578094 CEST	443	49737	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:49.902179003 CEST	49737	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:49.902204037 CEST	443	49737	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:49.902558088 CEST	443	49737	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:49.903887987 CEST	49737	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:49.903985977 CEST	443	49737	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:49.905272007 CEST	49737	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:49.948117971 CEST	443	49737	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:49.955112934 CEST	443	49741	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:49.955560923 CEST	49741	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:49.955588102 CEST	443	49741	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:49.957068920 CEST	443	49741	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:49.957143068 CEST	49741	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:49.957971096 CEST	49741	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:49.958093882 CEST	443	49741	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:49.986778975 CEST	443	49740	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:49.987098932 CEST	49740	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:49.987118006 CEST	443	49740	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:49.987461090 CEST	443	49740	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:49.987915039 CEST	49740	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:49.987996101 CEST	443	49740	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:50.012623072 CEST	49741	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:50.012650013 CEST	443	49741	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:50.028645039 CEST	49740	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:50.059226036 CEST	49741	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:50.190550089 CEST	443	49739	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:50.190901995 CEST	49739	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:50.190928936 CEST	443	49739	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:50.192845106 CEST	443	49739	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:50.192925930 CEST	49739	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:50.193345070 CEST	49739	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:50.193557024 CEST	49739	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:50.193578959 CEST	443	49739	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:50.237257004 CEST	49739	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:50.237284899 CEST	443	49739	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:50.284502029 CEST	49739	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:53.862247944 CEST	443	49738	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:53.881629944 CEST	49738	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:53.881660938 CEST	443	49738	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:53.882071972 CEST	443	49738	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:53.883479118 CEST	49738	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:53.883542061 CEST	443	49738	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:53.883748055 CEST	49738	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:53.883774042 CEST	443	49738	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:53.935357094 CEST	49738	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:55.390324116 CEST	443	49737	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:55.390650988 CEST	49737	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:55.390683889 CEST	443	49737	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:55.390733004 CEST	49737	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:57.406311989 CEST	49744	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:57.406373978 CEST	443	49744	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:57.406449080 CEST	49744	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:57.406780005 CEST	49744	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:57.406800985 CEST	443	49744	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:58.288352013 CEST	443	49744	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:58.288742065 CEST	49744	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:58.288764000 CEST	443	49744	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:58.289885998 CEST	443	49744	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:58.290559053 CEST	49744	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:58.290559053 CEST	49744	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:58.290575981 CEST	443	49744	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:58.290731907 CEST	443	49744	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:58.340899944 CEST	49744	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:58.887810946 CEST	80	49716	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:58.888066053 CEST	49716	80	192.168.2.6	178.128.58.202
Apr 26, 2024 17:51:58.998270035 CEST	80	49717	178.128.58.202	192.168.2.6
Apr 26, 2024 17:51:58.998420000 CEST	49717	80	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:00.075530052 CEST	49716	80	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:00.076219082 CEST	49717	80	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:00.078321934 CEST	49745	443	192.168.2.6	142.250.217.228
Apr 26, 2024 17:52:00.078366995 CEST	443	49745	142.250.217.228	192.168.2.6
Apr 26, 2024 17:52:00.078438044 CEST	49745	443	192.168.2.6	142.250.217.228
Apr 26, 2024 17:52:00.078792095 CEST	49745	443	192.168.2.6	142.250.217.228
Apr 26, 2024 17:52:00.078810930 CEST	443	49745	142.250.217.228	192.168.2.6
Apr 26, 2024 17:52:00.224843979 CEST	443	49739	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:00.224879980 CEST	443	49739	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:00.224889994 CEST	443	49739	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:00.224930048 CEST	443	49739	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:00.224947929 CEST	49739	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:00.224956989 CEST	443	49739	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:00.224982023 CEST	443	49739	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:00.224993944 CEST	443	49739	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:00.225003004 CEST	49739	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:00.225003004 CEST	49739	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:00.225023031 CEST	49739	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:00.225044012 CEST	49739	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:00.243307114 CEST	49738	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:00.243514061 CEST	443	49738	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:00.243613005 CEST	49738	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:00.247435093 CEST	49744	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:00.247529030 CEST	443	49744	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:00.247586012 CEST	49744	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:00.401210070 CEST	49746	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:00.401262045 CEST	443	49746	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:00.401357889 CEST	49746	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:00.401890993 CEST	49746	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:00.401928902 CEST	443	49746	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:00.403641939 CEST	49747	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:00.403712034 CEST	443	49747	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:00.403862000 CEST	49747	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:00.404019117 CEST	49748	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:00.404067993 CEST	443	49748	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:00.404191971 CEST	49748	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:00.404254913 CEST	49749	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:00.404283047 CEST	443	49749	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:00.404330969 CEST	49749	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:00.405869007 CEST	49749	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:00.405883074 CEST	443	49749	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:00.408689976 CEST	443	49745	142.250.217.228	192.168.2.6
Apr 26, 2024 17:52:00.410705090 CEST	49748	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:00.410717964 CEST	443	49748	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:00.411042929 CEST	49747	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:00.411073923 CEST	443	49747	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:00.411243916 CEST	49745	443	192.168.2.6	142.250.217.228
Apr 26, 2024 17:52:00.411267996 CEST	443	49745	142.250.217.228	192.168.2.6
Apr 26, 2024 17:52:00.411623001 CEST	443	49745	142.250.217.228	192.168.2.6
Apr 26, 2024 17:52:00.412244081 CEST	49745	443	192.168.2.6	142.250.217.228
Apr 26, 2024 17:52:00.412305117 CEST	443	49745	142.250.217.228	192.168.2.6
Apr 26, 2024 17:52:00.452855110 CEST	49745	443	192.168.2.6	142.250.217.228
Apr 26, 2024 17:52:00.495991945 CEST	80	49716	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:00.579837084 CEST	80	49717	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:00.751689911 CEST	443	49739	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:00.751708031 CEST	443	49739	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:00.751776934 CEST	49739	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:00.751791000 CEST	443	49739	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:00.751826048 CEST	49739	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:00.751835108 CEST	443	49739	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:00.751847029 CEST	49739	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:00.798791885 CEST	49739	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:01.242588043 CEST	443	49746	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:01.266701937 CEST	443	49749	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:01.273806095 CEST	443	49739	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:01.273821115 CEST	443	49739	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:01.273888111 CEST	49739	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:01.273914099 CEST	443	49739	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:01.273960114 CEST	443	49739	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:01.273977995 CEST	443	49739	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:01.273979902 CEST	49739	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:01.273991108 CEST	443	49739	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:01.274008036 CEST	49739	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:01.274017096 CEST	443	49739	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:01.274029016 CEST	49739	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:01.274029970 CEST	443	49739	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:01.274095058 CEST	49739	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:01.274104118 CEST	443	49739	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:01.274130106 CEST	443	49739	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:01.274172068 CEST	49739	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:01.302333117 CEST	49746	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:01.310698032 CEST	49749	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:01.365372896 CEST	443	49747	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:01.417946100 CEST	49747	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:01.446659088 CEST	443	49748	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:01.497383118 CEST	49748	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:03.017765045 CEST	49748	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:03.017817974 CEST	443	49748	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:03.018868923 CEST	443	49748	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:03.018951893 CEST	49748	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:03.024096966 CEST	49747	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:03.024131060 CEST	443	49747	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:03.025551081 CEST	443	49747	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:03.025567055 CEST	443	49747	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:03.025614977 CEST	49747	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:03.028793097 CEST	49749	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:03.028815031 CEST	443	49749	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:03.028960943 CEST	49748	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:03.029042959 CEST	443	49748	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:03.029671907 CEST	49746	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:03.029689074 CEST	443	49746	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:03.030123949 CEST	443	49749	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:03.030184031 CEST	49749	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:03.031308889 CEST	443	49746	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:03.031330109 CEST	443	49746	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:03.031375885 CEST	49746	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:03.039904118 CEST	49747	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:03.040023088 CEST	443	49747	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:03.040366888 CEST	49739	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:03.040394068 CEST	443	49739	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:03.048315048 CEST	49749	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:03.048469067 CEST	443	49749	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:03.049345970 CEST	49748	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:03.049361944 CEST	443	49748	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:03.049926043 CEST	49747	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:03.049935102 CEST	443	49747	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:03.051120043 CEST	49749	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:03.051135063 CEST	443	49749	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:03.051697969 CEST	49746	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:03.051789999 CEST	443	49746	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:03.052701950 CEST	49746	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:03.052710056 CEST	443	49746	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:03.091788054 CEST	49749	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:03.091790915 CEST	49748	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:03.092040062 CEST	49747	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:03.107359886 CEST	49746	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:03.864957094 CEST	80	49715	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:03.865884066 CEST	49715	80	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:04.073018074 CEST	49715	80	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:04.549216986 CEST	80	49715	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:09.662797928 CEST	443	49749	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:09.662827969 CEST	443	49749	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:09.662838936 CEST	443	49749	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:09.662868977 CEST	443	49749	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:09.662889004 CEST	49749	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:09.662895918 CEST	443	49749	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:09.662908077 CEST	443	49749	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:09.662925005 CEST	443	49749	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:09.662929058 CEST	49749	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:09.662955046 CEST	49749	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:09.662990093 CEST	49749	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:09.662996054 CEST	443	49749	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:09.663007975 CEST	443	49749	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:09.663059950 CEST	49749	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:09.666088104 CEST	49749	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:09.666106939 CEST	443	49749	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:09.766422987 CEST	443	49746	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:09.766588926 CEST	443	49746	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:09.766864061 CEST	49746	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:09.767561913 CEST	49746	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:09.767580986 CEST	443	49746	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:09.768513918 CEST	49750	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:09.768570900 CEST	443	49750	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:09.768630028 CEST	49750	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:09.769133091 CEST	49750	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:09.769151926 CEST	443	49750	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:09.927292109 CEST	443	49748	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:09.927347898 CEST	443	49748	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:09.927371979 CEST	443	49748	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:09.927402973 CEST	443	49748	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:09.927433968 CEST	443	49748	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:09.927442074 CEST	49748	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:09.927453995 CEST	443	49748	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:09.927489996 CEST	443	49748	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:09.927491903 CEST	49748	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:09.927515030 CEST	49748	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:09.927540064 CEST	49748	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:09.927601099 CEST	443	49748	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:09.927658081 CEST	49748	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:09.927671909 CEST	443	49748	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:09.927752018 CEST	443	49748	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:09.927810907 CEST	49748	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:09.928834915 CEST	49748	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:09.928853989 CEST	443	49748	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:10.061403990 CEST	49751	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:10.061445951 CEST	443	49751	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:10.061507940 CEST	49751	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:10.061794996 CEST	49751	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:10.061809063 CEST	443	49751	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:10.396975040 CEST	443	49745	142.250.217.228	192.168.2.6
Apr 26, 2024 17:52:10.397022009 CEST	443	49745	142.250.217.228	192.168.2.6
Apr 26, 2024 17:52:10.397072077 CEST	49745	443	192.168.2.6	142.250.217.228
Apr 26, 2024 17:52:10.649504900 CEST	443	49750	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:10.649835110 CEST	49750	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:10.649867058 CEST	443	49750	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:10.650305033 CEST	443	49750	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:10.650672913 CEST	49750	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:10.650741100 CEST	443	49750	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:10.650827885 CEST	49750	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:10.650844097 CEST	49750	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:10.650888920 CEST	443	49750	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:11.081043959 CEST	443	49751	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:11.081482887 CEST	49751	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:11.081500053 CEST	443	49751	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:11.082521915 CEST	443	49751	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:11.082580090 CEST	49751	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:11.083811998 CEST	49751	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:11.083872080 CEST	443	49751	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:11.084075928 CEST	49751	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:11.084084034 CEST	443	49751	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:11.138710976 CEST	49751	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:11.203430891 CEST	443	49747	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:11.203464985 CEST	443	49747	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:11.203475952 CEST	443	49747	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:11.203506947 CEST	443	49747	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:11.203522921 CEST	443	49747	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:11.203536987 CEST	443	49747	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:11.203558922 CEST	49747	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:11.203629017 CEST	443	49747	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:11.203665972 CEST	49747	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:11.207204103 CEST	443	49747	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:11.207242966 CEST	443	49747	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:11.207253933 CEST	443	49747	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:11.207268953 CEST	443	49747	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:11.207277060 CEST	49747	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:11.207309961 CEST	443	49747	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:11.207345963 CEST	49747	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:11.247821093 CEST	49747	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:11.677794933 CEST	443	49747	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:11.677810907 CEST	443	49747	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:11.677835941 CEST	443	49747	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:11.677903891 CEST	49747	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:11.677973986 CEST	443	49747	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:11.678009987 CEST	49747	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:11.678034067 CEST	49747	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:11.680736065 CEST	443	49747	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:11.680746078 CEST	443	49747	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:11.680779934 CEST	443	49747	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:11.680839062 CEST	49747	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:11.680856943 CEST	443	49747	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:11.680886984 CEST	49747	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:11.680912971 CEST	49747	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:11.816864014 CEST	443	49747	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:11.816886902 CEST	443	49747	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:11.816952944 CEST	49747	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:11.816977978 CEST	443	49747	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:11.817012072 CEST	49747	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:11.817033052 CEST	49747	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:12.064037085 CEST	49745	443	192.168.2.6	142.250.217.228
Apr 26, 2024 17:52:12.064076900 CEST	443	49745	142.250.217.228	192.168.2.6
Apr 26, 2024 17:52:12.158374071 CEST	443	49747	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:12.158411980 CEST	443	49747	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:12.158463955 CEST	443	49747	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:12.158469915 CEST	49747	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:12.158526897 CEST	49747	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:12.158540010 CEST	443	49747	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:12.158684015 CEST	49747	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:12.159398079 CEST	443	49747	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:12.159441948 CEST	443	49747	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:12.159461975 CEST	49747	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:12.159472942 CEST	443	49747	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:12.159504890 CEST	49747	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:12.159523010 CEST	49747	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:12.160327911 CEST	443	49747	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:12.160388947 CEST	49747	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:12.160401106 CEST	443	49747	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:12.160501957 CEST	443	49747	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:12.160550117 CEST	49747	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:12.164707899 CEST	49747	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:12.164731979 CEST	443	49747	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:12.205862045 CEST	49752	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:12.205948114 CEST	443	49752	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:12.206120968 CEST	49752	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:12.207990885 CEST	49752	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:12.208018064 CEST	443	49752	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:12.226747036 CEST	49753	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:12.226830006 CEST	443	49753	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:12.226912022 CEST	49753	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:12.228009939 CEST	49753	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:12.228056908 CEST	443	49753	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:12.258456945 CEST	49754	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:12.258507967 CEST	443	49754	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:12.258761883 CEST	49754	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:12.259068966 CEST	49754	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:12.259085894 CEST	443	49754	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:13.021496058 CEST	443	49753	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:13.021868944 CEST	49753	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:13.021929026 CEST	443	49753	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:13.022938967 CEST	443	49753	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:13.023032904 CEST	49753	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:13.023370981 CEST	49753	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:13.023437977 CEST	443	49753	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:13.023749113 CEST	49753	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:13.023765087 CEST	443	49753	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:13.075584888 CEST	49753	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:14.213957071 CEST	443	49752	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:14.262901068 CEST	49752	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:14.323235035 CEST	443	49754	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:14.372319937 CEST	49754	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:14.962085962 CEST	49752	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:14.962136984 CEST	443	49752	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:14.962198973 CEST	49754	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:14.962227106 CEST	443	49754	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:14.963196039 CEST	443	49752	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:14.963263988 CEST	49752	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:14.965989113 CEST	443	49754	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:14.966044903 CEST	49754	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:14.994048119 CEST	49752	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:14.994178057 CEST	443	49752	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:14.995009899 CEST	49754	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:14.995176077 CEST	443	49754	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:14.996592045 CEST	49752	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:14.996608973 CEST	443	49752	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:14.996819973 CEST	49754	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:14.996841908 CEST	443	49754	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:15.044260979 CEST	49752	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:15.044327021 CEST	49754	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:15.512478113 CEST	49755	443	192.168.2.6	20.25.241.18
Apr 26, 2024 17:52:15.512505054 CEST	443	49755	20.25.241.18	192.168.2.6
Apr 26, 2024 17:52:15.512567997 CEST	49755	443	192.168.2.6	20.25.241.18
Apr 26, 2024 17:52:15.514578104 CEST	49755	443	192.168.2.6	20.25.241.18
Apr 26, 2024 17:52:15.514595985 CEST	443	49755	20.25.241.18	192.168.2.6
Apr 26, 2024 17:52:15.989499092 CEST	443	49755	20.25.241.18	192.168.2.6
Apr 26, 2024 17:52:15.989567041 CEST	49755	443	192.168.2.6	20.25.241.18
Apr 26, 2024 17:52:15.992544889 CEST	49755	443	192.168.2.6	20.25.241.18
Apr 26, 2024 17:52:15.992554903 CEST	443	49755	20.25.241.18	192.168.2.6
Apr 26, 2024 17:52:15.992806911 CEST	443	49755	20.25.241.18	192.168.2.6
Apr 26, 2024 17:52:15.995568991 CEST	49755	443	192.168.2.6	20.25.241.18
Apr 26, 2024 17:52:15.995635033 CEST	49755	443	192.168.2.6	20.25.241.18
Apr 26, 2024 17:52:15.995640039 CEST	443	49755	20.25.241.18	192.168.2.6
Apr 26, 2024 17:52:15.995836020 CEST	49755	443	192.168.2.6	20.25.241.18
Apr 26, 2024 17:52:16.036123037 CEST	443	49755	20.25.241.18	192.168.2.6
Apr 26, 2024 17:52:16.151376963 CEST	443	49755	20.25.241.18	192.168.2.6
Apr 26, 2024 17:52:16.151479959 CEST	443	49755	20.25.241.18	192.168.2.6
Apr 26, 2024 17:52:16.151623011 CEST	49755	443	192.168.2.6	20.25.241.18
Apr 26, 2024 17:52:16.151942968 CEST	49755	443	192.168.2.6	20.25.241.18
Apr 26, 2024 17:52:16.151952982 CEST	443	49755	20.25.241.18	192.168.2.6
Apr 26, 2024 17:52:17.541256905 CEST	443	49751	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:17.541403055 CEST	443	49751	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:17.541452885 CEST	49751	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:17.543291092 CEST	49751	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:17.543303967 CEST	443	49751	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:19.905018091 CEST	443	49753	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:19.905041933 CEST	443	49753	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:19.905179024 CEST	49753	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:19.905241966 CEST	443	49753	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:19.905637980 CEST	443	49753	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:19.905714989 CEST	49753	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:19.907082081 CEST	49753	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:19.907125950 CEST	443	49753	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:20.113209963 CEST	49756	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:20.113289118 CEST	443	49756	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:20.113399982 CEST	49756	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:20.113694906 CEST	49756	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:20.113713026 CEST	443	49756	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:21.011363983 CEST	443	49750	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:21.011471033 CEST	443	49750	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:21.011790037 CEST	49750	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:21.011818886 CEST	443	49750	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:21.011833906 CEST	49750	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:21.011883974 CEST	49750	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:21.096610069 CEST	443	49752	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:21.096752882 CEST	443	49752	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:21.096808910 CEST	49752	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:21.096914053 CEST	49752	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:21.096930981 CEST	443	49752	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:22.779884100 CEST	443	49754	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:22.779948950 CEST	443	49754	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:22.779969931 CEST	443	49754	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:22.779989004 CEST	443	49754	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:22.780004978 CEST	49754	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:22.780035973 CEST	443	49754	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:22.780055046 CEST	49754	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:22.780060053 CEST	443	49754	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:22.780081034 CEST	443	49754	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:22.780108929 CEST	49754	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:22.780128956 CEST	443	49754	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:22.780129910 CEST	49754	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:22.780550003 CEST	49754	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:22.780822039 CEST	443	49754	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:22.780842066 CEST	443	49754	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:22.780883074 CEST	443	49754	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:22.780895948 CEST	49754	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:22.780910015 CEST	443	49754	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:22.780936003 CEST	49754	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:22.780958891 CEST	49754	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:23.108656883 CEST	49757	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:23.108695984 CEST	443	49757	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:23.108779907 CEST	49757	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:23.109030008 CEST	49757	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:23.109046936 CEST	443	49757	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:23.817378044 CEST	443	49754	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:23.817404032 CEST	443	49754	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:23.817436934 CEST	443	49754	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:23.817537069 CEST	49754	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:23.817537069 CEST	49754	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:23.817568064 CEST	443	49754	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:23.817625046 CEST	443	49754	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:23.817661047 CEST	49754	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:23.817898989 CEST	49754	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:23.820856094 CEST	49754	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:23.820878029 CEST	443	49754	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:23.850505114 CEST	49758	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:23.850522041 CEST	49759	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:23.850553036 CEST	443	49759	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:23.850554943 CEST	443	49758	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:23.850650072 CEST	49758	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:23.850693941 CEST	49759	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:23.850929976 CEST	49760	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:23.850939035 CEST	443	49760	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:23.851006031 CEST	49760	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:23.851262093 CEST	49758	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:23.851275921 CEST	443	49758	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:23.851475000 CEST	49759	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:23.851490974 CEST	443	49759	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:23.851711035 CEST	49760	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:23.851722956 CEST	443	49760	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:24.629371881 CEST	443	49758	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:24.640867949 CEST	443	49759	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:24.670829058 CEST	49758	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:24.686933994 CEST	49759	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:24.720530987 CEST	443	49760	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:24.744280100 CEST	443	49756	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:24.766504049 CEST	49760	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:24.798589945 CEST	49756	443	192.168.2.6	178.128.58.202
Apr 26, 2024 17:52:25.133377075 CEST	443	49757	178.128.58.202	192.168.2.6
Apr 26, 2024 17:52:25.180155993 CEST	49757	443	192.168.2.6	178.128.58.202

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 26, 2024 17:50:55.915636063 CEST	53	56647	1.1.1.1	192.168.2.6
Apr 26, 2024 17:50:55.928478956 CEST	53	53967	1.1.1.1	192.168.2.6
Apr 26, 2024 17:50:57.648979902 CEST	55733	53	192.168.2.6	1.1.1.1
Apr 26, 2024 17:50:57.649152040 CEST	49264	53	192.168.2.6	1.1.1.1
Apr 26, 2024 17:50:57.782011986 CEST	53	55733	1.1.1.1	192.168.2.6
Apr 26, 2024 17:50:57.782042980 CEST	53	49264	1.1.1.1	192.168.2.6
Apr 26, 2024 17:50:58.138225079 CEST	53	61528	1.1.1.1	192.168.2.6
Apr 26, 2024 17:50:58.863619089 CEST	51867	53	192.168.2.6	1.1.1.1
Apr 26, 2024 17:50:58.864063978 CEST	50167	53	192.168.2.6	1.1.1.1
Apr 26, 2024 17:50:58.997847080 CEST	53	51867	1.1.1.1	192.168.2.6
Apr 26, 2024 17:50:58.998198986 CEST	53	50167	1.1.1.1	192.168.2.6
Apr 26, 2024 17:51:00.055047989 CEST	54744	53	192.168.2.6	1.1.1.1
Apr 26, 2024 17:51:00.055258989 CEST	58826	53	192.168.2.6	1.1.1.1
Apr 26, 2024 17:51:00.180260897 CEST	53	58826	1.1.1.1	192.168.2.6
Apr 26, 2024 17:51:00.181366920 CEST	53	54744	1.1.1.1	192.168.2.6
Apr 26, 2024 17:51:01.290735006 CEST	61987	53	192.168.2.6	1.1.1.1
Apr 26, 2024 17:51:01.291057110 CEST	63964	53	192.168.2.6	1.1.1.1
Apr 26, 2024 17:51:01.415919065 CEST	53	61987	1.1.1.1	192.168.2.6
Apr 26, 2024 17:51:01.416265965 CEST	53	63964	1.1.1.1	192.168.2.6
Apr 26, 2024 17:51:17.974035978 CEST	53	59741	1.1.1.1	192.168.2.6
Apr 26, 2024 17:51:18.929527998 CEST	57490	53	192.168.2.6	1.1.1.1
Apr 26, 2024 17:51:18.929732084 CEST	62602	53	192.168.2.6	1.1.1.1
Apr 26, 2024 17:51:19.058811903 CEST	53	62602	1.1.1.1	192.168.2.6
Apr 26, 2024 17:51:19.063167095 CEST	53	57490	1.1.1.1	192.168.2.6
Apr 26, 2024 17:51:37.125188112 CEST	53	53179	1.1.1.1	192.168.2.6
Apr 26, 2024 17:51:38.218015909 CEST	65230	53	192.168.2.6	1.1.1.1
Apr 26, 2024 17:51:38.218774080 CEST	59253	53	192.168.2.6	1.1.1.1
Apr 26, 2024 17:51:38.353388071 CEST	53	65230	1.1.1.1	192.168.2.6
Apr 26, 2024 17:51:38.353701115 CEST	53	59253	1.1.1.1	192.168.2.6
Apr 26, 2024 17:51:55.456618071 CEST	53	57372	1.1.1.1	192.168.2.6
Apr 26, 2024 17:52:00.262346983 CEST	58568	53	192.168.2.6	1.1.1.1
Apr 26, 2024 17:52:00.262860060 CEST	63031	53	192.168.2.6	1.1.1.1
Apr 26, 2024 17:52:00.268780947 CEST	55137	53	192.168.2.6	1.1.1.1
Apr 26, 2024 17:52:00.270005941 CEST	53925	53	192.168.2.6	1.1.1.1
Apr 26, 2024 17:52:00.390691996 CEST	53	58568	1.1.1.1	192.168.2.6
Apr 26, 2024 17:52:00.396363020 CEST	53	63031	1.1.1.1	192.168.2.6
Apr 26, 2024 17:52:00.396644115 CEST	53	53925	1.1.1.1	192.168.2.6
Apr 26, 2024 17:52:00.402307987 CEST	53	55137	1.1.1.1	192.168.2.6
Apr 26, 2024 17:52:00.782078028 CEST	53	51985	1.1.1.1	192.168.2.6
Apr 26, 2024 17:52:09.932178974 CEST	53131	53	192.168.2.6	1.1.1.1
Apr 26, 2024 17:52:09.932817936 CEST	50713	53	192.168.2.6	1.1.1.1
Apr 26, 2024 17:52:10.059716940 CEST	53	50713	1.1.1.1	192.168.2.6
Apr 26, 2024 17:52:10.060318947 CEST	53	53131	1.1.1.1	192.168.2.6
Apr 26, 2024 17:52:19.916826010 CEST	62104	53	192.168.2.6	1.1.1.1
Apr 26, 2024 17:52:19.917203903 CEST	61970	53	192.168.2.6	1.1.1.1
Apr 26, 2024 17:52:20.044651031 CEST	53	61970	1.1.1.1	192.168.2.6
Apr 26, 2024 17:52:20.046375036 CEST	53	62104	1.1.1.1	192.168.2.6
Apr 26, 2024 17:52:23.514326096 CEST	53	56907	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 26, 2024 17:50:57.648979902 CEST	192.168.2.6	1.1.1.1	0x8268	Standard query (0)	relevanteduofficelogin.relevantedu.xyz	A (IP address)	IN (0x0001)	false
Apr 26, 2024 17:50:57.649152040 CEST	192.168.2.6	1.1.1.1	0x3029	Standard query (0)	relevanteduofficelogin.relevantedu.xyz	65	IN (0x0001)	false
Apr 26, 2024 17:50:58.863619089 CEST	192.168.2.6	1.1.1.1	0x93a6	Standard query (0)	relevanteduofficelogin.relevantedu.xyz	A (IP address)	IN (0x0001)	false
Apr 26, 2024 17:50:58.864063978 CEST	192.168.2.6	1.1.1.1	0x3f2c	Standard query (0)	relevanteduofficelogin.relevantedu.xyz	65	IN (0x0001)	false
Apr 26, 2024 17:51:00.055047989 CEST	192.168.2.6	1.1.1.1	0x4e55	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 26, 2024 17:51:00.055258989 CEST	192.168.2.6	1.1.1.1	0x8580	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 26, 2024 17:51:01.290735006 CEST	192.168.2.6	1.1.1.1	0xfbbb	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 26, 2024 17:51:01.291057110 CEST	192.168.2.6	1.1.1.1	0x8276	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 26, 2024 17:51:18.929527998 CEST	192.168.2.6	1.1.1.1	0xce5d	Standard query (0)	0ffice.relevantedu.xyz	A (IP address)	IN (0x0001)	false
Apr 26, 2024 17:51:18.929732084 CEST	192.168.2.6	1.1.1.1	0x19fc	Standard query (0)	0ffice.relevantedu.xyz	65	IN (0x0001)	false
Apr 26, 2024 17:51:38.218015909 CEST	192.168.2.6	1.1.1.1	0x7cae	Standard query (0)	b72d03ca-862723ea.relevantedu.xyz	A (IP address)	IN (0x0001)	false
Apr 26, 2024 17:51:38.218774080 CEST	192.168.2.6	1.1.1.1	0xe6c9	Standard query (0)	b72d03ca-862723ea.relevantedu.xyz	65	IN (0x0001)	false
Apr 26, 2024 17:52:00.262346983 CEST	192.168.2.6	1.1.1.1	0x55d3	Standard query (0)	b5e70507-862723ea.relevantedu.xyz	A (IP address)	IN (0x0001)	false
Apr 26, 2024 17:52:00.262860060 CEST	192.168.2.6	1.1.1.1	0x2cc3	Standard query (0)	b5e70507-862723ea.relevantedu.xyz	65	IN (0x0001)	false
Apr 26, 2024 17:52:00.268780947 CEST	192.168.2.6	1.1.1.1	0x4145	Standard query (0)	181eeb1c-862723ea.relevantedu.xyz	A (IP address)	IN (0x0001)	false
Apr 26, 2024 17:52:00.270005941 CEST	192.168.2.6	1.1.1.1	0x77e8	Standard query (0)	181eeb1c-862723ea.relevantedu.xyz	65	IN (0x0001)	false
Apr 26, 2024 17:52:09.932178974 CEST	192.168.2.6	1.1.1.1	0x7a61	Standard query (0)	l1ve.relevantedu.xyz	A (IP address)	IN (0x0001)	false
Apr 26, 2024 17:52:09.932817936 CEST	192.168.2.6	1.1.1.1	0xc986	Standard query (0)	l1ve.relevantedu.xyz	65	IN (0x0001)	false
Apr 26, 2024 17:52:19.916826010 CEST	192.168.2.6	1.1.1.1	0x2d2d	Standard query (0)	181eeb1c-862723ea.relevantedu.xyz	A (IP address)	IN (0x0001)	false
Apr 26, 2024 17:52:19.917203903 CEST	192.168.2.6	1.1.1.1	0x3975	Standard query (0)	181eeb1c-862723ea.relevantedu.xyz	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 26, 2024 17:50:57.782011986 CEST	1.1.1.1	192.168.2.6	0x8268	No error (0)	relevanteduofficelogin.relevantedu.xyz		178.128.58.202	A (IP address)	IN (0x0001)	false
Apr 26, 2024 17:50:58.997847080 CEST	1.1.1.1	192.168.2.6	0x93a6	No error (0)	relevanteduofficelogin.relevantedu.xyz		178.128.58.202	A (IP address)	IN (0x0001)	false
Apr 26, 2024 17:51:00.180260897 CEST	1.1.1.1	192.168.2.6	0x8580	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 26, 2024 17:51:00.181366920 CEST	1.1.1.1	192.168.2.6	0x4e55	No error (0)	www.google.com		142.250.217.196	A (IP address)	IN (0x0001)	false
Apr 26, 2024 17:51:01.415919065 CEST	1.1.1.1	192.168.2.6	0xfbbb	No error (0)	www.google.com		142.250.217.228	A (IP address)	IN (0x0001)	false
Apr 26, 2024 17:51:01.416265965 CEST	1.1.1.1	192.168.2.6	0x8276	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 26, 2024 17:51:09.495364904 CEST	1.1.1.1	192.168.2.6	0x9e17	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 17:51:09.495364904 CEST	1.1.1.1	192.168.2.6	0x9e17	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 26, 2024 17:51:11.591468096 CEST	1.1.1.1	192.168.2.6	0x12fe	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Apr 26, 2024 17:51:11.591468096 CEST	1.1.1.1	192.168.2.6	0x12fe	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Apr 26, 2024 17:51:19.063167095 CEST	1.1.1.1	192.168.2.6	0xce5d	No error (0)	0ffice.relevantedu.xyz		178.128.58.202	A (IP address)	IN (0x0001)	false
Apr 26, 2024 17:51:38.353388071 CEST	1.1.1.1	192.168.2.6	0x7cae	No error (0)	b72d03ca-862723ea.relevantedu.xyz		178.128.58.202	A (IP address)	IN (0x0001)	false
Apr 26, 2024 17:52:00.390691996 CEST	1.1.1.1	192.168.2.6	0x55d3	No error (0)	b5e70507-862723ea.relevantedu.xyz		178.128.58.202	A (IP address)	IN (0x0001)	false
Apr 26, 2024 17:52:00.402307987 CEST	1.1.1.1	192.168.2.6	0x4145	No error (0)	181eeb1c-862723ea.relevantedu.xyz		178.128.58.202	A (IP address)	IN (0x0001)	false
Apr 26, 2024 17:52:08.609368086 CEST	1.1.1.1	192.168.2.6	0xfdf5	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Apr 26, 2024 17:52:08.609368086 CEST	1.1.1.1	192.168.2.6	0xfdf5	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Apr 26, 2024 17:52:10.060318947 CEST	1.1.1.1	192.168.2.6	0x7a61	No error (0)	l1ve.relevantedu.xyz		178.128.58.202	A (IP address)	IN (0x0001)	false
Apr 26, 2024 17:52:20.046375036 CEST	1.1.1.1	192.168.2.6	0x2d2d	No error (0)	181eeb1c-862723ea.relevantedu.xyz		178.128.58.202	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

relevanteduofficelogin.relevantedu.xyz

fs.microsoft.com

https:

0ffice.relevantedu.xyz

b72d03ca-862723ea.relevantedu.xyz

181eeb1c-862723ea.relevantedu.xyz

l1ve.relevantedu.xyz

b5e70507-862723ea.relevantedu.xyz

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49715	178.128.58.202	80	5916	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 17:50:58.379620075 CEST	453	OUT	GET / HTTP/1.1 Host: relevanteduofficelogin.relevantedu.xyz Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Apr 26, 2024 17:50:58.858129978 CEST	380	IN	HTTP/1.1 307 Temporary Redirect Server: nginx Date: Fri, 26 Apr 2024 15:50:58 GMT Content-Type: text/html Content-Length: 164 Connection: keep-alive Location: https://relevanteduofficelogin.relevantedu.xyz/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 37 20 54 65 6d 70 6f 72 61 72 79 20 52 65 64 69 72 65 63 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 37 20 54 65 6d 70 6f 72 61 72 79 20 52 65 64 69 72 65 63 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>307 Temporary Redirect</title></head><body><center><h1>307 Temporary Redirect</h1></center><hr><center>nginx</center></body></html>
Apr 26, 2024 17:51:43.858258009 CEST	6	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49716	178.128.58.202	80	5916	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 17:51:43.435220003 CEST	6	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49717	178.128.58.202	80	5916	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Apr 26, 2024 17:51:43.498646021 CEST	6	OUT	Data Raw: 00 Data Ascii:

HTTPS Connections

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Apr 26, 2024 17:51:09.333125114 CEST	173.222.162.64	443	192.168.2.6	49706	CN=r.bing.com, O=Microsoft Corporation, L=Redmond, ST=WA, C=US CN=Microsoft Azure ECC TLS Issuing CA 05, O=Microsoft Corporation, C=US	CN=Microsoft Azure ECC TLS Issuing CA 05, O=Microsoft Corporation, C=US CN=DigiCert Global Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Oct 18 22:32:40 CEST 2023 Wed Aug 12 02:00:00 CEST 2020	Fri Jun 28 01:59:59 CEST 2024 Fri Jun 28 01:59:59 CEST 2024	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-16-23-65281,29-23-24,0	28a2c9bd18a11de089ef85a160da29e4
Apr 26, 2024 17:51:09.333125114 CEST	173.222.162.64	443	192.168.2.6	49706	CN=Microsoft Azure ECC TLS Issuing CA 05, O=Microsoft Corporation, C=US	CN=DigiCert Global Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Aug 12 02:00:00 CEST 2020	Fri Jun 28 01:59:59 CEST 2024		28a2c9bd18a11de089ef85a160da29e4

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.6	49720	20.25.241.18	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:50:59 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 52 4f 53 62 58 48 71 62 6a 45 79 4b 2f 48 59 31 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 64 31 64 63 65 39 31 31 33 39 32 61 35 38 33 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: ROSbXHqbjEyK/HY1.1Context: bd1dce911392a583
2024-04-26 15:50:59 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-04-26 15:50:59 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 52 4f 53 62 58 48 71 62 6a 45 79 4b 2f 48 59 31 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 64 31 64 63 65 39 31 31 33 39 32 61 35 38 33 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 62 62 33 64 64 79 63 39 67 67 65 6c 34 58 67 37 2b 33 31 47 79 34 47 73 4b 67 77 66 49 6a 41 33 4c 6b 69 6e 47 64 56 37 71 76 6e 49 67 2b 44 59 7a 76 53 6e 6a 71 79 4c 77 45 48 76 4a 4c 6a 78 6b 78 77 4a 33 34 2b 47 44 42 46 57 35 37 66 52 41 39 35 49 2f 68 54 47 66 48 51 68 53 4d 2b 56 61 7a 44 46 75 48 78 5a 4c 76 55 4d 33 Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: ROSbXHqbjEyK/HY1.2Context: bd1dce911392a583<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAbb3ddyc9ggel4Xg7+31Gy4GsKgwfIjA3LkinGdV7qvnIg+DYzvSnjqyLwEHvJLjxkxwJ34+GDBFW57fRA95I/hTGfHQhSM+VazDFuHxZLvUM3
2024-04-26 15:50:59 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 52 4f 53 62 58 48 71 62 6a 45 79 4b 2f 48 59 31 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 64 31 64 63 65 39 31 31 33 39 32 61 35 38 33 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: ROSbXHqbjEyK/HY1.3Context: bd1dce911392a583<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-04-26 15:50:59 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-04-26 15:50:59 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 57 68 2b 69 2f 45 69 73 69 6b 65 36 6b 6c 4e 4e 44 39 50 6e 6b 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: Wh+i/Eisike6klNND9PnkA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49721	178.128.58.202	443	5916	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:51:02 UTC	681	OUT	GET / HTTP/1.1 Host: relevanteduofficelogin.relevantedu.xyz Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 15:51:05 UTC	181	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Apr 2024 15:51:04 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding
2024-04-26 15:51:05 UTC	16203	IN	Data Raw: 37 37 66 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 66 75 6e 63 74 69 6f 6e 20 61 30 79 28 71 2c 4f 29 7b 76 61 72 20 43 3d 61 30 54 28 29 3b 72 65 74 75 72 6e 20 61 30 79 3d 66 75 6e 63 74 69 6f 6e 28 46 2c 54 29 7b 46 3d 46 2d 30 78 31 61 36 3b 76 61 72 20 79 3d 43 5b 46 5d 3b 72 65 74 75 72 6e 20 79 3b 7d 2c 61 30 79 28 71 2c 4f 29 3b 7d 66 75 6e 63 74 69 6f 6e 20 61 30 54 28 29 7b 76 61 72 20 72 41 3d 5b 27 63 6c 61 73 73 4c 69 73 74 27 2c 27 27 2c 27 27 2c 27 77 68 69 74 65 53 70 61 63 65 27 2c 27 5a 70 54 4b 43 27 2c 27 68 61 73 4f 77 6e 50 72 6f 70 65 Data Ascii: 77f6<!DOCTYPE html><html lang="en"> <head> <script type="text/javascript"> function a0y(q,O){var C=a0T();return a0y=function(F,T){F=F-0x1a6;var y=C[F];return y;},a0y(q,O);}function a0T(){var rA=['classList','','','whiteSpace','ZpTKC','hasOwnPrope
2024-04-26 15:51:05 UTC	14515	IN	Data Raw: 72 75 63 74 6f 72 27 2c 27 69 6e 64 65 78 27 2c 27 64 69 76 5b 63 6c 61 73 73 5e 3d 5c 78 32 32 61 70 70 5f 67 64 70 72 5c 78 32 32 5d 27 2c 27 49 53 5f 49 54 45 52 41 54 4f 52 27 2c 27 75 73 65 72 41 67 65 6e 74 27 2c 27 6f 66 66 73 65 74 50 61 72 65 6e 74 27 2c 27 74 6f 53 74 72 69 6e 67 27 2c 27 6a 6f 69 6e 27 2c 27 70 65 72 6d 69 73 73 69 6f 6e 27 2c 27 27 2c 27 52 54 43 50 65 65 72 43 6f 6e 6e 65 63 74 69 6f 6e 49 63 65 45 76 65 6e 74 27 2c 27 44 4f 4d 52 65 63 74 4c 69 73 74 27 2c 27 7a 6f 6f 6d 27 2c 27 6e 6f 2d 70 72 65 66 65 72 65 6e 63 65 27 2c 27 31 32 4b 75 4f 63 4d 6c 27 2c 27 66 61 69 6c 27 2c 27 76 6b 4e 78 43 27 2c 27 70 61 67 65 58 4f 66 66 73 65 74 27 2c 27 32 30 33 30 37 35 61 43 57 59 41 53 27 2c 27 4c 65 74 74 65 72 5c 78 32 30 47 6f Data Ascii: ructor','index','div[class^=\x22app_gdpr\x22]','IS_ITERATOR','userAgent','offsetParent','toString','join','permission','','RTCPeerConnectionIceEvent','DOMRectList','zoom','no-preference','12KuOcMl','fail','vkNxC','pageXOffset','203075aCWYAS','Letter\x20Go
2024-04-26 15:51:05 UTC	16384	IN	Data Raw: 63 38 30 33 0d 0a 30 78 30 3a 68 3b 7d 65 6c 73 65 7b 72 65 74 75 72 6e 20 61 72 67 75 6d 65 6e 74 73 5b 46 45 28 30 78 34 64 39 29 5d 3c 30 78 32 3f 28 52 3d 47 5b 68 5d 2c 4a 28 52 29 3f 52 3a 76 6f 69 64 20 30 78 30 29 3a 62 5b 62 5d 26 26 68 5b 75 5d 5b 52 5d 3b 76 61 72 20 52 3b 7d 7d 2c 30 78 31 62 32 63 3a 66 75 6e 63 74 69 6f 6e 28 4c 2c 47 2c 4a 29 7b 76 61 72 20 46 6c 3d 61 30 79 3b 69 66 28 27 68 6f 54 4b 49 27 21 3d 3d 46 6c 28 30 78 32 63 39 29 29 7b 76 61 72 20 62 3d 4a 28 30 78 33 61 61 29 2c 68 3d 4a 28 30 78 31 30 65 65 29 3b 4c 5b 46 6c 28 30 78 33 33 62 29 5d 3d 21 62 26 26 21 68 26 26 27 6f 62 6a 65 63 74 27 3d 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 46 6c 28 30 78 32 31 31 29 3d 3d 74 79 70 65 6f 66 20 64 6f 63 75 6d 65 6e 74 Data Ascii: c8030x0:h;}else{return arguments[FE(0x4d9)]<0x2?(R=G[h],J(R)?R:void 0x0):b[b]&&h[u][R];var R;}},0x1b2c:function(L,G,J){var Fl=a0y;if('hoTKI'!==Fl(0x2c9)){var b=J(0x3aa),h=J(0x10ee);L[Fl(0x33b)]=!b&&!h&&'object'==typeof window&&Fl(0x211)==typeof document
2024-04-26 15:51:05 UTC	16384	IN	Data Raw: 61 72 20 62 3d 4a 28 30 78 37 33 62 29 5b 27 49 74 65 72 61 74 6f 72 50 72 6f 74 6f 74 79 70 65 27 5d 2c 68 3d 4a 28 30 78 31 34 61 61 29 2c 52 3d 4a 28 30 78 31 65 33 61 29 2c 78 3d 4a 28 30 78 38 65 35 29 2c 6b 3d 4a 28 30 78 31 61 37 37 29 2c 57 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 3b 7d 3b 4c 5b 27 65 78 70 6f 72 74 73 27 5d 3d 66 75 6e 63 74 69 6f 6e 28 70 2c 42 2c 5a 2c 6a 29 7b 76 61 72 20 79 42 3d 61 30 79 2c 59 3d 42 2b 79 42 28 30 78 34 66 34 29 3b 72 65 74 75 72 6e 20 70 5b 79 42 28 30 78 33 66 36 29 5d 3d 68 28 62 2c 7b 27 6e 65 78 74 27 3a 52 28 2b 21 6a 2c 5a 29 7d 29 2c 78 28 70 2c 59 2c 21 30 78 31 2c 21 30 78 30 29 2c 6b 5b 59 5d 3d 57 2c 70 3b 7d 3b 7d 2c 30 78 31 36 31 65 3a 66 75 6e 63 74 69 6f 6e 28 47 Data Ascii: ar b=J(0x73b)['IteratorPrototype'],h=J(0x14aa),R=J(0x1e3a),x=J(0x8e5),k=J(0x1a77),W=function(){return this;};L['exports']=function(p,B,Z,j){var yB=a0y,Y=B+yB(0x4f4);return p[yB(0x3f6)]=h(b,{'next':R(+!j,Z)}),x(p,Y,!0x1,!0x0),k[Y]=W,p;};},0x161e:function(G
2024-04-26 15:51:05 UTC	16384	IN	Data Raw: 29 2c 4a 28 68 29 26 26 75 5b 73 41 28 30 78 32 32 39 29 5d 3d 3d 3d 52 29 72 65 74 75 72 6e 20 78 3b 76 61 72 20 52 3d 6b 5b 27 66 27 5d 28 57 29 3b 72 65 74 75 72 6e 28 30 78 30 2c 52 5b 27 72 65 73 6f 6c 76 65 27 5d 29 28 52 29 2c 52 5b 73 41 28 30 78 33 64 39 29 5d 3b 7d 7d 3b 7d 65 6c 73 65 7b 76 61 72 20 68 3d 6f 28 4a 5b 27 72 65 73 6f 6c 76 65 27 5d 29 2c 75 3d 5b 5d 2c 52 3d 30 78 30 2c 78 3d 30 78 31 3b 62 28 4a 2c 66 75 6e 63 74 69 6f 6e 28 6a 29 7b 76 61 72 20 59 3d 52 2b 2b 2c 49 3d 21 30 78 31 3b 78 2b 2b 2c 68 28 68 2c 68 2c 6a 29 5b 27 74 68 65 6e 27 5d 28 66 75 6e 63 74 69 6f 6e 28 4d 29 7b 49 7c 7c 28 49 3d 21 30 78 30 2c 75 5b 59 5d 3d 4d 2c 2d 2d 78 7c 7c 75 28 75 29 29 3b 7d 2c 78 29 3b 7d 29 2c 2d 2d 78 7c 7c 6b 28 75 29 3b 7d 7d 2c Data Ascii: ),J(h)&&u[sA(0x229)]===R)return x;var R=k['f'](W);return(0x0,R['resolve'])(R),R[sA(0x3d9)];}};}else{var h=o(J['resolve']),u=[],R=0x0,x=0x1;b(J,function(j){var Y=R++,I=!0x1;x++,h(h,h,j)['then'](function(M){I\|\|(I=!0x0,u[Y]=M,--x\|\|u(u));},x);}),--x\|\|k(u);}},
2024-04-26 15:51:05 UTC	2059	IN	Data Raw: 2c 6b 3d 75 28 74 68 69 73 29 2c 57 3d 52 28 6b 2c 27 6e 75 6d 62 65 72 27 29 3b 72 65 74 75 72 6e 20 47 39 28 30 78 33 65 36 29 21 3d 74 79 70 65 6f 66 20 57 7c 7c 69 73 46 69 6e 69 74 65 28 57 29 3f 6b 5b 47 39 28 30 78 33 65 64 29 5d 28 29 3a 6e 75 6c 6c 3b 7d 7d 29 3b 7d 2c 30 78 37 37 34 3a 66 75 6e 63 74 69 6f 6e 28 4c 2c 47 2c 4a 29 7b 76 61 72 20 47 71 3d 61 30 79 3b 69 66 28 47 71 28 30 78 32 62 36 29 3d 3d 3d 47 71 28 30 78 32 62 36 29 29 7b 76 61 72 20 62 3d 4a 28 30 78 31 37 65 29 2c 68 3d 4a 28 30 78 38 30 30 29 5b 47 71 28 30 78 35 36 31 29 5d 2c 52 3d 4a 28 30 78 31 32 39 61 29 2c 78 3d 4a 28 30 78 66 31 38 29 2c 6b 3d 46 75 6e 63 74 69 6f 6e 5b 47 71 28 30 78 33 66 36 29 5d 2c 57 3d 52 28 6b 5b 47 71 28 30 78 35 32 35 29 5d 29 2c 70 3d 2f Data Ascii: ,k=u(this),W=R(k,'number');return G9(0x3e6)!=typeof W\|\|isFinite(W)?k[G9(0x3ed)]():null;}});},0x774:function(L,G,J){var Gq=a0y;if(Gq(0x2b6)===Gq(0x2b6)){var b=J(0x17e),h=J(0x800)[Gq(0x561)],R=J(0x129a),x=J(0xf18),k=Function[Gq(0x3f6)],W=R(k[Gq(0x525)]),p=/
2024-04-26 15:51:06 UTC	16384	IN	Data Raw: 66 66 66 38 0d 0a 3f 27 5c 78 35 63 75 27 2b 71 30 28 55 28 71 38 2c 30 78 30 29 2c 30 78 31 30 29 3a 71 38 3b 7d 7d 3b 44 26 26 57 28 7b 27 74 61 72 67 65 74 27 3a 47 43 28 30 78 32 32 66 29 2c 27 73 74 61 74 27 3a 21 30 78 30 2c 27 61 72 69 74 79 27 3a 30 78 33 2c 27 66 6f 72 63 65 64 27 3a 71 34 7c 7c 71 35 7d 2c 7b 27 73 74 72 69 6e 67 69 66 79 27 3a 66 75 6e 63 74 69 6f 6e 28 71 38 2c 71 39 2c 71 71 29 7b 76 61 72 20 47 73 3d 47 43 2c 71 4f 3d 41 28 61 72 67 75 6d 65 6e 74 73 29 2c 71 43 3d 5a 28 71 34 3f 71 36 3a 44 2c 6e 75 6c 6c 2c 71 4f 29 3b 72 65 74 75 72 6e 20 71 35 26 26 47 73 28 30 78 32 62 63 29 3d 3d 74 79 70 65 6f 66 20 71 43 3f 58 28 71 43 2c 71 31 2c 71 37 29 3a 71 43 3b 7d 7d 29 3b 7d 2c 30 78 32 35 65 32 3a 66 75 6e 63 74 69 6f 6e 28 Data Ascii: fff8?'\x5cu'+q0(U(q8,0x0),0x10):q8;}};D&&W({'target':GC(0x22f),'stat':!0x0,'arity':0x3,'forced':q4\|\|q5},{'stringify':function(q8,q9,qq){var Gs=GC,qO=A(arguments),qC=Z(q4?q6:D,null,qO);return q5&&Gs(0x2bc)==typeof qC?X(qC,q1,q7):qC;}});},0x25e2:function(
2024-04-26 15:51:06 UTC	16384	IN	Data Raw: 27 3a 6f 37 28 30 78 31 66 66 29 2c 27 73 74 61 74 27 3a 21 30 78 30 2c 27 66 6f 72 63 65 64 27 3a 21 71 39 7d 2c 7b 27 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 4e 61 6d 65 73 27 3a 4f 35 7d 29 2c 71 6a 28 29 2c 71 59 28 71 67 2c 71 51 29 2c 71 42 5b 71 7a 5d 3d 21 30 78 30 3b 7d 2c 30 78 61 61 64 3a 66 75 6e 63 74 69 6f 6e 28 4c 2c 47 2c 4a 29 7b 76 61 72 20 6f 54 3d 61 30 79 2c 52 3d 4a 28 30 78 32 31 61 34 29 2c 6b 3d 4a 28 30 78 31 37 65 29 2c 57 3d 4a 28 30 78 32 30 63 35 29 2c 42 3d 4a 28 30 78 31 32 39 61 29 2c 5a 3d 4a 28 30 78 31 36 37 62 29 2c 6a 3d 4a 28 30 78 35 63 62 29 2c 59 3d 4a 28 30 78 31 32 63 66 29 2c 49 3d 4a 28 30 78 31 38 37 35 29 2c 4d 3d 4a 28 30 78 66 31 38 29 2c 7a 3d 4a 28 30 78 31 61 34 36 29 2c 51 3d 57 5b 6f 54 28 30 78 35 Data Ascii: ':o7(0x1ff),'stat':!0x0,'forced':!q9},{'getOwnPropertyNames':O5}),qj(),qY(qg,qQ),qB[qz]=!0x0;},0xaad:function(L,G,J){var oT=a0y,R=J(0x21a4),k=J(0x17e),W=J(0x20c5),B=J(0x129a),Z=J(0x167b),j=J(0x5cb),Y=J(0x12cf),I=J(0x1875),M=J(0xf18),z=J(0x1a46),Q=W[oT(0x5
2024-04-26 15:51:06 UTC	16384	IN	Data Raw: 43 6f 26 26 4a 32 28 30 78 33 33 39 29 69 6e 20 43 6f 5b 4a 32 28 30 78 33 66 36 29 5d 5d 29 3e 3d 30 78 34 3b 7d 66 75 6e 63 74 69 6f 6e 20 71 6a 28 29 7b 76 61 72 20 4a 33 3d 6f 49 2c 43 4c 2c 43 47 3d 77 69 6e 64 6f 77 3b 72 65 74 75 72 6e 20 43 4c 3d 43 47 5b 4a 33 28 30 78 35 35 37 29 5d 2c 21 21 2f 5e 66 75 6e 63 74 69 6f 6e 5c 73 2e 2a 3f 5c 7b 5c 73 2a 5c 5b 6e 61 74 69 76 65 20 63 6f 64 65 5d 5c 73 2a 7d 24 2f 5b 27 74 65 73 74 27 5d 28 53 74 72 69 6e 67 28 43 4c 29 29 26 26 71 54 28 5b 4a 33 28 30 78 35 37 64 29 3d 3d 3d 53 74 72 69 6e 67 28 43 47 5b 4a 33 28 30 78 32 36 38 29 5d 29 2c 27 4d 69 63 72 6f 64 61 74 61 45 78 74 72 61 63 74 6f 72 27 69 6e 20 43 47 5d 29 3e 3d 30 78 31 3b 7d 66 75 6e 63 74 69 6f 6e 20 71 59 28 29 7b 76 61 72 20 4a 34 Data Ascii: Co&&J2(0x339)in Co[J2(0x3f6)]])>=0x4;}function qj(){var J3=oI,CL,CG=window;return CL=CG[J3(0x557)],!!/^function\s.?\{\s\[native code]\s*}$/['test'](String(CL))&&qT([J3(0x57d)===String(CG[J3(0x268)]),'MicrodataExtractor'in CG])>=0x1;}function qY(){var J4
2024-04-26 15:51:06 UTC	16384	IN	Data Raw: 49 5d 3d 71 53 5b 4a 69 28 30 78 32 30 38 29 5d 28 66 75 6e 63 74 69 6f 6e 28 43 4d 29 7b 76 61 72 20 62 30 3d 4a 69 3b 72 65 74 75 72 6e 27 42 4c 4f 66 4f 27 21 3d 3d 62 30 28 30 78 35 34 35 29 3f 71 63 28 71 6a 29 3a 43 6b 28 43 49 2c 43 4d 29 3b 7d 29 3b 7d 2c 43 6a 3d 30 78 30 2c 43 59 3d 71 4e 3b 43 6a 3c 43 59 5b 27 6c 65 6e 67 74 68 27 5d 3b 43 6a 2b 2b 29 7b 69 66 28 62 31 28 30 78 32 37 61 29 21 3d 3d 27 44 41 57 51 41 27 29 43 6e 28 43 59 5b 43 6a 5d 29 3b 65 6c 73 65 7b 76 61 72 20 43 4d 3d 71 73 28 30 78 31 32 39 61 29 2c 43 7a 3d 43 57 28 30 78 35 63 62 29 2c 43 51 3d 71 72 28 30 78 37 32 37 29 2c 43 64 3d 43 4d 28 71 49 5b 62 31 28 30 78 35 32 35 29 5d 29 3b 43 7a 28 43 51 5b 62 31 28 30 78 34 34 62 29 5d 29 7c 7c 28 43 51 5b 62 31 28 30 78 Data Ascii: I]=qS[Ji(0x208)](function(CM){var b0=Ji;return'BLOfO'!==b0(0x545)?qc(qj):Ck(CI,CM);});},Cj=0x0,CY=qN;Cj<CY['length'];Cj++){if(b1(0x27a)!=='DAWQA')Cn(CY[Cj]);else{var CM=qs(0x129a),Cz=CW(0x5cb),CQ=qr(0x727),Cd=CM(qI[b1(0x525)]);Cz(CQ[b1(0x44b)])\|\|(CQ[b1(0x

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49723	23.204.76.112	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:51:02 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-26 15:51:02 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0758) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=54763 Date: Fri, 26 Apr 2024 15:51:02 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49724	23.204.76.112	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:51:05 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-26 15:51:05 UTC	530	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0DZ+oYgAAAABSxwJpMgMuSLkfS640ajfFQVRBRURHRTEyMTkAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=54754 Date: Fri, 26 Apr 2024 15:51:05 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-26 15:51:05 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
4	192.168.2.6	49725	20.25.241.18	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:51:08 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 75 34 6e 62 6a 57 4e 2b 37 30 6d 42 39 75 58 61 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 64 36 38 34 39 32 37 36 34 62 62 32 35 35 38 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: u4nbjWN+70mB9uXa.1Context: 7d68492764bb2558
2024-04-26 15:51:08 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-04-26 15:51:08 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 75 34 6e 62 6a 57 4e 2b 37 30 6d 42 39 75 58 61 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 64 36 38 34 39 32 37 36 34 62 62 32 35 35 38 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 62 62 33 64 64 79 63 39 67 67 65 6c 34 58 67 37 2b 33 31 47 79 34 47 73 4b 67 77 66 49 6a 41 33 4c 6b 69 6e 47 64 56 37 71 76 6e 49 67 2b 44 59 7a 76 53 6e 6a 71 79 4c 77 45 48 76 4a 4c 6a 78 6b 78 77 4a 33 34 2b 47 44 42 46 57 35 37 66 52 41 39 35 49 2f 68 54 47 66 48 51 68 53 4d 2b 56 61 7a 44 46 75 48 78 5a 4c 76 55 4d 33 Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: u4nbjWN+70mB9uXa.2Context: 7d68492764bb2558<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAbb3ddyc9ggel4Xg7+31Gy4GsKgwfIjA3LkinGdV7qvnIg+DYzvSnjqyLwEHvJLjxkxwJ34+GDBFW57fRA95I/hTGfHQhSM+VazDFuHxZLvUM3
2024-04-26 15:51:08 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 75 34 6e 62 6a 57 4e 2b 37 30 6d 42 39 75 58 61 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 64 36 38 34 39 32 37 36 34 62 62 32 35 35 38 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: u4nbjWN+70mB9uXa.3Context: 7d68492764bb2558<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-04-26 15:51:08 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-04-26 15:51:08 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 64 42 33 6e 65 2b 71 44 39 45 57 74 5a 6c 4d 6d 6c 7a 4e 68 78 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: dB3ne+qD9EWtZlMmlzNhxw.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49727	178.128.58.202	443	5916	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:51:09 UTC	880	OUT	POST / HTTP/1.1 Host: relevanteduofficelogin.relevantedu.xyz Connection: keep-alive Content-Length: 4046 Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 Origin: https://relevanteduofficelogin.relevantedu.xyz Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://relevanteduofficelogin.relevantedu.xyz/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 15:51:09 UTC	4046	OUT	Data Raw: 7a 7a 73 67 72 3d 25 35 42 25 35 42 25 32 32 36 65 32 35 33 37 34 32 36 61 34 34 32 25 32 32 25 32 43 25 32 32 35 33 34 33 30 32 35 34 33 33 32 32 35 25 32 32 25 32 43 25 32 32 33 38 33 36 37 31 34 38 32 35 33 33 34 25 32 32 25 32 43 25 32 32 31 32 35 33 33 34 32 32 35 33 37 34 36 25 32 32 25 32 43 25 32 32 32 35 33 37 34 33 32 35 33 37 34 32 32 25 32 32 25 32 43 25 32 32 35 33 37 34 33 34 32 37 36 37 34 37 39 25 32 32 25 32 43 25 32 32 32 35 33 33 34 31 36 61 33 32 33 30 33 25 32 32 25 32 43 25 32 32 33 33 30 33 33 33 30 33 31 33 34 33 34 25 32 32 25 32 43 25 32 32 33 35 33 33 33 38 33 30 33 36 33 30 33 25 32 32 25 32 43 25 32 32 34 33 34 25 32 32 25 35 44 25 32 43 25 32 32 32 30 33 30 33 30 31 34 34 35 25 32 32 25 32 43 25 32 32 39 30 30 37 32 34 39 25 Data Ascii: zzsgr=%5B%5B%226e2537426a442%22%2C%225343025433225%22%2C%223836714825334%22%2C%221253342253746%22%2C%222537432537422%22%2C%225374342767479%22%2C%222533416a32303%22%2C%223303330313434%22%2C%223533383036303%22%2C%22434%22%5D%2C%222030301445%22%2C%229007249%
2024-04-26 15:51:11 UTC	408	IN	HTTP/1.1 302 Found Server: nginx Date: Fri, 26 Apr 2024 15:51:10 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close location: https://relevanteduofficelogin.relevantedu.xyz/ set-cookie: bqmoZj="ODYyNzIzZWEtY2E0YS00OTJkLTgyZmYtNjVlMmM5MTFiOGY3OmFjZTJhNDYxLTA1NDEtNDJmOC04OTdkLWI3MDcwOWYyZmQ4ZA=="; Domain=relevantedu.xyz; HttpOnly; Path=/; SameSite=None; Secure
2024-04-26 15:51:11 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49726	178.128.58.202	443	5916	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:51:11 UTC	871	OUT	GET / HTTP/1.1 Host: relevanteduofficelogin.relevantedu.xyz Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://relevanteduofficelogin.relevantedu.xyz/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: bqmoZj="ODYyNzIzZWEtY2E0YS00OTJkLTgyZmYtNjVlMmM5MTFiOGY3OmFjZTJhNDYxLTA1NDEtNDJmOC04OTdkLWI3MDcwOWYyZmQ4ZA=="
2024-04-26 15:51:18 UTC	836	IN	HTTP/1.1 302 Found Server: nginx Date: Fri, 26 Apr 2024 15:51:17 GMT Content-Type: text/html; charset=utf-8 Content-Length: 47687 Connection: close cache-control: no-store, no-cache pragma: no-cache location: https://0ffice.relevantedu.xyz/login# vary: Accept-Encoding p3p: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: 7dd76e8a-fb68-4905-9384-a836a120e101 x-ms-ests-server: 2.1.17846.6 - WEULR1 ProdSlices report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://b5e70507-862723ea.relevantedu.xyz/api/report?catId=GW+estsfd+ams2"}]} nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-srs: 1.P referrer-policy: strict-origin-when-cross-origin content-encoding: gzip access-control-allow-origin: * access-control-allow-headers: *
2024-04-26 15:51:18 UTC	15548	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 b4 bd 6b 5b e2 ca d6 28 fa fd fc 0a 75 af 87 24 cb 4c 9b 3b 0a 9d e6 15 bc 76 8b da 12 6f 64 b2 e6 0e 10 14 15 50 40 a5 15 ce 6f 3f e3 52 55 a9 40 e8 39 df 77 ef b3 9e 35 db 50 a9 d4 75 d4 b8 8f 51 5f ef 27 fd a7 6f ff cf da d7 fb c0 ef c0 df b5 af 93 de e4 29 c0 a7 b5 b3 d6 43 d0 9e ac f5 87 6f 41 07 df 7c 51 af be 8e db a3 de f3 64 6d f2 eb 39 70 36 26 c1 74 f2 e5 c1 7f f3 b9 74 83 3e 5e ef be 0e da 93 de 70 60 5a 9f 1b af e3 60 6d 3c 19 f5 da 93 8d d2 9b 3f 5a 9b 38 ea ed c8 0e ac cf 51 30 79 1d 0d a0 98 bb dc 1a 07 93 f3 d1 70 32 c4 f6 cf ba b3 d9 e7 5f 7f 3d e3 ef bf fe 2a 7a cd 79 6f 30 9e f8 83 76 30 ec ae ed 8e 46 fe af 44 42 b5 36 b1 47 d6 e7 64 4b 55 77 46 f3 d9 2c fa b6 3b 1c 99 38 86 60 ad 37 58 1b 59 a2 c7 67 d9 Data Ascii: k[(u$L;vodP@o?RU@9w5PuQ_'o)CoA\|Qdm9p6&tt>^p`Z`m<?Z8Q0yp2_=*zyo0v0FDB6GdKUwF,;8`7XYg
2024-04-26 15:51:18 UTC	16379	IN	Data Raw: 62 4a c8 f5 af 4d da 0f a3 d6 fb 59 1b 1b d6 27 48 e2 54 8c bc 8d 79 6a 12 4f 25 ca f2 2d e5 b4 f0 e8 1c 00 fd f5 47 80 bd ae c9 ab cf 68 8a ef 52 e9 d0 ee 70 c0 98 ef 51 03 b8 17 14 fd 5e 3c 0a 9f b0 78 04 18 cf d1 74 00 d2 ed 86 68 83 8e 06 3d a6 b3 05 1c 5d d5 a4 b4 8b 40 f3 16 8f 4b 5b ce 85 92 bd 6d 53 30 89 7a 66 25 50 9f 2f bb 6f e3 05 97 37 2c 2e 99 c6 fd a4 ff d4 ed 91 12 4b 50 94 7d c1 8b 92 2a b2 f4 e0 18 af 03 4e 05 d2 31 d6 17 2d a4 65 65 20 a5 be 88 86 25 12 fd f2 19 26 cb 30 1f 9d 3b 1e 4f 2a 89 b9 02 af e5 80 72 16 ee 4a 11 43 10 8d f1 e4 17 26 60 04 fc d6 03 cc e0 ff c2 00 04 ce 57 07 b0 b2 2b 9a dd e9 92 4f 04 d4 e7 df 5d c0 6d 52 a8 ba 06 41 e3 00 23 fb 30 12 37 b2 0d 6d 41 d2 81 83 18 3e 23 f6 37 69 07 db da ae 72 9d bc 65 a9 37 bc b7 Data Ascii: bJMY'HTyjO%-GhRpQ^<xth=]@K[mS0zf%P/o7,.KP}N1-ee %&0;OrJC&`W+O]mRA#07mA>#7ire7

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	49732	178.128.58.202	443	5916	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:51:21 UTC	858	OUT	GET /login HTTP/1.1 Host: 0ffice.relevantedu.xyz Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://relevanteduofficelogin.relevantedu.xyz/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: bqmoZj="ODYyNzIzZWEtY2E0YS00OTJkLTgyZmYtNjVlMmM5MTFiOGY3OmFjZTJhNDYxLTA1NDEtNDJmOC04OTdkLWI3MDcwOWYyZmQ4ZA=="
2024-04-26 15:51:28 UTC	2198	IN	HTTP/1.1 302 Found Server: nginx Date: Fri, 26 Apr 2024 15:51:28 GMT Content-Type: text/html; charset=utf-8 Content-Length: 20 Connection: close location: https://relevanteduofficelogin.relevantedu.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2F0ffice.relevantedu.xyz%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2F0ffice.relevantedu.xyz%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638497434879938985.OTMyZmM3YzEtY2MyMi00ZmU5LTkxMTQtMWMyYmUxMzYyYzk4OTQ3NDFiZTItZTk1Yi00YmUzLTg0NTItYzljYzJmODhkMTg5&ui_locales=en-US&mkt=en-US&client-request-id=a4b512c3-a4a0-416b-b35b-186efbe5fd83&state=z_lP4Q7OlsbDNVLBmi5Sby8cvacKieMrTNK4rEt0GbamdiB8wnIxsYcFX-rFgHWE_Ru2xu_bmjibdV8Ddj3tloQQaAJAjps-zHUvR0J7MIwpLI1Y0mPgnAQw4mD5QWLEl5GuAesYSybJvS4VEOlwn1h8fvgK1g1vCRIePf0_pCHGdDqF5ULOxPc1BylSBOJ3E7LyUlGJCUjO87Y6yncYfdeUHtqs7BjUgu0zRe2oX7FTvRghQR51J1XPJez2jEdriWD-Zask3nenOQMdGQWWVw&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0 vary: Accept-Encoding request-context: appId= referrer-policy: strict-origin-when-cross-origin x-ua-compatible: IE=edge,chrome=1 x-cache: CONFIG_NOCACHE x-msedge-ref: Ref A: 24F331470B894D57A5E2AE787659F0BD Ref B: SG2EDGE3215 Ref C: 2024-04-26T15:51:28Z content-encoding: gzip access-control-allow-origin: * access-control-allow-headers: * set-cookie: OH.DCAffinity=OH-sea; expires=Sun, 21 Aug 2078 15:42:55 GMT; Path=/; Secure set-cookie: OH.FLID=101428ff-fa71-43f7-820b-5ff44ea10a67; expires=Mon, 21 Aug 2079 07:42:55 GMT; Path=/; Secure set-cookie: .AspNetCore.OpenIdConnect.Nonce.0yK_0T1xFjpV7gc180_Z32BGtDOsBdiEGKKVDz7YOKvqg8mSl8jkxPsFi67zc6irpeZh3p4yUZ5gDsubX-IdoqjteB8lPZZuxxwnCCGMEkx88KjhwAIGDIf_1Hn_UQh68hRvkf-_0voHsB4QrTtAStlvuElXV0HgNX-eSW_c0ISkFDZRhimXsbdfYD3cDdfhE7_glesc5C-byIx0xmQjEQJakyQ4MUdddrj7jOIFmaWjfXmk5Ae-F5kid7uz4Z67=N; expires=Sun, 21 Aug 2078 07:57:55 GMT; Path=/; Secure set-cookie: .AspNetCore.Correlation.fb1Rk9ykqzUnh42xUvSoboueum7mQdpfc2Xy4ZYhQbA=N; expires=Sun, 21 Aug 2078 07:57:55 GMT; Path=/; Secure set-cookie: MUID=2264A79D5E1D6D4A1F42B3F05F286C5D; Domain=relevantedu.xyz; expires=Fri, 15 Sep 2079 07:42:56 GMT; Path=/; Secure
2024-04-26 15:51:28 UTC	20	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 03 00 00 00 00 00 00 00 00 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.6	49733	20.25.241.18	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:51:21 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 74 4a 4b 59 74 4b 46 4a 38 6b 71 41 32 71 38 39 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 64 31 35 65 63 35 39 38 66 31 61 31 37 35 65 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: tJKYtKFJ8kqA2q89.1Context: fd15ec598f1a175e
2024-04-26 15:51:21 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-04-26 15:51:21 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 74 4a 4b 59 74 4b 46 4a 38 6b 71 41 32 71 38 39 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 64 31 35 65 63 35 39 38 66 31 61 31 37 35 65 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 62 62 33 64 64 79 63 39 67 67 65 6c 34 58 67 37 2b 33 31 47 79 34 47 73 4b 67 77 66 49 6a 41 33 4c 6b 69 6e 47 64 56 37 71 76 6e 49 67 2b 44 59 7a 76 53 6e 6a 71 79 4c 77 45 48 76 4a 4c 6a 78 6b 78 77 4a 33 34 2b 47 44 42 46 57 35 37 66 52 41 39 35 49 2f 68 54 47 66 48 51 68 53 4d 2b 56 61 7a 44 46 75 48 78 5a 4c 76 55 4d 33 Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: tJKYtKFJ8kqA2q89.2Context: fd15ec598f1a175e<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAbb3ddyc9ggel4Xg7+31Gy4GsKgwfIjA3LkinGdV7qvnIg+DYzvSnjqyLwEHvJLjxkxwJ34+GDBFW57fRA95I/hTGfHQhSM+VazDFuHxZLvUM3
2024-04-26 15:51:21 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 74 4a 4b 59 74 4b 46 4a 38 6b 71 41 32 71 38 39 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 64 31 35 65 63 35 39 38 66 31 61 31 37 35 65 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: tJKYtKFJ8kqA2q89.3Context: fd15ec598f1a175e<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-04-26 15:51:21 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-04-26 15:51:21 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 74 4a 66 70 64 6b 72 67 79 45 53 59 65 71 72 43 78 77 77 42 59 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: tJfpdkrgyESYeqrCxwwBYQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.6	49734	178.128.58.202	443	5916	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:51:30 UTC	1716	OUT	GET /common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2F0ffice.relevantedu.xyz%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2F0ffice.relevantedu.xyz%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638497434879938985.OTMyZmM3YzEtY2MyMi00ZmU5LTkxMTQtMWMyYmUxMzYyYzk4OTQ3NDFiZTItZTk1Yi00YmUzLTg0NTItYzljYzJmODhkMTg5&ui_locales=en-US&mkt=en-US&client-request-id=a4b512c3-a4a0-416b-b35b-186efbe5fd83&state=z_lP4Q7OlsbDNVLBmi5Sby8cvacKieMrTNK4rEt0GbamdiB8wnIxsYcFX-rFgHWE_Ru2xu_bmjibdV8Ddj3tloQQaAJAjps-zHUvR0J7MIwpLI1Y0mPgnAQw4mD5QWLEl5GuAesYSybJvS4VEOlwn1h8fvgK1g1vCRIePf0_pCHGdDqF5ULOxPc1BylSBOJ3E7LyUlGJCUjO87Y6yncYfdeUHtqs7BjUgu0zRe2oX7FTvRghQR51J1XPJez2jEdriWD-Zask3nenOQMdGQWWVw&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0 HTTP/1.1 Host: relevanteduofficelogin.relevantedu.xyz Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://relevanteduofficelogin.relevantedu.xyz/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: bqmoZj="ODYyNzIzZWEtY2E0YS00OTJkLTgyZmYtNjVlMmM5MTFiOGY3OmFjZTJhNDYxLTA1NDEtNDJmOC04OTdkLWI3MDcwOWYyZmQ4ZA=="; MUID=2264A79D5E1D6D4A1F42B3F05F286C5D
2024-04-26 15:51:38 UTC	813	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Apr 2024 15:51:37 GMT Content-Type: text/html; charset=utf-8 Content-Length: 55665 Connection: close cache-control: no-store, no-cache pragma: no-cache vary: Accept-Encoding p3p: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: 353d555e-cd1d-4925-af60-6d043b888b00 x-ms-ests-server: 2.1.17910.10 - WEULR1 ProdSlices report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://b5e70507-862723ea.relevantedu.xyz/api/report?catId=GW+estsfd+ams2"}]} nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-clitelem: 1,50168,0,, x-ms-srs: 1.P referrer-policy: strict-origin-when-cross-origin content-encoding: gzip access-control-allow-origin: * access-control-allow-headers: *
2024-04-26 15:51:38 UTC	15571	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 b4 7d 7b 5f ea c8 b2 e8 ff f3 29 94 3b 17 92 6d 44 9e 3e 60 65 d8 a8 f8 58 4b 7c 81 2e 95 e1 78 43 08 18 85 44 93 a0 f8 e0 bb df aa ea ee a4 03 61 cd 9c 39 fb ec df 9e 65 d2 e9 47 75 75 75 bd bb f9 b6 ba 7f b6 d7 be 3d 6f ac 3c 04 e3 d1 1f bf 7d 63 7f 56 be 3d 58 46 1f fe ae 7c 0b ec 60 64 e1 d3 ca a5 d5 b7 3d cb 0c 6c 67 88 1f 36 c2 2f df c6 56 60 ac 98 ae 13 58 4e a0 a7 02 6b 1a 6c 60 3f d5 15 f3 c1 f0 7c 2b d0 27 c1 60 7d 3b 05 63 04 cf eb d6 cb c4 7e d5 53 7b ac fa 7a fb fd d9 4a 6d 24 74 73 dc d0 ad fe d0 8a b7 ba 59 bf aa af ef b9 e3 67 23 b0 7b a3 e4 86 6f 76 3f 78 d0 fb d6 ab 6d 5a eb f4 a2 ad d8 8e 1d d8 c6 68 dd 37 8d 91 a5 e7 b3 39 6d 65 6c 4c ed f1 64 cc 8b 0a 58 34 f1 2d 8f de 0d e8 5b 7f b7 fc d4 8a 63 8c 2d 3d Data Ascii: }{_);mD>`eXK\|.xCDa9eGuuu=o<}cV=XF\|`d=lg6/V`XNkl`?\|+'`};c~S{zJm$tsYg#{ov?xmZh79melLdX4-[c-=
2024-04-26 15:51:38 UTC	16379	IN	Data Raw: 22 18 31 7b b4 5c 74 fa fa cd 91 d6 14 94 8e cc 0c 68 ac a9 7f 74 6e 7c dc ac 20 a4 c0 26 54 9a ac 14 44 f7 d7 d7 ae d2 04 e5 5c 44 97 61 0a 60 d6 1d 51 0d 61 f3 35 f5 26 48 59 95 b5 11 44 ad aa 9a a4 02 34 6b e3 4a 33 94 bf e6 12 25 64 2c c9 5f c0 11 22 f2 66 9c 28 73 63 f7 62 82 98 55 55 ce 89 07 35 f8 5b 19 08 d9 b0 99 4f 5e ad 1b 33 a6 ef 28 37 26 69 87 20 1c 01 e3 44 d0 c2 94 3b a2 ed ec 03 8d a2 65 9f a9 cc ab e4 8e 7e 43 f7 89 64 6e 7e 1e 79 66 06 40 b8 71 10 93 45 b6 49 57 f7 94 63 55 95 36 8a 94 4b 72 04 33 01 e5 1b 96 96 b1 7c 66 0d 85 b7 3e 52 f5 99 4c 97 9f 19 74 40 83 d2 b4 7a b4 b6 86 13 cc b0 f2 18 54 03 ae eb cc aa 7e 67 77 59 86 3f b4 e5 0a 1b 4d dc 80 75 57 7c f9 7e 66 26 75 e1 53 75 16 da 69 20 1a 67 7d d6 62 6e 45 4c ed 23 bc 90 7e f5 Data Ascii: "1{\thtn\| &TD\Da`Qa5&HYD4kJ3%d,_"f(scbUU5[O^3(7&i D;e~Cdn~yf@qEIWcU6Kr3\|f>RLt@zT~gwY?MuW\|~f&uSui g}bnEL#~
2024-04-26 15:51:38 UTC	16384	IN	Data Raw: 9d b4 05 70 4e a6 a8 a2 a6 28 39 d8 f8 02 ed a1 64 a0 b9 1c 34 2b a3 dd c4 1f 2a 53 28 73 61 ba 87 d7 88 a2 0e 45 12 dc 77 45 21 1a de cb 27 71 a5 46 f8 5d da 5b 0b 6a 15 22 c6 b0 50 bf fb 35 b2 2d b4 b5 a2 e1 93 1b 65 bc 72 94 29 46 19 d1 8c f2 54 8d 3e dd 9f 43 19 69 a7 32 79 fe 49 f6 4d 35 82 4d 1e 6c e9 81 36 9f be c0 b2 ee b9 b4 39 79 d5 5b b7 c0 78 9a 10 dd 09 ef 65 6b c1 b1 1a c3 77 de 33 44 b8 84 dd ae 24 d1 9d 9f 2c 74 67 e8 b2 ac bc 50 8a 61 20 e7 10 41 06 c3 ef a5 0f 24 ac 50 24 bf 63 b2 4f 14 b5 ff 69 57 17 42 54 6b 38 f8 05 8e 15 8b fb 8d 0d 7b 85 a0 3e 60 e3 7b 40 6f 78 a7 2c d4 04 12 49 52 09 78 28 d2 45 6f 78 2b 84 28 c3 74 f0 c7 a7 95 77 64 9c 69 fd 77 a4 01 38 9c e6 d7 52 0b 54 44 12 6c a4 8e cd 8a 47 a5 ad b6 85 93 8a f5 2c 78 1b 46 33 Data Ascii: pN(9d4+*S(saEwE!'qF][j"P5-er)FT>Ci2yIM5Ml69y[xekw3D$,tgPa A$P$cOiWBTk8{>`{@ox,IRx(Eox+(twdiw8RTDlG,xF3
2024-04-26 15:51:38 UTC	7331	IN	Data Raw: c8 3f a8 91 97 c7 98 a9 b3 f0 31 11 7a c1 6e 2d 05 de e8 bc 28 a6 85 dc 30 18 af 4c 3f db 38 05 55 3b e0 41 67 0f 32 d1 67 e4 30 b0 45 2e 51 ce 7d ef 7b 38 b5 60 ce c8 c1 2d 9b a1 e0 65 64 37 93 cf e6 18 fc 8b e3 9d 6e 8d 40 30 dc 63 89 13 c5 cc 0b fe 25 58 c2 0d 8c 29 74 6e 89 4e ca 84 f5 29 e8 ec 11 b4 a5 70 c2 c7 50 0a 59 f5 d3 25 62 9a 8e 40 54 cc c4 b0 a6 28 22 71 34 d9 21 02 4d 10 64 c4 a9 25 79 3a a7 5b 56 12 e5 89 c5 f4 82 8f 5f 7e 7f 12 c7 42 81 74 be e3 d0 fd 4e 2b 9a 61 08 3d aa d3 ed 7c 97 76 68 be 02 75 e4 a6 1a 0b df a9 2a 50 2f 01 9a 54 bc a8 b6 12 d6 b6 89 c4 08 e7 b8 ba e4 0b 47 d2 2f ca 9b cb 8a 45 27 85 2c 2e a0 ba 69 19 c0 79 92 fd 0d 3b 34 c9 2c e1 0e 09 87 11 6d 75 27 19 3d c0 9a 2b 8d a3 2a 7f c6 31 4d 32 6a 5b 12 37 ac 12 f2 d9 3f Data Ascii: ?1zn-(0L?8U;Ag2g0E.Q}{8`-ed7n@0c%X)tnN)pPY%b@T("q4!Md%y:[V_~BtN+a=\|vhuP/TG/E',.iy;4,mu'=+1M2j[7?

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.6	49735	178.128.58.202	443	5916	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:51:41 UTC	674	OUT	GET /shared/1.0/content/js/BssoInterrupt_Core_Ggyc2EJnCaHFrI6xkBPLcg2.js HTTP/1.1 Host: b72d03ca-862723ea.relevantedu.xyz Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://relevanteduofficelogin.relevantedu.xyz sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://relevanteduofficelogin.relevantedu.xyz/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 15:51:48 UTC	812	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Apr 2024 15:51:47 GMT Content-Type: application/x-javascript Content-Length: 49626 Connection: close cache-control: public, max-age=31536000 last-modified: Mon, 01 Apr 2024 18:07:19 GMT etag: 0x8DC527692402A16 x-ms-request-id: 41411efe-701e-0045-4cbf-95b185000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding access-control-allow-origin: * x-azure-ref: 20240426T155146Z-r1869b9b46ccjr6kad1d58dqnc00000000e0000000005gha x-fd-int-roxy-purgeid: 4554691 x-cache: TCP_HIT accept-ranges: bytes content-encoding: gzip
2024-04-26 15:51:48 UTC	13648	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 e4 bd eb 5b e3 38 d2 38 fa fd fd 2b 82 77 0f 13 4f 8c c9 05 68 70 da cd 2f 0d 74 37 33 40 18 02 73 59 60 79 9c 58 01 4f 07 3b 6b 3b 5c 06 72 fe f6 53 17 c9 96 1d 87 ee d9 f7 3c e7 cb 99 4b b0 a5 92 2c 95 aa 4a 55 a5 92 b4 fe e3 ca ff d4 7e ac ad 7d ff 3f b5 c1 79 ef ec bc d6 ff 54 3b ff 72 78 b6 5f 3b 85 b7 3f 6a 27 fd f3 c3 bd 83 ef af 07 3f 8a ff 9f df 05 49 6d 1c 4c 44 0d fe 0e bd 44 f8 b5 28 ac 45 71 2d 08 47 51 3c 8d 62 2f 15 49 ed 1e 7e e3 c0 9b d4 c6 71 74 5f 4b ef 44 6d 1a 47 7f 8a 51 9a d4 26 41 92 42 a1 a1 98 44 8f b5 3a 54 17 fb b5 53 2f 4e 9f 6b 87 a7 a6 0d f5 0b a8 2d b8 0d 42 28 3d 8a a6 cf f0 7c 97 d6 c2 28 0d 46 a2 e6 85 3e d5 36 81 97 30 11 b5 59 e8 8b b8 f6 78 17 8c ee 6a c7 c1 28 8e 92 68 9c d6 62 31 12 c1 Data Ascii: [88+wOhp/t73@sY`yXO;k;\rS<K,JU~}?yT;rx_;?j'?ImLDD(Eq-GQ<b/I~qt_KDmGQ&ABD:TS/Nk-B(=\|(F>60Yxj(hb1
2024-04-26 15:51:48 UTC	16384	IN	Data Raw: 05 95 71 ab 8a f2 35 8a ef 52 41 e9 4d a7 f9 a0 41 d7 16 d2 96 50 d4 e2 48 7e 17 58 fe d5 6c 9d 26 99 4d d2 fc c3 85 e4 1c 7a 5f 84 34 e5 14 df f3 7c b2 2c 38 34 44 83 d2 53 4b 94 98 23 8d 17 83 75 f4 7e 27 60 fe f5 4f b1 37 f3 39 1e 40 ff 7c 21 19 d4 08 7c 2d a0 ac 9c c2 b8 3e 54 ea 1f e3 34 7b cd bf 87 fa 7f 34 7d d6 08 7f 59 8e 61 91 6c 03 7e 79 6b e8 be 0d 53 55 cf 5b 28 fc 3b d0 6f 28 be e7 63 cf 31 96 e6 56 a8 c3 54 60 21 b5 42 39 2e d5 2c 53 97 a8 ca 25 60 2d 07 0a 4c a7 68 8c e3 2c 86 35 00 57 03 3f b3 7e bd 34 8b e5 da fd 14 f4 36 98 af 00 2c d3 1c ab d3 17 ad 67 6a 51 39 91 1a 33 91 ea 20 7e e7 10 7d 25 bd 50 2d b8 c1 df ac 2d cf 15 26 d8 66 87 8d a0 0c cd 4b 60 3a 6f 81 64 3e 11 16 6e d8 46 59 0a 8b 51 80 13 c9 97 54 c6 3c 49 9b b4 fd 6e 49 6e Data Ascii: q5RAMAPH~Xl&Mz_4\|,84DSK#u~'`O79@\|!\|->T4{4}Yal~ykSU[(;o(c1VT`!B9.,S%`-Lh,5W?~46,gjQ93 ~}%P--&fK`:od>nFYQT<InIn
2024-04-26 15:51:48 UTC	16384	IN	Data Raw: c4 54 45 9f 70 a6 1f bc 1a f5 1a 07 48 76 81 57 71 34 62 1c 60 3e 63 34 90 81 a8 af d5 93 a6 3f 12 eb 8c 33 41 1e b6 c2 56 0a 50 da 3e 7d 1a 49 88 b4 5f 13 11 84 73 08 0c 90 1b f5 16 ae e1 38 e9 f9 cd e0 3c ba 42 10 dd ec 06 59 7c 6b 78 a5 1b 9c f4 85 d6 72 0f 00 4a 9c bb 99 4c 8e 51 9f ed c2 3b 53 60 b5 61 ac 4c fd 97 b3 80 63 73 30 0e d8 ff 82 d9 e5 e6 ba 7b 69 d7 d1 0a 01 02 2f 67 9c 9a 98 1d ee e9 7a c5 91 4f ec f0 4a d5 8e 05 ea bb a1 e0 dc 11 a9 07 a3 dd 01 ef 50 fd 1c 3c 70 86 e9 d0 79 a0 e9 d8 34 19 ac 18 cb 03 b8 e6 4a 5e d1 24 ab 54 c0 e5 3d 87 64 85 35 d3 ce ab a2 3c 62 69 0d 5c 62 ea ce fd e5 88 19 3a 7f 29 ab fe 3e e7 ac cf aa 22 5f 94 35 e9 d6 24 9f e7 71 be d3 01 62 7f a9 49 ab 21 b6 ae 33 9c 0f 9d 01 2d 9e 01 77 c6 1b 44 05 4d 5b 71 c3 d9 Data Ascii: TEpHvWq4b`>c4?3AVP>}I_s8<BY\|kxrJLQ;S`aLcs0{i/gzOJP<py4J^$T=d5<bi\b:)>"_5$qbI!3-wDM[q
2024-04-26 15:51:48 UTC	3210	IN	Data Raw: 80 cb e0 e6 ac fd 35 23 9c 8f d4 95 8c 34 fd b6 47 5c c6 8c 37 6f 40 db 55 56 23 b8 d2 f3 0d 2c bc b2 d9 44 2e 5c 79 be b9 a1 44 b6 7d ac 0d 73 53 41 9b f9 2e d6 17 fb b3 a1 21 b7 b7 67 d4 17 a4 a0 07 ea bc b2 0e d1 96 8c e4 67 af 12 7d 8b 3b ed 91 bb 16 26 55 3a 5a f7 b1 b5 8d 76 ea c9 87 c3 80 c7 4e b5 1c 5b 89 ed 08 68 62 fb d4 57 df bc 9a 1c 72 c3 bd c0 fd b2 cf f3 2e fa d3 2d 60 3b e0 25 8d 9a 20 8e e7 72 85 44 ac 5e 36 fa 2b 83 05 c3 84 65 e8 3b d3 b8 f6 61 4f 55 cc 11 c2 76 c5 a4 e8 c8 d5 a4 28 33 8a 75 e2 70 a9 3b c9 63 9d 91 b4 51 c4 6b d6 27 ce 48 f3 fb f7 8f dc 29 3b 9a a0 84 10 51 c1 4f c4 4a 3b 08 6f dc 1c 4b 02 ac 5e 7f 23 0f fe 4f 34 13 bc bd 34 aa 99 07 40 a1 42 e8 88 3e a6 f1 c4 a6 13 f7 bd 80 73 02 e0 68 e1 35 c7 47 e3 a1 3b 03 ee f4 e8 Data Ascii: 5#4G\7o@UV#,D.\yD}sSA.!gg};&U:ZvN[hbWr.-`;% rD^6+e;aOUv(3up;cQk'H);QOJ;oK^#O44@B>sh5G;

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.6	49736	20.25.241.18	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:51:42 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 7a 6c 6d 4c 57 53 66 6f 72 30 43 42 71 57 69 32 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 61 61 66 37 63 66 64 61 62 39 31 36 32 31 30 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: zlmLWSfor0CBqWi2.1Context: 9aaf7cfdab916210
2024-04-26 15:51:42 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-04-26 15:51:42 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 7a 6c 6d 4c 57 53 66 6f 72 30 43 42 71 57 69 32 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 61 61 66 37 63 66 64 61 62 39 31 36 32 31 30 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 62 62 33 64 64 79 63 39 67 67 65 6c 34 58 67 37 2b 33 31 47 79 34 47 73 4b 67 77 66 49 6a 41 33 4c 6b 69 6e 47 64 56 37 71 76 6e 49 67 2b 44 59 7a 76 53 6e 6a 71 79 4c 77 45 48 76 4a 4c 6a 78 6b 78 77 4a 33 34 2b 47 44 42 46 57 35 37 66 52 41 39 35 49 2f 68 54 47 66 48 51 68 53 4d 2b 56 61 7a 44 46 75 48 78 5a 4c 76 55 4d 33 Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: zlmLWSfor0CBqWi2.2Context: 9aaf7cfdab916210<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAbb3ddyc9ggel4Xg7+31Gy4GsKgwfIjA3LkinGdV7qvnIg+DYzvSnjqyLwEHvJLjxkxwJ34+GDBFW57fRA95I/hTGfHQhSM+VazDFuHxZLvUM3
2024-04-26 15:51:42 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 7a 6c 6d 4c 57 53 66 6f 72 30 43 42 71 57 69 32 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 61 61 66 37 63 66 64 61 62 39 31 36 32 31 30 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: zlmLWSfor0CBqWi2.3Context: 9aaf7cfdab916210<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-04-26 15:51:43 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-04-26 15:51:43 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 49 64 50 67 38 6d 64 4a 47 30 53 49 68 2f 4a 4d 65 33 6b 54 65 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: IdPg8mdJG0SIh/JMe3kTeA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.6	49737	178.128.58.202	443	5916	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:51:49 UTC	731	OUT	GET /862723eaca4a492d82ff65e2c911b8f7/ HTTP/1.1 Host: relevanteduofficelogin.relevantedu.xyz Connection: Upgrade Pragma: no-cache Cache-Control: no-cache User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Upgrade: websocket Origin: https://relevanteduofficelogin.relevantedu.xyz Sec-WebSocket-Version: 13 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: bqmoZj="ODYyNzIzZWEtY2E0YS00OTJkLTgyZmYtNjVlMmM5MTFiOGY3OmFjZTJhNDYxLTA1NDEtNDJmOC04OTdkLWI3MDcwOWYyZmQ4ZA=="; MUID=2264A79D5E1D6D4A1F42B3F05F286C5D Sec-WebSocket-Key: +LiSn82gOP/GhWDwOq9nZA== Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
2024-04-26 15:51:55 UTC	740	IN	HTTP/1.1 404 Not Found Server: nginx Date: Fri, 26 Apr 2024 15:51:55 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding cache-control: private p3p: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: 76dd33a3-d7a2-4f5f-88b3-a6db6d392e01 x-ms-ests-server: 2.1.17846.6 - FRC ProdSlices report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://b5e70507-862723ea.relevantedu.xyz/api/report?catId=GW+estsfd+ams2"}]} nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-srs: 1.P referrer-policy: strict-origin-when-cross-origin access-control-allow-origin: * access-control-allow-headers: *
2024-04-26 15:51:55 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.6	49739	178.128.58.202	443	5916	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:51:50 UTC	2558	OUT	GET /common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2F0ffice.relevantedu.xyz%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2F0ffice.relevantedu.xyz%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638497434879938985.OTMyZmM3YzEtY2MyMi00ZmU5LTkxMTQtMWMyYmUxMzYyYzk4OTQ3NDFiZTItZTk1Yi00YmUzLTg0NTItYzljYzJmODhkMTg5&ui_locales=en-US&mkt=en-US&client-request-id=a4b512c3-a4a0-416b-b35b-186efbe5fd83&state=z_lP4Q7OlsbDNVLBmi5Sby8cvacKieMrTNK4rEt0GbamdiB8wnIxsYcFX-rFgHWE_Ru2xu_bmjibdV8Ddj3tloQQaAJAjps-zHUvR0J7MIwpLI1Y0mPgnAQw4mD5QWLEl5GuAesYSybJvS4VEOlwn1h8fvgK1g1vCRIePf0_pCHGdDqF5ULOxPc1BylSBOJ3E7LyUlGJCUjO87Y6yncYfdeUHtqs7BjUgu0zRe2oX7FTvRghQR51J1XPJez2jEdriWD-Zask3nenOQMdGQWWVw&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0&sso_reload=true HTTP/1.1 Host: relevanteduofficelogin.relevantedu.xyz Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://relevanteduofficelogin.relevantedu.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2F0ffice.relevantedu.xyz%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2F0ffice.relevantedu.xyz%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638497434879938985.OTMyZmM3YzEtY2MyMi00ZmU5LTkxMTQtMWMyYmUxMzYyYzk4OTQ3NDFiZTItZTk1Yi00YmUzLTg0NTItYzljYzJmODhkMTg5&ui_locales=en-US&mkt=en-US&client-request-id=a4b512c3-a4a0-416b-b35b-186efbe5fd83&state=z_lP4Q7OlsbDNVLBmi5Sby8cvacKieMrTNK4rEt0GbamdiB8wnIxsYcFX-rFgHWE_Ru2xu_bmjibdV8Ddj3tloQQaAJAjps-zHUvR0J7MIwpLI1Y0mPgnAQw4mD5QWLEl5GuAesYSybJvS4VEOlwn1h8fvgK1g1vCRIePf0_pCHGdDqF5ULOxPc1BylSBOJ3E7LyUlGJCUjO87Y6yncYfdeUHtqs7BjUgu0zRe2oX7FTvRghQR51J1XPJez2jEdriWD-Zask3nenOQMdGQWWVw&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: bqmoZj="ODYyNzIzZWEtY2E0YS00OTJkLTgyZmYtNjVlMmM5MTFiOGY3OmFjZTJhNDYxLTA1NDEtNDJmOC04OTdkLWI3MDcwOWYyZmQ4ZA=="; MUID=2264A79D5E1D6D4A1F42B3F05F286C5D; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
2024-04-26 15:52:00 UTC	809	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Apr 2024 15:51:59 GMT Content-Type: text/html; charset=utf-8 Content-Length: 62569 Connection: close cache-control: no-store, no-cache pragma: no-cache vary: Accept-Encoding p3p: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: 81867f7c-1bf4-437a-9b1a-a433bf2f5800 x-ms-ests-server: 2.1.17910.10 - WEULR1 ProdSlices report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://b5e70507-862723ea.relevantedu.xyz/api/report?catId=GW+estsfd+ams2"}]} nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-clitelem: 1,0,0,, x-ms-srs: 1.P referrer-policy: strict-origin-when-cross-origin content-encoding: gzip access-control-allow-origin: * access-control-allow-headers: *
2024-04-26 15:52:00 UTC	15575	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ec bd 5b 77 e2 c8 96 30 f8 5e bf 82 64 55 3b e1 b3 c0 dc c1 a6 74 dc 18 83 8d 01 1b 1b f0 b5 bd bc 84 14 80 8c 90 b0 2e 60 9c 36 6f f3 4b e6 61 56 3f cc db fc 83 f3 c7 66 ef 88 d0 0d 70 66 56 9d 3a df f4 9a 95 a7 bb d2 52 28 2e 3b 76 ec d8 f7 08 fe f8 72 7c 51 ed dd 75 6a 91 b1 3d d5 fe f1 db 1f f8 27 22 6b 92 65 89 d1 68 44 51 4d 31 aa d9 66 34 a2 49 fa 48 8c 12 3d fa 8f df 22 7f 8c 89 a4 c0 df c8 1f b6 6a 6b 04 9f 22 5d 75 a4 47 54 3d 62 1b 91 a5 e1 98 11 49 96 0d 47 b7 b1 d2 9e 57 eb 8f 29 b1 a5 88 6c e8 36 d1 6d 31 6a 93 57 7b 0f 07 2c 47 e4 b1 64 5a c4 16 1d 7b 98 28 45 01 18 7b 96 20 2f 8e 3a 17 a3 55 56 3d d1 5b ce 48 74 6f 4b 37 8d 9a 48 94 11 09 b7 ba 4d f4 2b 89 aa 31 9d 49 b6 3a d0 b6 37 5c a8 8a 3d 16 15 32 57 65 Data Ascii: [w0^dU;t.`6oKaV?fpfV:R(.;vr\|Quj='"kehDQM1f4IH="jk"]uGT=bIGW)l6m1jW{,GdZ{(E{ /:UV=[HtoK7HM+1I:7\=2We
2024-04-26 15:52:00 UTC	14460	IN	Data Raw: 60 b4 f5 18 a7 80 c6 bf c9 a0 7f 47 52 07 f4 4f fa c0 10 65 16 64 2a d3 82 dc 81 eb 56 4d 52 9a d8 dd 15 be d1 e6 07 38 a8 80 43 1e 7c 49 7f b0 ca f9 03 bf 96 2e d2 0a 30 2c a8 9a c8 fd 55 dd 21 ac 5a f1 40 16 9d 24 10 48 72 66 cc 40 a1 76 92 48 34 ec c5 af ca 8f 3f 1f d0 a4 47 43 64 95 04 3a 6d df 31 61 3c b8 6f 09 40 c1 fb 7b 01 98 18 43 7f 86 3f c5 e3 df 1c f4 75 f2 6e d1 75 91 15 dd 4a b1 2f c6 fb 3b c2 f9 0f 83 be e3 e3 1f c6 43 96 b6 62 53 a1 d3 e0 61 37 68 5b f0 da f2 ef 7f 20 d9 fb b5 f1 4d f0 70 48 53 d3 83 55 33 a1 aa 99 47 81 e3 01 bd 13 b2 7b 88 0b 3f 60 a3 1f 60 e8 43 46 a7 0c 52 80 2d 38 01 56 03 28 2f 08 f6 23 fa f3 bd 73 6a 44 04 1b 1d a1 c9 53 1a e0 64 2e fb bb d7 5b 54 a0 44 2c 3e 60 36 16 5f e0 14 98 2e 0f b2 60 e1 d1 bb 8f 10 43 2e 6f Data Ascii: `GROed*VMR8C\|I.0,U!Z@$Hrf@vH4?GCd:m1a<o@{C?unuJ/;CbSa7h[ MpHSU3G{?``CFR-8V(/#sjDSd.[TD,>`6_.`C.o
2024-04-26 15:52:01 UTC	16384	IN	Data Raw: 43 e5 73 b4 66 f8 ea 1f 41 17 ee 08 04 05 26 99 84 88 06 48 f5 70 7f e7 2b f9 69 a2 08 77 14 c1 b7 1f 06 ba 85 f5 ad 0c c6 a8 55 10 b8 06 7f a2 d3 ce eb cb db 08 83 07 9c d2 c8 6b c2 9a 5e 28 fc cb 3d 23 e8 83 0c 34 8a 14 22 6f 4c 21 f7 e4 c0 a6 97 99 c4 e0 38 37 09 0e c2 9f 6b 5f e7 ac 99 5c c0 a4 4c 0b e9 11 a1 d5 6e 4d c1 eb 0f f2 8a ef 4f 17 72 ca 82 34 51 1a b8 c1 74 28 15 70 e8 d1 23 59 7e f2 85 e8 78 fd 85 60 a5 1a 9e c5 31 13 16 50 84 9a 4d e5 e9 ec d8 89 58 85 90 fb 36 0c 3a 87 4a 7d f9 dd da 6e 6c 5b 7f 58 db 87 db d6 f7 6f e2 01 a8 ed 69 a4 32 cd 65 0e 7d 12 53 42 ae 7f 23 d2 7e 58 cd d9 59 73 61 39 bf 40 12 a7 62 e4 6d ec 96 4d 3c 95 28 db 19 2a a7 85 3b ef 10 e8 ef e0 05 b0 d7 25 79 f5 59 d7 e2 bb 54 5a db 1d 0e 19 f3 dd 19 00 f7 8c a2 df 73 Data Ascii: CsfA&Hp+iwUk^(=#4"oL!87k_\LnMOr4Qt(p#Y~x`1PMX6:J}nl[Xoi2e}SB#~XYsa9@bmM<(*;%yYTZs
2024-04-26 15:52:01 UTC	16150	IN	Data Raw: b8 83 37 d3 9f aa fd 8a 9c 07 25 2d 7e 99 7b e4 4f bf 30 77 71 8c 41 3e ea 15 6b 3d 12 3e 65 d4 fb f9 c9 f5 07 43 73 f5 3b a6 25 3a 6a 7b 6f e8 8d 39 30 48 9c 70 e9 ac e9 b0 dd b2 df 29 0a e7 4a 38 94 32 e8 a8 0c 0f e8 7c 62 4c 48 2e e9 ab 37 3e 28 19 16 4f 8c 56 19 27 37 99 ac 7f 7a e3 57 42 d2 3f e9 b8 8f 09 4b 2f 5f ef 1b 6d 85 a5 d1 ad a3 21 a3 f3 60 8b b1 e6 70 07 99 fa 7e e0 f7 44 96 2a 8a 7a 2b 4a 5d 77 36 f0 6f af 85 7b 88 94 80 df d6 49 f4 d9 46 8b 30 87 bb 91 cc cb c8 16 a3 6a 46 02 ac 4c 83 6e d4 0b ef 7e 36 8d 57 9f ca c0 9a 75 0d 1e 1c 40 0a 61 99 8c 84 01 14 7d 1a 2c 24 af 9c 23 8f dc 0c 1a 71 ea 51 e5 b4 6d f6 e7 1a 8b cb ce bc dc 66 cb 23 73 43 c7 11 1e 85 5a bf f7 60 06 4b 49 ff 97 81 19 31 4f 28 10 1d 73 83 b1 11 f9 61 94 30 f1 8b 56 ca Data Ascii: 7%-~{O0wqA>k=>eCs;%:j{o90Hp)J82\|bLH.7>(OV'7zWB?K/_m!`p~D*z+J]w6o{IF0jFLn~6Wu@a},$#qQmf#sCZ`KI1O(sa0V

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.6	49738	178.128.58.202	443	5916	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:51:53 UTC	1640	OUT	GET /favicon.ico HTTP/1.1 Host: relevanteduofficelogin.relevantedu.xyz Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://relevanteduofficelogin.relevantedu.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2F0ffice.relevantedu.xyz%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2F0ffice.relevantedu.xyz%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638497434879938985.OTMyZmM3YzEtY2MyMi00ZmU5LTkxMTQtMWMyYmUxMzYyYzk4OTQ3NDFiZTItZTk1Yi00YmUzLTg0NTItYzljYzJmODhkMTg5&ui_locales=en-US&mkt=en-US&client-request-id=a4b512c3-a4a0-416b-b35b-186efbe5fd83&state=z_lP4Q7OlsbDNVLBmi5Sby8cvacKieMrTNK4rEt0GbamdiB8wnIxsYcFX-rFgHWE_Ru2xu_bmjibdV8Ddj3tloQQaAJAjps-zHUvR0J7MIwpLI1Y0mPgnAQw4mD5QWLEl5GuAesYSybJvS4VEOlwn1h8fvgK1g1vCRIePf0_pCHGdDqF5ULOxPc1BylSBOJ3E7LyUlGJCUjO87Y6yncYfdeUHtqs7BjUgu0zRe2oX7FTvRghQR51J1XPJez2jEdriWD-Zask3nenOQMdGQWWVw&x-client-SKU=ID_NET6_0&x-client-ver=7.3.1.0 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: bqmoZj="ODYyNzIzZWEtY2E0YS00OTJkLTgyZmYtNjVlMmM5MTFiOGY3OmFjZTJhNDYxLTA1NDEtNDJmOC04OTdkLWI3MDcwOWYyZmQ4ZA=="; MUID=2264A79D5E1D6D4A1F42B3F05F286C5D; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.6	49744	178.128.58.202	443	5916	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:51:58 UTC	773	OUT	GET /862723eaca4a492d82ff65e2c911b8f7/ HTTP/1.1 Host: relevanteduofficelogin.relevantedu.xyz Connection: Upgrade Pragma: no-cache Cache-Control: no-cache User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Upgrade: websocket Origin: https://relevanteduofficelogin.relevantedu.xyz Sec-WebSocket-Version: 13 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: bqmoZj="ODYyNzIzZWEtY2E0YS00OTJkLTgyZmYtNjVlMmM5MTFiOGY3OmFjZTJhNDYxLTA1NDEtNDJmOC04OTdkLWI3MDcwOWYyZmQ4ZA=="; MUID=2264A79D5E1D6D4A1F42B3F05F286C5D; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1 Sec-WebSocket-Key: WrUkSU9BENdCQX5aK2Nfeg== Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.6	49748	178.128.58.202	443	5916	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:52:03 UTC	699	OUT	GET /ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css HTTP/1.1 Host: 181eeb1c-862723ea.relevantedu.xyz Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://relevanteduofficelogin.relevantedu.xyz sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: style Referer: https://relevanteduofficelogin.relevantedu.xyz/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 15:52:09 UTC	729	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Apr 2024 15:52:09 GMT Content-Type: text/css Content-Length: 20314 Connection: close accept-ranges: bytes access-control-allow-origin: * access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding age: 2810231 cache-control: public, max-age=31536000 etag: 0x8DC070858CA028D last-modified: Wed, 27 Dec 2023 18:19:21 GMT vary: Accept-Encoding x-cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: fc06530d-401e-00a3-0862-7ee146000000 x-ms-version: 2009-09-19 content-encoding: gzip
2024-04-26 15:52:09 UTC	15655	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 7d 6b 73 e3 36 b2 e8 f7 f9 15 5c a7 52 3b ce 4a 8c 48 3d 2d 57 52 3b 99 cc 26 3e 67 5e 35 33 d9 47 a5 52 5b b4 44 59 3c 43 89 ba 24 65 8f 57 47 ff fd e2 8d 06 d0 20 29 8f b3 d9 7b 2b 27 67 13 0b dd 6c 00 dd 8d 06 1a e8 06 be fe ea 0f c1 f3 62 77 5f 66 37 eb 3a 78 fa fc 3c 78 95 2d ca a2 2a 56 35 29 2f 77 45 99 d4 59 b1 0d 83 67 79 1e 30 a4 2a 28 d3 2a 2d 6f d3 65 18 7c f5 f5 d7 5f fd e1 49 bf fb ff 05 ef 3f 3c 7b f7 21 78 f3 97 e0 c3 8f 57 ef be 0f de 92 5f ff 08 5e bf f9 70 f5 fc 45 d0 99 ca 93 27 1f d6 59 15 ac b2 3c 0d c8 7f af 93 2a 5d 06 c5 36 28 ca 20 db 2e 44 ab d3 2a d8 90 7f 97 59 92 07 ab b2 d8 04 f5 3a 0d 76 65 f1 3f e9 82 f4 21 cf aa 9a 7c 74 9d e6 c5 5d f0 94 90 2b 97 c1 db a4 ac ef 83 ab b7 e7 61 f0 81 e0 16 Data Ascii: }ks6\R;JH=-WR;&>g^53GR[DY<C$eWG ){+'glbw_f7:x<x-V5)/wEYgy0(-oe\|_I?<{!xW_^pE'Y<]6( .D*Y:ve?!\|t]+a
2024-04-26 15:52:09 UTC	4659	IN	Data Raw: 62 55 e4 cb 9d 46 11 60 f2 34 8a 20 ba 0a e1 1d 2d b3 ba 41 d4 6a 33 50 25 58 6c a8 15 02 68 eb 56 83 ba b5 a0 21 5d f4 aa e1 60 30 5e 26 13 b7 4f 5a e3 0c 32 50 fb 10 40 6b 9f fc 5a d9 82 86 f5 c9 a7 ad bc 4f 0f 53 c6 3e 8f 75 ef 81 fb bb e5 60 13 bf d0 d1 86 c0 d4 70 43 60 72 bc 81 ca 0c ee 7b ca cd 06 61 90 56 01 34 34 b4 0d 0f 13 81 b8 e1 dc 70 52 d0 d3 64 f3 b6 df 8a 2c 1c d2 a7 e1 c5 ec 1c b9 2b 18 00 b1 42 22 26 de 7d 9d 59 8d 1f 8e 83 89 00 6e 65 8f 64 aa a2 fc c3 d8 65 70 5f b6 f7 9c 65 7e ea 83 9d 2c f7 31 10 e4 08 df ce 47 c4 df 33 f4 3c 40 c9 2e 2b 17 af 8a ce 37 c9 36 db ed 73 c6 5e f7 a6 5d 71 27 8b f1 12 a2 08 34 b3 5d 51 23 fb f8 b7 98 8b 21 ef ed 1b 07 ec 4b 8b e1 7e 9a ad 02 8f 30 cd da 14 7f 83 b9 d0 6e c2 6f 39 ba e4 dc e8 bc 05 d9 71 Data Ascii: bUF`4 -Aj3P%XlhV!]`0^&OZ2P@kZOS>u`pC`r{aV44pRd,+B"&}Ynedep_e~,1G3<@.+76s^]q'4]Q#!K~0no9q

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.6	49749	178.128.58.202	443	5916	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:52:03 UTC	695	OUT	GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_0lriinjhzchre9aqecvmpg2.js HTTP/1.1 Host: 181eeb1c-862723ea.relevantedu.xyz Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://relevanteduofficelogin.relevantedu.xyz sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://relevanteduofficelogin.relevantedu.xyz/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 15:52:09 UTC	745	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Apr 2024 15:52:09 GMT Content-Type: application/x-javascript Content-Length: 15776 Connection: close accept-ranges: bytes access-control-allow-origin: * access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding age: 2027694 cache-control: public, max-age=31536000 etag: 0x8DC535BDA2DB838 last-modified: Tue, 02 Apr 2024 21:28:34 GMT vary: Accept-Encoding x-cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 9cf79f9a-401e-00f7-2280-852e7d000000 x-ms-version: 2009-09-19 content-encoding: gzip
2024-04-26 15:52:09 UTC	13689	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 dd 7d 4d 73 23 47 b2 d8 dd bf 02 8b 75 68 86 4f 3d 10 3e f8 89 11 34 06 01 70 06 4f 24 00 01 e0 50 0a 49 46 34 81 22 d8 4b a0 1b af bb 31 1c 2e 35 8e bd f9 f0 0e be da 37 1f 7c f2 d1 17 df fd 53 36 e2 f9 77 38 3f aa aa ab ba 1b 00 39 d2 d3 ee b3 42 c1 41 77 55 65 65 65 65 65 65 66 65 65 ff e1 66 ed 4f 63 2f f0 5f 8a bd 47 f5 bb 10 bc f4 f7 1e bd 9b 97 de 8f fe cf 7b a1 88 d7 a1 5f c0 df 25 f1 71 15 84 71 f4 fa 83 1b 16 e2 06 be 6a 3c ca 77 f5 c7 4f 8e 37 ab fb ce 22 70 67 62 56 ff 43 e5 d3 6b d9 54 60 d3 a9 bb 58 bc 8c 15 04 27 76 92 df c1 1e 3c 70 b3 c6 1f ca 49 c1 27 ec c6 6b 3c 6a 40 41 69 d9 10 4e 50 9a 36 3c f8 bb 6a 14 8b 4e f0 b2 bc f7 e9 e5 8f c9 30 9c c0 f1 00 f9 97 d5 3d c2 d2 6f 78 2f 2b 00 1f fe 39 d8 73 42 f8 e7 Data Ascii: }Ms#GuhO=>4pO$PIF4"K1.57\|S6w8?9BAwUeeeeeefeefOc/_G{_%qqj<wO7"pgbVCkT`X'v<pI'k<j@AiNP6<jN0=ox/+9sB
2024-04-26 15:52:09 UTC	2087	IN	Data Raw: 66 14 e0 44 f2 25 96 31 4f d2 26 ad 1e 6d 28 6d eb cf 3c 24 e9 86 0c 5b b6 8a be 05 a5 ba 43 3b 2b 4e 4a d5 39 d9 56 05 10 be 70 97 18 aa c1 75 35 3c 72 f5 c8 6b af 3c 84 72 5e d1 29 25 1f 09 53 5e 29 ac 9d 0b 89 df e8 47 35 21 b2 49 75 73 13 8e b8 59 8a 4c 9b 9a d1 86 7d 24 7a ec 35 1b 09 b3 74 23 da 74 74 c9 a1 6b a6 bd 81 37 46 b8 c2 7e 6e 39 8a 2a 5d 07 61 a8 24 f2 c9 58 99 c6 35 b2 68 74 29 23 47 21 93 32 a6 48 62 66 8f f2 b8 92 df c6 9a cc 54 13 20 a6 1d 81 85 fc 3f e7 1b 8d 14 45 c3 b5 29 90 27 5c af c8 93 52 25 53 7a 4b ab 0e de 27 9e d2 3c a4 1b 4a 6f 62 12 54 d3 f1 43 b0 65 cc 29 b3 9a 94 8f aa e9 16 6c 2a e2 af de 86 26 fb 48 07 2e 31 c8 60 4f e3 49 59 9a 75 4d bc c2 a9 83 92 14 71 a0 f8 64 3f bf 50 2a e3 6a b5 63 cd 83 a2 19 f5 94 04 d4 65 2c Data Ascii: fD%1O&m(m<$[C;+NJ9Vpu5<rk<r^)%S^)G5!IusYL}$z5t#ttk7F~n9]a$X5ht)#G!2HbfT ?E)'\R%SzK'<JobTCe)l&H.1`OIYuMqd?P*jce,

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.6	49747	178.128.58.202	443	5916	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:52:03 UTC	676	OUT	GET /shared/1.0/content/js/ConvergedLogin_PCore_4aBF4cdky--I3Cpch7JoPw2.js HTTP/1.1 Host: 181eeb1c-862723ea.relevantedu.xyz Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://relevanteduofficelogin.relevantedu.xyz sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://relevanteduofficelogin.relevantedu.xyz/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 15:52:11 UTC	746	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Apr 2024 15:52:10 GMT Content-Type: application/x-javascript Content-Length: 121267 Connection: close accept-ranges: bytes access-control-allow-origin: * access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding age: 1800381 cache-control: public, max-age=31536000 etag: 0x8DC55179E1E3E92 last-modified: Fri, 05 Apr 2024 02:25:10 GMT vary: Accept-Encoding x-cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 8cce3d7d-b01e-0058-7291-876104000000 x-ms-version: 2009-09-19 content-encoding: gzip
2024-04-26 15:52:11 UTC	13688	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 e4 bd fb 7b e3 38 8e 00 f8 fb fd 15 8e 66 2e 63 77 14 97 e5 57 6c a5 d5 59 e7 55 95 ed 24 ce c4 49 77 ef a6 32 f9 64 89 76 d4 91 25 af 24 e7 31 8e f7 6f 3f 00 24 25 4a 96 53 55 b3 7b 77 df 7d d7 bb 53 b1 48 f0 05 82 20 00 82 e0 a7 9f b6 fe 8f ca 4f 95 dd ef ff af 32 ba 19 5c df 54 86 a7 95 9b 2f 67 d7 c7 95 2b f8 fa 8f ca e5 f0 e6 ec e8 e4 fb eb c1 46 f1 7f 37 8f 5e 5c 99 78 3e ab c0 df b1 1d 33 b7 12 06 95 30 aa 78 81 13 46 f3 30 b2 13 16 57 66 f0 6f e4 d9 7e 65 12 85 b3 4a f2 c8 2a f3 28 fc 93 39 49 5c f1 bd 38 81 42 63 e6 87 2f 95 2a 54 17 b9 95 2b 3b 4a de 2a 67 57 b5 3a d4 cf a0 36 6f ea 05 50 da 09 e7 6f f0 fb 31 a9 04 61 e2 39 ac 62 07 2e d5 e6 c3 47 10 b3 ca 22 70 59 54 79 79 f4 9c c7 ca 85 e7 44 61 1c 4e 92 4a c4 1c Data Ascii: {8f.cwWlYU$Iw2dv%$1o?$%JSU{w}SH O2\T/g+F7^\x>30xF0Wfo~eJ(9I\8Bc/T+;J*gW:6oPo1a9b.G"pYTyyDaNJ
2024-04-26 15:52:11 UTC	16384	IN	Data Raw: 0d 68 47 56 03 bd 3f 0e 34 cd 1c a5 6f ca 01 e0 0b 9e 03 a5 6a c4 e8 a7 67 bd 3a 02 5d e2 27 a8 f4 35 3f 04 e8 bc c5 7b 8f b4 7c a4 bf e8 e3 f5 c5 f7 4a 96 bc fd ac dd 37 8b ed a8 0d e2 50 b7 1e ee de ee 6b e3 88 d9 4f fb e9 e4 bf 21 69 80 4e 9e be b8 fc 54 58 69 1c 79 d8 76 50 d6 f2 13 da 48 bc f8 28 dd 2e 7e a3 e7 e2 4a f6 ad 93 7a 61 4f 91 fe 3c c4 69 37 4d ec 06 b7 c6 37 95 3a d0 e5 55 a3 ed 3a bf 56 d6 8f e8 d0 98 87 39 99 4a 15 33 be ac 18 51 17 2d b0 9d 93 7a 7e 43 44 85 2a 09 6f 6f 8e 24 36 57 25 ee 9e 9c 8d 0b 67 46 e4 d7 6b 07 66 f8 86 05 b0 6e 2f 3b 15 d9 df 2a f4 30 e0 8a 39 3e ed 9c 39 da c4 e2 cd 75 2b 92 07 fc e4 6d 53 bd fb 47 e5 7e a7 f6 89 e6 d6 a1 b5 9a ba 50 38 20 c5 82 e8 5d e2 fc e9 d5 a5 9b 67 5a 1b 39 b1 fe ce c6 bf 7a c9 d7 4f dd Data Ascii: hGV?4ojg:]'5?{\|J7PkO!iNTXiyvPH(.~JzaO<i7M7:U:V9J3Q-z~CDoo$6W%gFkfn/;09>9u+mSG~P8 ]gZ9zO
2024-04-26 15:52:11 UTC	16384	IN	Data Raw: 50 d2 4f 35 5e 9c f6 6a bc 38 1d 14 b3 53 69 85 65 f5 1b f2 2f f3 20 50 10 02 78 11 37 e7 7a dd 4f 8b 8b 9f dc 29 1a f4 b8 40 09 2e 58 99 68 8c 08 ff ec c1 7f 50 64 4c 56 5a a8 1a 4e 71 79 0a 76 ce 3b 97 c4 00 d7 7a bf 9b 70 5a fa e8 dc 6b e4 02 50 d1 6e 9c b8 72 3b d3 fe 16 8b d6 da 8e 3e f9 9d 03 e8 0b 11 32 b3 af a2 b3 13 69 14 f8 1b 34 4d a3 2d 7c e1 c2 70 c7 b2 5f 64 85 ed 69 3b 6c dd 31 bb 3d da 1e a5 99 50 9e 74 ac 41 44 3d b8 e8 30 84 3d bc 29 7e 3e 67 08 fb 2a 80 7a d1 35 3c 04 96 f7 e2 8f d5 22 b8 98 8b 8b 76 31 fc 7a c0 99 b0 dc 52 9e 03 e8 0e a9 13 ff 8d 6b 14 85 52 0f e8 29 9b 94 07 95 83 c7 6b 4f 5e 2a a3 e0 87 b9 6d e2 11 58 80 ee 93 7a 37 58 50 0d 7b 35 c0 35 69 02 f1 e6 39 a5 03 ed c4 cc b2 fa e5 e3 1e 02 5a d9 18 09 fd 7a 8f 8f 5a 20 b4 Data Ascii: PO5^j8Sie/ Px7zO)@.XhPdLVZNqyv;zpZkPnr;>2i4M-\|p_di;l1=PtAD=0=)~>gz5<"v1zRkR)kO^mXz7XP{55i9ZzZ
2024-04-26 15:52:11 UTC	16384	IN	Data Raw: 5a 8a f5 1d 91 da 4c b1 16 e8 a2 bc f8 34 3a 43 0c c5 18 bc 9b 28 46 22 7e 26 2a b0 29 f9 51 60 13 26 4d 7b c2 a6 e7 c8 af d7 1e 88 69 db 2d 1d 1f 53 72 af 88 90 66 27 d5 f2 1c 92 50 c1 d0 dd 85 fc f1 11 05 4e 02 0e 78 c1 1f c4 dd 76 a3 d3 48 96 86 3d a4 02 a8 c6 93 9e a1 78 87 a7 8a 74 cc e2 22 c6 36 64 39 6f 44 f9 5e c7 eb cc 0a 36 f1 45 f0 2f be b6 2d 0c 90 b3 89 ff bc 22 f5 92 54 26 d1 97 d2 db f8 23 2a 1d dc 7a 96 5d 5e 26 44 46 23 34 9c 36 78 98 ba 0e e2 81 74 26 95 3c 6a e6 df f7 6a 6e 47 a4 6f 47 04 d3 67 24 02 66 94 03 b6 05 80 57 cb cf 8a 13 81 1c db 09 d9 92 d7 12 bb 47 c1 34 78 6f e1 74 d1 a9 30 f7 d0 4d c8 61 9b 9d 98 cf 25 57 ff 89 74 2a a9 52 cd fc 42 b2 68 f5 cc 72 5e 0a f6 a8 91 47 92 b4 d7 a3 92 42 5e 4c eb b0 59 0d 8e 90 24 a9 32 a1 f9 Data Ascii: ZL4:C(F"~&)Q`&M{i-Srf'PNxvH=xt"6d9oD^6E/-"T&#z]^&DF#46xt&<jjnGoGg$fWG4xot0Ma%Wt*RBhr^GB^LY$2
2024-04-26 15:52:11 UTC	16384	IN	Data Raw: a0 2c e6 41 e1 f0 17 44 30 a8 6d 85 dc 02 86 29 9a 0a ae a4 a8 56 6a cc 63 b1 32 ce e2 c2 06 23 e2 20 a2 67 bd b5 1c 51 0b 5a f7 85 9d 84 30 98 b2 7a 1f 89 dd 4c 3a 06 48 01 fd f3 f3 32 3f 0f af 47 65 5a 54 54 52 63 7b 7b 1a d9 db e0 b6 b4 95 53 2b 16 58 78 17 10 3b 92 54 ad 2c 5c a0 6a 3d 43 e6 9c 32 db cb 6e b5 96 91 9a eb f6 bc e4 2b 64 8e 76 fd 5a aa f2 d0 bd 70 5e 3a a7 48 23 b7 f6 69 fc 9d ab f2 d3 0c 57 0d 00 fb a7 e2 bb 80 fe 73 4f 25 1b db a7 e7 67 f4 d8 0f 50 b0 c7 19 e5 90 50 ee d3 33 fa f9 8c 7e 3e 7b 38 fd f7 8f 67 df b9 ee d0 fd 8e 2a 72 9b d5 38 a7 bd 67 67 ae ca 7f f3 dd d0 fd f4 97 17 17 09 f2 dc d9 89 74 3e 8d b8 a4 29 a3 13 e1 bc b8 d0 c6 ef 2f e3 96 28 91 76 ed 6f de 29 0f 0f 69 73 c3 d5 0e 4d 1b 14 f1 2a ea ef 8d 95 f6 9e f1 94 f6 ac Data Ascii: ,AD0m)Vjc2# gQZ0zL:H2?GeZTTRc{{S+Xx;T,\j=C2n+dvZp^:H#iWsO%gPP3~>{8gr8ggt>)/(vo)isM
2024-04-26 15:52:12 UTC	16384	IN	Data Raw: 29 df be c0 63 bb cb 0b b6 c2 f9 b8 d4 a9 81 69 e8 3f 40 ed 9d 0e 94 e2 f3 b0 53 b3 20 94 58 e5 5d ca 73 46 f8 41 44 36 5a 75 e3 e9 f3 59 1f fb e3 07 d6 41 79 0e dc 18 ff f3 e2 b4 7f 18 06 23 7a 55 3d 84 f4 60 b7 be 47 ea 55 f5 10 d3 83 d3 fc 1e 59 ea 55 f5 60 eb 07 75 e7 46 e4 5c 2d 6f 1a 66 cb 1c dc 45 63 5f 0f 6b d3 c8 2a 5d 98 3b 5c 17 e3 62 90 93 9f b0 aa 42 3c 42 df 56 d2 c7 64 cf 8a 45 2f 03 e3 ef 9d 17 e2 72 2a 7b f7 fa f7 e5 fd fe 3d ba de 94 c8 02 aa 1c 39 d6 26 fd 1f 9e 3d f9 e9 fb a7 ea a8 fc 77 cf 7e fa f1 49 7f 34 33 07 c4 72 b2 0a d8 f8 8d fc 50 4e d6 e9 5f cb 1d f5 75 90 43 39 66 46 53 56 49 e6 e4 7b 75 8d d8 84 8d e8 1a b3 49 e8 af cf f5 b2 10 78 fa fd 3e 94 18 a8 b5 8b 07 d0 40 4e 65 f9 60 99 bc b1 34 6b 91 b8 91 c5 a5 c8 22 1e b2 20 76 Data Ascii: )ci?@S X]sFAD6ZuYAy#zU=`GUYU`uF\-ofEc_k];\bB<BVdE/r{=9&=w~I43rPN_uC9fFSVI{uIx>@Ne`4k" v
2024-04-26 15:52:12 UTC	16384	IN	Data Raw: 1a 04 97 a9 c1 3d 3a 9d 4b a5 ff ea b3 8b d5 db 84 b5 5e 1b 32 5c 36 d0 40 22 e2 4e f5 5c ea 24 e2 df 52 70 c7 bc 85 34 2b 95 1a 68 51 25 15 3f 48 55 25 c3 a8 fa a6 76 55 e7 01 2a 6d 6a af f9 6d f9 b5 85 a6 44 02 b0 4d d0 3a e9 90 2d 04 35 84 24 72 95 54 e4 c0 94 ad c9 e8 d1 74 5a bc fb eb 9c 7d 78 76 b9 f8 9e 3e 7e 5b bc ef dd bd ab 30 e4 fb aa 30 a8 e8 94 bc 14 83 21 cd d4 92 45 6d 9a af 8e aa 6b c3 53 03 20 9e 76 51 95 f8 96 01 f4 6a 44 e6 5d bf a7 14 9e fa 39 65 f3 4d f4 47 74 37 e7 67 f9 ec f4 80 41 a7 68 88 04 85 38 df b3 54 4e 0f e9 b0 dd ab 5f ef fd f2 5d 72 f2 f2 45 62 60 7b 29 df 83 ad bc 5e 8e ec 7a 4b b0 32 6a 32 c2 35 6a 80 45 ae 2f e7 b5 c4 19 dd 99 d7 29 cc 34 b9 74 32 05 fa 97 97 2a 35 d0 13 5e 2d ea b1 79 1e ad 97 4d 6b 18 29 0c a1 fd 48 Data Ascii: =:K^2\6@"N\$Rp4+hQ%?HU%vUmjmDM:-5$rTtZ}xv>~[00!EmkS vQjD]9eMGt7gAh8TN_]rEb`{)^zK2j25jE/)4t25^-yMk)H
2024-04-26 15:52:12 UTC	9275	IN	Data Raw: 92 4b e5 3a a4 b4 1c b4 68 8a 53 5c 63 62 00 1b bb d3 c4 9e 1e 07 da b2 f4 40 e2 39 1a 46 3e ad f1 b7 db db 1d 83 5e b4 ac f0 90 f2 fd 49 1e 07 47 02 68 4a 83 8e c5 2a 98 a6 11 3c 97 61 9a ba a5 07 12 4c d3 25 5e a3 ac c2 34 f5 e1 29 d5 77 93 8b 64 4a f2 af 08 2b 6d 09 91 c9 af 6f d1 d1 4a bf 6f 6f bb dd 52 6f f5 3b 99 ec 4a 66 65 bc 3d 7a a3 53 31 4e 10 dc 41 e1 7a 1f 03 d0 ee 82 f4 32 28 27 7b 65 58 c3 ff 29 5e 19 f7 be 68 29 3b 9c 95 b7 9e 06 59 4f 41 13 e5 c5 c7 8c 5f 1d d4 52 0a 87 35 11 ef 27 af da e0 b6 56 f8 00 32 cf 3f 99 d2 70 d7 c0 e7 cf b3 78 f6 9c 5e 13 2c ed b3 aa d8 12 3f be 7d 41 35 e9 33 50 43 32 34 bb b2 7a 1f 2a d5 56 ef e9 b2 d2 cd f6 e9 3a 11 2a 2c 67 fb 75 99 a3 c1 37 a2 7c 1d f1 ed bb 57 af dd e5 47 92 ad e2 df 0f f1 7f 5b 33 c8 23 Data Ascii: K:hS\cb@9F>^IGhJ<aL%^4)wdJ+moJooRo;Jfe=zS1NAz2('{eX)^h);YOA_R5'V2?px^,?}A53PC24zV:*,gu7\|WG[3#

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.6	49746	178.128.58.202	443	5916	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:52:03 UTC	451	OUT	OPTIONS /api/report?catId=GW+estsfd+ams2 HTTP/1.1 Host: b5e70507-862723ea.relevantedu.xyz Connection: keep-alive Origin: https://relevanteduofficelogin.relevantedu.xyz Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 15:52:09 UTC	336	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Apr 2024 15:52:09 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding access-control-allow-headers: content-type access-control-allow-credentials: false access-control-allow-methods: , GET, OPTIONS, POST access-control-allow-origin:
2024-04-26 15:52:09 UTC	12	IN	Data Raw: 37 0d 0a 4f 50 54 49 4f 4e 53 0d 0a Data Ascii: 7OPTIONS
2024-04-26 15:52:09 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.6	49750	178.128.58.202	443	5916	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:52:10 UTC	371	OUT	POST /api/report?catId=GW+estsfd+ams2 HTTP/1.1 Host: b5e70507-862723ea.relevantedu.xyz Connection: keep-alive Content-Length: 1275 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 15:52:10 UTC	1275	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 31 37 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 31 31 31 31 38 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 72 65 6c 65 76 61 6e 74 65 64 75 6f 66 66 69 63 65 6c 6f 67 69 6e 2e 72 65 6c 65 76 61 6e 74 65 64 75 2e 78 79 7a 2f 63 6f 6d 6d 6f 6e 2f 6f 61 75 74 68 32 2f 76 32 2e 30 2f 61 75 74 68 6f 72 69 7a 65 3f 63 6c 69 65 6e 74 5f 69 64 3d 34 37 36 35 34 34 35 62 2d 33 32 63 36 2d 34 39 62 30 2d 38 33 65 36 2d 31 64 39 33 37 36 35 32 37 36 63 61 26 72 65 64 69 72 65 63 74 5f 75 72 69 3d 68 74 74 70 73 25 33 41 Data Ascii: [{"age":17,"body":{"elapsed_time":11118,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://relevanteduofficelogin.relevantedu.xyz/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A
2024-04-26 15:52:21 UTC	376	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Apr 2024 15:52:20 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding request-context: appId=cid-v1:0df9f0fa-2b61-4bcc-8864-10ea6079c765 access-control-allow-credentials: false access-control-allow-methods: , GET, OPTIONS, POST access-control-allow-origin:
2024-04-26 15:52:21 UTC	59	IN	Data Raw: 33 35 0d 0a 4e 45 4c 20 41 67 67 72 65 67 61 74 6f 72 20 68 61 73 20 73 75 63 63 65 73 73 66 75 6c 6c 79 20 70 72 6f 63 65 73 73 65 64 20 74 68 65 20 72 65 71 75 65 73 74 0d 0a Data Ascii: 35NEL Aggregator has successfully processed the request
2024-04-26 15:52:21 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.6	49751	178.128.58.202	443	5916	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:52:11 UTC	859	OUT	GET /Me.htm?v=3 HTTP/1.1 Host: l1ve.relevantedu.xyz Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Purpose: prefetch Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://relevanteduofficelogin.relevantedu.xyz/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: bqmoZj="ODYyNzIzZWEtY2E0YS00OTJkLTgyZmYtNjVlMmM5MTFiOGY3OmFjZTJhNDYxLTA1NDEtNDJmOC04OTdkLWI3MDcwOWYyZmQ4ZA=="; MUID=2264A79D5E1D6D4A1F42B3F05F286C5D
2024-04-26 15:52:17 UTC	514	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Apr 2024 15:52:17 GMT Content-Type: text/html; charset=utf-8 Content-Length: 1171 Connection: close cache-control: max-age=315360000 vary: Accept-Encoding p3p: CP="DSP CUR OTPi IND OTRi ONL FIN" referrer-policy: strict-origin-when-cross-origin x-ms-route-info: C512_BL2 x-ms-request-id: 5a66dd37-28ab-4e52-a790-ad14b5f0a1a0 ppserver: PPV: 30 H: BL02EPF0001D782 V: 0 content-encoding: gzip access-control-allow-origin: * access-control-allow-headers: *
2024-04-26 15:52:17 UTC	1171	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 56 db 6e db 46 10 7d cf 57 48 44 20 70 ab 2d 2d ea 1e d2 eb a0 48 5a 44 41 9d 04 76 8a 3e 30 2c b0 22 87 d2 b6 d4 2e c1 5d c9 76 65 fe 7b 87 37 8b 76 d0 56 30 4c 51 73 39 7b ce 70 66 c4 4b 1d e5 22 33 3d f3 90 01 b3 0c dc 9b 8b 3f f9 81 d7 56 eb ea 55 af 9f ec 65 64 84 92 b6 a4 86 1c 13 95 db 07 9e f7 a0 27 64 cf 10 19 40 c8 0c 5e 0a db 6c 85 a6 a7 60 0c 6d ee 7b c6 16 e4 28 12 1b 02 11 92 1c cc 3e 97 bd f2 de 81 fb 4c e5 46 fb 25 a0 66 a5 89 1d 1b 9b 77 2c a8 88 3d 41 53 c5 63 88 bd be 5b f8 4d aa 2c 53 23 9e a6 b6 6e 11 28 fe 3d dd 1b 82 5f ea 34 d6 1f 9d 1c 45 c5 9b 1d 9f 80 8c b3 63 28 ca 89 18 e0 35 63 96 45 8d 3d 22 85 1d bc d0 dc 0a 81 4a 56 53 01 c3 36 41 14 52 60 23 2a 98 71 52 90 1b b3 f5 e1 52 f8 c3 21 10 94 5b Data Ascii: VnF}WHD p--HZDAv>0,".]ve{7vV0LQs9{pfK"3=?VUed'd@^l`m{(>LF%fw,=ASc[M,S#n(=_4Ec(5cE="JVS6AR`#*qRR![

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.6	49753	178.128.58.202	443	5916	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:52:13 UTC	835	OUT	GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1 Host: 181eeb1c-862723ea.relevantedu.xyz Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://relevanteduofficelogin.relevantedu.xyz/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: bqmoZj="ODYyNzIzZWEtY2E0YS00OTJkLTgyZmYtNjVlMmM5MTFiOGY3OmFjZTJhNDYxLTA1NDEtNDJmOC04OTdkLWI3MDcwOWYyZmQ4ZA=="; MUID=2264A79D5E1D6D4A1F42B3F05F286C5D
2024-04-26 15:52:19 UTC	674	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Apr 2024 15:52:19 GMT Content-Type: image/x-icon Transfer-Encoding: chunked Connection: close accept-ranges: bytes access-control-allow-origin: * access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding age: 2810233 cache-control: public, max-age=31536000 etag: 0x8D8731240E548EB last-modified: Sun, 18 Oct 2020 03:02:30 GMT x-cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 3de816bd-c01e-006b-0862-7e3d13000000 x-ms-version: 2009-09-19
2024-04-26 15:52:19 UTC	2286	IN	Data Raw: 38 65 37 0d 0a 00 00 01 00 06 00 10 10 00 00 00 00 20 00 16 01 00 00 66 00 00 00 18 18 00 00 00 00 20 00 24 01 00 00 7c 01 00 00 20 20 00 00 00 00 20 00 35 01 00 00 a0 02 00 00 30 30 00 00 00 00 20 00 6a 01 00 00 d5 03 00 00 40 40 00 00 00 00 20 00 f3 01 00 00 3f 05 00 00 80 80 00 00 00 00 20 00 b5 01 00 00 32 07 00 00 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 10 00 00 00 10 08 06 00 00 00 1f f3 ff 61 00 00 00 dd 49 44 41 54 78 9c dd 92 31 4e 43 41 10 43 df cc 8e 44 40 b0 22 2d 65 6e c4 21 90 68 c3 15 38 40 ce c4 39 68 a8 11 22 e4 ff 00 05 93 35 4d 1a b2 bf 89 68 10 2e 2d 8d c7 b6 6c 9b eb 85 4c fc 80 50 d6 59 09 5e 6c 75 77 ff c8 95 d9 72 dc 28 cd 08 0e e0 87 c7 c7 c2 7f 77 fe 17 04 42 28 7b da 12 04 f2 26 01 46 02 a9 89 be a2 ce 4e ba 66 Data Ascii: 8e7 f $\| 500 j@@ ? 2PNGIHDRaIDATx1NCACD@"-en!h8@9h"5Mh.-lLPY^luwr(wB({&FNf
2024-04-26 15:52:19 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.6	49752	178.128.58.202	443	5916	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:52:14 UTC	773	OUT	GET /862723eaca4a492d82ff65e2c911b8f7/ HTTP/1.1 Host: relevanteduofficelogin.relevantedu.xyz Connection: Upgrade Pragma: no-cache Cache-Control: no-cache User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Upgrade: websocket Origin: https://relevanteduofficelogin.relevantedu.xyz Sec-WebSocket-Version: 13 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: bqmoZj="ODYyNzIzZWEtY2E0YS00OTJkLTgyZmYtNjVlMmM5MTFiOGY3OmFjZTJhNDYxLTA1NDEtNDJmOC04OTdkLWI3MDcwOWYyZmQ4ZA=="; MUID=2264A79D5E1D6D4A1F42B3F05F286C5D; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1 Sec-WebSocket-Key: u0kpqEbF5W6TdMm9dQ3+VQ== Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
2024-04-26 15:52:21 UTC	740	IN	HTTP/1.1 404 Not Found Server: nginx Date: Fri, 26 Apr 2024 15:52:20 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding cache-control: private p3p: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: 66d9ec61-bd8e-42d6-bda2-b53ba695a200 x-ms-ests-server: 2.1.17846.6 - SEC ProdSlices report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://b5e70507-862723ea.relevantedu.xyz/api/report?catId=GW+estsfd+ams2"}]} nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-srs: 1.P referrer-policy: strict-origin-when-cross-origin access-control-allow-origin: * access-control-allow-headers: *
2024-04-26 15:52:21 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.6	49754	178.128.58.202	443	5916	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:52:14 UTC	804	OUT	GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_8e14dcf0e3ff5580d170.js HTTP/1.1 Host: 181eeb1c-862723ea.relevantedu.xyz Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://relevanteduofficelogin.relevantedu.xyz/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: bqmoZj="ODYyNzIzZWEtY2E0YS00OTJkLTgyZmYtNjVlMmM5MTFiOGY3OmFjZTJhNDYxLTA1NDEtNDJmOC04OTdkLWI3MDcwOWYyZmQ4ZA=="; MUID=2264A79D5E1D6D4A1F42B3F05F286C5D
2024-04-26 15:52:22 UTC	745	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Apr 2024 15:52:22 GMT Content-Type: application/x-javascript Content-Length: 54371 Connection: close accept-ranges: bytes access-control-allow-origin: * access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding age: 2027706 cache-control: public, max-age=31536000 etag: 0x8DC4F6D50F3D2E7 last-modified: Thu, 28 Mar 2024 21:23:30 GMT vary: Accept-Encoding x-cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: bbd00743-701e-00d0-7180-856e40000000 x-ms-version: 2009-09-19 content-encoding: gzip
2024-04-26 15:52:22 UTC	13689	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ec bd 6b 7b db 46 92 30 fa 7d 7f 05 c5 67 46 06 4c 90 22 a9 8b 65 52 10 c7 76 92 79 bd 4f 12 fb d8 ce bc 67 8f cc c9 03 91 4d 09 31 05 70 71 b1 ad 11 b9 bf fd 54 55 df 81 06 25 5f 93 cd 78 76 63 11 8d 46 5f aa bb ab eb 5e 7b f7 77 fe a3 75 bf d5 bd fb ff 5a 2f 5f 3d 7a f1 aa f5 ec 87 d6 ab ff f3 f4 c5 77 ad e7 f0 f4 5f ad 9f 9f bd 7a fa e4 fb bb b7 83 9d e2 7f af 2e e3 bc b5 88 97 ac 05 7f cf a3 9c cd 5b 69 d2 4a b3 56 9c cc d2 6c 95 66 51 c1 f2 d6 15 fc 9b c5 d1 b2 b5 c8 d2 ab 56 71 c9 5a ab 2c fd 8d cd 8a bc b5 8c f3 02 3e 3a 67 cb f4 5d cb 83 e6 b2 79 eb 79 94 15 d7 ad a7 cf fd 1e b4 cf a0 b5 f8 22 4e e0 eb 59 ba ba 86 df 97 45 2b 49 8b 78 c6 5a 51 32 a7 d6 96 f0 90 e4 ac 55 26 73 96 b5 de 5d c6 b3 cb d6 4f f1 2c 4b f3 74 Data Ascii: k{F0}gFL"eRvyOgM1pqTU%_xvcF_^{wuZ/_=zw_z.[iJVlfQVqZ,>:g]yy"NYE+IxZQ2U&s]O,Kt
2024-04-26 15:52:22 UTC	16384	IN	Data Raw: f0 51 57 24 f9 10 b9 7b 65 9e 44 f9 cc 75 1f 05 c5 ef 12 70 e2 73 b0 40 88 c1 7f 51 31 af f9 aa 77 51 56 97 39 30 33 4a d7 0d 92 1d 23 6e b7 ad ac 3b f1 08 65 1c 61 65 86 dd 26 5c a8 11 5a 92 91 dc 5c 91 47 9c d3 d8 a2 a9 e6 fa e7 d2 4c a6 8c 91 b9 62 2a 6b 4e 43 5c 6c d3 3f a3 cd 8a a1 79 be 08 2e 4c cd f3 05 6a 9e 8f b7 6b 9e 85 2c 9e 24 b6 5a 50 2b 74 a3 b8 53 d0 4e c9 c8 a6 0c 1c 9a ee 2f 0d 52 b3 bf 14 fb 7b 78 77 4d f7 9f d8 ae 33 fd 3d cd 0e 63 43 0d 11 ff c9 d4 10 55 c5 e0 17 52 d7 fd c9 2c 37 e3 af a3 ae 8b ff 88 ea ba b8 aa ae c3 f9 cc 48 5b 35 c4 98 bb b3 de 4b a2 0f 80 8a 7a 02 db 13 97 0e 73 f1 e8 d2 bf b3 84 1f 87 e0 92 10 e5 81 1f ac c2 4b c4 2a ec 97 17 3f be 4a 9f 47 40 f1 ce a1 64 05 3f 5e a5 3f f0 72 ae 07 eb 63 54 f1 90 88 a3 f3 1c 78 Data Ascii: QW${eDups@Q1wQV903J#n;eae&\Z\GLbkNC\l?y.Ljk,$ZP+tSN/R{xwM3=cCUR,7H[5KzsK?JG@d?^?rcTx
2024-04-26 15:52:23 UTC	16384	IN	Data Raw: 87 c0 ac 44 be 2c 2b 91 2f df 7a 59 f8 de e5 80 97 de da 88 97 a9 78 97 aa 88 97 a9 1d f1 32 ad 46 bc 4c 57 47 bc 2c c2 8f 40 2c a8 28 57 45 98 56 c2 5c a6 3a cc 65 11 a6 2a cc 65 a1 c2 5c 16 61 61 86 b9 cc c2 82 09 54 66 e4 a3 c6 28 7c 98 c2 41 18 a3 65 b6 b5 b5 99 0d ae 86 5b 5b d7 c0 ce 93 e5 b8 9b 09 e9 3e 0d 89 70 0b 35 42 63 be 25 a3 34 19 e9 e3 22 9e ce 10 7d 6a ea 92 ad eb 6b cf 87 ff 6f c5 51 16 bc 16 b2 b5 c0 a8 44 06 05 b2 23 52 d7 c2 26 d6 30 90 57 9c 79 f1 b6 38 26 fb a2 09 02 6c 86 d2 d0 95 91 43 9f 01 55 b7 14 18 fc 39 42 be fa 23 7f a2 94 92 61 e9 bb 91 72 ec 47 45 70 cd 1a de 96 24 72 c4 41 2d 07 21 7a 58 bf 11 e2 70 1d be b0 2a 31 31 86 e3 5e 91 09 39 ff 3c 7d ca 31 aa 1a 42 03 2a 5f 61 12 f2 ae f6 5e 61 e1 65 43 dc 4f 59 81 54 b1 dc af Data Ascii: D,+/zYx2FLWG,@,(WEV\:ee\aaTf(\|Ae[[>p5Bc%4"}jkoQD#R&0Wy8&lCU9B#arGEp$rA-!zXp11^9<}1B*_a^aeCOYT
2024-04-26 15:52:23 UTC	7914	IN	Data Raw: 11 32 21 aa 46 72 6e 29 ef 01 e0 9c ce 13 91 00 2b 5d c2 3c 68 5b 6b 16 5f 64 f3 b3 29 e2 60 90 0d c6 52 1b 07 6d 76 b1 5b 15 c1 4a e5 ae 47 b3 31 7d 50 09 6d 86 f3 83 28 b3 71 c6 85 1c 83 b4 e5 3a 15 f7 78 cf fa 18 52 92 fa 57 93 87 70 8d d6 55 7a cf 5a 65 99 8d 65 bd 85 c6 bd ba 22 8e 6d 85 20 a0 d3 bc 77 f7 90 60 8d 0e 2e 1f 36 94 14 f8 c0 24 7c d1 33 71 af 0e 3c a7 fc 1b b4 f0 ea 1d 30 58 8d 46 38 d4 7a 7d 4f cb 36 e6 de c0 f8 cb 19 02 f9 10 e4 43 49 02 5c 59 ef 0a 36 da 1c 22 da 0c 6b f3 d8 70 29 8a 0f 57 81 9c 4d 4c 28 34 e4 c8 c2 12 38 f2 8c 7c 08 cc 93 07 f9 f0 8c 76 cb 62 b1 8b 57 4d 8a 1b c6 eb 65 c0 cc ae 9c 09 6e d5 86 ba 0f 1d 3f c7 1e e6 d4 c3 26 85 d8 74 8d 42 6c ef 37 31 ab 68 56 75 0b b9 da a9 ff cc 7f e7 bf f0 3f f8 ef fd d7 fe 2b ff 7b Data Ascii: 2!Frn)+]<h[k_d)`Rmv[JG1}Pm(q:xRWpUzZee"m w`.6$\|3q<0XF8z}O6CI\Y6"kp)WML(48\|vbWMen?&tBl71hVu?+{

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.6	49755	20.25.241.18	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:52:15 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 47 77 56 59 31 56 70 73 67 6b 4f 6e 6a 54 44 62 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 33 34 64 62 36 36 38 38 30 36 64 66 32 61 31 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: GwVY1VpsgkOnjTDb.1Context: f34db668806df2a1
2024-04-26 15:52:15 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-04-26 15:52:15 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 47 77 56 59 31 56 70 73 67 6b 4f 6e 6a 54 44 62 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 33 34 64 62 36 36 38 38 30 36 64 66 32 61 31 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 62 62 33 64 64 79 63 39 67 67 65 6c 34 58 67 37 2b 33 31 47 79 34 47 73 4b 67 77 66 49 6a 41 33 4c 6b 69 6e 47 64 56 37 71 76 6e 49 67 2b 44 59 7a 76 53 6e 6a 71 79 4c 77 45 48 76 4a 4c 6a 78 6b 78 77 4a 33 34 2b 47 44 42 46 57 35 37 66 52 41 39 35 49 2f 68 54 47 66 48 51 68 53 4d 2b 56 61 7a 44 46 75 48 78 5a 4c 76 55 4d 33 Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: GwVY1VpsgkOnjTDb.2Context: f34db668806df2a1<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAbb3ddyc9ggel4Xg7+31Gy4GsKgwfIjA3LkinGdV7qvnIg+DYzvSnjqyLwEHvJLjxkxwJ34+GDBFW57fRA95I/hTGfHQhSM+VazDFuHxZLvUM3
2024-04-26 15:52:15 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 47 77 56 59 31 56 70 73 67 6b 4f 6e 6a 54 44 62 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 33 34 64 62 36 36 38 38 30 36 64 66 32 61 31 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: GwVY1VpsgkOnjTDb.3Context: f34db668806df2a1<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-04-26 15:52:16 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-04-26 15:52:16 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 33 77 65 48 68 4d 52 70 36 55 32 65 69 33 52 50 31 73 58 76 74 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 3weHhMRp6U2ei3RP1sXvtw.0Payload parsing failed.

Target ID:	0
Start time:	17:50:48
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	17:50:54
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2508 --field-trial-handle=2472,i,3685527749275689148,13619911006940924021,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	17:50:56
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://relevanteduofficelogin.relevantedu.xyz"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://relevanteduofficelogin.relevantedu.xyz

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 46

Chrome Cache Entry: 47

Chrome Cache Entry: 48

Chrome Cache Entry: 49

Chrome Cache Entry: 50

Chrome Cache Entry: 51

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Connections

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 6912, Parent PID: 5728

General

Chronological Activities

Analysis Process: chrome.exePID: 5916, Parent PID: 6912

General

Chronological Activities

Windows Analysis Report
http://relevanteduofficelogin.relevantedu.xyz